frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

The spectrum of isolation: From bare metal to WebAssembly

https://buildsoftwaresystems.com/post/guide-to-execution-environments/
27•ThierryBuilds•2h ago

Comments

ThierryBuilds•2h ago
I wrote this because I kept seeing developers (myself included) confuse language-level isolation like Python venv with OS-level isolation like Docker. I wanted to trace the actual technical boundaries between them.

The article maps out the differences between common execution environments—from physical bare metal and VMs to containers, process sandboxes, and virtual environments—to create a mental model of where the "isolation boundary" actually sits for each tool.

ianand•1h ago
Since you mention serverless it might be worth mentioning firecracker and v8 isolates.
ThierryBuilds•1h ago
Thank you for the feedback. I will definitely add them as example solutions for serverless.
pjmlp•32m ago
Or CGIs running on httpd inside HP-UX Vaults, that is how old the idea happens to be.
lateral_cloud•55m ago
Did you really write it though? Within the first paragraph it's fairly obvious this is heavily LLM-generated.
aragilar•11m ago
It also has weird definitions. Is nix a virtual environment? Is homebrew a virtual environment? Why is a sandbox different to a container? Type-1 vs Type-2 hypervisors are quite different, and there's no discussion about processes vs threads.
shevy-java•1h ago
WebAssembly somehow does not seem to be able to break-through, unlike HTML, CSS, JavaScript did.
mickael-kerjean•1h ago
Or the people who write wasm don't talk too much about it. My OSS work (https://github.com/mickael-kerjean/filestash) has tons of it:

1. to create web versions of applications that are traditionally desktop only to render things like Parquet, PSD, TIFF, SQLite, EPS, ZIP, TGZ, and many more, where C libraries are often the reference implementations. There are almost a hundred supported file formats, most of which are supported through WASM

2. to create plugins that extend the backend and add your own endpoint or middleware as a way to enforce the code run in a constrained environment without the ability to send people's file out

3. in the workflow engine to enable people to run their own sandboxed scripts without giving those a blank check to go crazy

thecupisblue•52m ago
It is more of a silent thing. Running in the background, internal libs, deployment tools, plugin tools.

But also - it's lacking things like a unified positioning + required knowledge to understand it is quite large compared to average dev + most people have no real use for it. It's mostly too "abstract high level" and "low level" for most devs.

bflesch•1h ago
> This website collects anonymous usage analytics data via GoatCounter and Umami.

My uBlock origin shows that googlefonts.com and fonts.googleapis.com are being blocked.

It irks me a bit that your message explicitly mentions two trackers but it fails to mention the Google tracking. Google is also not mentioned in your privacy policy. Is there a reason for this?

nake89•1h ago
Your message sent me down a weird rabbit hole of trying to find privacy friendly alternative to google fonts. I found this: https://github.com/coollabsio/fonts They claim to be a privacy friendly drop-in replacement. Their main website: https://fonts.coollabs.io/
cardanome•16m ago
The easiest solution is to simply self host your fonts.

OpenBSD-current now runs as guest under Apple Hypervisor

https://www.undeadly.org/cgi?action=article;sid=20260115203619
282•gpi•8h ago•27 comments

List of individual trees

https://en.wikipedia.org/wiki/List_of_individual_trees
151•wilson090•11h ago•53 comments

On Being a Human Being in the Time of Collapse (2022) [pdf]

https://web.cs.ucdavis.edu/~rogaway/papers/crisis/crisis.pdf
95•barishnamazov•1h ago•62 comments

The spectrum of isolation: From bare metal to WebAssembly

https://buildsoftwaresystems.com/post/guide-to-execution-environments/
27•ThierryBuilds•2h ago•12 comments

Apple is fighting for TSMC capacity as Nvidia takes center stage

https://www.culpium.com/p/exclusiveapple-is-fighting-for-tsmc
698•speckx•20h ago•421 comments

Interactive eBPF

https://ebpf.party/
40•samuel246•3h ago•1 comments

Pocket TTS: A high quality TTS that gives your CPU a voice

https://kyutai.org/blog/2026-01-13-pocket-tts
463•pain_perdu•1d ago•107 comments

Cue Does It All, but Can It Literate?

https://xlii.space/cue/cue-does-it-all-but-can-it-literate/
17•xlii•3d ago•3 comments

Briar keeps Iran connected via Bluetooth and Wi-Fi when the internet goes dark

https://briarproject.org/manual/fa/
390•us321•16h ago•211 comments

pf: Make af-to less magical

https://undeadly.org/cgi?action=article;sid=20260116085115
13•defrost•2h ago•1 comments

Inside The Internet Archive's Infrastructure

https://hackernoon.com/the-long-now-of-the-web-inside-the-internet-archives-fight-against-forgetting
360•dvrp•2d ago•90 comments

Linux boxes via SSH: suspended when disconected

https://shellbox.dev/
226•messh•15h ago•129 comments

Ask HN: How can we solve the loneliness epidemic?

612•publicdebates•19h ago•956 comments

Bringing the Predators to Life in MAME

https://lysiwyg.mataroa.blog/blog/bringing-the-predators-to-life-in-mame/
23•msephton•2d ago•3 comments

Primecoin and Cunningham Prime Chains

https://www.johndcook.com/blog/2026/01/10/prime-chains/
21•ibobev•4d ago•7 comments

My Gripes with Prolog

https://buttondown.com/hillelwayne/archive/my-gripes-with-prolog/
107•azhenley•11h ago•53 comments

Claude is good at assembling blocks, but still falls apart at creating them

https://www.approachwithalacrity.com/claude-ne/
259•bblcla•1d ago•185 comments

Show HN: BGP Scout – BGP Network Browser

https://bgpscout.io/
20•hivedc•11h ago•6 comments

All 23-Bit Still Lifes Are Glider Constructible

https://mvr.github.io/posts/xs23.html
99•HeliumHydride•12h ago•9 comments

Data is the only moat

https://frontierai.substack.com/p/data-is-your-only-moat
160•cgwu•17h ago•32 comments

Show HN: OpenWork – An open-source alternative to Claude Cowork

https://github.com/different-ai/openwork
193•ben_talent•2d ago•39 comments

JuiceFS is a distributed POSIX file system built on top of Redis and S3

https://github.com/juicedata/juicefs
154•tosh•17h ago•91 comments

I Built a 1 Petabyte Server from Scratch [video]

https://www.youtube.com/watch?v=vVI7atoAeoo
85•zdw•5d ago•28 comments

Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

https://github.com/syncguy/go-legacy-winxp/tree/winxp-compat
117•Oxodao•3d ago•56 comments

First impressions of Claude Cowork

https://simonw.substack.com/p/first-impressions-of-claude-cowork
201•stosssik•2d ago•113 comments

Show HN: pgwire-replication - pure rust client for Postgres CDC

https://github.com/vnvo/pgwire-replication
4•sacs0ni•5d ago•3 comments

Boeing knew of flaw in part linked to UPS plane crash, NTSB report says

https://www.bbc.com/news/articles/cly56w0p9e1o
185•1659447091•7h ago•82 comments

Building a better Bugbot

https://cursor.com/blog/building-bugbot
31•onurkanbkrc•5h ago•8 comments

Tldraw pauses external contributions due to AI slop

https://github.com/tldraw/tldraw/issues/7695
136•pranav_rajs•12h ago•68 comments

CVEs affecting the Svelte ecosystem

https://svelte.dev/blog/cves-affecting-the-svelte-ecosystem
162•tobr•18h ago•28 comments