Long-haired stars
Apr 30, 2026
I decided to switch gears from ranting about AI and make another post about astrophotography. Today's word of the day is "comet".
more...I don’t write often, and when I do, it’s about things I find interesting or that genuinely bother me. So this blog mostly ends up with two kinds of posts: technical musings and rants. If you want to skip what doesn’t interest you, use the tags.
Zed's dead baby, Zed's dead
Apr 23, 2026
I started using Zed editor about a year ago and it was a delight. Fast, svelte, no nonsense text editor with just enough support for LSPs and debugging that it can be usable as a programmers tool.
more...
Images of Orion
Apr 8, 2026
And now to something completely different. After almost four months of clouds, I got clear skies. It is time to pull the telescope from the closet.
more...
Here we go: age verification in Linux
Mar 27, 2026
Brazil, California, Colorado, UK, who's next? A bunch of politicians are passing legislation around the world, requiring operating systems to verify the age of users. Of course, it's all for the betterment of the kids.
more...
Danning-Kruger as a service
Jan 24, 2026
“Linus Torvalds embraces vibe coding!” “Even Linus Torvalds is trying his hand at vibe coding.” “Linus Torvalds Says AI Codes Better Than Him.” Does that mean that we, as software engineers, are really outdated?
more...
The one with the final touches
Jan 17, 2026
I'll almost finish the container runtime today. These are things that are not strictly necessary, but they move my toy container runtime closer to the real one just a little bit. One more namespace to add. Make container a zombie killer. Drop capabilities for extra security.
more...
The one where resources are limited
Jan 16, 2026
One of the features of the modern containers is the ability to limit the resources that a container can use. I'll add the simplest and the most limited variant of this to my container runtime - setting CPU and memory limits with cgroups.
more...
The one with network shenanigans
Jan 11, 2026
Just a bit of work is left for my "container runtime" to feel (and work!) almost like a real container runtime. Today I’ll tackle one of the bigger pieces: setting up networking between the container and the host.
more...
I've put a filesystem into your filesystem
Jan 4, 2026
Simple minimal root filesystems work well as a base for my humble container runtime, but it would be nice to have some flexibility while still keeping the root image intact. This is where overlayfs comes to the rescue.
more...
The one with the mounting
Dec 29, 2025
It’s time to get back to the problem I ran into earlier: the ps command inside the container was showing host processes. That clearly means something was missing. Time to employ the next kind of namespace — the mount namespace.
The one where the root is avoided
Dec 28, 2025
We need more cowbells isolation! At the moment my container runtime creates a new PID namespace, but somehow it still manages not to fully isolate the child process from the host.
And I definitely don’t want the child process to be root on the host machine. Time to fix that.