26 comments

  • yjftsjthsd-h2 hours ago
    &gt;This port cost over 25k in opus&#x2F;fable tokens for debugging and JIT research<p>&gt; This was just a fun experiment to push the boundaries of WebAssembly<p>I&#x27;m a huge fan of the project, but I have to ask. If spending $25k is a &quot;fun experiment&quot;, where exactly is your threshold for serious work?
    • tiagod2 hours ago
      Was it really $25k, or was it done though subscriptions with a reported cost of $25k?<p>I&#x27;m on the openai $100 sub and frequently my codexbar will show $250 usage in a day. I think it probably doesn&#x27;t have access to the cached token share too, which probably inflates that a lot.
    • userbinator53 minutes ago
      This naturally begs the question, would a human be willing to do the same thing for $25k, and how long would that take?
    • smalltorch2 hours ago
      I imagine it is 25k tokens not dollars
      • esafak49 minutes ago
        You can&#x27;t do anything for 25k tokens; I&#x27;ve spent 100m today and the day isn&#x27;t out yet.
      • yjftsjthsd-h2 hours ago
        <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=48927724">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=48927724</a> seems to say dollars? Although yes the phrasing could be clearer in the post
      • andai1 hour ago
        I think the system prompt is bigger than that.
      • rustyhancock2 hours ago
        That&#x27;s standard token usage for &#x2F;init
      • dangoodmanUT2 hours ago
        25k tokens is a few turns
  • degamad3 hours ago
    I&#x27;m so glad this exists, I&#x27;ve been considering doing something like this for a few months.<p>I recently got a TV based on VIDAA os, a locked-down linux-based OS where everything is rendered from Web pages. It has a built-in browser that doesn&#x27;t support ad-blocking (I suspect VIDAA is profiting from showing ads on the TV), and you can&#x27;t install new apps unless they&#x27;re Web pages.<p>This would hopefully allow one to run Firefox within the existing browser, then install uBlock Origin within Firefox... I know what this weekend&#x27;s project is going to be...
    • coolelectronics3 hours ago
      We also plan on adding extension support to <a href="https:&#x2F;&#x2F;github.com&#x2F;HeyPuter&#x2F;browser.js" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;HeyPuter&#x2F;browser.js</a> soon, which should hopefully cover use cases like that as well without the full overhead
    • shevy-java3 hours ago
      Firefox should really bundle ublock origin as-is. I install it afterwards anyway but I don&#x27;t understand Mozilla here. They seem to want to stay behind Google.
      • quantummagic2 hours ago
        In 2024, &quot;search royalties&quot; brought in approximately $585 million for Mozilla, largely from Google. It&#x27;s not hard to see why they tread very lightly around ad blocking. It&#x27;s actually impressive that ublock remains easy and painless to install as an extension.
      • mrtesthah41 minutes ago
        They already bundle Brave’s rust-based ad-blocker:<p><a href="https:&#x2F;&#x2F;shivankaul.com&#x2F;blog&#x2F;firefox-bundles-adblock-rust" rel="nofollow">https:&#x2F;&#x2F;shivankaul.com&#x2F;blog&#x2F;firefox-bundles-adblock-rust</a>
  • coolelectronics3 hours ago
    Oh and for anyone asking, you can run firefox-wasm inside firefox-wasm inside firefox! I only got this to load once though since it gets pretty unstable at that level.
  • lxe16 minutes ago
    It&#x27;s kind of ironic how this doesn&#x27;t work in Firefox.
  • ksmithbaylor24 minutes ago
    I can’t help but think of Gary Bernhardt’s 2014 talk, “The Birth and Death of JavaScript”: <a href="https:&#x2F;&#x2F;www.destroyallsoftware.com&#x2F;talks&#x2F;the-birth-and-death-of-javascript" rel="nofollow">https:&#x2F;&#x2F;www.destroyallsoftware.com&#x2F;talks&#x2F;the-birth-and-death...</a>
  • MajesticHobo23 hours ago
    Browser sandboxing is now fully solved.
    • yjftsjthsd-h2 hours ago
      In mean... It kinda feels like this is legitimately true? An attacker trying to do anything on a user&#x27;s machine through this would have to find a Firefox vulnerability and a vulnerability in the wasm runtime, which is such a high bar that I would actually feel remarkably safe running this thing. The only question is how performance works and whether there are any pain points using as a daily driver, but those feel likely to be a pretty minor point. Oh, and the usual caveat that an attacker can still compromise things inside the sandbox which does leave a certain amount of exposure (but if you run different things in different instances they&#x27;re isolated).
      • Retr0id16 minutes ago
        Assuming you&#x27;re running Firefox as the outer browser too, in theory it only needs a single bug in the wasm runtime, plus a sandbox escape.
