TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
Fivetran Brings Data Lake Interoperability to Google Cloud
Apr 10th 2025 6:45am, by Charles Humble
Local or Cloud: Choosing the Right Dev Environment
Apr 9th 2025 4:00pm, by Anita Ihuman
The Open Format Movement Heats Up: Snowflake Embraces Apache Iceberg
Apr 8th 2025 6:00am, by Jelani Harper
Why Cloud Native Infrastructure Is Non-Negotiable for GenAI
Apr 7th 2025 3:00pm, by Debojyoti Dutta
CNCF Reveals New Certifications and Expanded Job Opportunities
Apr 4th 2025 2:00pm, by Steven J. Vaughan-Nichols
Advanced Docker Scout Use Cases: Security Insights, Recommendations, and Remediation 
Apr 13th 2025 10:00am, by Advait Patel
Legacy to Cloud: Accelerate Modernization via Containers
Apr 10th 2025 10:00am, by Bhushan Nemade
The Super Helm Chart: To Deploy or Not To Deploy?
Apr 8th 2025 6:00am, by Utku Darılmaz
Automate Container Security Audits With Docker Scout and Python 
Apr 5th 2025 9:00am, by Advait Patel
Why Docker Scout Is Changing How Developers Scan for Vulnerabilities 
Apr 3rd 2025 11:00am, by Advait Patel
Fivetran Brings Data Lake Interoperability to Google Cloud
Apr 10th 2025 6:45am, by Charles Humble
AI Data Dilemma: Balancing Innovation with Ironclad Governance
Apr 8th 2025 11:00am, by Artin Avanes
Why Use a NoSQL Database for AI? There Are Many Great Reasons
Apr 8th 2025 8:00am, by Tim Rottach
Redis Launches Vector Sets and a New Tool for Semantic Caching of LLM Responses
Apr 8th 2025 7:00am, by Frederic Lardinois
Building Graph-Based RAG Applications Just Got Easier
Apr 4th 2025 9:00am, by Ryan Michael and Nina Lopatina
AI at the Edge: Federated Learning for Greater Performance
Apr 16th 2025 8:00am, by Charles Humble
Should You Care About Fermyon Wasm Functions on Akamai?
Mar 28th 2025 1:00pm, by B. Cameron Gain
Are Edge Computing and Cloud Computing in Competition?
Mar 27th 2025 6:00am, by Meredith Shubel
Edge Data Centers Offer Benefits for Remote Industrial Apps
Mar 26th 2025 8:00am, by Meredith Shubel
AI Is Coming to the Edge, but It Will Look Different
Mar 20th 2025 1:00pm, by Damir Mujezinovic
Tackle IaC Tooling Complexity and Growing Cloud Costs in 2025
Apr 11th 2025 11:00am, by Ido Neeman
IT Leaders Brace for Tariff Fallout on Infrastructure and Cloud Costs
Mar 26th 2025 10:00am, by Krishna Subramanian
How To Select the Best Cloud Model for Your AI Strategy
Mar 25th 2025 1:00pm, by Abu Hassan Peer
Why FinOps Belongs in Your CI/CD Workflow
Mar 25th 2025 5:00am, by Amit Liberman
NixOps Lives On: Introducing NixOps 4
Mar 21st 2025 9:00am, by B. Cameron Gain
Kelsey Hightower on Nix vs. Docker: Is There a Different Way?
Apr 16th 2025 7:00am, by David Cassel
Linux: Five Easy Ways To Secure Any Distribution
Apr 13th 2025 8:00am, by Jack Wallen
Unsure How To Schedule With Cron on Linux? Try One of These GUIs
Apr 12th 2025 6:00am, by Jack Wallen
How To Develop on a Linux Desktop With an Easy-To-Use VM
Apr 10th 2025 6:00am, by Jack Wallen
Rust, Linux and Cloud Native Computing
Apr 7th 2025 8:00am, by Steven J. Vaughan-Nichols
Scale Microservices Testing Without Duplicating Environments
Apr 15th 2025 9:00am, by Arjun Iyer
What Agentic Workflows Mean to Microservices Developers
Apr 3rd 2025 4:00pm, by Janakiram MSV
