Hacker News new | past | comments | ask | show | jobs | submit login

Indeed. The JVM did a lot of things right, however they missed three that are now solved with Wasm:

* Completely tied to an ecosystem, and incompatible with another (you could not run C programs in the JVM)

* Proprietary (vs based on an open standard)

* They couldn't run in the browser seamlessly




I'm still flabbergasted that all these people, in the year 2023, think a hypertext markup document viewer with a terrible UX and bizarre design restrictions that takes 4GB of RAM to run and re-implements the features of an entire operating system is the end-all be-all of technology. If it doesn't run in a web browser it's worthless.

I can't even come up with a metaphor for it. We're choosing to be stuck with shitty antiquated technology because it's easier than making something better. It's depressing. Like a world that never got past the horse and buggy. Large engines powered by steam would require additional investment in refining of steel and making giant cast or forged parts... easier to just stick with the horse.


The browser "won" on seamless distribution. The browser is all the things you said and worse. It conflates the developer API (which could be as complex as the collective human comprehension will allow) with the execution environment (which must be as simple as possible and understandable to mostly anyone). I have a dream that the browser will turn inside out and start losing APIs that will be reimplemented on WebAssembly. But WebAssembly is moving too slowly e.g. with regards to tail calls and parallelism. So it's probably just a dream from now[1].

[1] https://www.youtube.com/watch?v=zlQEQQSqZ9g -> it's an old dream that others have had before.


Well, that's partly why WASM exists.

It can be run outside a browser, and is much more performant than using the whole browser. The future is very likely going to consolidate around WASM and WebGPU, regardless of what hardware you're targeting. If you want more performant specs, it will be driven through a public and consensus driven way... there are far too many economies of scale to standardization for it not to be.

The days of building an ecosystem around a closed, proprietary language/protocol/spec are over. The browser was just the first to bridge the gap... now we move on to WASM, and maybe 10 years from now something newer

https://wasmer.io/

https://wasi.dev/


Yeah. You’re right. THIS will be the time that open wins. When most peoples primary computing is running an OS developed by one of two companies that have a strong incentive to maintain walled gardens.

Largest /s imaginable.

Your comment is pretty far into LARPing territory.


Heard of Kubernetes, Docker/OCI, and CNCF? A crapload of computing now is running within Linux (open) in containers (open). Sure, end users use MacOS and Windows as the base OS, but a lot of programs they interact with now are running in a browser or Electron (all open standards-driven things). WASM’s future is as a much more performant and lightweight alternative to containers, to the point where it could be run and used by anyone. containers require a shitload of configuration to be able to run them, but a wasm module can be packaged up in a native assembly that requires zero runtime setup for the end user. Just install and go.


You could say the same thing of Go apps, but they certainly haven't taken over computing. They got a lot of attention from certain corners, but I think everyone acknowledges now that it's just another compiled language. That doesn't solve all your problems, it just solves one. Maybe WASM solves two problems by not needing to be cross-compiled. But there's still a thousand problems left, many of which are addressed by containerization, but not addressed by WASM.

The innovation of "docker containers" as a total solution is more akin to a POSIX standard than the Go language. Containers only became popular because of Docker, not because of containers themselves. Docker is a solution to a dozen different problems. "A container" is really just a chroot in a unique namespace. Again, that's basically just one problem solved. The functional combination of all the features of container orchestration software and interoperability is where the actual value of containers lies. Not in the container, but in the 12 different problems that are now all solved in a universal way by all the different solutions that deal with containers in the same way.

If WASM can evolve an entire ecosystem and standard around all the problems needed to be solved to run software easier, then sure, it could be revolutionary. We'll see if that happens in a way that is easy to use. My bet is it won't happen.


The browser/web is already open. People are writing cross platform apps in browser containers. Open is already the standard. WASM simply closes the performance gap between “widely accepted open standards” and native.

You seem confused… fewer and fewer people are writing software in OS locked apis/contexts. Back in the day it was much closer to 100%


Apple's close ecosystem nonsense and blind worship of vendor-lock-in by the tech community is partly to blame for it.


Unfortunately, the world is scheduled to end (or reboot if you prefer) at 03:14:07 UTC on January 19th, 2038. [0]

So, that means that the remake of an OS that we call a browser is likely to be the pinnacle of computing for our lifetimes.

Hopefully after the Great Reboot of 2038, the next generation will learn from our computing mistakes, but since we've never learned from those that came before us, it's highly unlikely. But at least they will have to start from scratch, so there's a chance!

