Tearing into ChatGPT's container environment
If you like this blog post, do subscribe to my RSS feed
Tearing into ChatGPT's container environment
First published: 8/6/26
I'd say the Cloud is now the data center, where, boom, you have these<br>at scale. You have such massive resources available. They're readily<br>available, easy to use. I've always viewed that computing follows the<br>Gas Law. It fills the available space. It always keeps expanding and<br>it's really more a statement where ..... how much computing do you<br>want to do? Well, as much as I can afford. How many more simulations<br>do you do, before you send a chip to the fab? Well, as many as I can<br>get done before I think I've exhausted it, but there are always more<br>tests you can run. How many more analysis of your radiology results do<br>you want, running through the AI algorithms to determine if it's<br>carcinomic or not? Well, as many as you can afford, right? Please give<br>me the best results you can, and the list goes on and on and on.
So to me, computing has always wanted to fill the available space<br>where the available space is often more limited by economics than<br>anything else. And if I make the unit cost of computing lower, and the<br>ability to reach the data ..... Every time there is a dramatic<br>decrease in that, you open up new opportunities for computing. If we<br>use the AI example, hidden Markov models, convoluted neural nets, et<br>cetera, those ideas were around, all of a sudden that got economical,<br>and Cloud made it economical and all of the sudden Cloud made datasets<br>large enough that I could use learning algorithms that before were<br>infeasible, now became feasible as well. So that combination of<br>compute capacity and datasets, allowed AI to start demonstrating<br>meaningful breakthroughs and now it's sort of like, “Wow, how much<br>computing do you need for AI?” Well, the learning algorithms, it's<br>almost unlimited, right? Really, if you give me another thousand GPUs<br>in my GPU farm, I'll use them all. Many of the hardest problems in<br>computing have always demonstrated this characteristic, whether it's<br>weather prediction, whether it's predictive modeling, whether it's<br>computational fluid dynamics, these are n-complexity algorithms that,<br>boy, you can just keep throwing computing at them.
- Pat Gelsinger in his<br>2019 Oral History with CHM.
A few months back, while randomly browsing old Hacker News submissions,<br>I came across a rather interesting submission from Simon Willison
on ChatGPT Containers. What immediately caught my attention was not the post itself but one<br>of the<br>comment threads on HN:
xnx: How much compute do you get in these containers? Could I have it<br>run whisper on an mp3 it downloads?
simonw: That might work! You would have to figure out how to get Whisper<br>working in there but I'm sure that's possible with a bit of creativity<br>concerning uploading files and maybe running a build with the available<br>C compiler. It appears to have 4GB of RAM and 56 (!?) CPU cores<br>https://chatgpt.com/share/6977e1f8-0f94-8006-9973-e9fab6d24418
56 LPs?? 4GB of RAM??! One of the users in the thread, named<br>tintor, who appears to be ex-OpenAI (O1 reasoning model and code<br>interpreter), briefly mentioned that<br>the cores are shared with other containers. However, even with oversubscription, the number seemed baffling. So,<br>I decided to further investigate this. In this blog post, we will dive<br>into what their container environment looks like.
Before we begin, note that all of my chat prompts and their subsequent<br>containerized executions were performed on ChatGPT's paid plan - ChatGPT<br>Plus. They were running GPT 5.5 Extended Thinking.
Let us start by focusing on ChatGPT's container environment. If we ask<br>it to run<br>dmesg<br>and report the output of the command, here is what we get:
[ 0.000000] Starting gVisor...<br>[ 0.541400] Checking naughty and nice process list...<br>[ 0.648754] Mounting deweydecimalfs...<br>[ 0.661315] Daemonizing children...<br>[ 1.145987] Searching for needles in stacks...<br>[ 1.455202] Verifying that no non-zero bytes made their way into /dev/zero...<br>[ 1.791613] Creating cloned children...<br>[ 2.209217] Rewriting operating system in Javascript...<br>[ 2.593286] Checking naughty and nice process list...<br>[ 2.602568] Letting the watchdogs out...<br>[ 2.972217] Creating bureaucratic processes...<br>[ 3.195269] Setting up VFS...<br>[ 3.254751] Setting up FUSE...<br>[ 3.723550] Ready!
This is strong evidence that ChatGPT uses gVisor as a sandboxing<br>environment for code execution. To better understand gVisor, I encourage<br>checking out<br>Emma Haruka Iwao's 2019 talk<br>and Ye Lin's<br>recent blog post.<br>Andrea and Remzi Arpaci-Dusseau (of OSTEP fame) have also
co-authored a paper on it. Here is what the<br>gVisor team has to say about their product:
gVisor is a container security solution. ….. An open source project<br>written in Go, gVisor was released in May 2018 by Google under the<br>Apache 2.0 license. It runs on Linux and integrates with all popular<br>container management software, such as Docker, Podman,...