Sandbox Testing: The DevEx Game-Changer for Microservices
Mar 27th 2025 7:11am, by Arjun Iyer
Testing Microservices: Message Isolation for Kafka, SQS, More
Mar 20th 2025 7:09am, by Arjun Iyer
The Million-Dollar Problem of Slow Microservices Testing
Mar 6th 2025 8:05am, by Arjun Iyer
Kelsey Hightower on Nix vs. Docker: Is There a Different Way?
Apr 16th 2025 7:00am, by David Cassel
The Kro Project: Giving Kubernetes Users What They Want
Apr 15th 2025 12:00pm, by Michelle Gienow
OpenSearch: What’s Next for the Search and Analytics Suite?
Apr 10th 2025 9:00am, by Michelle Gienow
Five Years In, Backstage Is Just Getting Started
Apr 7th 2025 2:00pm, by Jennifer Riggins
Rust, Linux and Cloud Native Computing
Apr 7th 2025 8:00am, by Steven J. Vaughan-Nichols
Dave Taht, Who Sped Up Networks More Than You'll Ever Know, Has Died
Apr 4th 2025 11:00am, by Steven J. Vaughan-Nichols
KubeCon Europe: Kgateway Aims To Be the Kubernetes Onramp
Apr 3rd 2025 7:00am, by Joab Jackson
KubeCon Europe: Aviatrix's Enterprise Firewall for Kubernetes
Mar 24th 2025 5:00am, by Joab Jackson
NVIDIA Unveils Next-Gen Rubin and Feynman Architectures, Pushing AI Power Limits
Mar 19th 2025 3:00pm, by Adrian Cockcroft
2.8 Million Reasons Why You Can’t Trust Your VPN
Mar 17th 2025 9:00am, by Nick Taylor
Fivetran Brings Data Lake Interoperability to Google Cloud
Apr 10th 2025 6:45am, by Charles Humble
The Open Format Movement Heats Up: Snowflake Embraces Apache Iceberg
Apr 8th 2025 6:00am, by Jelani Harper
Don’t Let Storage Slow Down DevOps
Apr 3rd 2025 2:00pm, by Carol Platz
Changed Block Tracking Is Here for Kubernetes Resilience
Mar 24th 2025 8:30am, by Mark Lavi
Real-Time Write Heavy Workloads: Considerations and Tips
Mar 14th 2025 9:00am, by Felipe Cardeneti Mendes and Lubos Kosco
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
Slopsquatting: The Newest Threat to Your AI-Generated Code
Apr 16th 2025 9:00am, by
AI at the Edge: Federated Learning for Greater Performance
Apr 16th 2025 8:00am, by
Seven Habits of Highly Effective AI Coding
Apr 16th 2025 6:00am, by
Frontend Gets Smarter: AI's JavaScript Revolution
Apr 15th 2025 11:00am, by
Year of AI Utility: Moving From Early Wins to Long-Term Value
Apr 15th 2025 8:05am, by
Slopsquatting: The Newest Threat to Your AI-Generated Code
Apr 16th 2025 9:00am, by
Seven Habits of Highly Effective AI Coding
Apr 16th 2025 6:00am, by
Code in Your Native Tongue: Amazon Q Developer Goes Global
Apr 10th 2025 5:00pm, by
Ironwood: Google's Answer to Nvidia in the AI Chip Wars
Apr 9th 2025 10:00am, by
Breakthrough: LLM Traces Outputs to Specific Training Data
Apr 9th 2025 8:30am, by
Case Study: AI Agent Cuts API Connector Dev Time to Minutes
Apr 15th 2025 2:00pm, by
Use API Governance Tools for Better API Experiences
Apr 11th 2025 2:00pm, by
OpenAPI: How to Handle File Management
Apr 8th 2025 9:00am, by
Future of Platform Engineering Is About Much More Than AI
Apr 3rd 2025 12:00pm, by
DeepSource Releases Globstar Amid Semgrep Licensing Backlash
Apr 2nd 2025 5:00pm, by
JavaScript's Missing Link: Wasp Offers Full Stack Solution
Mar 26th 2025 2:00pm, by
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by
Apollo: GraphQL Now Connects to REST APIs With Little Fuss
Mar 11th 2025 7:30am, by
