How Docker Run Command Works 🧐
When you "docker run nginx" from the terminal, it may feel like launching a regular foreground process - stdin, stdout, and stderr get streamed back and forth, and you can kill it with Ctrl+C. But what happens internally is much more involved 👇
Reduced Docker image size from 2.1GB to 180MB. Deployments 8x faster.
The original Dockerfile:
- Started with ubuntu:latest
- Installed everything via apt
- Included dev dependencies
- Copied entire project directory
- Left build artifacts
- No layer optimization
The problems:
- Pull time: 6-8 minutes
- Registry storage costs high
- Deployment took forever
- Security scan found 47 vulnerabilities
- Most from unnecessary packages
What we optimized:
1. Base image
- ubuntu:latest (2.1GB) → alpine:latest (5MB)
2. Dependencies
- Removed dev dependencies
- Multi-stage build
- Only production packages
3. Layer caching
- Copied requirements first
- Installed dependencies
- Then copied source code
- Leveraged Docker layer cache
4. .dockerignore
- Excluded .git, tests, docs
- Removed 800MB of files
The new image: 180MB
The impact:
- Pull time: 6min → 45sec
- Build time: 8min → 2min
- Deploy frequency: 2x per day → 15x per day
- Registry costs: $340/month → $60/month
- Security vulnerabilities: 47 → 3
- Kubernetes pod startup: 90sec → 12sec
Every MB in your image costs time and money. Optimize Docker images like you optimize code.
Regular reminder… this hardening series by Jerry Devore is super awesome. There’s no way you won’t learn things by reading these.
Part 1 - Disabling NTLMv1
Part 2 - Removing SMBv1
Part 3 - Enforcing LDAP Signing
Part 4 - Enforcing AES for Kerberos
Part 5 - Enforcing LDAP Channel Binding
Part 6 - Enforcing SMB Signing
Part 7 - Implementing Least Privilege
Link to all articles 👇
https://t.co/JNDMfVqoDP
🍯 If you've never seen or worked with a Honeypot, watch this video.
It covers how to setup almost 20+ honeypots (and visualize the data) to trap attackers.
Video: https://t.co/hckos7JtLY
Our Docker images had 847 vulnerabilities. All from the base image.
We were using ubuntu:latest.
The fix:
- Switched to distroless images
- Reduced image size from 420MB to 28MB
- Vulnerabilities dropped to 3
- Container startup time improved by 60%
Then discovered our CI/CD was pulling images without verification.
Added:
- Image signing with Cosign
- Vulnerability scanning in pipeline
- Admission controller to block unsigned images
Security and performance often align.
Smaller surface area equals fewer problems.
Latency vs. Throughput
Ever wondered why your app feels slow even when the bandwidth looks fine? Latency and throughput explain two very different stories of performance.
Latency measures the delay per packet. It is what users feel when they click a button. It’s responsiveness. It is the time for one request to travel from the server to the end device. This includes server processing time, queuing delays, propagation through the network, transmission delays, and the last-mile connection to the user's device.
Throughput measures volume per second. It is how much data successfully gets delivered in a given timeframe. Not how fast each packet moves, but how many packets flow through the pipe. Throughput is capacity. High throughput means the system handles the load without choking.
Over to you: How do you measure these metrics in a way that actually predicts when things will break?
--
We just launched the all-in-one tech interview prep platform, covering coding, system design, OOD, and machine learning.
Launch sale: 50% off. Check it out: https://t.co/dY1ua3DqDz
#systemdesign #coding #interviewtips
.
ProxLB v1.1.3 just got released!
ProxLB is a VM load-balancer for your Proxmox clusters also supporting affinity & anti-affinity rules.
GitHub: https://t.co/x5NG3dIpzL
Version 1.1.3: https://t.co/D5S9zZQF3k
Understanding the Active Directory Tier Model
In this video, I walk through the fundamentals of the Active Directory Tier Model — what it is, why it matters, and how it helps protect privileged accounts and critical assets in your Windows environment.