I wrote this because I kept seeing developers (myself included) confuse language-level isolation like Python venv with OS-level isolation like Docker. I wanted to trace the actual technical boundaries between them.
The article maps out the differences between common execution environments—from physical bare metal and VMs to containers, process sandboxes, and virtual environments—to create a mental model of where the "isolation boundary" actually sits for each tool.
> This website collects anonymous usage analytics data via GoatCounter and Umami.
My uBlock origin shows that googlefonts.com and fonts.googleapis.com are being blocked.
It irks me a bit that your message explicitly mentions two trackers but it fails to mention the Google tracking. Google is also not mentioned in your privacy policy. Is there a reason for this?
Your message sent me down a weird rabbit hole of trying to find privacy friendly alternative to google fonts. I found this: https://github.com/coollabsio/fonts
They claim to be a privacy friendly drop-in replacement. Their main website: https://fonts.coollabs.io/
It is more of a silent thing. Running in the background, internal libs, deployment tools, plugin tools.
But also - it's lacking things like a unified positioning + required knowledge to understand it is quite large compared to average dev + most people have no real use for it. It's mostly too "abstract high level" and "low level" for most devs.
1. to create web versions of applications that are traditionally desktop only to render things like Parquet, PSD, TIFF, SQLite, EPS, ZIP, TGZ, and many more, where C libraries are often the reference implementations. There are almost a hundred supported file formats, most of which are supported through WASM
2. to create plugins that extend the backend and add your own endpoint or middleware as a way to enforce the code run in a constrained environment without the ability to send people's file out
3. in the workflow engine to enable people to run their own sandboxed scripts without giving those a blank check to go crazy
I wrote this because I kept seeing developers (myself included) confuse language-level isolation like Python venv with OS-level isolation like Docker. I wanted to trace the actual technical boundaries between them.
The article maps out the differences between common execution environments—from physical bare metal and VMs to containers, process sandboxes, and virtual environments—to create a mental model of where the "isolation boundary" actually sits for each tool.
Since you mention serverless it might be worth mentioning firecracker and v8 isolates.
Thank you for the feedback. I will definitely add them as example solutions for serverless.
Did you really write it though? Within the first paragraph it's fairly obvious this is heavily LLM-generated.
> This website collects anonymous usage analytics data via GoatCounter and Umami.
My uBlock origin shows that googlefonts.com and fonts.googleapis.com are being blocked.
It irks me a bit that your message explicitly mentions two trackers but it fails to mention the Google tracking. Google is also not mentioned in your privacy policy. Is there a reason for this?
Your message sent me down a weird rabbit hole of trying to find privacy friendly alternative to google fonts. I found this: https://github.com/coollabsio/fonts They claim to be a privacy friendly drop-in replacement. Their main website: https://fonts.coollabs.io/
WebAssembly somehow does not seem to be able to break-through, unlike HTML, CSS, JavaScript did.
It is more of a silent thing. Running in the background, internal libs, deployment tools, plugin tools.
But also - it's lacking things like a unified positioning + required knowledge to understand it is quite large compared to average dev + most people have no real use for it. It's mostly too "abstract high level" and "low level" for most devs.
Or the people who write wasm don't talk too much about it. My OSS work (https://github.com/mickael-kerjean/filestash) has tons of it:
1. to create web versions of applications that are traditionally desktop only to render things like Parquet, PSD, TIFF, SQLite, EPS, ZIP, TGZ, and many more, where C libraries are often the reference implementations. There are almost a hundred supported file formats, most of which are supported through WASM
2. to create plugins that extend the backend and add your own endpoint or middleware as a way to enforce the code run in a constrained environment without the ability to send people's file out
3. in the workflow engine to enable people to run their own sandboxed scripts without giving those a blank check to go crazy