Ryan

Its worth adding, TikTok in China (it’s called something else, I’m blanking) is entirely controlled on the state and there is absolutely no way that it would be permitted to host any political discussion or advocate mass action not approved by the state. Their “Hey call your congressman” stunt was the most idiotic PR move ever, because they demonstrated that this company is willing and able to leverage the userbase in the US in ways that would never be permitted in “West Taiwan”.

Because Ukraine has a single unified government excepting the occupied Donbas?

Calling it the Israel-Palestine war would be misleading because Israel hasn’t invaded the West Bank which has a separate/unrelated Palestine government.

To analogize oppositely, it would be real weird if China invaded Taiwan and people started calling it the Chinese civil war.

I can’t remember exactly what all the pieces are. However, I believe its a combination of

• cgroups: process isolation which is why you can see docker processes in ps/top/etc but you can’t for vms. I believe this is also what gets you the ability to run cross distro images since the isolation ensures the correct shared objects are loaded
• network namespaces: how they handle generating the isolated network stack per process
• some additional mount magic that I don’t know what its called.

My understanding is that all of the neat properties of docker are actuall part of the kernel, docker (and podman and other container runtimes) are mostly just packing them together to achieve the desired properties of “containers”.

I suspect they meant it runs natively in that it’s an aarch64 binary. It’s still running a VM under the hood because docker is really just a nice frontend to a bunch of Linux kernel features.