惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
Microsoft Azure Blog
Microsoft Azure Blog
The GitHub Blog
The GitHub Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Recorded Future
Recorded Future
Y
Y Combinator Blog
Cloudbric
Cloudbric
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cybersecurity and Infrastructure Security Agency CISA
TaoSecurity Blog
TaoSecurity Blog
Security Latest
Security Latest
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
DataBreaches.Net
Security Archives - TechRepublic
Security Archives - TechRepublic
H
Hacker News: Front Page
C
Cisco Blogs
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
Recent Commits to openclaw:main
Recent Commits to openclaw:main
V
Vulnerabilities – Threatpost
L
LINUX DO - 最新话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
A
About on SuperTechFans
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Jina AI
Jina AI
C
CXSECURITY Database RSS Feed - CXSecurity.com
Schneier on Security
Schneier on Security
T
Tenable Blog
N
News and Events Feed by Topic
W
WeLiveSecurity
有赞技术团队
有赞技术团队
AI
AI
爱范儿
爱范儿
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
T
The Blog of Author Tim Ferriss
S
Security Affairs
Know Your Adversary
Know Your Adversary
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
Google DeepMind News
Google DeepMind News
The Cloudflare Blog

StackBlitz Blog

Cloudflare is now backing pkg.pr.new’s data infrastructure! Bolt 100K Open Source Fund ViteConf 2024 was a blast Unbundling the JavaScript ecosystem StackBlitz is joining the Open Source Pledge Announcing TutorialKit: Interactive tutorials in the browser Get ready for ViteConf 2024 Announcing pkg.pr.new StackBlitz welcomes Ari Perkkiö, core team member of Vitest Catch us at Figma Config WebContainers and the future of web dev (interview with Jòan Varvenne) Open Source at StackBlitz Avoiding CORS issues with this one simple trick How to document design system components What is Vite (and why is it so popular)? Improving the developer experience of enterprise design systems Flow state: Why fragmented thinking is worse than any interruption What is Storybook? An Overview for Developers The Self-Rendering Eval Shirt Starters Upgrade: WebContainers and Vite Putting the Dev in Figma’s Dev Mode Announcing StackBlitz Self-hosted Building Together in Illinois 5 lessons design systems teams can learn from open-source maintainers Announcing Native Language Support in WebContainers Introducing StackBlitz Teams ViteConf is back! Bringing Sharp to WebAssembly and WebContainers npm, yarn and pnpm are now supported natively in WebContainers The Atomic Waltz: Unraveling WebAssembly Issues in V8 and SpiderMonkey WebContainers now run on Safari, iOS, and iPadOS Now I am become the Destroyer of Threads WebContainer API is here. StackBlitz September 2022 Update StackBlitz August 2022 Update StackBlitz July 2022 Update Introducing: Collections and Social Previews! Down the caching-hole: adventures in Announcing ViteConf StackBlitz June 2022 Update The Fox and the Bolt: Bringing WebContainers to Firefox WebContainers are now supported in Firefox on desktop and Android StackBlitz May 2022 Update StackBlitz April 2022 Update Cloudflare and StackBlitz partner to bring Cloudflare Workers to your browser Powering over 2M developers a month, StackBlitz has raised $7.9M StackBlitz March 2022 Update Announcement: WebContainers are out of beta in Chromium StackBlitz February 2022 Update Bringing WebContainers to all Browsers: a call to action for COEP Credentialless Cross-Browser support with Cross-Origin isolation StackBlitz welcomes Patak, core maintainer of Vite Chasing Memory Bugs through V8 and WebAssembly Remix v1 has landed, and it runs on WebContainers SvelteKit is now fully supported in WebContainers We Shopify partners with StackBlitz to bring Hydrogen development in-browser StackBlitz September 2021 Update Introducing Vite.new Templates! Announcing WebContainers Astro support! 🛰 Introducing: SQLite3 support in WebContainers! 🧪 StackBlitz July 2021 Update StackBlitz June 2021 Update Introducing WebContainers: Run Node.js natively in your browser Interactive Docs: The new norm for Remote Work
StackBlitz has joined the Bytecode Alliance
Lin Clark Announcing the Bytecode Alliance · 2022-03-15 · via StackBlitz Blog

We're StackBlitz, a web IDE powered by WebAssembly. We're excited to join this cross-industry partnership accelerating the world's transition to secure-by-default computing with WebAssembly and more rapidly bring WebContainers to all devices, languages, platforms, and runtimes.

Today we’re excited to share that StackBlitz is now an official member of the Bytecode Alliance. This amazing rank of organizations is working together to create a faster, secure-by-default future for computing that leverages decades of experience doing so inside web browsers.

WebAssembly plays a key role in enabling this new future, and the Bytecode Alliance is tackling some of the greatest challenges to unlock widespread adoption of WebAssembly both inside and outside of browsers. Their work to date includes new standards such as the WebAssembly System Interface (WASI) and popular ecosystem tooling like wasmtime or wit-bindgen.

