Moving Beyond Containers - Introducing Boxer

While containers have been pivotal in cloud computing, offering isolated environments for applications, they bring notable drawbacks. These include substantial overhead, resulting in larger, less efficient deployments and startup times, and a dependency on the underlying OS for security, posing potential vulnerabilities.

WebAssembly (Wasm) addresses these challenges, and this talk will introduce the open-source project Boxer (https://boxer.dev), which offers tooling for taking existing containerized workloads and definitions, and creating near-universally deployable Wasm distributions (“Boxes”) offering roughly the same environment, with all the benefits of the WebAssembly target. Wasm, a compact binary instruction format, enables lightweight, sandboxed execution, significantly reducing overhead compared to traditional containers. This leads to enhanced performance and smaller, more efficient deployments, ideal for cloud computing. Additionally, Wasm's memory-safe, isolated execution environment provides superior security, independent of the OS. Thus, Wasm, with its blend of efficiency and security, emerges as not just an alternative, but a substantial improvement over container technology for cloud deployments.

With the main tools built in Rust, importantly, Marcotte (https://github.com/dphilla/marcotte) -- the underlying tool for virtualizing layers of system functionality -- allows us to make safe, sandboxed, discrete, and composable system functionality, by leveraging Rust's memory safety model, and the inherent properties of WebAssembly.

This talk will critically examine this new technology, its approach, benefits, and existing limitations compared with containers, and its path forward as a new standard in cloud infrastructure.