Posts I found interesting around the web:
Linux manual page to cgroups feature in the kernel, which restricts Linux processes CPU, max process numbers, memory usage, network setup and etc..
Linux manual page to namespaces feature in the kernel. Namespaces can be specified by the
clone syscall, and isolates the child process’ cgroup, IPC, network, mount, domain names, and etc..
When all the ingredients come together, it’s the foundation where Docker is built upon. This very interesting talk from GOTO2018 demonstrates how you can use the following technologies already built-in the Linux kernel to create your own very small proof-of-concept docker:
It also includes very interesting details including (but not limited to):
- You’ll need to mount the
/procvirtual file systems for your ‘containerized’ child process.
- You’ll need to provide ‘UnshareFlag’
clonesystem call, to ‘unshare’ the mount point from the child process from the parent process, so that parent doesn’t see child’s mount points (which could be many and messy).
An optimization problem is being used in AI, and therefore all AI applications, including self-driving, etc. Math is magical.
As it actually encourages collaborations, discussions, and exposure to opposing views.
Learning technical writing from the author of your favorite C programming book, ‘The C Programming Language’.