In the beginning, there were incompatible microprocessors, so p-code was widely deployed to avoid having to write the same Pascal compiler over and over on every platform, but it was slow because it was interpreted, but even worse was that it tended to crash.
Later, the Java VM was created, to avoid rewriting the same code over on every platform, but it was slow because it was interpreted, but thanks to JIT, that was pretty much taken care of. The main problem then became the fact that it, like ActiveX before it (which wasn't cross-platform), got general access to the file system, and could never really be safely used.
It remains to be seen if WASM/WASI retain their commitment to capability based security, which is at this point the main selling point. There have now been fast cross platform systems, but this is the first that builds in capabilities, and doesn't give general access to the file system.
Analogy #1 - We need such a system... it's like power in a home... with a circuit breaker, and the promise that you're only going to get 15 amps, not all of the power of the grid, flowing to anything you plug in.
Analogy #2 - It's like cash in a wallet, you decide how much to hand over to an untrusted partner in a transaction. You should be able to decide what files/folders to hand to a program, and know it won't get anything more than that.
Analogy #3 - The IBM PC XT with twin floppy disks was the most secure general purpose computer of its time, and still is. You had control over your data, full and transparent control, because you decided what the allowable side effects were when you decided what disks to let it access, and also if they were read-only or writeable. You can't do that today.
WASI is adding APIs to access all manners of native OS APIs. WASM in the browser is still reasonably secure because it can only do some basic memory operations (until someone decides to put the filesystem and networking API directly into the WASM engine) with Javascript wrapped around it to call actual browser APIs, but the "run WASM anywhere" tooling is quickly turning WASM into the next JVM.
I'm a fan of the concept of WASM as an isolated runtime you can safely embed into any application, basically allowing you to load and execute untrusted code if you have to, but the people driving WASM adoption are quickly expanding the attack surface to the point I don't trust such a setup anymore.
Giving WASM/WASI full access to the file system is about as smart as having unprotected, unfused, 12,500 volt 3 phase outlets in the home. I can just imagine someone here saying "NIPSCO has it across the street, why shouldn't I be able to get all the power from the grid, right?"
I also deliberately left out the phase change that was caused by IBM including 1401 Emulation in System 360. Before that, everyone rewrote their programs every time a new machine came out, because it was expected it would be incompatible with the old one, so we have a ton of code still running that wasn't expected to last more than 10 years when it was written, in the late 1950s, early 1960s.
Later, the Java VM was created, to avoid rewriting the same code over on every platform, but it was slow because it was interpreted, but thanks to JIT, that was pretty much taken care of. The main problem then became the fact that it, like ActiveX before it (which wasn't cross-platform), got general access to the file system, and could never really be safely used.
It remains to be seen if WASM/WASI retain their commitment to capability based security, which is at this point the main selling point. There have now been fast cross platform systems, but this is the first that builds in capabilities, and doesn't give general access to the file system.
Analogy #1 - We need such a system... it's like power in a home... with a circuit breaker, and the promise that you're only going to get 15 amps, not all of the power of the grid, flowing to anything you plug in.
Analogy #2 - It's like cash in a wallet, you decide how much to hand over to an untrusted partner in a transaction. You should be able to decide what files/folders to hand to a program, and know it won't get anything more than that.
Analogy #3 - The IBM PC XT with twin floppy disks was the most secure general purpose computer of its time, and still is. You had control over your data, full and transparent control, because you decided what the allowable side effects were when you decided what disks to let it access, and also if they were read-only or writeable. You can't do that today.