Life Pattern

Author: zimage

  • uv + udocker magick

    7 seconds insanity 🙂

    ❯ time uv tool run --no-cache udocker run busybox ls /
Installed 1 package in 4ms
Info: downloading layer sha256:af3f0f48a24edb84e94aff6f44f5d089203453719d3b2328486d311e61db9b09
Info: downloading layer sha256:61dfb50712f5ff92c880813210257a42169ff0937896ae95dab763582cc380e2
 
 ******************************************************
*                                                    *
*   STARTING 1751a382-7c36-3fea-b8ca-cff9fb114a13    *
*                                                    *
******************************************************
 executing: ls
bin    dev    etc    home   lib    lib64  proc   root   sys    tmp    usr    var

real	0m7.824s
user	0m0.858s
sys	0m0.381s

  • The Unnatural Selection

    We often describe capitalism with the cliché of a big fish eating smaller fish. One predator, one victim.

    But that’s not really how many modern markets work.

    In biology, success creates resistance. If a predator grows too large, it starves. If it wipes out too much prey, the system collapses and resets. Physics enforces a hard speed limit on size.

    In parts of today’s economy, success does the opposite.

    Corporations don’t have bodies. They don’t suffer the same metabolic drag. As they grow, size often makes them stronger: capital attracts more capital, scale lowers costs, and distribution reinforces itself. At a certain point, these organizations stop behaving like organisms and start behaving more like massive objects in space.

    Gravity is a better metaphor than predation.



    What looks like competition from the outside often isn’t. Multiple brands may appear independent, but many quietly orbit the same center—shared ownership, infrastructure, or incentives. To customers, it feels like choice. Structurally, it’s consolidation. Less ecosystem, more accretion disk.

    This doesn’t require villains or conspiracies. It’s what happens when positive feedback loops operate without strong counterforces.

    You see the pattern everywhere: How many CPU brands today? Disk drives? Operating systems? Airlines, brewers, payment networks, web-hosting groups?

    Not every collection of brands is an ecosystem. Some are closer to gravity wells.

  • The Container Runtime Family Tree

    From cli to kernel:

    graph TB
    subgraph "User/Orchestration Layer"
        Docker[Docker CLI]
        K8s[Kubernetes/Nomad]
        Podman[Podman CLI]
    end

    subgraph "Container Runtime Interface - CRI"
        CRI[Container Runtime Interface<br/>Kubernetes API Standard]
    end

    subgraph "High-Level Container Manager Layer"
        containerd[containerd<br/>Used by Docker/Kubernetes]
        CRIO[CRI-O<br/>Used by OpenShift/Red Hat]
        PodmanDirect[Podman + conmon<br/>Daemonless Engine<br/>Direct OCI Invocation]
    end

    subgraph "OCI Runtime Specification"
        OCI[Open Container Initiative<br/>Standard Runtime Interface]
    end

    subgraph "Standard OCI Runtimes<br/>Namespace Isolation"
        runc[runc<br/>Reference Implementation<br/>⚡⚡⚡ Fastest - 🛡️ Basic]
        crun[crun<br/>C-based, Lightweight<br/>⚡⚡⚡ Fastest - 🛡️ Basic]
        runhcs[runhcs<br/>Windows Containers<br/>⚡⚡⚡ Fast - 🛡️ Basic]
    end

    subgraph "Sandboxed OCI Runtimes<br/>User-Space Kernel"
        gVisor[gVisor runsc<br/>User-space Kernel<br/>⚡⚡ Moderate - 🛡️🛡️ Strong]
        nabla[nabla-containers<br/>Unikernel<br/>⚡⚡ Moderate - 🛡️🛡️ Strong]
    end

    subgraph "VM-Based OCI Runtimes<br/>Hardware Virtualization"
        Kata[Kata Containers<br/>OCI-compliant runtime<br/>⚡⚡ Good - 🛡️🛡️🛡️ Highest]
    end