      • rlmineing_dead2 hours ago
        This is true but also this is probably also only half true. Sandboxing is not a fully solved issue since this 100% degrades firefox sandboxing since fission cant run and its running in singleprocess mode. Just wanted to be honest about this
  • EvanAnderson41 minutes ago
    I&#x27;ve been waiting for this to happen.<p>The websites that don&#x27;t want you to block ads will serve you an obfuscated &quot;inner browser&quot; that will render their site. All your ad blockers, etc, are rendered moot.<p>Once accessibility is solved this is absolutely going to be a thing on major websites.
  • brewmarche2 hours ago
    Can’t get it running on Firefox 152.0.6 (aarch64), no extensions.<p><pre><code> [chrome-demo] chrome assets ready [gecko] warning: unsupported syscall: __syscall_madvise [gecko] embed-xul: main() on the app pthread (PROXY_TO_PTHREAD) [gecko] embed-xul: GECKO_GL_PASSTHROUGH=1 [gecko] embed-xul: GECKO_COARSE_CLOCK=1 [gecko] embed-xul: GECKO_GPU=1 (GPU&#x2F;WebRender-&gt;canvas rendering) [gecko] xul_init: GRE dir = &#x2F;gre [gecko] Pthread 0x11051000 sent an error! blob:https:&#x2F;&#x2F;developer.puter.com&#x2F;edc1bd0a-b844-4a18-a69a-63dd49dc304a:8906: SecurityError: Security error when calling GetDirectory</code></pre>
    • rlmineing_dead2 hours ago
      Running firefox on aarch64 here right now (Ubuntu 26.04 ARM on snapdragon X1E)<p>did you enable the about:config option? it may be required
      • brewmarche2 hours ago
        Yes, you don’t get that far without it.
        • rlmineing_dead1 hour ago
          What&#x27;s your GPU driver? There&#x27;s a good chance this is a bug with the GPU passthrough. You can fall back to software rendering in the advanced options while it&#x27;s starting if you want to try
  • azakai3 hours ago
    Prior art: WebKit.js, the WebKit rendering engine ported to JS<p><a href="https:&#x2F;&#x2F;github.com&#x2F;trevorlinton&#x2F;webkit.js&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;trevorlinton&#x2F;webkit.js&#x2F;</a>
  • rmac32 minutes ago
    on mobile chrome &#x2F; Android I can&#x27;t get the following to work :<p>- IME &#x2F; keyboard doesn&#x27;t pop on any field<p>- copy paste<p>- scrolling with touch<p>- ai side panel<p>What works on mobile :<p>- Extensions !<p>This is so sick great work; did you try webgpu?<p><a href="https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;nWFCraP" rel="nofollow">https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;nWFCraP</a>
  • luciana1u1 hour ago
    25k tokens to port Firefox to WASM. by 2027 we&#x27;ll be spending 25k tokens to port WASM back to native because someone will benchmark it and find the WASM version is 3% faster.
  • zerof1l2 hours ago
    All the network traffic from that browser is routed through a server. My IP inside that browser was in India and on CloudFlare network. I don’t particularly trust Puter. Why not route traffic through my actual browser?
    • mintflow16 minutes ago
      this should be documented with highlight to prevent anyone trying to leak some personal information.<p>i never did some wasm but seems it runs quite fast on my macmini m1
    • kevincox2 hours ago
      Because the web browser can&#x27;t make arbitrary network connections. Even if it was implemented intercepting at the HTTP layer (which would probably be much more difficult than just intercepting the low level socket operations) you wouldn&#x27;t be able to properly manage CORS headers, cookies and various other things.
    • rlmineing_dead2 hours ago
      The TCP proxy exit node we&#x27;re using is running on Cloudflare, you can check that your traffic is still TLS encrypted by OpenSSL (also compiled to webassembly). The browser does not have a native API to send raw TCP so the proxying is done by the <a href="http:&#x2F;&#x2F;github.com&#x2F;MercuryWorkshop&#x2F;wisp-protocol" rel="nofollow">http:&#x2F;&#x2F;github.com&#x2F;MercuryWorkshop&#x2F;wisp-protocol</a> protocol. You can check your packets in dev tools, look for a socket connection with &quot;puter.cafe&quot; as the host for our TCP proxy. This application is meant to be a demo for it actually (why it says at the bottom that its powered by puter networking). That is the only server side component of this.
