|
| tmp_anon_22 wrote:
| In your view how does the chosen technology stack impact these
| three measurements:
|
| * user experience
|
| * speed of feature development
|
| * operational cost including cloud billing and staffing/training
| costs
| skybrian wrote:
| It seems WebAssembly itself defines text and binary formats for
| modules, but I'm wondering what this particular package format
| looks like. A directory of files? What are they? How does linking
| work?
| [deleted]
| eyelidlessness wrote:
| I found this yesterday and, maybe it's because I'm viewing on
| mobile, but the Explore functionality is very confusing. For
| instance sorting alphabetically... doesn't. Search shows
| potential matches in the autosuggest that don't show up in actual
| search results. Filters clear search queries _and vice versa_.
| Yesterday I didn't see a "load more" button, I'm pleased to see
| that today because currently it seems like the only way to
| actually explore.
| syrusakbary wrote:
| Official announcement (with Youtube video overview included!):
| https://wasmer.io/posts/wapm-revamp
|
| [0] Previous announcement in HN (2019):
| https://news.ycombinator.com/item?id=19732794
|
| [1] https://registry.wapm.io/graphql
|
| [2] https://github.com/django/channels/
|
| [3] https://nextjs.org/
|
| [4] https://relay.dev/
|
| [5] https://tailwindcss.com/
|
| [6] https://wasmer.io/
| CyberRabbi wrote:
| With NPM I can install packages, develop with them, and then use
| webpack to bundle everything into a single JS file. How can I
| bundle the WAPM packages I install into a single WASM file?
|
| Also is there a way to use the WAPM packages I install from
| emscripten? How would I import these packages from C?
| almet wrote:
| Thanks for the info and the work done.
|
| I don't quite understand how this fits in the picture of other
| package managers. If it's capable of being a multi-platform
| package manager, that would be great, but I suppose it's a
| complex task to have software and libraries running on all
| operating systems without any difference in usage.
|
| Is it a stated goal of this tool? Am I looking at this the wrong
| way?
| danenania wrote:
| Looks cool! A question--your tag line says:
|
| "Apps, libraries, and native executables that run on Linux,
| macOS, and even Windows."
|
| The ' _even_ Windows ' makes me wonder whether Windows support is
| fragile or not fully baked? I don't know a lot about WASM--does
| it generally not work well on Windows? If it's working smoothly,
| I'd consider taking that 'even' out.
| syrusakbary wrote:
| Fixed! Thanks for the feedback!
| kybernetikos wrote:
| Just trying to run some things on windows and it does look like
| maybe it's not fully formed. quickjs panicked with 'not
| implemented: VirtualFile::poll is not implemented for non-Unix-
| like targets yet'. Just before that irb didn't work with just a
| generic crash.
|
| I do love the initiative though.
| rackjack wrote:
| Wasn't there some Wasmer controversy with the CEO or founder or
| something last year? Not trying to disparage the company or their
| work, I was just reminded of it by this post.
| throwa92582236 wrote:
| indeed! https://news.ycombinator.com/item?id=28772863
| encryptluks2 wrote:
| Sounds toxic, which is sort of my experience with WASM as a
| whole. Browser vendors should already be ashamed for what
| they've done but now they are ready to try to convert all
| your apps into spyware garbage.
| eli5pppls wrote:
| no_circuit wrote:
| "Run it in the browser" is pretty cool! I've played some with
| Rust / WASM in the past, but at the moment don't have bandwidth
| at the moment to try WAPM/Wasmer.
|
| Assuming the goal is able to use software written in any language
| as easy as it is if you were a java or dotnet developer, how do
| you plan on getting this as big as npm or PyPI? A lot of the
| examples I've clicked on seem to be forks of the projects instead
| of pulling in the original source as a git submodule.
|
| My Bazel-based bias would be to assume WASM is mostly an
| execution platform target, just like linux/x86_64 or macOS/m1,
| and I should be able to pull in and compile the source myself at
| any version I choose. It is hard enough as it is to pull in
| official third-party library sources into Bazel due to the varied
| ways libraries are built, so I don't see how the current official
| maintainers of projects will also volunteer to also maintain
| their build process and profile for WAPM too.
|
| Some feedback about potential issues:
|
| When I search packages for "Library" for "All Time" nothing shows
| up in the list. But things like sqlite and ken-matsui/jyt are
| labeled as "Library" on the detail page, while their docs make
| them look like "Standalone".
|
| Package details probably should be sanitized. For example in
| rajsite/exorbitant the GITHUB attribute uses a git+https URL
| which isn't helpful for a web browsing session. And the HOMEPAGE
| says https://github.com/rajsite/exorbitant, but the actual link
| goes to "cowsay.overnice.com". I haven't created an account to
| see how a package is created, but a GitHub project link should
| only accept user/repo to generate the URL automatically.
|
| The collaborators list of ken-matsui/jyt is empty, yet the
| package says it was last updated 2 days ago. The tooltip on the
| avatar icon says "ken-matsui", but it isn't an alternative way to
| click to the profile/namespace page. Also last updated-by should
| display the user/namespace name of who updated it, even though it
| is implied.
|
| Recommend cleaning out or suppressing in search package that
| haven't been updated or attested to be up-to-date within a few
| months. For example "sqlite/sqlite" is showing up for me in
| "Popular Standalone Apps" on the homepage, but it hasn't been
| updated in 2 years. I see that you own the package, but also
| understand that you need to get the repository seeded with useful
| packages, and that a startup can take many years before hitting
| the next point in the change of the growth curve.
