Skip to content
loading...

re: Introducing Hole a new serverless technology for Node.js VIEW POST

FULL DISCUSSION
 

After reading "How it works" an isolate sounds like Node's VM module. Could you please give us more details on how running several functions in 1 process is more secure than traditional approach with 1 function per 1 process?

 

Hey @the_spyke , good question, it may sound like the VM module but we are not necessarily using it, because we would have problems of resource struggle between the functions (CPU, Memory. We have other approaches to address this.). Isolate is a concept and the V8 mechanism to run sites with contexts separately, we use this same mechanism to perform the functions but it is not necessarily the only layer we use to create the sandbox environment it does not mean that it is safer than a traditional environment running the container with only one function. In addition we have other layers of security on top of these processes, we also rely on the isolate context of the V8 that has long been guaranteeing the security of the web with this approach, similar approaches that are appearing with WebAssembly with the implementation of WASI.

The tradeoff we have when we go for this approach is that we may lose the possibility of running functions in different languages ​​but we are studying the possibility of running WebAssembly in our functions.

I hope I have answered your question!

 

it does not mean that it is safer than a traditional environment running the container

In the article you wrote that "At Hole we built our technology to solve some of the main problems of serverless: performance, security", so I was interesting in how you did this. Thank you for your answer.

code of conduct - report abuse