WASM will replace containers

"The main thing holding back wider adoption is a lack of system interfaces. File access, networking, etc. But it's just a matter of time before these features get integrated."

But then you've got to figure out and prevent all the security holes that can be introduced by adding file access, networking, etc. That's what killed the Java write-once, run-anywhere promise. Maybe put the whole thing into a container? Oops, looks like the container wasn't replaced after all (though perhaps it could be simplified).

WASM solves a different problem to containers. Where WASM does well is in running sandboxed code efficiently, because that's where it started out. I think WASM will likely take over as the standard for shipping things like Functions-as-a-Service implementations, and other forms of plugins, where one host application/server of some kind wants to efficiently run pieces of untrusted logic.

Containers don't solve that problem. They aren't a particularly good security boundary, and they are much heavier weight, in terms of bytes and startup costs, than WASM binaries, because they are deeply integrated into the OS for networking, etc. However, when what you need to do is ship a binary with a bunch of accoutrements, dependencies, files, etc, and then run multiple processes, multiple threads, and use more of the OS primitives, containers are an ergonomic way to do that, and that suits Infrastructure-as-a-Service much more closely.

  $ sudo podman run -it --runtime=/usr/bin/runsc_wrap -v /:/app debian:bookworm  /bin/bash
  root@7862d7c432b4:/# ls /app
  bin   home            lib32       mnt   run   tmp      vmlinuz.old
  boot  initrd.img      lib64       opt   sbin  usr
  dev   initrd.img.old  lost+found  proc  srv   var
  etc   lib             media       root  sys   vmlinuz
  root@7862d7c432b4:/# uname -a
  Linux 7862d7c432b4 4.4.0 #1 SMP Sun Jan 10 15:06:54 PST 2016 x86_64 GNU/Linux

> WebAssembly is a true write-once-run-anywhere experience. (Anywhere that can spin up a V8 engine, which is a lot of places these days.)

This is true if your wasm code is purely computational, but if it interacts with the outside world it’s a different story. Each V8 runtime has a subtly different interface, so code that runs on cloudflare V8 might not run in Bun or Deno. Not to mention if you want to support WASI too, which is a different set of bindings even though it’s still WebAssembly.

Love or hate Docker, part of its success was that POSIX was already a fairly established standard and there weren’t a lot of vendors driving it in different directions.

As PlatformOps (formerly DevOps (formerly SRE (formerly Ops))), either this was hilarious satire or ChatGPT Ketamine trip. I'm not sure.

> In the year 2030, no one will remember Kubernetes.

So what's going to handle out rolling out new versions of your WASM, setting up whatever Reverse Proxy you pick and other stuff involved getting. A bunch of scripts you wrote to do this for you? https://www.macchaffee.com/blog/2024/you-have-built-a-kubern...

> The promise of DevOps has been eroded by complicated tooling and tight coupling of program-container-linux. In my experience, developers want to write code and ship features to hit their quarterly goals.

Here is why we ended up here: In my experience, developers want to write code and ship features to hit their quarterly goals.

Sure, and my angry PlatformOps (formerly DevOps (formerly SRE (formerly Ops))) is stuck picking up the pieces because we are getting crap while we desperately paging you because we have no clue what "duplicate street key" in your logs mean. On top of that, InfoSec dropped us 10 tickets about code level library vulnerabilities in your docker container but all the Developer's Managers got together to convince them it was our problem somehow.

So we are forced to write this bundle of terribly written Ops type software in attempt to keep this train on the tracks while you strap rockets to cafe car.

WASM replacing containers is just a solution looking for a problem. Containers solved a problem of "How do we run two different versions of PHP on a single server without them colliding." Most of the containers problem is higher level DevOps problems that we haven't been able to solve and WASM isn't going to change that. I deal with a team that writes 100% Golang so their code is like WASM as it's ship binary and done. Yea, they begged for Kubernetes because it works a ton better then custom Ansible they wrote to keep these VMs/Load Balancer in sync.

When? We’ve been talking about wasm for years. When are we actually getting this future? It’s been 8 years since wasm 1.0, and still we don’t have a stable, easy to use toolchain. Rust has maybe the best support and I still can’t get a basic async application with tokio to work on wasm.

To put it into context, Rust was released in 2012. 8 years later it was stable, had a solid toolchain and plenty of people using it in production. Wasm still feels like a toy compared to that

One benefit of being an old engineer is watching how excited people get when they rediscover something that has gone around the bend over and over again. I swear if you fuckers reinvent DCOM I will shit in your hats.