[0] - https://en.wikipedia.org/wiki/Year_2038_problem


> Like a world that never got past the horse and buggy

At lunch one day a colleague explained that the size of the space shuttle could be linked to the width of two horses walking on a Roman road :-)

One of my favorite lunch breaks of all time.


Give us the recap


http://www.astrodigital.org/space/stshorse.html

I'd be very leery of trusting the specifics too much. E.g. the reference to "Roman war chariots", which are not a thing the Romans ever used.

Snopes entry: https://www.snopes.com/fact-check/railroad-gauge-chariots/


Nice, so dude was actually just reciting an email FWD he studied to sound interesting.

God, I had forgotten about those email FWDs. The old people I know totally abandoned email.


That’s a bit cynical and dickish. Maybe he just read it, found it enjoyable, and remembered it? God.


Funny that most people seem to have forgotten that browsers used to ship with Java support. Not saying that was a good thing, but 20 years ago you could run JVM apps in the browser without issues. Also, there are dozens of language runtimes for the JVM, e.g. Ruby, Python, Golang, Javascript, Scheme, .... And regarding proprietary software, Wasmer is a for-profit startup that seems to offer open-source tooling with the hope the ecosystem will standardize on it and give them opportunities to monetize that. So not that much unlike Java I'd say.


> but 20 years ago you could run JVM apps in the browser without issues

That was definitely not my experience at that time using a linux desktop.


I’m sure that compared to doing anything else on a Linux desktop it was just fine. You made your bed.


It was not. It was demonstrably worse. It had it's own janky UI that barely worked, it failed to understand the filesystem most of the time, and it failed to integrate cleanly with any other devices on the system.

Everything _else_ was able to do this just fine, in particular it's main competition, Adobe flash. That was actually _almost_ a first class experience and I didn't need to track down and install "icedtea" to make it all work. It just worked out of the box.

The JVM promised "write once, run anywhere." You can blame me for that failure, if you like, but it was then and always was a flat lie. You simply choose to ignore this.


Funny that you forgot about all the security issues of JVM applets that Wasm finally solved


And now you can run a wasm jvm: https://leaningtech.com/cheerpj/ (there are others, too)


Like this one?

  #include <stdio.h>
  #include <stdlib.h>

  int main() {
    char *s = "world";

    s[0] = 'o';
    s[1] = 'w';
    s[2] = 'n';
    s[3] = 'e';
    s[4] = 'd';

    printf("Hello, %s\n", s);
  }


Just compiled and ran it on my system within Wasm, my computer is still fine. Your point?

The point of Wasm is - programs can and will malfunction (and some will be malicious), so we have to protect the environment that runs it.


Believe a plugin need to be installed first. Fuzzy memory says the JRE install set it up for you.


You can't run c in wasm.

You can compile c to wasm and run that.

In the same way one could compile c to java byte code, write a wrapper program to allocate the "heap", disable the gc and execute it in close to the same way it executes in a wasm runtime.


It's not an open standard but the JVM spec is publically available and intended for multiple implementations

https://docs.oracle.com/javase/specs/jvms/se8/html/


I would also mention that, especially in the past, the JVM sandboxing was not great. Which is why Applets were such a problem.


Not just in the past, arbitrary program sandboxing is not possible even today.


Exactly, yet everyone pretends wasm is the exception for some reason...


Wasm is an exception. It’s designed from the ground up to have an extremely simplistic model of execution that prevents common exploits like buffer overflows and such. The WASM runtime only exposes “safe” things and at an incredibly low level. Everything has to be built on top of these abstractions. The JVM is not architected the same way, the VM has a bunch of APIs exposed to it and you have to attempt to constrain those down to make a program secure. WASM starts from a secure by default position and you grant it capabilities as needed to accomplish the task. If all you need is to take in a string, do some computation, and output a string, then you can run a WASM module with zero disk or network access whatsoever, no ability to integrate with processes, environment variables, or anything else on the system. Trying to run a program on the JVM or CLR but prevent it from reaching out of itself by blacklisting certain functions or something is an exercise in futility.


WASM was designed before spectre happened, so no it's not the exception. In-process sandboxing cannot be securely designed anymore. You can endlessly chase security exploits with increasingly expensive and convoluted workarounds, but that's about it.

> It’s designed from the ground up to have an extremely simplistic model of execution that prevents common exploits like buffer overflows and such.

So is the JVM and CLR and dozens of prior runtimes for that matter.

WASM for guests is mostly a security regression as all the design focus was on protecting the host. Things in the runtime got thrown under the security bus (such as no ASLR)

> The JVM is not architected the same way, the VM has a bunch of APIs exposed to it and you have to attempt to constrain those down to make a program secure.

