This article introduces 12 tips to optimize your Docker image
security. For each tip, it explains the underlying attack vector,
and one or more mitigation approaches. Tips include avoiding leaking
of build secrets, running as non-root user, or how to make sure to
use the most recent dependencies and updates.
The beauty is that once you understand the limitations of responsive
grids, and why and when column spans break grid responsiveness, it
is possible to define a responsive magazine/news style layout in
just a dozen lines of code plus one simple media query (or even
with no media queries if you are willing to limit your span
Markdown is a signifier for the developer and text-tinkerer
culture. But since its introduction, the world of digital content
has also changed. While Markdown is still fine for some things, I
don’t believe it’s should be the go-to for content anymore.
Joe Armstrong, one of the creators of Erlang, once described Erlang
as the quest for programs that you “write once, run
in comparison, might be the quest for programs that run wherever,
whenever. Nix often scares newcomers and experienced devs alike,
because it proposes a fairly radical overhaul to how we think about
package management and how we run software in general. In this post,
I’m going to illustrate which problems Nix solves and argue that
this change in perspective has profound implications for software
Virtual Environments are isolated Python environments that have
their own site-packages. Basically, it means that each virtual
environment has its own set of dependencies to third-party packages
usually installed from PyPI.
Virtual environments are helpful if you develop multiple Python
projects on the same machine. Also, when you distribute your Python
code to others or on servers, virtual environments come in very
handy to reproducibly create the same environment as on your
Today, we’ll learn
which tools exist to create isolated environments
which tools help with package management in Python projects
Go 1.18 is coming out soon, hopefully in a few weeks. It's a huge
release with a lot to look forward to, but native fuzzing has a
special place in my heart. (I'm super-biased of course: before I
left Google, I
worked with Katie Hockman and Roland Shoemaker to build the fuzzing
system). Generics are cool too, I guess, but having fuzzing
integrated into the testing package and go test will make fuzz
testing more accessible to everyone which makes it easier to write
secure, correct code in Go.
Not much has been written yet on how Go's fuzzing system actually
works, so I'll talk a bit about that here. If you'd like to try it
out, Getting started with
fuzzing is a great tutorial.
Throughout this article we will study the FreeBSD boot
process. FreeBSD’s boot process is very robust and well thought out,
but it differs slightly depending on your system architecture,
filesystem (UFS2 or ZFS), partitioning scheme (GPT or MBR), and
whether the system boots under UEFI or legacy BIOS (also known as
A company selling password-cracking tools says that a
newly-discovered T2 Mac
allows it to crack passwords on these machines, bypassing the
The method used is far slower than conventional password-cracking
tools, but although the total time needed could run into thousands
of years, that could fall to as little as 10 hours when the
Mac owner has used a more typical
The File System Access API is a web API that allows read and write
access to a user’s local files. It unlocks new capabilities to build
powerful web applications, such as text editors or IDEs, image
editing tools, improved import/export, all in the frontend.
Many years ago I switched from Windows to macOS. During this
transition I really struggled with the lack of some basic “power
user” features in macOS. Here are’s a list of some of my favorite
tools and tweaks I use to make my macOS usable.
One of the most interesting (and possibly unknown) features of the
nftables framework is the native python interface, which allows
python programs to access all nft features programmatically, from
the source code.
Let’s say you want to set up a blog, there are plenty of good
after all. But, you hate websites that are slow, full of spyware,
and unusable on spotty
connections. This leaves you with a
bit of a problem, the big names aren’t going to cut it.
This is what I ran into while setting up this blog. I didn’t find
any other resources going over what was currently available, so I
thought I’d run through my experience in the hopes that it will be
easier for the next person.
Without doubt, Go 1.18 is shaping up to be one of the most exciting
releases since Go 1. You’ve probably heard about major features such
as generics and fuzzing, but this post is not about that. Instead
we’ll talk about profiling and highlight a few noteworthy
improvements to look forward to.
Before any new feature, change or improvement makes it into Python,
there needs to be a Python Enhancement Proposal, also knows as
PEP, outlining the proposed change. These PEPs are a great way of
getting the freshest info about what might be included in the
upcoming Python releases. So, in this article we will go over all
the proposals that are going to bring some exciting new Python
features in a near future!