The author has not seemingly considered the vastly different networking in wasm. You don’t have networking. There is an entirely different utility in these environments, containers are meant to host applications, wasm is an application. Don’t even get me started on disk access, env handling, etc. wasi is great, for the places it does well. It is not a replacement for writing a pure golang/rust/c/julia app and running it in a container, it doesn’t have the facilities for that task.

WASM does not run on real hardware. At best, WASM can be considered a virtual machine (in the way that the JVM and the .NET CLR are virtual machines). I guess we can call that a "runtime".

Containers package applications that run directly on real hardware (well, directly on a real kernel that is running on real hardware). There is no runtime. I am talking OCI containers here (Docker and Kubernetes). At least they can. Most containers are probably running on a Linux kernel that is running in a virtual machine (in the way that KVM, EC2, and VirtualBox are virtual machines).

WASM needs a runtime. That is, it is going to run inside an application. That application needs to run on a kernel. So, WASM will always be further from the hardware than a container is.

WASM solves the same "portability" problem that the JVM and .NET do. So, maybe WASM wins against those environments.

That is not the problem that containers solve though. Containers bundle applications with their dependencies. They replace "installation and configuration" with instantiation (deployment). WASM does not magically eliminate dependencies or the differences between environments (not even the difference between V8 implementations).

If anything, the technologies are complementary. Maybe, in the future, all our containers will be runing WASM applications.

Or maybe we will run a different kind of container that ONLY runs WASM applications and then WASM can replace the Linux kernel running in a VM that hosts all our OCI containers today. Perhaps that is what the author really envisions. Even then, it sounds like more of a complement than a true alternative.

"Learning how to use Docker is a distraction"

As if you need to learn anything, you get your Dockerfile and that's it, what else there is to learn? Your WASM app still need Kubernetes to run so it's not adding any value.

The complexity is not in running your app in Docker, the complexity is running your container somewhere, and WASM does not help at all with that.

WebAssembly is not going anywhere, it's pretty clear it won't grow much in the next 5years.

Containers have two goals: reproducibility/portability, and encapsulation. WASM could replace the reproducibility but it can't replace the encapsulation.

> My money is on WebAssembly (WASM) to replace containers. It already has in some places. WebAssembly is a true write-once-run-anywhere experience. (Anywhere that can spin up a V8 engine, which is a lot of places these days.)

Luckily a container is a place that can spin up a V8 engine. If you want to bet on WASM my bet would be on containers running WASM.

I'm always reminded of Gary Bernhardt's "the birth and death of javascript" when wasm gets discussed. While it's a bit tongue-in-cheek, I think it really drives home that it's really just another layer of abstraction that may or may not be useful for a given problem, and might not be the silver bullet that anyone is looking for. I recon that whether or not wasm will take over everything will mostly be about trade offs between it and the other solutions.

WASM might replace processes, but the idea that people will take the stuff they can't manage to put in a native process, and somehow manage to cram it into WASM... ridiculous.

There's not even a single argument in there to support the clickbait title. We have containers, but "containers are annoying". WASM won't be annoying? Pray tell, how do you surmise that?

Docker too complicated? Build times too long? You believe WASM tools will be simpler and faster... why?

In practice the problem containers solve is to bundle an application with its environment so that it will work the same on the developers machine and in production and in five years time when the servers are replaced with new ones running another distro.

The WASM world doesn't have most of the pieces of that puzzle and WASM itself is quite irrelevant. Say we standardized on a sandbox running x86_64 VMs under Firecracker, with the proper sandboxing that would work just as well as running WASM. You might say that WASM is portable, x86_64 assembler is not, to that I would counter that ARM (and probably RISC-V too) can emulate x86_64 faster than they can run WASM. So what's the point of the WASM piece of the puzzle?

"The main thing holding back wider adoption is a lack of system interfaces. File access, networking, etc. But it's just a matter of time before these features get integrated."

Funny. The most obvious place for WASM is a web browser and yet WASM STILL cannot access the browser DOM. Its only been, what? At least 8 years of promises about it coming soon and how people are working on it.

You underestimate developers.

WASM will never replace containers. People will be running wasm inside of containers. That's what will happen.

