Tag: docker

VM-backed Linux dev environments on macOS/Linux — Lima vs Multipass compared on speed, container support, and resource use.

Docker Compose Watch syncs your code into running containers without rebuilds. Here's how to set it up and why your dev loop is about to get a lot less painful.

PID 1 zombie reaping in containers — tini, dumb-init, and docker --init compared; when each one fixes your signal handling and stops your 10s shutdown tax.

Containers are not VMs. Here are the real escape vectors — privileged mode, mounted sockets, kernel CVEs — and the runtime hardening that actually helps.

Build container images without writing a single Dockerfile — ko for Go, Jib for Java, Paketo Buildpacks for everything else. Real benchmarks, real tradeoffs.

Cosign keyless signing uses GitHub OIDC + Fulcio + Rekor to sign container images without managing private keys. Here's how it actually works and why you want it.

Orchestrating multi-image Docker builds: docker buildx bake vs compose build, matrix targets, multi-arch, caching, and when each one actually wins.

nerdctl is the containerd-native docker CLI replacement — when it's a drop-in, when it's not, and why you'd bother switching at all.

Containers aren't security boundaries — Sysbox, gVisor, and Kata fix that. Here's which isolation runtime fits your actual threat model.

Trivy, Grype, and Docker Scout go head-to-head on speed, CVE coverage, CI integration, and cost. Pick the right scanner for your home lab or pipeline.

Authelia is a bouncer. Authentik is the whole security desk. Pick the right self-hosted SSO for your home lab — with working configs, gotchas, and a migration path.

Disqus is a tracker farm wearing a comment box costume. Here's every real alternative — self-hosted and SaaS — and which one actually fits your blog.