Introduction to Backend Development
Mar 10th 2025 12:30pm, by
Laravel Adds Inertia To Stack and Offers React Starter Kit
Mar 4th 2025 10:00am, by
Year of AI Utility: Moving From Early Wins to Long-Term Value
Apr 15th 2025 8:05am, by
What Devs Should Know When Starting an Apache Kafka Journey
Apr 15th 2025 6:00am, by
Formula 1: Engineering When Every Millisecond Counts
Apr 11th 2025 9:24am, by
From BI to Predictive AI: Why Analysts Are the Heroes of the Next Data Frontier
Apr 10th 2025 11:00am, by
OpenSearch: What’s Next for the Search and Analytics Suite?
Apr 10th 2025 9:00am, by
Frontend Gets Smarter: AI's JavaScript Revolution
Apr 15th 2025 11:00am, by
Internal Projects: Working Inside the Panopticon
Apr 12th 2025 8:00am, by
New Laravel-Related Offerings Include Octane Alternative
Apr 12th 2025 5:00am, by
Three AI-Assisted Development Skills You Can Start Using Today
Apr 9th 2025 2:00pm, by
GitHub's New Security Campaigns Fix Security Debt With AI
Apr 9th 2025 11:00am, by
Build Scalable LLM Apps With Kubernetes: A Step-by-Step Guide
Apr 14th 2025 6:00am, by
Breakthrough: LLM Traces Outputs to Specific Training Data
Apr 9th 2025 8:30am, by
Agentic AI Is the Next Frontier in Enterprise Operations
Apr 8th 2025 10:00am, by
KubeCon Europe: How Kubernetes Handles 6G, LLMs and Deep Space
Apr 7th 2025 10:00am, by
Adopt World Models Today or Fall Behind Tomorrow
Apr 4th 2025 12:00pm, by
Slopsquatting: The Newest Threat to Your AI-Generated Code
Apr 16th 2025 9:00am, by
JFrog Sounds Alarm on Crypto-Stealing Python Package
Apr 15th 2025 3:00pm, by
Agentic Access Is Here. Your Authorization Model Is Probably Broken.
Apr 15th 2025 1:00pm, by
Advanced Docker Scout Use Cases: Security Insights, Recommendations, and Remediation 
Apr 13th 2025 10:00am, by
Linux: Five Easy Ways To Secure Any Distribution
Apr 13th 2025 8:00am, by
Case Study: AI Agent Cuts API Connector Dev Time to Minutes
Apr 15th 2025 2:00pm, by
Four New Areas Where AI Is Transforming Software Development
Apr 14th 2025 11:00am, by
The Interrupt Tax: Why Developer Productivity Is Measured in Silences
Apr 14th 2025 11:00am, by
Beyond ROWE: Why Results-Only Work Isn’t Always a Win
Apr 12th 2025 10:00am, by
Internal Projects: Working Inside the Panopticon
Apr 12th 2025 8:00am, by
Hyperlight Wasm: Azure Goes the Final Wasi Mile
Apr 3rd 2025 9:00am, by
Endor: WebAssembly-Based Server in the Browser
Mar 29th 2025 1:00pm, by
Should You Care About Fermyon Wasm Functions on Akamai?
Mar 28th 2025 1:00pm, by
Akamai Picks Up Hosting for Kernel.org
Mar 27th 2025 10:00am, by
Top 5 Uses of WebAssembly for Web Developers
Feb 16th 2025 7:00am, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Year of AI Utility: Moving From Early Wins to Long-Term Value
Apr 15th 2025 8:05am, by Baris Gultekin
Four New Areas Where AI Is Transforming Software Development
Apr 14th 2025 11:00am, by Emilio Salvador
Agentic AI Is the Next Frontier in Enterprise Operations
Apr 8th 2025 10:00am, by Guo Wei
Why Cloud Native Infrastructure Is Non-Negotiable for GenAI
Apr 7th 2025 3:00pm, by Debojyoti Dutta
A Look at AIBrix, an Open Source LLM Inference Platform
Apr 4th 2025 7:00am, by Janakiram MSV
Seven Habits of Highly Effective AI Coding
Apr 16th 2025 6:00am, by Tariq Shaukat
