• they/them

Website
rph.space/

I'm reading so much discourse about the new HarfBuzz wasm renderer on Twitter, Github and Phoronix comments and it strikes me as very surprising how little people who claim to care about security actually know about how modern computers and computer software stacks work.

Using wasm with a tiny api layer and a relatively well made runtime is safe. If you don't do JIT or crazy optimizations, a wasm implementation can be trivially validated and made to be safe. The fact that it "runs code" and "oh my god they made llama.ttf!!! this is horrible how do I turn it off" means completely and absolutely nothing.

It makes me almost wonder if this is somehow a malicious attack on HarfBuzz, an excellent project. Or maybe the fact that the technology is called "Web" "Assembly" gives people the wrong idea. By default there is nothing "Web" about WASM, aside from the fact that it was made for web browsers primarily. If anything, being made for Web Browsers first of all should be a bonus, because web browsers are the biggest attack surface and therefore have to be designed around that.

But no, it's easier to just spout bullshit online how the harfbuzz authors are sponsored by the CIA to put backdoors into font rendering. Absolute bullshit.


You must log in to comment.

in reply to @Rph's post:

I feel like it has the basic appearance of over engineering (fonts are simple, right? Right???) and lots of folks take that as a license to shit on it even if they aren't terribly knowledgeable about it.

The funny thing is a WASM shaper is, arguably, less complex than everything else in HarfBuzz. Having a small lightweight runtime and offloading all complexity on font authors is a good thing that reduces attack surface.

But some people think that the latin alphabet is the only one that exists, so all typesetting must be super simple and how dare people try to make their language good on a computer. (Read through the comments marked as offtopic in this github discussion: though trigger warning for racism: https://github.com/harfbuzz/harfbuzz/discussions/4767#discussioncomment-9867285 )

I especially like the bit where they said "actually you're the racist because you gave an example of racism, which means you said something racist and are therefore racist". Yeesh.

In any case, I hope the HarfBuzz maintainers ignore such noise and do eventually enable this by default (perhaps having set some hardening flags in the wasm engine and setting execution time limits). This is a genuinely great technology that has the potential to make a lot of very positive impact