    subgraph "Kata Hypervisor Backends<br/>Pluggable VMM Layer"
        KataQEMU[QEMU<br/>Full-featured hypervisor<br/>All device support<br/>⚡⚡ Good - 🔹 50-100MB]
        KataCH[Cloud Hypervisor ⭐<br/>Modern Rust-based VMM<br/>Balanced performance<br/>⚡⚡⚡ Fast - 🔹 20-40MB]
        KataFC[Firecracker<br/>Minimal serverless VMM<br/>Limited features<br/>⚡⚡⚡ Fastest - 🔹 5-15MB]
    end

    subgraph "Alternative: Direct Firecracker<br/>⚠️ Not OCI Runtime"
        FCContainerd[firecracker-containerd<br/>containerd shim<br/>AWS Lambda backend<br/>❌ No Podman support]
    end

    subgraph "Host Kernel / Hypervisor Layer"
        HostStd[Linux Kernel<br/>Standard containers]
        HostVM[Linux Kernel + KVM<br/>VM-based containers]
    end

    %% Docker path
    Docker -->|uses| containerd
    
    %% Kubernetes paths
    K8s -->|CRI API| CRI
    CRI -->|implements CRI| containerd
    CRI -->|implements CRI| CRIO
    
    %% Podman path (bypasses CRI)
    Podman -->|direct| PodmanDirect
    
    %% High-level to OCI
    containerd -->|OCI Runtime Spec| OCI
    CRIO -->|OCI Runtime Spec| OCI
    PodmanDirect -.direct call.-> OCI

    %% OCI to standard runtimes
    OCI --> runc
    OCI --> crun
    OCI --> runhcs

    %% OCI to sandboxed runtimes
    OCI --> gVisor
    OCI --> nabla

    %% OCI to VM-based runtimes
    OCI --> Kata

    %% Kata to hypervisor backends
    Kata -->|hypervisor=qemu| KataQEMU
    Kata -->|hypervisor=clh ⭐| KataCH
    Kata -->|hypervisor=fc| KataFC

    %% Alternative Firecracker path (not OCI)
    containerd -.special shim.-> FCContainerd

    %% Standard runtimes to host
    runc --> HostStd
    crun --> HostStd
    runhcs --> HostStd
    gVisor --> HostStd
    nabla --> HostStd

    %% VM-based runtimes to host with KVM
    KataQEMU --> HostVM
    KataCH --> HostVM
    KataFC --> HostVM
    FCContainerd --> HostVM

    %% Styling
    classDef userLayer fill:#FFB366,stroke:#333,stroke-width:2px
    classDef criLayer fill:#90EE90,stroke:#333,stroke-width:3px
    classDef managerLayer fill:#FF9999,stroke:#333,stroke-width:2px
    classDef ociLayer fill:#90EE90,stroke:#333,stroke-width:4px,stroke-dasharray: 5 5
    classDef runtimeStd fill:#FFD700,stroke:#333,stroke-width:2px
    classDef runtimeSandbox fill:#87CEEB,stroke:#333,stroke-width:2px
    classDef runtimeVM fill:#DDA0DD,stroke:#333,stroke-width:2px
    classDef vmmLayer fill:#E6B3FF,stroke:#333,stroke-width:2px
    classDef vmmRecommended fill:#90EE90,stroke:#333,stroke-width:3px
    classDef alternative fill:#FFE4B5,stroke:#333,stroke-width:2px,stroke-dasharray: 3 3
    classDef hostLayer fill:#696969,stroke:#333,stroke-width:2px,color:#fff

    class Docker,K8s,Podman userLayer
    class CRI criLayer
    class containerd,CRIO,PodmanDirect managerLayer
    class OCI ociLayer
    class runc,crun,runhcs runtimeStd
    class gVisor,nabla runtimeSandbox
    class Kata runtimeVM
    class KataQEMU,KataFC vmmLayer
    class KataCH vmmRecommended
    class FCContainerd alternative
    class HostStd,HostVM hostLayer