      • Retr0id2 hours ago
        I was reading your landing page at <a href="https:&#x2F;&#x2F;developer.puter.com&#x2F;networking&#x2F;" rel="nofollow">https:&#x2F;&#x2F;developer.puter.com&#x2F;networking&#x2F;</a> and was <i>very</i> confused by how you were achieving the &quot;with no server or proxy&quot; part, until much further down the page:<p>&gt; &quot;the connection is tunneled over a single WebSocket to a Puter relay&quot;<p>Come on, it&#x27;s both a server and a proxy, and it doesn&#x27;t stop being those things just because you&#x27;re calling it a relay.
        • ent1012 hours ago
          I wrote that and I think you&#x27;re right. We were trying to convey that you don&#x27;t need to set up anything, but the wording could definitely be better. I&#x27;ll change it.
        • rlmineing_dead2 hours ago
          apologies yes there is a wording error here, the correct wording is no CORS proxy, the reason why this is important is because cors proxies are inherently insecure (this is different because the TLS is done in your browser with a webassembly library).<p>no servers is referring to you not needing to host servers in the same as the term &quot;serverless&quot;. Such is the ways of modern tech terms I fear
          • koolala1 hour ago
            Seems easy to fix it and say &#x27;no CORS proxy&#x27; and &#x27;no need to host your own server&#x27;. It was very confusing to me too.
            • rlmineing_dead1 hour ago
              You are definitely right, going to see if I can talk to the relevant person to fix the wording on it
    • koolala1 hour ago
      &gt;Why not route traffic through my actual browser?<p>Because you can&#x27;t. Not even an Extension is able to. Browsers don&#x27;t want you to bypass their content enforcement. I wish we had at least one hacker friendly browser.
      • rlmineing_dead1 hour ago
        Extensions can&#x27;t, correct but I wanted to bring up a special case regarding this<p><i>Isolated web apps</i> a chrome feature for developing apps that run in chromium based on HTML (but tbh only really used in Chromebooks) <i>do</i> support raw TCP sockets so if this was ported to an IWA you could have Firefox on a Chromebook without an external server needed.
    • ent1012 hours ago
      Puter&#x27;s networking is open-source and e2e encrypted. Also, a regular browser doesn&#x27;t give access to raw TCP sockets used for this, so it wouldn&#x27;t be possible to route through your browser.
      • gnabgib2 hours ago
        So it&#x27;s just the three accounts you have now? (Show by @coolelectronics now and 7 months ago [1], show from you&#x2F;@ent101 2d ago [0], 2025[2,3,4], 2024[5,6,7,8,9,A,B,C,D], 2023[E], @george0812 2022[F])<p>[0]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=48895945">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=48895945</a><p>[1]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=coolelectronics">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=coolelectronics</a><p>[2]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=45522061">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=45522061</a><p>[3]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=44193514">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=44193514</a><p>[4]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=42675696">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=42675696</a><p>[5]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41849494">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41849494</a><p>[6]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41682779">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41682779</a><p>[7]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41360683">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41360683</a><p>[8]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41040761">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41040761</a><p>[9]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=40802253">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=40802253</a><p>[A]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39829463">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39829463</a><p>[B]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39672886">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39672886</a><p>[C]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39597030">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39597030</a><p>[D]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39036897">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39036897</a><p>[E]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38202220">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38202220</a><p>[F]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=31611016">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=31611016</a>
        • ent1011 hour ago
          what do you mean? we&#x27;re a team of 10 and have 390 contributors. We post regularly, including me.
          • gnabgib1 hour ago
            The 21 on github, do you mean? And only nine above 3 commits ever? Yes you post regularly, too much even, and in the face of the guideline <i>Please don&#x27;t use HN primarily for promotion</i>
            • peesem1 hour ago
              nobody (hyperbole, corrected: few) follows that promotion rule. and where are you getting 21 from? the github repo <a href="https:&#x2F;&#x2F;github.com&#x2F;HeyPuter&#x2F;puter" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;HeyPuter&#x2F;puter</a> says 391 contributors, subtract maybe a few for bots<p>also, talk about posting too much? look at your own submissions page
              • gnabgib55 minutes ago
                Yep, you&#x27;re right, that was on browser.js, not the whole repo (19 above 6 commits, out of 391)
              • ent1011 hour ago
                I think it&#x27;s either an automated account or just karma-farming at the highest level lol
  • koolala1 hour ago
    What makes it require that WASM extension you need the flag for in Firefox? Was there really no way to work around it or polyfill it for it to work? It is performance critical?
    • coolelectronics1 hour ago
      It is required in order to yield the event loop and force an implicit sync on OffscreenCanvas. There is technically a slower workaround for this but JSPI is coming soon anyway to firefox 153 and safari 27.
  • elmer21 hour ago
    I would be careful with this demo. When you go to whatismyip.com, it&#x27;s showing: 104.28.233.73. Someone could use this to cloak their IP address and do some damage.
