Hacker News new | ask | show | jobs
by angelmm 1358 days ago
Running WebAssembly modules in Apache http server allows devs to run many different languages by targetting Wasm. This includes interpreted languages like the Python example from the article.

With the WebAssembly sandboxing capabilities you're getting a high level of isolation without adding overhead to the system. VMs and Containers require to run more complex environment for runnning the code. And even you're running trusted code, sandboxing is still relevant as vulnerabilities in source code can let attackers gain unexpected privileges.

mod_wasm was created to bring these benefits to Apache. We found this project interesting as this expands the Apache capabilities while keeping things secure :)
1 comments
MobiusHorizons 1358 days ago
I understand that, but was it really hard to deploy web apps in any of those languages before? Granted, you wouldn’t use Apache to run them, but the current reverse proxy through nginx method seems much better in terms of complexity and performance than wasm + Apache. Am I missing something?
link
angelmm 1358 days ago
About complexity / effort, there are multiple things to take into consideration. In the case of deploying an application, in Wasm the complexity is on the compilation side. However, once you have your app compiled into Wasm, it's a portable binary you can move anywhere. For other apps, you may need to deploy source code, install the required dependencies in the remote environment and configure it.

It's true that Wasm lacks of the tooling and ecosystem than other apps have. You can find infinite tutorials about how to deploy a Python app. You will find a few for publishing a Wasm module.

And about performance, you are right. Currently Wasm introduces a performance penalty, although the different runtimes are working hard on it. The other side of this is that you gain an extra isolation layer that improves the security. By default, an application won't be able to access any resources on the system.

Said this, WebAssembly is still in the early stages. mod_wasm is a way to bring this technology to a well-known web server. However, it is not meant to start moving all your workloads now as it's still not mature enough :)

link