Optimizing CI/CD for Trust, Observability and Developer Well-Being
Apr 15th 2025 10:00am, by Saqib Jan
What Devs Should Know When Starting an Apache Kafka Journey
Apr 15th 2025 6:00am, by Sandon Jacobs
Tackle IaC Tooling Complexity and Growing Cloud Costs in 2025
Apr 11th 2025 11:00am, by Ido Neeman
Reframing DevSecOps: Software Security to Software Safety
Apr 7th 2025 11:00am, by Josh Lemos
Mastering the Cloud: Saumen Biswas on Cutting Costs Without Cutting Corners
Apr 14th 2025 12:00pm, by Colin Bonini
Google Kubernetes Engine Customized for Faster AI Work
Apr 9th 2025 9:00am, by Joab Jackson
Apache Ray Finds a Home on the Google Kubernetes Engine
Apr 9th 2025 6:00am, by Joab Jackson
VMware Alternatives: A Strategic Guide to Modern Virtualization
Apr 4th 2025 8:00am, by Adam Swidler
Google Extends Gmail Client-Side Encryption to All Users
Apr 1st 2025 9:00am, by Joab Jackson
Optimizing CI/CD for Trust, Observability and Developer Well-Being
Apr 15th 2025 10:00am, by Saqib Jan
The Interrupt Tax: Why Developer Productivity Is Measured in Silences
Apr 14th 2025 11:00am, by Nishant Modak
Advanced Docker Scout Use Cases: Security Insights, Recommendations, and Remediation 
Apr 13th 2025 10:00am, by Advait Patel
Formula 1: Engineering When Every Millisecond Counts
Apr 11th 2025 9:24am, by Jennifer Riggins
Automate Container Security Audits With Docker Scout and Python 
Apr 5th 2025 9:00am, by Advait Patel
The Kro Project: Giving Kubernetes Users What They Want
Apr 15th 2025 12:00pm, by Michelle Gienow
Build Scalable LLM Apps With Kubernetes: A Step-by-Step Guide
Apr 14th 2025 6:00am, by Oladimeji Sowole
Google Kubernetes Engine Customized for Faster AI Work
Apr 9th 2025 9:00am, by Joab Jackson
The Super Helm Chart: To Deploy or Not To Deploy?
Apr 8th 2025 6:00am, by Utku Darılmaz
KubeCon Europe: How Kubernetes Handles 6G, LLMs and Deep Space
Apr 7th 2025 10:00am, by B. Cameron Gain
DeepSource Releases Globstar Amid Semgrep Licensing Backlash
Apr 2nd 2025 5:00pm, by B. Cameron Gain
KubeCon Europe Day 1 Keynote: Can Observability Keep Up With LLMs?
Apr 2nd 2025 4:00pm, by B. Cameron Gain
Observability in K8s: Moving From Reactive to Predictive
Apr 2nd 2025 9:00am, by Lori Bertelli
ML and LLM Adoption Challenged Most Often by Observability
Mar 31st 2025 7:00am, by Lawrence E Hecht
What eBPF Means for Observability vs. Security
Mar 31st 2025 6:17am, by B. Cameron Gain
The Kro Project: Giving Kubernetes Users What They Want
Apr 15th 2025 12:00pm, by Michelle Gienow
Python Software Foundation Honors Ewa Jodlowska's Service
Apr 13th 2025 7:00am, by David Cassel
Beyond ROWE: Why Results-Only Work Isn’t Always a Win
Apr 12th 2025 10:00am, by Steve Fenton
Tackle IaC Tooling Complexity and Growing Cloud Costs in 2025
Apr 11th 2025 11:00am, by Ido Neeman
From POC to Production: Why GenAI Projects Often Stall
Apr 11th 2025 10:00am, by Arti Raman
Optimizing CI/CD for Trust, Observability and Developer Well-Being
Apr 15th 2025 10:00am, by Saqib Jan
Mastering the Cloud: Saumen Biswas on Cutting Costs Without Cutting Corners
Apr 14th 2025 12:00pm, by Colin Bonini
Local or Cloud: Choosing the Right Dev Environment
Apr 9th 2025 4:00pm, by Anita Ihuman
Why Cloud Native Infrastructure Is Non-Negotiable for GenAI
