Posts I found interesting around the web:
man7 Linux cgroups
Linux manual page to cgroups feature in the kernel, which restricts Linux processes CPU, max process numbers, memory usage, network setup and etc..
man7 Linux namespaces
Linux manual page to namespaces feature in the kernel. Namespaces can be specified by the clone syscall, and isolates the child process’ cgroup, IPC, network, mount, domain names, and etc..
GOTO 2018 Containers From Scratch
When all the ingredients come together, it’s the foundation where Docker is built upon. This very interesting talk from GOTO2018 demonstrates how you can use the following technologies already built-in the Linux kernel to create your own very small proof-of-concept docker:
chrootnamespacecgroups
It also includes very interesting details including (but not limited to):
- You’ll need to mount the
/procvirtual file systems for your ‘containerized’ child process. - You’ll need to provide ‘UnshareFlag’
CLONE_NEWNSto theclonesystem call, to ‘unshare’ the mount point from the child process from the parent process, so that parent doesn’t see child’s mount points (which could be many and messy).
A Classical Math Problem Gets Pulled Into the Modern World
An optimization problem is being used in AI, and therefore all AI applications, including self-driving, etc. Math is magical.
Wikipedia is fixing one of Internet’s biggest flaws
As it actually encourages collaborations, discussions, and exposure to opposing views.
Golang Patterns - Part 2
Technical Writing: Learning from Kernighan
Learning technical writing from the author of your favorite C programming book, ‘The C Programming Language’.