  POST /some/api

One advantage of containers is that run lots of software with it. Take old Perl application, wrap it in container, and then run in the cloud. Keep that old binary application that somehow lost the source for.

Also, I think most uses of containers lose the advantage of WASM. WASM is about running on any platform, great for browsers and serverless. But containers are usually run in controlled environment where can compile once and not pay the penalty of compiling each time.

It would be so great if WASM gives us the paradise that Java promised thirty years ago. Being able to get fast, "write once, run anywhere" would be awesome.

I wonder if someone could make a decent cross-platform GUI toolkit to save us from the horribly slow Electron-hell we've carved out for ourselves.

Containers are not going away anytime soon. I feel like this is nothing but a clickbait post. There are crazy amounts of innovations happening in the CNI space, such as bootc, katacontainers, etc. Hundreds of CNCF projects (envoy and istio just from top of my mind) are being used world wide which mostly have built upon k8s. Why do you think they would stop to use an immature runtime whose goal isn't even the same as containers?

I just don't see it. WASM requires throwing away all the decades of x86/ARM compiler work in ecosystems like Java, .NET and C++ and placing all trust in the WASM runtime/V8 to perform as well as them.

> In the year 2030, no one will remember Kubernetes.

As a sys admin, no, we will have to remember. Once a system is in place and "functions", they tend to stay for a long time.

It really won't. For some use-cases, yes.

> WebAssembly is a true write-once-run-anywhere experience.

Except not. The wasm ISA is really quite limited in the types of operations. A full-blown RISC/CISC ISA will have way more opportunities for optimization. To say nothing of multithreading and pipelining. JITing also has overhead.

> You can compile several languages into WebAssembly already.

But if you can compile them, why not just compile to container, and get free performance?

Wasm will have a hard time with anything low level: networking, I/O, GPU, multimedia codecs.

I actually tried doing this a couple weeks ago. Rust on Cloudflare Workers. It didn't go well -- compiling to wasm disables a lot of Rust features, to the point where it just didn't make sense anymore. I gave up after trying to get some crypto stuff working. I eventually switched to using raw JS because Cloudflare Workers exposes the Web Crypto API, but next time I want to run Rust serverlessly, I'm just going to put it on Lambda, compiled to a regular binary.

The article is completely on point.

Personally, I don't think that Cloudflare is the best provider for Wasm at the Edge as everything needs to go through a Javascript layer that eventually hurts performance and prevents further optimization, but is a strong one nontheless (note: take everything with a grain of salt, even though I try hard to not be biased, I'm also founder of Wasmer)

> "The main thing holding back wider adoption is a lack of system interfaces. File access, networking, etc. But it's just a matter of time before these features get integrated."

Wasmer launched WASIX [1] a few years ago which fulfills the vision that the article describes. With WASIX you can have sandboxed access to:

  1. Filesystem
  2. Networking / Sockets
  3. Processes
  4. Threads

[1] https://wasix.org/

I found WASM slower than expected. I wrote some WASM logic functions recently which I thought would perform better than their native JS equivalent. For example, take a large array and "pivot" it in 10ms instead of a 100ms.

What I found was the JS version was a bit faster than the compiled WAT. Yikes.

EDIT: I think I'll try debugging it more

This blog post's promise is all "pink fluffy unicorns", but for a single use case: "Long running containers powering microservices, probably in bigger installations, for consumer facing applications and APIs".

Containers are much more than that. They're service providers for small installations, short-running VeryFatBinaries, close to the metal, yet isolated complex applications in HPC environments.

WASM will be all and well, it'll be a glorified CGI, and might be a good one at that, we'll see, but it'll not and can't snipe containers with one clean headshot and be done with that.

It'll replace Kubernetes? Don't be silly. Not everyone is running K8S for the same reason, and I'm telling that as a person who doesn't like K8S.

No it won't. People primarily deploy containers for full fat native server applications containing tons of proprietary code and libraries and sometimes specialized hardware access (GPU, etc.).

It would be immensely silly to run full x86 emulators in WebAssembly and go through 2 layers of transpiling / interpreting for what can run natively on the host's CPU.

This argument always reminds me of "Square Hole!" video: https://www.youtube.com/watch?v=6pDH66X3ClA (just because you can make it fit, it doesn't mean you should do it).

> In the year 2030, no one will remember Kubernetes.

That's 5 years from now.

Which is a pretty good time frame for getting enterprisey things on to kubernetes.

And maybe a bit short for getting vendors to add a new sandboxed VM type to their supported platforms.

Are WASM and containers not fundamentally different things?

At their heart, modern containers are a clever way to create something that looks like a Linux VM without the overhead of actual virtualization. Your application still executes "natively," just inside of a Potemkin environment (modulo whatever holes you poke in the veneer.) The latter bit is why we use containers.

WASM is a bytecode format. It doesn't carry around the environment it needs to execute correctly like a container does. In fact, it (by definition) needs an environment with certain properties (interpreter/JIT present) to work!

WASM solves a very different problem to Kubernetes, and you can happily run, scale and orchestrate WASM binaries on Kube.

This post is really puzzling. How do I use libraries with WASM? Lets say I wrote a nodejs app, seemingly I will need to bundle not just node_modules but also the entire nodejs runtime to make it run. Why would I do this? How does another developer make changes? If there is some way to specify what dev tools to download, what is the difference between that and docker? If you aren't doing anything complicated, docker is just a good way to set up your dev dependencies. If you are doing something complicated I doubt WASM is going to help you.

> You can compile several languages into WebAssembly already. Languages that can't be compiled will eventually have their own interpreters compiled to WebAssembly.

A big constraint here is the memory model. Languages include a specification for memory allocation, deallocation, lifetime and garbage collection, and WASM has it's own way of going about that that is engine dependent. The performance lost from reimplementing the memory model within WASM could only be regained by going back to something that looks like containers.

Disagree: While this might be the case for a handful of languages such as Rust of Go - Many lanugages need a whole lot of other stuff to run (eg, Python needs a lot bunch of dependencies).

The article starts out "In the year 2030, no one will remember Kubernetes", but focuses mostly on containers. Kubernetes solves a lot of problems that a runtime alone doesn't, like rolling upgrades, load balancing, etc. etc. However, focusing on the thrust of the article, which is replacing containers with code compile to WASM running in v8, it's still hard to agree. For example, apps commonly need a bunch of dependencies, WASM doesn't solve that problem, so you still benefit from building images in multiple cacheable layers.

I mean I don't enjoy Docker either, but I think it's more that there are many problems k8s + Docker help you solve, and WASM alone wouldn't solve a lot of them.

There is one thing that makes WASM very awkward: projecting APIs into a sandbox.

If this was done in a way that works in mechanical sympathy with a wide range of languages I think WASM would be more successful. Making an API available inside a sandbox is painful. You have to manually roll something that can deal with memory, marshal calls and parameters etc. I'm not suggesting it is easy. I'm merely pointing out that this is what I see as the main obstacle to adoption.

I am not interested in "generic" access to system resources (filesystem, network etc) at all. In fact, I can't think of any scenario where I'd actually want to do that. I want to provide APIs that deal with external resources in narrowly defined ways.

It is much easier to do this securely when you explicitly have to provide functionality rather than say "here's the filesystem" and then try to clamp down access.

I want to use WASM on servers. Primarily in Go. I want to be able to create a bunch of APIs that provide narrow access to persistence and communication and project those APIs into the sandbox. In a manner that is interoperable and easy to use from various languages. I don't want to have to craft some application specific marshalling scheme.

If projecting APIs into sandboxes in a (mostly) language agnostic way that is natural, safe and easy to use, it'd be easy enough to write system interfaces. I have no idea why so few people see this as important since I feel it should be self-evident.

(And yes, being able to offer concurrency would be nice, but that's a much smaller issue than the problem of there being no good way to marshall APIs into WASM containers)

The second paragraph is perhaps something you experience on a very small team in a very small company, but definitely not everyone's day-to-day experience and it sounds like the author would like to impose their own limited experience onto the whole industry. In a lot of companies the DevOps usually jump in and handle the entire management of the pipeline, including the build and release of containers. For most of developers, they still get to simply ship their features, I've rarely met classic developers 'optimising Docker build times'. Secondly, great technologies have intrinsic qualities and potential which get recognised instantly. Now there may be some hype following them, for sure, but it is these intrinsic qualities which silently drive the adoption of the new tech, not the hype. People starting building extensions and add-ons and more complex systems and suddenly you see it everywhere. WASM has been around for a few years now / anyone seen it make its way quietly into our working processes yet?

I vividly remember how I was young and stupid, and some people claimed that web components would replace everything. There was a guy in another team who kept bashing us for building things on top of React because "you'll see, very soon, in just a few months...just like you're having to rebuild from Angular, and someone before you had to rebuild from Backbone/jQuery..."

I've grown less young since then, and I can probably count numerous other claims for some great idea to replace "all this crap very soon." Turns out, "one-size-fits-all" solutions are almost always hype, sometimes not even backed up with pragmatic arguments. There are simply no silver bullets in our industry, especially in relation to web tech. Guess what? Some websites are still being built with jQuery, and maybe there's nothing wrong with that.

No, WASM not going to replace containers. At best, it will likely find its specific niches rather than becoming a universal solution. That's all.

This is a post about shiny new thing author loves.

And author loves shiny new things [1]: "...use 10% of your time writing code (or telling AI to write code)..."

[1] https://creston.blog/stop-writing-code/

What about old, not shiny things?

For example, SQL is Turing complete and expresses simulation of data flow paradigm [2]. It is effectively executable on current massively parallel hardware and even scales horizontally, enabling safe transactional "microservices." Why should we embrace WASM, but not SQL?

[2] https://en.wikipedia.org/wiki/Dataflow_architecture

No, it won't. Especially when comes to CPU or GPU intensive tasks... and not only that...

It's mentioned in passing in the article, but I'm intrigued by the author's mention of how Cloudflare Workers interoperate. Besides the official documentation, are there any articles anyone can recommend on this topic?

I don't think that WASM will replace containers. They will continue to move closer to each other but still have their advantages in different fields.

Right now I can run containers and WASM workloads in the same k8s clusters. I dont even have to think about it with runtimes like crun/youki or wasmedge. The OCI image format is the universal package format. It always has all its need and the tooling is broad and mature.

With containers I can basically put any app in any language in there and it just runs. WASM support is far from that, there is migration toil. Containers are and will be more flexible then WASM

"In the year 2030, no one will remember Kubernetes."

I feel like this prolog missed an important point. Kubernetes abstracts data centers: networking, storage, workload, policy. Containers implement workloads. They're at different layers.

And back to the article's point: WASM may well replace containerized workloads, indeed there are already WASM node runtimes for Kubernetes. Something else may well replace Kubernetes in five years, but it won't be something at the workload layer.

> In the year 2030, no one will remember Kubernetes.

I highly doubt that. Maybe there will be an evolution to k8s but fundamentally it solves a whole host of challenges around defining the environment an application runs in.

No it wont. It's incredibly hard to build out a fully useful version of the Linux APIs, as shown to us by Cygwin, and WSL. Even if you built out a similar set of APIs, Linux itself offers a ridiculous set of interaction points where applications can tie together (for example, I can use inotifywatch to copy files out of my container as they're written). I feel like what you'll end up with is something like gvisor running on top of WASM. In which case, what did we gain from VMs at all?

Can I run ephemeral Oracle databases and JBoss instances and Tibco EMS as WASM as part of a CI/CD flow? No? Then it's not comparable to containers.

I sure hope "developing on Cloudflare" is not "what the future looks like".

There are many, many VM:s and programming languages that are more or less easy to compile to many architectures and/or possible to run straight on a hypervisor or metal. JavaScript, Python, Lua, V, and so on. None of them are seen as container competitors.

For folks interested in the current state of the art on sandboxing, here is a stab one of my former coworkers did:

https://github.com/firedancer-io/firedancer/blob/main/src/ut...

He researched chromeos process virtualization, moby (docker upstream), and chrome tab isolation. It’s all done ebpf magic on top of seccomp at its core.

You wouldn't want to miss MoonBit if you are interested in WASM. It is the most WASM-optimized language, quite promising. https://www.moonbitlang.com/

Statically compiled portable binaries will replace containers.

Maybe not, but one can dream at least.

What do we need containers for, if we can build a service in a binary that you can throw on any Linux of the past 20 years and it just starts to serve network requests?

What do we need to support other platforms if the server world is one big Linux monoculture and the next best platforms are just a cross-compile away?

Why wouldn't I compile everything statically if containers don't share libraries anyway?

You can totally run wasm via Docker through the wasm runtime. Given this, unfortunately, you will still need to admin Kubernetes.

Forgive me but I've heard the heralding new age nay revolution of wasm is coming anyday now and it hasn't and probably won't.

I don't doubt that wasm has potential, but personally I imagine more esoteric use cases as the go to than necessarily the replacement for containers (where my money is more on unikernel).

Naw.

The purpose of docker is like a VM. To simulate the running of two or more server machines with OS's to run on one machine.

wasm is like java.

They're different things, solving different problems:

- Containers are wrappers for binaries. Any binary can be contained, and when run, it gets a constrained (fake) view of the kernel.

- WASM defines a portable binary format. WASM is intermediate-representation, in the same vein as Java byte-code.

You could reasonably put WASM binaries inside containers

Right. Moore's law has made too much progress. We must claw back some slowness! Let's take code that could run securely at full speed and run it in emulation at half the speed instead. That'll keep those menacing hardware performance improvements at bay a little longer.

What sort of tooling is required for wasm? Let's say I wanted to deploy a middle tier in our app, consisting of some nodejs code that talks to an external database.

We'd use a Dockerfile, install nodejs or use a source image to build from. How does that work for wasm? Does it have layers to reuse?

I think this author is so far off the mark that it makes me wonder if they were high when they wrote this

lol I initially thought dylibso was the author, I was mistaken. That being said - WASM has been steadily improving over time, yet it hasn't quite achieved mainstream adoption.

I'm curious what's holding it back?

It seems like despite its technical advancements, WASM hasn't captured the public's interest in the same way some other technologies have. Perhaps it's a lack of easily accessible learning resources, or maybe the benefits haven't been clearly articulated to a broader audience. There's also the possibility that developers haven't fully embraced WASM due to existing toolchains and workflows.

[1] https://github.com/dylibso

Some pretty bold claims with what I felt was shaky justification and a simplistic understanding of the foundations.

>> I am a software developer for a top 100 app. I've written code you've probably used. That makes me qualified to say stuff.

Ah... that explains a bunch of it.

It is so funny seeing folks reinventing Java EE application servers, or IBM i, z/OS.

Capabilities based Operating Systems will replace containers. WASM is a stepping stone to help the world better impedance match them conceptually.

If someone tacks on file system access to WASM, the whole system becomes worthless.

> You have the option of writing your worker in JavaScript/TypeScript, or compiled WASM.

Is there any compelling reason not to just compile TypeScript to WASM? Why should it have JavaScript as its compile target?

>A very obvious argument against WASM succeeding is the Java Virtual Machine (JVM). It's almost exactly the same promise: write once, run anywhere. [...] The biggest limitation is that JVM bytecode cannot run in a web browser

The draw of WASM is to be able to have your code run in a browser tab exactly as it can run on your local hardware, as it can run if you embed it in your own application, with the only thing moving being custom syscalls between the 3

The biggest limitation of the JVM was that it's closed

You can spin up your own WASM interpreter and integrate it anywhere you like. It wouldn't be an impossible bridge to cross, it's RISC, it's open, there's many open implementations. Is it even possible to write your own JVM from scratch?

While I don’t doubt the utility of WebAssembly, I do have to kind of roll my eyes at the ignorance of history going on.

Servers were the future of code after mainframes because of simplicity and write-once run-anywhere code but without all the complexity, they just needed similar networking and storage solutions as mainframes had to be viable first.

Virtual machines would be the future of bare metal servers, allowing code to be written once and run anywhere, eliminating the complexity of bare metal servers. VMs just needed better networking and storage first to be viable.

Containers would replace the complexity of VMs and finally allow code to be written once and run anywhere, once orchestration for storage and networking was figured out.

Serverless would replace containers and allow code to be…

You get the idea.

The only thing holding back code from truly being “write-once, run anywhere” is literally everything that keeps it safe and scalable. The complexity is the solution. WebAssembly will start with the same promise of a Golden Path for development, until all the ancillary tooling ruins the joy (because now it’s no longer a curiosity, but a production environment with change controls and SOPs) and someone else comes along with an alternative that’s simpler and easier to use, because it lacks the things that make it truly work.

I don’t particularly care how it’s packaged in the end, so long as it runs and has appropriate documentation. Could be a container, or a VM template, or an OS package, or a traditional installer, or a function meant for a serverless platform.

Just write good code and support it. Everything else is getting lost in the forest.

We’re still using COBOL mainframes in 2025 in places so I’m sure whatever is the next trend in computing will be great, but I’m sure we’ll still be using k8s (and COBOL) in 2125.

> by deploying WASM in V8 sandboxes, you get all of the developer benefits of microservices with all of the runtime benefits of monoliths

No oversimplification to see here.

