The biggest issue for cloud hosting/self hosting is sandboxing arbitrary hostile code. This almost always requires expensive KVM-based hardware accelerated virtual machines. AWS firecracker is the same shit as hardware accelerated VirtualBox, just heavily stripped down to allow for rapid booting. WASM comes from the CloudFlare functions/V8 ideology where a language sandbox is sufficiently locked down, such that you don't need heavy operating system level virtualization.
This way if one application gets compromised, it won't result in the entire physical server being subverted.
With a sufficiently complete environment like wasix, you don't even need the rest of the OS or even a kernel. A filesystem and a networking stack is all you need. Just load a unikernel from network boot and you are good to go.
This way if one application gets compromised, it won't result in the entire physical server being subverted.
With a sufficiently complete environment like wasix, you don't even need the rest of the OS or even a kernel. A filesystem and a networking stack is all you need. Just load a unikernel from network boot and you are good to go.