Posts tagged: tech

← All posts
Zed's dead baby, Zed's dead

Zed's dead baby, Zed's dead

Apr 23, 2026

I started using Zed editor about a year ago and it was a delight. Fast, svelte, no nonsense text editor with just enough support for LSPs and debugging that it can be usable as a programmers tool.

more...
Here we go: age verification in Linux

Here we go: age verification in Linux

Mar 27, 2026

Brazil, California, Colorado, UK, who's next? A bunch of politicians are passing legislation around the world, requiring operating systems to verify the age of users. Of course, it's all for the betterment of the kids.

more...
The one with the final touches

The one with the final touches

Jan 17, 2026

I'll almost finish the container runtime today. These are things that are not strictly necessary, but they move my toy container runtime closer to the real one just a little bit. One more namespace to add. Make container a zombie killer. Drop capabilities for extra security.

more...
The one where resources are limited

The one where resources are limited

Jan 16, 2026

One of the features of the modern containers is the ability to limit the resources that a container can use. I'll add the simplest and the most limited variant of this to my container runtime - setting CPU and memory limits with cgroups.

more...
The one with network shenanigans

The one with network shenanigans

Jan 11, 2026

Just a bit of work is left for my "container runtime" to feel (and work!) almost like a real container runtime. Today I’ll tackle one of the bigger pieces: setting up networking between the container and the host.

more...
I've put a filesystem into your filesystem

I've put a filesystem into your filesystem

Jan 4, 2026

Simple minimal root filesystems work well as a base for my humble container runtime, but it would be nice to have some flexibility while still keeping the root image intact. This is where overlayfs comes to the rescue.

more...
The one with the mounting

The one with the mounting

Dec 29, 2025

It’s time to get back to the problem I ran into earlier: the ps command inside the container was showing host processes. That clearly means something was missing. Time to employ the next kind of namespace — the mount namespace.

more...
The one where the root is avoided

The one where the root is avoided

Dec 28, 2025

We need more cowbells isolation! At the moment my container runtime creates a new PID namespace, but somehow it still manages not to fully isolate the child process from the host.

And I definitely don’t want the child process to be root on the host machine. Time to fix that.

more...
The one where the Rust project is created

The one where the Rust project is created

Dec 25, 2025

Time to finally start writing some code. I’ll begin this post by creating a project and end it with a program running inside a new PID namespace.

more...
The one with all the namespaces

The one with all the namespaces

Dec 15, 2025

So… how do you build a thing when you don’t really understand how that thing works? Where do you even begin?

Well, a journey of a thousand miles begins with a single step. I just need to take that step. Fortunately, I have a rough idea of how.

more...
I've decided to write my own Docker

I've decided to write my own Docker

Dec 12, 2025

That’s what the title says. Now, if you’re a sane person, you’re probably wondering how I ended up in this situation.

Allow me to explain…

more...

×