You're confusing concepts here. The JVM bytecode runtime has very few APIs and WASM has no inherent requirement on being minimal or capability-based. WASI, which is what's being used here, has neither of those design attributes, for example. It's just regular POSIX apis. No permission system + massive API surface, yet still WASM all the same


I don't know about the limitations of sandboxing but I am curious. How does one break out of the JVM's or wasm's sandbox?


The approach is the same in both cases - find an exposed API surface with a privileged implementation, find some way to confuse it, exploit.

In a few cases there were JVM exploits that weren't based on that approach, almost always involving reflection or JIT compiler bugs.

The people saying WASM is easier to sandbox than the JVM are sort of half right and half wrong. The hard part of sandboxing is exposing safe APIs to the sandboxed code. WASM solves that by simply not exposing any APIs at all. This essentially punts the sandbox construction to the user and will allow WASM vendors to claim a good security track record, which they will get by not doing very much.

On the other hand, the OpenJDK guys are retreating from providing any sandbox at all and are taking it out of new Java versions. So you'll end up with mandatory exposed APIs that don't even try to be safe.

Neither approach is really all that great if what you want is the ability to run a useful set of normal-ish programs in a safe way. GraalVM has its own sandboxing features which look like a decent compromise, and you can still use process or VM sandboxing on top.


I meant decent sandboxing on the JVM is not possible, that’s the advantage of WASM.


There was a time when JVM ran in the browsers.


Yup, via Java Applets. But they were a pain to use, that's why I intentionally wrote "seamlessly" :P


As far as I could tell, the big pain point was performance -- they were just too slow on median machines during the late 90s/early 00s window they had mindshare.

I actually enjoyed using them to get around a few browser limitations around the mid-to-late 00s, and they seemed feature/performance competitive with Flash unless what you were doing fit the media authoring model closely. But by then people were skeptical about Java and if you had to do anything to get it installed they wouldn't, and the direction was native web.


The Java Kernel project sorted that out.


They were better than Flash (which needed a weirder runtime, and couldn’t interact easily with the DOM, and didn’t have variables until version 3). This is hugely improved over JavaScript at the time (pre-XHR) and had less lock-in than ActiveX.


GWT allowed to run it without applets, also much more efficient than any current stack (since they dont support closure compiler)


I spent years working with GWT, it's not nearly as simple as you describe. It's not running "Java" in the browser, it's compiling down (a subset of) Java to Javascript.

That said, GWT was ahead of its time in a lot of ways, but it had warts galore.


I recall around 2010 or so, when a company I worked for was creating a new, rather ambitions, web application. I had to argue against using Java Applets in favor of standard web technology for several components. Thankfully I won that battle.

That web application is still in use, in production, today.


> you could not run C programs in the JVM

Not entirely true, but of course there has never been any official support. http://nestedvm.ibex.org/


Memory usage too, right? A C++/Rust wasm won't consume a hundredth of the memory a JVM application typically uses. I like getting the job done on a 512MB RAM VPS. JVM the language might be cool; the bloat and forced-GC can be spared.


Java can be fast and memory efficient. The problem I see with many Java programs is that they're built on top of layers upon layers of frameworks. Web server frameworks on top of multithreading frameworks with database ORM frameworks and microservice frameworks all calling in and out of each other. Stack traces that end up accumulating 30 or 40 calls before actual product code even begins.

Tuning the garbage collector often helps, modern Java has excellent GC options that will make most software just run better. That's often not an option when you're stuck with JRE 8 because of the curse of legacy code, but modern JREs have made significant progress in both memory management and general performance optimizations.

Port the same abstractions to any language and you'll get very similar performance issues. I've seen plenty of NodeJS applications crash because they grew out of the 2GiB memory limit I set up, and those node processes weren't doing anything that I deemed worth more than half a gigabyte of RAM either.

The JVM is somewhat aggressive in claiming RAM as memory usage grows, but that often leads to a performance increase in the comparisons I've done. Setting parameters (-xmx / -xms) can often reduce the amount of memory used significantly at the cost of slower application startups.


JVM ran in relatively little memory back in the day. I remember running applets on ~16 megabyte systems. Compare that to today where you need a half gig of RAM to even launch a browser.


Right, the internet caffee computers I used to hang out at in the early 2000's had around the 128-256mb of RAM memory, and Java/Flash used to run just fine. Although Java Applets usually seemed to take longer to download, and used to wait a lot of time to start the JVM after that.


Just like a JVM for embedded development won't.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: