Building a Containerless Future

with WebAssembly

About Me

• Capital One Distinguished Engineer
• Distributed Systems Nerd
• Build back-ends for fun
  • Biometrics as a Service
  • Waste Management
  • Cloud Foundry "Pez" Dispenser
  • Search & Rescue Drones
• WebAssembly Zealot Proponent

Twitter: @KevinHoffman

GH: autodidaddict

WebAssembly

Why Should We Care?

Benefits of Wasm in the Browser

• Speed
• Small Footprint
• Security
  • Rigid Sandbox
  • Memory Isolation
• Developer Productivity
• Rapid, Continuous Deployment

🤔

Benefits of Wasm in the Cloud

• Speed
• Small Footprint
• Security
  • Tamper-Proofing
  • Provenance
  • Policy Control
  • Rigid Sandbox
  • Memory Isolation
• Developer Productivity
• Rapid, Continuous Deployment

🤓

WebAssembly Is Small

• Self-contained, portable file
• Microservices* can be as small as 2MB!
• Most of the work is done by the host runtime, not the wasm file
• I've lost 51lbs since learning WebAssembly
  • Coincidence?

WebAssembly Is Secure

• Immune to buffer overruns & similar
• Custom sections ideal for storing signature + hash, metadata
• Host decides what module can/cannot do
• Isolated memory sandbox, cannot leak or exfil sensitive data

• Format is easily disassembled
  • Don't hide trade secrets in wasm files

WebAssembly Is Portable

• Single file runs anywhere there's a host
  • Browser
  • Cloud
  • IoT
• OS, Processor, Platform Agnostic
• Does not require containers
• Only as portable as we make it*

WebAssembly Is Polyglot

• Language for host runtime and modules are decoupled
• Can write modules in any* language
  • Rust
  • Go*
  • Zig
  • AssemblyScript
  • C/C++

Host Runtimes

Wasm Outside the Browser

Low-Level Runtimes

• wasmtime
• wasmer
• wasm3
• wasmi
• ...
• https://github.com/appcypher/awesome-wasm-runtimes

• C/C++
• Rust
• Go
• Python
• V8/Node
• ...

Hosts

Host Langs

Interpreters and Compilers

Mid-Level Runtimes

Layers Built on/Used with Low-Level Runtimes

• waPC
  • Bi-Directional Functional Calling
  • Pass Arbitrary Binary Payloads
  • Memory Agnostic
    • Neither Side Maintains Pointers to Other Side's Memory
  • Stateless
  • Synchronous (no multi-threading in Wasm)
• wascap - Sign, Embed, Query JWTs in WebAssembly Modules

High-Level Runtime

waSCC - Layer Built on waPC and wascap

• Build services & functions in Wasm as Actors!
• Utilize Embedded, Signed JWTs
  • Verify Provenance
  • Restrict Access to High-Level Capabilities
  • Integrate with OPA
• Dynamically Bind Actors to Capabilities:
  • Message Broker
  • HTTP client, server
  • Key-Value Store
  • Custom Capabilities
• Rust Host SDK
• Rust Actor SDK (Go* coming soon)

WebAssembly Secure Capabilities Connector (waSCC)

WebAssembly Ecosystem

"If I have seen further, it is by standing on the shoulders of giants"

    - Isaac Newton

Building our own Shoulders

• Out of Browser Host Runtimes
• Tooling
• Education
• Documentation
• Community

DEMOS!

DEMOS

• "Wasm in the Raw" - wat2wasm
• Basic Procedure Calls - waPC
• WebAssembly in the Cloud - waSCC

Call to Action

• Remember this one thing:
  • WebAssembly is the future of distributed computing
• Get Involved!
  • Byte Code Alliance - https://bytecodealliance.org
  • Contribute!
    • https://github.com/wapc
    • https://github.com/wascc
    • https://wascc.dev
• Start Building Amazing non-browser things with WebAssembly