Apr 7th 2025 3:00pm, by Debojyoti Dutta
Five Years In, Backstage Is Just Getting Started
Apr 7th 2025 2:00pm, by Jennifer Riggins
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Memory-Safe C: TrapC's Pitch to the C ISO Working Group
Mar 12th 2025 7:00am, by David Cassel
Bjarne Stroustrup on How He Sees C++ Evolving
Mar 7th 2025 6:00am, by David Cassel
Curl's Daniel Stenberg on Securing 180,000 Lines of C Code
Feb 23rd 2025 6:00am, by David Cassel
Introduction to C++ Programming Language
Feb 11th 2025 6:00am, by TNS Staff
Local or Cloud: Choosing the Right Dev Environment
Apr 9th 2025 4:00pm, by Anita Ihuman
From BASIC to Vibes: Microsoft's 50-Year Code Evolution
Apr 4th 2025 5:00pm, by Darryl K. Taft
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Red Hat Arms Developers With AI-Powered Migration Tools
Apr 1st 2025 1:00pm, by Steven J. Vaughan-Nichols
Developer’s Guide to the Built-In Tools of OpenAI Agents SDK
Mar 26th 2025 9:12am, by David Eastman
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Introduction to Go Programming Language
Jan 17th 2025 9:00am, by TNS Staff
JavaOne 2025: Talks, History, Community, and Scott McNealy
Apr 6th 2025 6:00am, by David Cassel
Java Modernizes: New Tools for AI and Quantum Age
Mar 26th 2025 7:00am, by Chris J. Preimesberger
Oracle Ships Java 24: 'AI Is So Yesterday' Says VP
Mar 19th 2025 10:00am, by Darryl K. Taft
Vulnerability-Free Java Containers: A Practical Guide
Mar 8th 2025 9:00am, by Eric Murphy
AI Tools Now Essential in Java Dev's Productivity Arsenal
Mar 6th 2025 3:00pm, by Darryl K. Taft
Frontend Gets Smarter: AI's JavaScript Revolution
Apr 15th 2025 11:00am, by Alexander T. Williams
New Laravel-Related Offerings Include Octane Alternative
Apr 12th 2025 5:00am, by Loraine Lawson
A Peek at What’s Next for Vue
Apr 5th 2025 6:00am, by Loraine Lawson
A Developer’s Guide to Server-Side JavaScript
Apr 3rd 2025 10:00am, by Martin Bach
Researchers Find Next.js Middleware Vulnerability
Mar 29th 2025 3:01am, by Loraine Lawson
JFrog Sounds Alarm on Crypto-Stealing Python Package
Apr 15th 2025 3:00pm, by Chris J. Preimesberger
A Developer’s Guide to Server-Side JavaScript
Apr 3rd 2025 10:00am, by Martin Bach
Level Up Your Python: Higher-Order Functions Explained
Apr 2nd 2025 12:00pm, by Jessica Wachtel
Rust Gets Its Missing Piece: Official Spec Finally Arrives
Mar 28th 2025 3:00pm, by Darryl K. Taft
Java Modernizes: New Tools for AI and Quantum Age
Mar 26th 2025 7:00am, by Chris J. Preimesberger
JFrog Sounds Alarm on Crypto-Stealing Python Package
Apr 15th 2025 3:00pm, by Chris J. Preimesberger
Python Software Foundation Honors Ewa Jodlowska's Service
Apr 13th 2025 7:00am, by David Cassel
NVIDIA Finally Adds Native Python Support to CUDA
Apr 2nd 2025 2:00pm, by Agam Shah
Level Up Your Python: Higher-Order Functions Explained
Apr 2nd 2025 12:00pm, by Jessica Wachtel
Insert Data into a MySQL Database via a Python Script
Mar 26th 2025 5:21am, by Jack Wallen
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by Loraine Lawson
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by Loraine Lawson
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by David Eastman
Containers / Software Development / WebAssembly