| miloignis wrote:
| I'm a big fan of WebAssembly and the idea of WAPM! It's very
| cool, and I'm hopeful for a more interoperable future.
|
| A quick bug report: the "Open in Shell" feature seems to fail in
| Firefox due to a CORS problem? It did work in Chrome when I tried
| it though.
|
| Another question - it seems like a lot of the packages are pretty
| out of date, for instance the end-of-life Python 3.6 - clicking
| through to the GitHub page it looks like it's managed by a wapm-
| packages organization, and managed by Wasmer itself. Will they
| get more updates now that the new version of WAPM is out? Is it
| more of a community driven thing? (And an additional bug report,
| the Wasix link in the wapm-packages/python README is broken)
| syrusakbary wrote:
| I was able to get the shell running in Firefox (for example,
| running ls or echo "hello"), but I think you are right that
| something is off when you try to install a package. Looking
| into it right now!
|
| Some packages (like Python 3.6) are a bit out of date. We are
| planning to update most of them as languages add native support
| for Wasm and WASI. But yes, in general the packages are mainly
| community driven.
|
| For example, you should be able to try irb / Ruby latest
| version here (thanks to their WASI support upstream a few weeks
| ago!)
|
| https://wapm.io/katei/irb
| sbeckeriv wrote:
| irb in firefox gives me:
|
| Cross-Origin Request Blocked: The Same Origin Policy
| disallows reading the remote resource at https://registry-
| cdn.wapm.io/packages/katei/irb/irb-0.1.3.ta.... (Reason: CORS
| request did not succeed). Status code: (null).
|
| It is every package. Looks neat anyway! thanks.
| timmit wrote:
| Wait, I thought originally it was a NPM for WebAssembly.
|
| But it looks like a WebAssembly version of Homebrew.
| [deleted]
| syrusakbary wrote:
| It's kind of both at the same time :)
| mfer wrote:
| I was surprised that I couldn't read the source for it. Doesn't
| appear to be open source.
| rdxm wrote:
| In this day and age, it's arguably irresponsible to publish any
| tooling that does not organically integrate a requirement to use
| Sigstore for all packages allowed to be uploaded.
|
| The very first things you should be talking about on your service
| is provenance mechanisms and security.
|
| I don't believe I saw anything related to thos topics on your
| site. Did I miss it?
| jacques_chester wrote:
| In fairness, Sigstore is a pretty new technology. Existing
| package managers haven't integrated it yet, though are working
| towards it. For example, I've been working with colleagues on
| proposing a design for RubyGems[0]. And as far as I know we're
| about as far ahead as anyone has gotten.
|
| There's an informal group of software repo folks meeting with
| some assistance from the OpenSSF. WAPM folks, please feel free
| to hit me up at my work email (in profile).
|
| [0] https://github.com/rubygems/rfcs/pull/37
| derefr wrote:
| Sure, but "existing package managers haven't integrated it
| yet" because of a burden of legacy and wanting to ensure a
| smooth transition for the ecosystem; not because it's hard to
| integrate. It should be extremely simple for a greenfield
| package-ecosystem, that isn't replacing any other mechanism
| _with_ Sigstore, to adopt it.
| syrusakbary wrote:
| From what I've seen in a few minutes looking at Sigstore,
| it seems they require packages to be stored in a OCI-
| compliant store... which it differs on how package managers
| are storing packages. So it might be not as trivial.
|
| Or perhaps I'm missing something?
|
| https://github.com/sigstore/cosign
| jacques_chester wrote:
| It's an understandable confusion. The key components are
| Fulcio, a certificate authority, and Rekor, a
| transparency log. Fulcio generates short-lived public
| certificates for (approximately) each signature. Rekor
| stores the certificate and signature.
|
| In the case of cosign, this is done for container images
| and the signature is then made available via the OCI
| registry API. But it needn't be; for RubyGems we envisage
| storing log extracts side-by-side with .gem files. We
| anticipate other package systems will do similarly. One
| of our discussions has been whether we can converge on a
| shared format for those extracts.
|
| This section of the RubyGems signing RFC might help:
| https://github.com/Shopify/rfcs/blob/new-signing-
| mechanism/t...
| syrusakbary wrote:
| WAPM already has a mechanism for signed packages (although not
| through Sigstore, first time I'm hearing of it but thanks for
| the reference!)
|
| You can read more about it here:
| https://medium.com/wasmer/securing-wapm-packages-with-packag...
| octopoc wrote:
| What forms of input/output are supported in WAPM packages?
| Obviously stdout and stdin, but are some sort of socket API
| supported?
| syrusakbary wrote:
| Wasmer will soon support sockets, which will allow running
| networking in packages server-side.
|
| On the client-side of things, browsers don't currently support
| arbitrary socket connections it so that might be a bit tricky!
| But still feasible, for example you can proxy the socket
| packets through websockets and a main server that handles the
| outside connections
| derefr wrote:
| Does client-side Wasmer support WebRTC Data Channels?
| kapilvt wrote:
| is the the tech stack for wapm.io backend open source?, I've been
| looking around for a decent cataloging / registry tool. afaicr
| the only oss extant one is ansible's galaxy.
___________________________________________________________________
(page generated 2022-03-02 23:00 UTC) |