Does anyone remember a presentation on YouTube that described a hypothetical future where everything will be running inside a VM in a browser?

Confusing hammers with drills is a big mistake. Similarly, the problems WASM solves and the problems containers solve have little in common.

I've yet to see a single example of WASM in the wild. How is it supposed to "replace" anything, if nobody is using it?

Just like with systemd ruining every cloud infrastructures, here we go with WASM

Who wants everyone to be forced to use the same BigTech slop?

kubernetes is an endless employment engine for operations staff (it's kinda the opposite of "anybody can write react, so react devs are now cheaper", instead you're constantly maintaining a piece of junk k8s stack).

no way someone would engineer their way out of not over-engineering a kubernetes stack.

The other bit of this is that FNaaS pricing is crazy expensive. Unless someone goes an order of magnitude cheaper than cloudflare's wrangler offering on the edge, I don't see it happening. You get none of the portability by writing yourself into a FNaaS cage like cloudflare or fastly.

Companies start off with business logic that solves a problem. Then they scale it (awkwardly or not) as it balloons with customers. Then they try to optimize it (sometimes by going to the cloud, sometimes by going back to their own VMs). VCs might not like "ending growth", but once you're on a stable customer basis you can breath, understand your true optimal compute, and make a commitment to physical hardware (which is cheaper than cloud scaling, and FAR cheaper than FNaaS).

The piece that might travel the entire way with you? Containers and Kubernetes.

This has to be the highest word-count-in-replies-on-hackernews-to-word-count-in-entire-blog-site ratio ever.

Someone does not understand what kubernetes is. Kubernetes or something like it will continue to exist.

Surely this will be the year of WASM!

That would be cool.

It's been about 3 years since I dug into WASM and was bewildered about how to use it.

Is it time to dig back in?

My golang WASM is half the speed of my golang native.

That’s double server costs.

It’s golang so maybe that’s why ?

I need contributers for this Wikipedia page - https://en.wikipedia.org/wiki/User:Dr.SeemaMidha

Fellow Wikipedians may show their interest in the comment section.

Definitely a dead take. WASM has its merits but it’s not a panacea.

WASM just moves vulnerabilities to the wrapping code. If you use FS, then you still have to prevent the wrapper from stealing your /etc/passwd, so container it is

Suprised Nix isn't mentioned here.

Why does anything need to replace anything?

Containers, VM's, physical servers, WASM programs, Kubernetes, and countless other technologies fill niches. They will become mature, boring technologies, but they'll be around, powering all the services we use. We take mature technologies, like SQL or HTTP for granted, but once upon a time, they were the new hotness and people argued about their suitability.

It sounds like another way to distribute software has entered the chat, and it'll be useful for some people, and not for others.

microservices, serverless...

Truly buzzword compliant, this article.

So dumb - Shoresy

My boomeritis flares up when I hear someone trying to sell me on 10x-ing instructions . I think we need a new unit of inefficiency called Matrioschkas . The Swedes call this Torta-på-Torta or a cake in a cake (in a cake..)

we can only hope.

Hmm, not sure...

Author's argument is "because it is easier today and will be as powerful as containers in the future".

Well, what about it gets as powerful but 3 times more complex? Frankly, I find it quite messy to develop WASM in C++ without downloading an emscripten ...container. Yeah, AFAIK, there is no WASM compiler in WASM.

Oh an there is the *in the browser*, also. Yeah, but the truth of the matter is that most WASM frameworks have a mediocre performance when compared to JS (because of the memory isolation).

In this job we love new projects. We like them so much that we keep forgetting that the vast majority of them fail.

um, yeah, like everything is a jvm today.

Unikernels were meant to take over the world, the problem is, the extra bits of faux linux that docker provides are usually time savers.

The problem with modern containers is not the container (well it kinda is) its the thing that works out how to run and connect that container.

Kubernetes is a shit to configure, insecure unless you spend effort tracing and managing permissions, expensive to run.

But it is cool.

Apart from the networking. Thats just fucking batshit.

TLDR: Containers aren't the problem its the stupid orchestration layers people insist on building.

yeah but does wasm really work on mobile?

No. Wasm is not useful enough yet. Neither are containers.

This webdev notion of abstracting 30 layers of complexity just to run bytecode is borderline lobotomizing and should be blamed for 8,000,000,000 Bytes of RAM not sufficing for a slightly-above-average desktop computer nowadays.