Some UNIX coders are looking forward to restricting system calls with CloudABI, so that we can get similar security and portability to Docker, without the loss of efficiency of containers. What do D coders think of CloudABI?

https://nuxi.nl/

Here's an example for building C CloudABI applications with cc from Clang:

https://github.com/mcandre/cartel

I wonder if LDC could be similarly wired up to build CloudABI binaries from D source files?

On Tuesday, 25 December 2018 at 17:36:46 UTC, Andrew Pennebaker wrote:
> Some UNIX coders are looking forward to restricting system calls with CloudABI, so that we can get similar security and portability to Docker, without the loss of efficiency of containers. What do D coders think of CloudABI?
>
> https://nuxi.nl/
>
> Here's an example for building C CloudABI applications with cc from Clang:
>
> https://github.com/mcandre/cartel

I wish someone would teach all these projects that you need to describe what you're actually doing up front. AFAICT just from their other website at https://cloudabi.org, whose front page isn't much better than the one you gave, that would be "A new capability-based C runtime and APIs so that all your cloud applications can be secured and run portably across any OS we support." What's their solution for multi-arch, separate or fat binaries?

Capabilities are nice, but I don't know enough about security tech to say if they're much better than other sandboxing tech. I suspect that security is still a hard sell for most, and it will not go farther than those few niches who care.

> I wonder if LDC could be similarly wired up to build CloudABI binaries from D source files?

Of course, as all it seems to need is libc support, some API wrappers in D, and maybe some ABI tweaks, which is no different than porting D to any other common platform.

On Tuesday, 25 December 2018 at 19:26:29 UTC, Joakim wrote:
> On Tuesday, 25 December 2018 at 17:36:46 UTC, Andrew Pennebaker wrote:
>> [...]
>
> I wish someone would teach all these projects that you need to describe what you're actually doing up front. AFAICT just from their other website at https://cloudabi.org, whose front page isn't much better than the one you gave, that would be "A new capability-based C runtime and APIs so that all your cloud applications can be secured and run portably across any OS we support." What's their solution for multi-arch, separate or fat binaries?
>
> Capabilities are nice, but I don't know enough about security tech to say if they're much better than other sandboxing tech. I suspect that security is still a hard sell for most, and it will not go farther than those few niches who care.
>
>> [...]
>
> Of course, as all it seems to need is libc support, some API wrappers in D, and maybe some ABI tweaks, which is no different than porting D to any other common platform.

It made sense to me. I use docker and yaml for configuration as a web developer so maybe that's why. Normally an app will get its configuration from envirinment variable or from the system...hence it becomes less portable (dependent of the host environment) and "insecure" like they claim.