Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
redpanda
Redpanda is a streaming data platform for developers. Kafka API compatible. 10x faster. No ZooKeeper. No JVM!
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
https://gvisor.dev/docs/architecture_guide/platforms/ :
> gVisor requires a platform to implement interception of syscalls, basic context switching, and memory mapping functionality. Internally, gVisor uses an abstraction sensibly called Platform.
Chrome sandbox: https://chromium.googlesource.com/chromium/src/+/refs/heads/...
Firefox sandbox: https://wiki.mozilla.org/Security/Sandbox
Chromium sandbox types summary: https://github.com/chromium/chromium/blob/main/docs/linux/sa...
Minijail: https://github.com/google/minijail :
> Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
Chrome vulnerability reward amounts: https://bughunters.google.com/about/rules/5745167867576320/c...
Systemd has SystemCallFilter= to limit processes to certain syscall:
https://gvisor.dev/docs/architecture_guide/platforms/ :
> gVisor requires a platform to implement interception of syscalls, basic context switching, and memory mapping functionality. Internally, gVisor uses an abstraction sensibly called Platform.
Chrome sandbox: https://chromium.googlesource.com/chromium/src/+/refs/heads/...
Firefox sandbox: https://wiki.mozilla.org/Security/Sandbox
Chromium sandbox types summary: https://github.com/chromium/chromium/blob/main/docs/linux/sa...
Minijail: https://github.com/google/minijail :
> Minijail is a sandboxing and containment tool used in ChromeOS and Android. It provides an executable that can be used to launch and sandbox other programs, and a library that can be used by code to sandbox itself.
Chrome vulnerability reward amounts: https://bughunters.google.com/about/rules/5745167867576320/c...
Systemd has SystemCallFilter= to limit processes to certain syscall:
Thanks for the shout-out -- in case someone wants to check it out, the code for Lightweight Fault Isolation is available here: https://github.com/zyedidia/lfi.
Yeah it’s just the stack switching itself that is a handful of cycles, but there is not much more overhead for the full VM switch if you structure your embedding the right way. Code the code is source available if you want to peek at it!
https://github.com/redpanda-data/redpanda/blob/dev/src/v/was...
For WASM, that's what WASI is all about, yes?
And for Cosmopolitan Libc, there's documented Functions:
https://justine.lol/cosmopolitan/functions.html
And if you want to see things beyond a trivial hello world, you can check out some examples:
https://github.com/shmup/awesome-cosmopolitan
https://github.com/burggraf/awesome-cosmo
Or you can see a pretty big list of pre-compiled Actually Portable Executables here:
https://cosmo.zip/pub/cosmos/bin/
For WASM, that's what WASI is all about, yes?
And for Cosmopolitan Libc, there's documented Functions:
https://justine.lol/cosmopolitan/functions.html
And if you want to see things beyond a trivial hello world, you can check out some examples:
https://github.com/shmup/awesome-cosmopolitan
https://github.com/burggraf/awesome-cosmo
Or you can see a pretty big list of pre-compiled Actually Portable Executables here:
https://cosmo.zip/pub/cosmos/bin/
Related posts
- Show HN: Game of Life with grid editor in browser with Rust and WASM
-
redpanda VS quix-streams - a user suggested alternative
2 projects | 7 Dec 2023
- Recreating the Apple Calculator in Rust using Tauri, Yew and Tailwind
- Yew: Rust / WASM framework for creating reliable and efficient web applications
- Semantics of method which takes Rc<Self> and returns Rc<Self>?