Lin Clark’s must-read post announcing the Bytecode Alliance offers a deep dive into the current security issues software toolchains face and the motivations and guiding principles of how the Bytecode Alliance aims to solve them. This quote captures it well:

Together, we’re putting in solid, secure foundations that can make it safe to use untrusted code, no matter where you’re running it — whether on the cloud, natively on someone’s desktop, or even on a tiny IoT device.

With this, developers can be as productive as they are today, using open source in the same way, but without putting their users at risk.

Why we’re joining

StackBlitz shares this same vision for secure WebAssembly-based computing. When we set out to build WebContainers, our WebAssembly-powered containerization technology, it was clear to us that something special was happening with WebAssembly and a different type of future was being unlocked. Millions of developers now use WebContainer environments on StackBlitz.com every month, but still, much remains to be done to bring this technology to all computing environments.

Being a part of this cross-industry partnership is enabling us to bring WebContainers more rapidly to all devices, languages, platforms, and runtimes.

In fact, we’ve already made progress in the short time since we joined:

  • We’ve collaborated with the folks at Mozilla and begun enabling full support for WebContainers in Firefox
  • We’re working with Shopify to leverage the power of WebAssembly environments to make deploying e-commerce applications simple and secure
  • We’ve deepened our partnership with Google by providing feedback on new capabilities APIs and identifying key WebAssembly limitations
  • We’ve begun R&D on bringing WebContainers to edge computing environments like Fastly Compute@Edge
  • We’ve begun R&D on bringing Python, Ruby, and other languages to run on top of the WASI and WebContainers API surfaces

How we plan to contribute

We are standing on the shoulders of giants in the Bytecode Alliance who have been incredibly supportive of our mission and its execution. In turn, we also want to contribute, and we are uniquely able to do so in the following ways:

1. Help tighten the feedback loop for standards and implementors

The largest stress tests of computing platforms are often video games and IDEs. Both of these application types require API surfaces that only the most powerful, mature, and robust platforms can provide and thus, serve as a good “north star” for which platform vendors strive.

This is actually where WebAssembly originated. In the early 2010’s, Mozilla wanted to expand the web’s capabilities to enable desktop grade applications and started up their games program. In this article from IEEE, Luke Wagner explains their motivations:

“The thinking from team leader Martin Best of Mozilla was this: If we could make games run well on the Web, other computationally intensive applications would soon follow.”

Their work in this regard was wildly successful and ultimately led them to invent emscripten, asm.js, and then WebAssembly itself. In turn, these technologies have now enabled video games to run inside browsers and also unlocked new productivity tools that made rich editing possible for graphics, videos, documents, and more.

However, IDEs pose additional sets of challenges beyond what games require such as some level of environment virtualization to enable developers to build the platform using the platform. This is a key stress test, and it’s why our work on WebContainers is unique in how it pushes the absolute limits of what WebAssembly and browser engines can do. This also means we’re often the first to run into critical platform bugs and limitations. Some examples of this include:

  • Identifying and/or fixing mission critical bugs in browser engines, like recent issues with V8 WASM memory and threads in Firefox
  • Pushing for standards that next-gen WebAssembly applications require, like COEP: credentialless and WebAssembly Threads
  • Upstreaming our relevant knowledge & work on WebContainers to benefit standards, implementors, and ecosystem tooling

The faster these types of issues are identified and addressed, the faster our industry can unlock this new future. With millions of developers pushing the cutting edge of WebAssembly and browser engines on StackBlitz.com every month, we are uniquely positioned to help close this feedback loop and enable new types of computationally intensive applications to exist on the web.

2. Help the web ecosystem adopt WebAssembly and secure supply chains

We want secure WebAssembly-based environments to proliferate everywhere, without developers needing to rewrite their software. This can only be possible if the transition for developers is seamless and provides a better experience than native binaries. In general, this is StackBlitz’s guiding product philosophy: everything must be faster and more secure, by default.

Additionally, with the increase of npm supply chain attacks, JavaScript toolchains need to increase security posture. StackBlitz is one of the leaders in this area and we are committed to providing developers with the fastest and most secure environments, as well as upstreaming our knowledge and work to benefit the entire web ecosystem. Some examples of this include:

  • WebContainers’ novel compute model, which is the first Node.js environment capable of executing 100% of third-party code within the browser security sandbox,
  • Our embedded package manager Turbo, which is the first publicly available tool that solves the long unaddressed npm vulnerability that Sam Saccone reported over five years ago,
  • Based on this foundational work, our team has upstreamed changes to Node.js core, paving a path to fully sandboxed execution in local environments.
  • Our team has built deep domain expertise with Rust and WebAssembly, and we frequently help popular projects like Next.js create secure-by-default WebAssembly binaries that can run completely sandboxed.

This is just the beginning of our work in these areas and we are excited to share the breakthroughs and capabilities we have been working on over the coming months.

The future of computing

We are grateful to be a part of the Bytecode Alliance and excited to help make our shared vision a reality. If all goes as planned, this fourth decade of the web may be on the brink of getting really crazy, really fast.

StackBlitz joins the Bytecode Alliance

You can learn more about the Bytecode Alliance and ways to get involved over at bytecodealliance.org.

Eric Simons

CEO at StackBlitz making web development fast & secure. Viva la Web!