This article introduces 12 tips to optimize your Docker image security. For each tip, it explains the underlying attack vector, and one or more mitigation approaches. Tips include avoiding leaking of build secrets, running as non-root user, or how to make sure to use the most recent dependencies and updates.
Source: Docker optimization guide: the 12 best tips to optimize Docker image security.
The beauty is that once you understand the limitations of responsive grids, and why and when column spans break grid responsiveness, it is possible to define a responsive magazine/news style layout in just a dozen lines of code plus one simple media query (or even with no media queries if you are willing to limit your span options).
Source: Responsive Grid Magazine Layout in Just 20 Lines of CSS, an article by Keir Watson.
Markdown is a signifier for the developer and text-tinkerer culture. But since its introduction, the world of digital content has also changed. While Markdown is still fine for some things, I don’t believe it’s should be the go-to for content anymore.
Source: Thoughts On Markdown, an article by Knut Melvær.
In the afternoon I finished The Wisdom of Crowds (The Age of Madness book 3) by Joe Abercrombie. I liked the book: recommended.
After a spoiled, wealthy yacht owner is thrown overboard and loses his memory, a mistreated employee convinces him that he is her working-class husband.
In the evening we watched Overboard. I liked the movie and give it a 7 out of 10.
Joe Armstrong, one of the creators of Erlang, once described Erlang as the quest for programs that you “write once, run forever.” Nix, in comparison, might be the quest for programs that run wherever, whenever. Nix often scares newcomers and experienced devs alike, because it proposes a fairly radical overhaul to how we think about package management and how we run software in general. In this post, I’m going to illustrate which problems Nix solves and argue that this change in perspective has profound implications for software tooling.
Source: Nix: An Idea Whose Time Has Come, an article by Julien Urraca.
Virtual Environments are isolated Python environments that have their own
site-packages. Basically, it means that each virtual environment has its own set of dependencies to third-party packages usually installed from PyPI.Virtual environments are helpful if you develop multiple Python projects on the same machine. Also, when you distribute your Python code to others or on servers, virtual environments come in very handy to reproducibly create the same environment as on your development machine.
Today, we’ll learn
- which tools exist to create isolated environments
- which tools help with package management in Python projects
Source: Python Project Setup – Virtual Environments and Package Management, an article by Bas Steins.
Go 1.18 is coming out soon, hopefully in a few weeks. It's a huge release with a lot to look forward to, but native fuzzing has a special place in my heart. (I'm super-biased of course: before I left Google, I worked with Katie Hockman and Roland Shoemaker to build the fuzzing system). Generics are cool too, I guess, but having fuzzing integrated into the
testingpackage andgo testwill make fuzz testing more accessible to everyone which makes it easier to write secure, correct code in Go.Not much has been written yet on how Go's fuzzing system actually works, so I'll talk a bit about that here. If you'd like to try it out, Getting started with fuzzing is a great tutorial.
Source: Internals of Go's new fuzzing system, an article by Jay Conrod.
Throughout this article we will study the FreeBSD boot process. FreeBSD’s boot process is very robust and well thought out, but it differs slightly depending on your system architecture, filesystem (UFS2 or ZFS), partitioning scheme (GPT or MBR), and whether the system boots under UEFI or legacy BIOS (also known as CSM).
Source: The FreeBSD Boot Process.
I was trying to use a V4L2 Ruby module on my OpenBSD laptop but ran into a problem where sending the V4L2
ioctls from this module would fail, while other V4L2 programs on OpenBSD worked fine.Since I got a few questions recently about kernel development and debugging, I thought I’d write up how I finally tracked it down and fixed it. (Spoiler: it was not an OpenBSD problem.)
Source: Debugging an ioctl Problem on OpenBSD, an article by Joshua Stein.
A company selling password-cracking tools says that a newly-discovered T2 Mac security vulnerability allows it to crack passwords on these machines, bypassing the lockouts.
The method used is far slower than conventional password-cracking tools, but although the total time needed could run into thousands of years, that could fall to as little as 10 hours when the Mac owner has used a more typical password…
Source: T2 Mac security vulnerability: Passwords can now be cracked, an article by Ben Lovejoy.
With a new Network Install feature, a Raspberry Pi can now set itself up—without any flash drive or other computer—directly over the Internet.
Source: Testing Raspberry Pi's new Network Install feature, an article by Jeff Geerling.
There are many different things that separate great code from a code that “does the job”, from the style guidelines to the maintainability and scalability of the code.
In this post, we will work through a task and iteratively improve the code while asking ourselves some key questions that everyone should ask themselves while writing code.
Source: Towards Cleaner Code — A Practical Example, an article by Eliran Turgeman.
The main problem cascade layers solve is providing a guaranteed way to write CSS without worrying about specificity and source order.
Source: Hello, CSS Cascade Layers, an article by Ahmad Shadeed.
The File System Access API is a web API that allows read and write access to a user’s local files. It unlocks new capabilities to build powerful web applications, such as text editors or IDEs, image editing tools, improved import/export, all in the frontend.
Source: Getting Started With the File System Access API, an article by Charlie Gerard.
Many years ago I switched from Windows to macOS. During this transition I really struggled with the lack of some basic “power user” features in macOS. Here are’s a list of some of my favorite tools and tweaks I use to make my macOS usable.
Source: How I use (and abuse) macOS, an article by Philip Bergqvist.
One of the most interesting (and possibly unknown) features of the nftables framework is the native python interface, which allows python programs to access all nft features programmatically, from the source code.
Source: How to use nftables from python, an article by Arturo Borrero.
Let’s say you want to set up a blog, there are plenty of good reasons after all. But, you hate websites that are slow, full of spyware, and unusable on spotty connections. This leaves you with a bit of a problem, the big names aren’t going to cut it.
This is what I ran into while setting up this blog. I didn’t find any other resources going over what was currently available, so I thought I’d run through my experience in the hopes that it will be easier for the next person.
Source: A walk through lightweight blogging.
Without doubt, Go 1.18 is shaping up to be one of the most exciting releases since Go 1. You’ve probably heard about major features such as generics and fuzzing, but this post is not about that. Instead we’ll talk about profiling and highlight a few noteworthy improvements to look forward to.
Source: Profiling Improvements in Go 1.18, an article by Felix Geisendörfer.
Before any new feature, change or improvement makes it into Python, there needs to be a Python Enhancement Proposal, also knows as PEP, outlining the proposed change. These PEPs are a great way of getting the freshest info about what might be included in the upcoming Python releases. So, in this article we will go over all the proposals that are going to bring some exciting new Python features in a near future!
Source: Upcoming Python Features Brought to You by Python Enhancement Proposals, an article by Martin Heinz.