If I can use C/C++ with static typing(of course if I can do DOM manipulation from my C/C++ program) why I should use JS?
You might not like JS personally but there are plenty of things to like about it and many other people do.
In practical terms, browsers will support JS forever for backwards compatibility even if all new code is written in WASM.
The relationship between WASM and JS seems to be "js/js virtual machines are a de facto standard, so let's not repeat the mistakes of Java plugins and instead build off that foot-in-the-door."
You could make the same argument about any higher level language, even those with as many quirks as JS, like PHP ;)
This is cool, because this means people will implement their own garbage collection mechanism, which could lead to interesting innovations.
Modern computers getting slow at 20 tabs of typical news sites articles is already pretty interesting. But I can't wait to see how can we innovate this even further!
I'm impressed you can read 20 articles at once! (Said only half jokingly. I do the same thing, but optimizing my behavior is probably the better solution to slowness)
2. If web-assembly incorporates a GC, then it will become needlessly complicated.
3. Unnecessary complication in web-assembly means also unnecessary room for security flaws.
(4. What good is a web assembly if you can't implement an efficient garbage collector in it?)
Worse is that tons of web applications that get exploited won't be understood by the people who run them. Wordpress is a total minefield right now and it gets hacked all the time. What'll happen once they have a module that compiles up web assembly output for all the other modules running to speed things up?
EDIT: wordpress the thing you install yourself, not wordpress the hosted app
WebAssemly will have a readable text format for view-source functionality: https://github.com/WebAssembly/design/blob/master/TextFormat...
Second:
"...so much easier to spy on people and hide all kinds of nastiness in web applications."
What kind of spying and nastiness? WebAssembly will not have more access to your data than the JavaScript API. It will have access to the same API as JavaScript. For example if it wants your location it will call the same HTML5 location API and with the same restrictions, with the permission popup. Or setting cookies will also call the same API. And thanks to the built-in developer tools in browsers you can check the outgoing requests to see what is sent and to where.
It's not so much about spying on your computer and gaining extra access, it's obvious (short of implementation bugs) that you won't gain any additional privileges that way.
But what you will gain is a way to obfuscate extremely well "report such and such to some webserver" in a way that's difficult to detect. For example, you can hide the entropy inside of a fairly innocent looking URL and without a lot of digging you won't know what that entropy represents. It can look like just a plain jane resource request and the webserver can serve up the exact same resource no matter what the entropy is, but also record that entropy for a back-channel way of exfiltrating information from your browser.
Finally, it opens up a whole new world of compiler attack. Right now the attacks against wordpress involve writing some information into a file and making it look "weird but I don't know what it does so I'd better not touch it".
What happens when breaking into a wordpress install means that you can execute the equivalent of the untraceable compiler login exploit insertion attack? You can't perform this attack without 1) a compiler and 2) a low level target that's hard to understand. You don't even need to perform a stage 3 attack which is the most sophisticated, a stage 2 would do fine.
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thomp...
I don't think this is going to be an issue, or be any different than where we are now.
Once you have machine code that's not terribly human readable it gets a lot easier to hide things.
"The initial implementation of WebAssembly support in browsers will be based on asm.js and PNaCl". PNaCl? https://en.wikipedia.org/wiki/WebAssembly , https://en.wikipedia.org/wiki/Asm.js
So is WebAssembly mere an asm.js v2 where all browser vendors agreed on a standard?
WebAssembly should give us opportunity for this.
In my experience, carefully optimized JavaScript is still 10x slower than equivalent C++. C++ to JS brings that down to 2x.
Heh, since every binary executable has a non-compiled source code somewhere out there, can we call them readable too?
Think of it like how assembly is to machine code, but probably more readable.
