Containers have become increasingly important for Linux developers and administrators. A number of frameworks like LXC, Docker, and Podman are now available to automate the management of containers. However, all these frameworks rely on similar kernel features, particularly control groups, namespaces, and virtual networks. This article demonstrates how to build a functional container from first principles, using only simple command-line tools. It's objective is to make clear all the details that the more sophisticated tools conceal.
The notion of resource limits (on memory, CPU, etc) has never been very well-defined, and the use of container-based deployment makes the situation worse. This article describes why, and what can be done about it.
I see too many C (and C++) programs misbehave at runtime, for reasons that could easily have been detected using checks built into all modern compilers. This article describes some common C programming errors, and shows how they would have been spotted easily if the compiler were configured correctly.