Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
b_e_n_t_o_n 2 days ago

45% slower seems pretty decent considering they use a wasm kernel they developed to mimic the unix kernel so they can run non-modified unix programs inside the browser. It's actually pretty impressive that they did this, and even more impressive that it works and like another commentator said, is not even an order of magnitude slower.

I'm more interested in 1) usages of wasm in the browser that don't involve running unmodified unix programs and 2) wasm outside the browser for compile-once-run-anywhere usecases with sandboxing / security guarantees. Could it be the future for writing native applications?

Languages like Kotlin, C#, Rust, as well as C/C++ etc support wasm quite well. Could we see that be a legitimate target for applications in the future, if the performance gap was closer to 10%-ish? I would personally prefer running wasm binaries with guaranteed (as much as possible ofc) sandboxing compared to raw binaries.

edit: it's from 2019, there have been significant improvements made to wasm since then.

apitman 2 days ago | parent | next [-]

> wasm outside the browser for compile-once-run-anywhere usecases with sandboxing / security guarantees

I've been using it this way for DecentAuth[0]. It's awesome. I compile a single native codebase to wasm, and I can use my library from JS, Go, or Rust. New host languages only require about 1000 lines of glue. I don't have to worry at all about building for different architectures.

[0]: https://github.com/lastlogin-net/DecentAuth

wmf 2 days ago | parent | prev [-]

wasm outside the browser for compile-once-run-anywhere usecases with sandboxing / security guarantees

Please just use Docker in a microVM or whatever. It's 0% slower and 100% more mature.

unoti 2 days ago | parent | next [-]

> Please just use Docker in a microVM or whatever. It's 0% slower and 100% more mature.

Wasm has different characteristics than docker containers and as a result can target different use cases and situations. For example, Imagine needing plugins for game mods or an actor system, where you need hundreds of them or thousands, with low latency startup times and low memory footprints and low overheads. This is something you can do sanely with wasm but not with containers. So containers are great for lots of things but not every conceivable thing, there’s still a place for wasm.

Groxx 2 days ago | parent [-]

yeah, I mostly see it competing with Lua and small function execution in a safe sandbox (e.g. similar scope as eBPF). and maybe for locking down problematic stuff that isn't ultra performance sensitive, like many drivers.

so agreed, plugins. in games or in the kernel.

RussianCow 2 days ago | parent | prev | next [-]

But way more difficult and with a much higher attack surface area.

And also, it's not necessarily apples to apples. It would be nice to be able to drop a compiled WASM module into your codebase and use it from just about any language on the backend. You could reuse a lot of code that way across different services without the overhead of spinning up yet another container. And you could potentially even run untrusted code in a sandboxed way.

saghm 2 days ago | parent | prev | next [-]

Please just use a custom FPGA hand-coded to the exact specifications of the program. It's even less than 0% slower than Docker in a microVM, and unlike Docker, it at least provides one of the two benefits that you quoted from the parent comment. Good thing we already changed the parameters of what they said they're looking for!

b_e_n_t_o_n 2 days ago | parent | prev | next [-]

Getting an end user to set up and run docker to run an app is a non starter for most things.

jcelerier 2 days ago | parent | prev | next [-]

does that allow me to do GPU and real-time audio work on windows and macos

eviks 2 days ago | parent | prev | next [-]

Even for small plugins in your app?

almostgotcaught 2 days ago | parent | prev | next [-]

not only is this a completely different use case, it's not even true:

https://stackoverflow.com/questions/60840320/docker-50-perfo...

magicalhippo 2 days ago | parent [-]

tl/dr: libseccomp version used in combination with docker's default seccomp profile.

More discussion here https://github.com/moby/moby/issues/41389

rowanG077 2 days ago | parent | prev [-]

Setting up docker and a microVM is orders and orders of magnitude harder and less ergonomic then using your browser. These are not at all interchangeable.

wmf 2 days ago | parent [-]

wasm outside the browser