this post was submitted on 27 Apr 2026
457 points (98.5% liked)
Linux
13504 readers
394 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Most software can effectively run in a browser at this point, and the bit that can't can be self hosted on a server and then cast to your browser.
Really not how most of the software works. I install ton of apps locally like games, Libre office, ect. Running all in browser is a pipe dream. Also extremely memory and CPU inefficient
It really is. WebASM is miles beyond what you're probably thinking of in terms of browser based performance, and most companies these days do not have local applications installed for their office workers. Office 365 is by far the most popular version of office, and it's entirely browser based. Most in-house corporate IT work from the last decade is electron wrappers of internal company websites acting as simple interfaces for actual heavy lifting.
While there's definitely some apps that are a bit too heavy for WebASM (or just javascript/.net for the above examples) this list is vanishingly short these days. I'd say blender and other 3d rendering would be inefficient just because WebASM has weird interactions with anything other than OpenGL and Vulkan, But even Unreal 5 can export to WebASM and do it fairly well (as well as OpenGL can perform, that poor outdated thing).
Heck just go to itch.io or any website that has ported over games to WebGL/WebASM. You can run Half-life directly on your browser these days. Half Life of all games. That's more demanding than anything not 3d that you'd run in an office.
I know what web assembly is. It's not a golden one-for-all solution you try to paint it to be. There's a reason why you won't see any modern AAA games in Wasm except ancient stuff like half life or Quake 3. It's just not fast enough and not memory efficient enough.
Jesus no. It's obvious you don't play games. Unreal engine can export to Wasm but noone does this. Everyone develops games natively with DirectX 12 api in mind (and very rarely Vulkan like in case of Doom or Red dead redemption 2) You're just blatantly wrong with this.
What's web assembly is good for is what's in the God damn name: Web apps. You can squeeze in office into it, because office is ultra lightweight use case, that back in the day ran on 486dx4 with 16Megs of ram. It now runs on 3ghz CPU and requires hundreds of megs of ram, this is insanely wasteful. We can afford these resources, but it's still wasteful as hell.
Office 365 also refers to the desktop apps as well as the web versions, has done for many years now. Though I suppose it's all copilot 365 now.
Source: Am office worker where we use office 365, and we all use the native system software, with the browser versions as for quick editing when elsewhere.
Counter-example: secure encryption. You can't do that in a browser.
You're all over this thread posting bad takes. Of course you can do secure encryption in a browser. There's absolutely nothing stopping you from using any encryption algorithms within a browser whatsoever. I don't even understand what you could possibly mean. There are so many ways to achieve it.
There are numerous ways to place decryption backdoors into a website's JavaScript. How would you make sure that there is no MITM when trying to safely encrypt (e.g.) an e-mail in your browser?
Who said anything about a website? You said browser. You can run fully-local resources in a browser, such as browser extensions, locally hosted tools, even just running in a .html file on your local disk somewhere. Javascript also isn't the only option available to solve this problem.
Not sure if you're just trolling at this point.
You said:
No, you can't. I explained why.
...and I just explained to you how you can?
Ok, I'll bite:
How would you do that without violating essential security measurements?
Hope this helps.
You are aware that WASM requires JS, right?
I mean, yes, running the application itself would be secure, but that's not in the browser. You cannot trust your browser. Ever.
I think you're mistaken, there. WASM is often used alongside Javascript, but beyond the one-liner to fetch and load it, there's actually nothing which inherently requires JS beyond that.
Can you explain why you feel that locally running Javascript is more insecure than using, say, locally running Python code, for encryption?
There is no established way to load WASM in your browser without JavaScript code that does it for you, so there actually is.
A web browser is the most vulnerable software on your computer.
To stick with the one example I brought, namely GnuPG encrypted e-mails: Running GnuPG locally on my machine to encrypt/decrypt/verify an e-mail before pasting the result into (e.g.) my e-mail client is reasonably secure. GnuPG has been audited thoroughly enough, so it's (relatively) safe to assume that no bad actor will read and/or modify the e-mail on the way. I am not aware of any JavaScript alternative with a similar security record.
I think we're derailing a bit though. My original comment was:
Locally and in a browser are, in real life, mostly different things and I assume you know that. GnuPG in webmail software without having used it locally first, which is what I was hinting at, just isn't secure.
edit: Bed time, might continue this tomorrow after work if I'll find some Lemmy time... good night for now!
I thought you meant like you had to use Javascript to marshal between the WASM module and the user interaction. What you really meant is that you're objecting to, basically, a load call. One line of Javascript code to load and run the WASM module. What possible security risk could that pose?
And again, I've not heard an adequate explanation as to how locally-running JavaScript encryption code would be any less secure than, for example, running a Python script in the terminal.
I think you're basically admitting that you meant that verifiably secure encryption using a website is impossible (other than e.g. TLS), which I would agree with, but that's not what you wrote. Browser extensions are used all the time to handle all sorts of secure encryption in high risk scenarios, such as for password managers. That is a perfectly valid example of encryption within a browser - and it was the first one I mentioned.
Please just admit you were wrong, or that you meant to say "website" rather than "browser". It's okay, trust me, people respect you more when you can admit that sort of thing, it makes you look strong and capable of taking criticism.
I might, indeed, have miscommunicated my assumptions. Thank you for pointing it out.
No worries! Take care, and sleep well <3
Counter-point: Cubeless and platforms like it are close enough to a browser and handle that. Also by the very loose definition of secure encryption, https.
That's a very loose definition indeed.
"Close enough to a browser" isn't a browser. GnuPG in a browser just won't work and most other encryption facilities aren't quite as secure (and transparent).