Hyperlight Wasm: Azure Goes the Final Wasi Mile

Microsoft brings WebAssembly to virtual machines with lightning-fast execution, millisecond startup times, and multi-language support — all without containers.
Apr 3rd, 2025 9:00am by
Featued image for: Hyperlight Wasm: Azure Goes the Final Wasi Mile
Featured image via Unsplash+.

LONDON — Microsoft’s Azure Core Upstream team’s Hyperlight now includes Hyperlight Wasm, marking a long-awaited development in extending and deploying WebAssembly modules and components on virtual machines for Azure.

Microsoft has also donated the project to the CNCF.

The Hyperlight project relies on small, embedded functions using hypervisor-based protection for each function call at scale. Each function request also has its own hypervisor for protection.

This compatibility feature has been years in the making, fulfilling the long-standing promise of WebAssembly and its polyglot language capabilities.

Source: Microsoft

With it, workloads can be deployed, spun up, and spun down to and from VMs on Azure or in any other cloud or on premises environments in milliseconds — without containers. Yes, that’s right — bypassing any worries about operating system compatibility or other concerns with deploying code to a virtual machine. Much of this is owed to WebAssembly System Interface (WASI) development, which offers interoperability with different endpoints, which in Hyperlight’s case, consists of VMs.

As WebAssembly is the conduit, it is no longer restricted to just other machine languages such as Rust and C, although it can handle those as well. So far, Hyperlight offers compatibility with the following languages with which users can execute workloads in Hyperlight Wasm: C, Go, Rust, Python, JavaScript and C#. The trick here, much like with containers, is to also include a language runtime as part of the image.

Unlike containerized environments, where workloads must first be packaged, distributed, and collected within a container, Hyperlight Wasm allows workloads to be distributed directly from the operating system to the VM. This eliminates the extra overhead of containerization and thus offers additional lightweight benefits associated with sending light workloads with Wasm.

Security is an important aspect of WebAssembly, particularly in this implementation. The code runs in an isolated environment, and a module written in Rust has been embedded in the runtime to address digital vulnerabilities. Microsoft claims they have taken extensive measures to enhance security in this regard.

Building Hyperlight with a WebAssembly runtime enables a programming language to execute in a protected Hyperlight micro-VM “without any prior knowledge of Hyperlight at all,” Microsoft’s Yosh Wuyts, senior developer advocate, and Lucy Menon, software engineer and researcher, wrote in a blog post.

Developers can use Hyperlight Wasm to compile for the wasm32-wasip2 target so they can run their programs locally using runtimes like wasmtime or Jco or run them on a server using for Nginx Unit, Spin WasmCloud — or now Hyperlight Wasm, Wuyts and Menon wrote. “If done right, developers don’t need to think about what runtime their code will run on as they’re developing it,” Wuyts and Menon wrote. “That is a degree of developer flexibility that is only possible through standards.”

As Wuyts and Menon described, when the Hyperlight VMM (Virtual Machine Manager) creates a new VM, it creates a new slice of memory and loads the VM guest, which in turn loads the wasm workload, Wuyts and Menon wrote. “This takes about 1-2 milliseconds today, and work is happening to bring that number to be less than 1 millisecond in the future,” Wuyts and Menon wrote.

In Action

How Hyperlight works with Wasm and Envoy was described and demoed during the Rejekts talk here in London this week. It took place during the talk “Wasm, Envoy, and Hyperlight Walk Into a Pod: No Vulnerabilities Allowed,” which Microsoft engineers Mikhail Krinkin and Danilo (Dan) Chiarlone gave.

The talk covered cloud security, particularly isolation methods for running applications. Chiarlone discussed three isolation levels: absence, weak (using kernel features) and strong (using hypervisors like KVM or Microsoft Hyper-V). They described and showed how Hyperlight libraries can be used to leverage limited hypervisor technologies to create micro-virtualization environments. As they described, Hyperlight supports running untrusted code safely, including WebAssembly.

Chiarlone showed how Hyperlight Wasm runs a VM, enters the VM, executes the guest code — which follows function calls — and then having the VM exit and resume execution. The process Chiarlone showed involved the nested sandboxing of the Hyperlight sandbox inside the hypervisor (two layers of isolation), executing the code and outputting the result.

Krinkin demonstrated integrating Hyperlight with Envoy, a service mesh, to sandbox custom plugins. The example involved creating a sandbox for a WebAssembly module that handles TCP connections, emphasizing the importance of configuring constraints to prevent untrusted code from escaping the sandbox.

You will leave ready to utilize Hyperlight to build robust and scalable production solutions with a solid defense-in-depth strategy.

Performance Benchmarks

Benchmarks were provided. As Chiarlone and Krinkin showed, the latency specifications of cold start times of code in a VM is measured in milliseconds. The extremely fast execution speeds are also palpable when applications compiled to WebAssembly code is run in the browser as well as in serverless or edge environments — in the browser as well, the user access the http: address and the application runs almost instantly since there are no downloads involved or other preliminaries that might otherwise slow down performance.

Since WebAssembly is not specific to a particular architecture — such as x86 or ARM —  it instead abstracts over those architectures, functioning as a hardware abstraction layer, Chiarlone said. As explained above, WebAssembly is executed within a sandboxed environment, in which applications must explicitly opt into specific capabilities.

In the demo, Chiarlone said there were capabilities compiled to Wasm with Hyperlight. “These are explicitly granted to an application, allowing it to use them,” Chiarlone said. “However, capability three cannot be used unless explicitly permitted.”

TRENDING STORIES
Group Created with Sketch.
BC Gain is founder and principal analyst for ReveCom Media. His obsession with computers began when he hacked a Space Invaders console to play all day for 25 cents at the local video arcade in the early 1980s. He then...
Read more from B. Cameron Gain
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Unit.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.