undefined | Better HN

0 pointsyjftsjthsd-h16d ago0 comments

> I'll bet you can't name a single advantage such a system would have over cloud hosting or a local Docker instance.

Cheaper than renting a server, more isolated than a container.

0 comments

But Docker is free (unless you're a fairly large business, in which case containerd is still free, and you can either pay for the front-end license or figure out how to set up one of the free alternatives), and from what perspective are the isolations available for the containerd process inferior to those available for your browser process? The former was at least designed from the ground up with security, auditing, quotas etc. in mind, and offers better per-container granular control than your browser offers per-tab.

yjftsjthsd-hOP15d ago

I would argue the exact opposite: Linux is great, but it wasn't really designed with a focus on containing hostile software, and while containers have come to be a decent security barrier, they're still one kernel bug away from compromise. On the other hand, the browser is very accustomed to being the most exposed security-sensitive software on a machine, and modern browsers and wasm in particular are designed against that threat. Heck, wasm is so good for security that Mozilla started compiling components to wasm and then back into native code to get memory safety ( https://hacks.mozilla.org/2020/02/securing-firefox-with-weba... ).

j / k navigate · click thread line to collapse

0 comments

repstosb15d ago

yjftsjthsd-hOP15d ago

j / k navigate · click thread line to collapse