SmartOS provides good multi-tenant isolation but it won't run on a Rock64 or Raspi. That said I do have a rock64, love it, and wish I had a need for something so that I could buy a clusterboard. A 28-core, 14GB RAM cluster on a mini-ITX board for ~275 euros could get some nice work done.
Too bad that WebASM is bunk from a security perspective and I share your love for hardware isolation. Wherever it is running I am grateful for the language and the community. Cheers, David B. On Thu, Mar 26, 2020 at 9:43 AM <andr...@itship.ch> wrote: > Thanks for your informative email. > > I mostly agree with your points, except for WebAssembly on the client. > Though you differentiate between WebASM on client and on server - didn't > know about WebASM on server, might be a very good thing! > > But WebASM on the client is a epic conceptual mistake - it is the new > Adobe Flash. > Already now it is mostly used for malware obfuscation: > https://www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf > > Web scripting languages should not be turing complete, same holds true for > everything with untrusted scripting input. > Impossible to validate, unless you execute it. Yes, containment using > sandboxing turns out to be a better strategy than we thought years ago, but > still it gives a strong incentive to not work properly. > > Of course, that battle is already lost :( > > Security-wise, the whole cloud business should be dead, only full hardware > isolation gives full security. > Servers could be many small devices (e.g. rock64's, raspis, ..) instead of > shared resources with many layers and much (energy) overhead. > > No, I don't fully practice this, not viable currently. > Yes, I enjoy living in my radical purity niche. > > Have fun ;-) > - beneroth > On 26.03.20 13:35, Guido Stepken wrote: > > Though - for some folks - it might make things simpler, i am no friend of > Docker. > > What the Docker founder is saying about Docker now: > > Solomon Hykes > @solomonstre > <https://mobile.twitter.com/solomonstre> > · > 27. März 2019 > <https://mobile.twitter.com/solomonstre/status/1111004913222324225> > If WASM+WASI existed in 2008, we wouldn't have needed to created Docker. > That's how important it is. Webassembly on the server is the future of > computing. A standardized system interface was the missing link. Let's hope > WASI is up to the task! > > Source: https://twitter.com/solomonstre/status/1111004913222324225 > > Picolisp compiles perfectly fine with emcc Emscripten C/C++ compiler and > runs perfectly in (server side) Webassembly containers. It's completely > replacing any Docker/Hyper-V/VMware/Amazon AWS Lambda solution. > > https://developer.mozilla.org/en-US/docs/WebAssembly/C_to_wasm > > And when you look deeper into Webassembly, you will notice, that - in > itself - it's a Lisp, very much like Picolisp. > > > https://developer.mozilla.org/en-US/docs/WebAssembly/Understanding_the_text_format > > Lisp now rules the world. And Linux has won! ;-) > > Have fun! > > Guido Stepken > > Am Mittwoch, 25. März 2020 schrieb David Bloom <ipro...@gmail.com>: > >> For work reasons I have strayed from the beloved PicoLisp into Erlang for >> some time. While I have much love for using Erlang/OTP to build robust, >> distributed systems, it handles a different job than PicoLisp in my >> opinion. Even though work kept me in the Erlang world for a while I still >> followed the mailing list and one day saw instructions on how to build pil >> with musl. After a single attempt in a fresh Alpine container it worked so >> I felt compelled to share with the group. BEHOLD! >> >> https://hub.docker.com/r/progit/pil-alpine-minimal >> >> Big, big thanks again to Alex and this entire community. Happy hacking! >> >