04:29 <humanetech> Anyone here in-the-loop on the fascinating developments around "WASM on the server"? One thing I find highly confusing is that e.g. WASI (WebAssembly System Interface) has "capabilities-based security", not really well explained. And then when I look at the Linux Foundation (actor-based) [wasmCloud](https://wasmcloud.com/) project, it describes the Capability Model as:

04:29 <humanetech> > A capability is an abstraction or representation of a non-functional requirement.

05:12 <Ryuno-KiAndrJaen> Keyoxide is exploring it

09:59 <fr33domlover> humanetech: Capability-based security and wasmCloud's "capabilities" are possibly not the exact same thing but Idk: https://cosmonic.com/docs/category/capabilities

10:07 <humanetech> Yes, I found that Cosmonic thing too. It is quite new. And I think that one (or all?) of wasmCloud's maintainers is from Cosmonic (who have this [Concordance](https://cosmonic.com/docs/category/concordance) event sourcing app, which interests me). WASI write [this](https://github.com/WebAssembly/WASI#capability-based-security) on capability-based security.

10:14 <humanetech> I've got to investigate more, but it might be that this higher level representation translate to how the end-user developer experience it. Wasm modules are sandboxed, principle of least authority, have access to nothing by default. You see mentions of "trustless computing" and references of other common security models to which it is (claimed to be) superior.

10:18 <humanetech> But on the whole spectrum of this technical development, I find it way more intriguing than when it originally caught my eye. With Docker supporting it in beta ("if we had WASM in 2008 we wouldn't need Docker"), and things like "the last plugin framework you'll ever need" and "write once, run anywhere.. promise of the JVM finally delivered". Now, I of course realize that we are seeing a hype cycle, but there's big names all over the place

10:18 <humanetech> WASM.

10:48 <humanetech> Btw, VMWare have collaborated with SQLite team to bring [WASI support](https://news.ycombinator.com/item?id=36054521) to the DB.

11:43 <humanetech> Yes, looks to be different. Here's [SpiderLightning](https://github.com/deislabs/spiderlightning/blob/main/docs/primer.md), a project that collects WIT definitions (the IDL used to specify WASM component interfaces, in a concept called 'Worlds').

12:28 <humanetech> From [WebAssembly for the Server Side: A New Way to NGINX](https://thenewstack.io/webassembly-for-the-server-side-a-new-way-to-nginx/):

12:28 <humanetech> > Perhaps most importantly, role-based access control and attribute-based access control, and other authorization and access control technologies, can introduce complex external systems that must be synchronized with the plugin as well as the underlying server-side technology. In contrast, Wasm access control capabilities are often built directly into the runtime engines, reducing the complexities and simplifying the development process.

13:27 <humanetech> Ow, got an answer by Kenton: https://news.ycombinator.com/item?id=36056311

13:34 <humanetech> And [Spritely going WASM](https://spritely.institute/news/guile-on-web-assembly-project-underway.html) too, starting with Guile..

13:34 <humanetech> > Once Guile -> WASM is complete, the next project will be to move Goblins (our distributed programming core) into that environment so we can build out the other core features and UI required to support our "Agency" software: a framework for rich and secure decentralized applications.

19:08 <isd> historically, WASI is heavily based on https://github.com/NuxiNL/cloudabi

19:09 <isd> ...which is basically a 'taming' of the posix API -- no global open(), instead you need to use openat(), that kind of thing.

19:35 <humanetech> Ah, I see, yes. In WASI and Component Model which it is based on, things are still in a kind of 'tech preview' status. There's quite a lot of proposals of stuff to add to WASI, in various stages of elaboration. But, besides the reference implementations (runtimes, tooling), there's early adopters working working on products that give an idea of what's to come. A lot is around dev experience, and productivity to create solutions. I like the

19:35 <humanetech> couple times today, that our current infra is looking like Rube Goldberg machines, that with their countless dependencies and complexity are like utterly crazy.

19:35 <humanetech> s/working//

19:36 <humanetech> With "our" I mean the cloud vendor solutions that go for high scalability and all the jazz.

19:36 <humanetech> The general IT landscape now is so much more complex than it was some time ago.