undefined | Better HN

0 pointskentonv4mo ago0 comments

> the whole point of WebAssembly is to solve this one problem.

For Wasm to be a secure sandbox, you have to assume a bug-free compiler/interpreter, which, alas, none of them really are. It's a somewhat easier problem than building a bug-free JavaScript runtime, but not by as much as you might expect, sadly.

> I want to build extension systems for my own apps such that users can run their own code or paste in code written by other people and have it execute safely. Similar to Shopify Functions: https://shopify.dev/docs/apps/build/functions

Ah, this is exactly the Workers for Platforms use case: https://developers.cloudflare.com/cloudflare-for-platforms/w...

And indeed, Shopify uses it: https://shopify.engineering/how-we-built-oxygen

(There's also the upcoming Dynamic Worker Loader API: https://developers.cloudflare.com/workers/runtime-apis/bindi...)

But it sounds like you really do want to self-host? I don't blame you, but that does make it tough. I'm not sure there's any such thing as a secure sandbox that doesn't require some level of monitoring and daily maintenance, sadly. (But admittedly I may be biased.)

0 comments

simonw4mo ago

Yeah my ideal is to have something that cleanly "pip installs" as a dependency such that users of my open source Python projects can self host tools that let them extend using arbitrary code, including code written by LLMs.

I've been picking at this problem for a few years now!

On the one hand I get why it's so hard. But it really feels like it should be possible to solve this in 2026 - executing arbitrary code in a way that constrains its memory and CPU time usage is a problem our industry solves in browsers and hosting platforms and databases and all sorts of other places, and has done for decades.

The whole LLM-assisted end-user programming thing makes solving this with the right developer affordances so valuable!

hiccuphippo4mo ago

If the code is gonna be written by LLMs anyway skip the js, directly use wasm and allow any language that compiles to it with something like https://extism.org/

rattray4mo ago

Ah, in that context, why not just give the people workerd? People using & running OSS libraries are used to the fact that there might be vulns in libraries they're using, right?

kentonvOP4mo ago

Or put another way:

If Simon's users choose to self-host the open source version of his service, they are probably using it to run their own code, and so the sandbox security matters less, and workerd may be fine. The sandbox only matters when Simon himself offers his software as a service, which he could do using Workers for Platforms.

(But this is a self-serving argument coming from me.)

j / k navigate · click thread line to collapse