    • haddr1 hour ago
      I think they had to solve the TCP connection, as normally you can&#x27;t easily implement TCP sockets in WASM. So I suppose they just need to tunnel all the connection through some websocket.
  • andai1 hour ago
    The description mentions a similar project browser.js which apparently has some real use cases, what are they?
  • sangeeth963 hours ago
    edit: I misunderstood, that&#x27;s $25k not 25k tokens :&#x2F; time to log off.<p>this is so rad! 25k tokens is a lot less than i thought this&#x27;d take -- what were the difficult bits in the porting process? also, was firefox preferred because parts of it are already in rust?
    • coolelectronics3 hours ago
      $25k of tokens, closer to 30 billion I believe. It only took a few days to actually get the engine up, the hard parts where most of the effort was spent was squeezing out performance and increasing stability, as well as attempting the JIT.<p>Firefox was chosen because its single-process support was in a better place than chromium&#x2F;blink. WebKit is also possible, it was done by a friend of mine earlier <a href="https:&#x2F;&#x2F;github.com&#x2F;theogbob&#x2F;WebkitWasm" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;theogbob&#x2F;WebkitWasm</a>
      • sangeeth963 hours ago
        ah, i misunderstood. that seemed way too low in terms of actual tokens lol. i&#x27;ll log off now. interesting details and didn&#x27;t know about WebkitWasm. hope to read more soon.
  • eqrion3 hours ago
    &gt; There is a novel WASM-&gt;JS JIT for experimental site speedup<p>I would love to see the details for this. SpiderMonkey had an attempted wasm32 JIT backend, but it was never finished.<p>edit: Apparently it also has some sort of WebAssembly interpreter backend too, which SpiderMonkey doesn&#x27;t have.
  • throwaway20273 hours ago
    Obligatory <a href="https:&#x2F;&#x2F;www.destroyallsoftware.com&#x2F;talks&#x2F;the-birth-and-death-of-javascript" rel="nofollow">https:&#x2F;&#x2F;www.destroyallsoftware.com&#x2F;talks&#x2F;the-birth-and-death...</a>
    • rlmineing_dead3 hours ago
      I had this in mind when I first saw this project too LOL<p>Every year I need to rewatch this talk
  • simonw2 hours ago
    This is amazing. I loaded up <a href="https:&#x2F;&#x2F;developer.puter.com&#x2F;labs&#x2F;firefox-wasm&#x2F;" rel="nofollow">https:&#x2F;&#x2F;developer.puter.com&#x2F;labs&#x2F;firefox-wasm&#x2F;</a> in Chrome and I&#x27;ve visited a bunch of sites, it works really well.<p>Then I opened up <a href="https:&#x2F;&#x2F;developer.puter.com&#x2F;labs&#x2F;firefox-wasm&#x2F;" rel="nofollow">https:&#x2F;&#x2F;developer.puter.com&#x2F;labs&#x2F;firefox-wasm&#x2F;</a> in Firefox-in-WebAssembly-in-Chrome<p>... and sadly it didn&#x27;t load. I got this in the startup log:<p><pre><code> [log] [chrome-demo] chrome assets ready [warn] [gecko] warning: unsupported syscall: __syscall_madvise</code></pre>
  • mdlxxv3 hours ago
    &quot;Yo dawg. I herd you like web browsers, so I put a browser in your browser, so you can browse the Web while you browse the Web&quot;.
    • ent1013 hours ago
      should&#x27;ve used this in the splash screen :(
  • SpyCoder771 hour ago
    No mobile support
    • rlmineing_dead1 hour ago
      Yeah I seem to see that it does crash on Firefox mobile, (well first frame loads) and on chrome mobile it doesn&#x27;t seem to load at all (complaining about running out of memory in a small pop-up)<p>Pixel 10 pro user here
  • som3 hours ago
    ... doesn&#x27;t support Firefox mobile apparently :D
    • rlmineing_dead3 hours ago
      Does firefox mobile (Android, since firefox mobile iOS is a WebKit wrapper) support about:config settings? if so you can enable wasm_js_promise_integration in about:config and have it working likely. I will test this on my Pixel 10 pro
      • rlmineing_dead3 hours ago
        hi reporting back, yes stock firefox mobile wont work but the BETA version will because it just added the WASM feature needed (firefox 153 adds it but regular mobile firefox lacks about:config support it seems)<p>and by &quot;will work&quot; I mean will render the first frame and then freeze<p>YMMV
  • jedisct13 hours ago
    &quot;This browser doesn&#x27;t support WebAssembly JSPI, which Firefox WASM needs to run.&quot;
  • ohonbob3 hours ago
    [dead]