Henning

Reduced Docker image size from 2.1GB to 180MB. Deployments 8x faster. The original Dockerfile: - Started with ubuntu:latest - Installed everything via apt - Included dev dependencies - Copied entire project directory - Left build artifacts - No layer optimization The problems: - Pull time: 6-8 minutes - Registry storage costs high - Deployment took forever - Security scan found 47 vulnerabilities - Most from unnecessary packages What we optimized: 1. Base image - ubuntu:latest (2.1GB) → alpine:latest (5MB) 2. Dependencies - Removed dev dependencies - Multi-stage build - Only production packages 3. Layer caching - Copied requirements first - Installed dependencies - Then copied source code - Leveraged Docker layer cache 4. .dockerignore - Excluded .git, tests, docs - Removed 800MB of files The new image: 180MB The impact: - Pull time: 6min → 45sec - Build time: 8min → 2min - Deploy frequency: 2x per day → 15x per day - Registry costs: $340/month → $60/month - Security vulnerabilities: 47 → 3 - Kubernetes pod startup: 90sec → 12sec Every MB in your image costs time and money. Optimize Docker images like you optimize code.

Regular reminder… this hardening series by Jerry Devore is super awesome. There’s no way you won’t learn things by reading these. Part 1 - Disabling NTLMv1 Part 2 - Removing SMBv1 Part 3 - Enforcing LDAP Signing Part 4 - Enforcing AES for Kerberos Part 5 - Enforcing LDAP Channel Binding Part 6 - Enforcing SMB Signing Part 7 - Implementing Least Privilege Link to all articles 👇 https://t.co/JNDMfVqoDP

Our Docker images had 847 vulnerabilities. All from the base image. We were using ubuntu:latest. The fix: - Switched to distroless images - Reduced image size from 420MB to 28MB - Vulnerabilities dropped to 3 - Container startup time improved by 60% Then discovered our CI/CD was pulling images without verification. Added: - Image signing with Cosign - Vulnerability scanning in pipeline - Admission controller to block unsigned images Security and performance often align. Smaller surface area equals fewer problems.

Latency vs. Throughput Ever wondered why your app feels slow even when the bandwidth looks fine? Latency and throughput explain two very different stories of performance. Latency measures the delay per packet. It is what users feel when they click a button. It’s responsiveness. It is the time for one request to travel from the server to the end device. This includes server processing time, queuing delays, propagation through the network, transmission delays, and the last-mile connection to the user's device. Throughput measures volume per second. It is how much data successfully gets delivered in a given timeframe. Not how fast each packet moves, but how many packets flow through the pipe. Throughput is capacity. High throughput means the system handles the load without choking. Over to you: How do you measure these metrics in a way that actually predicts when things will break? -- We just launched the all-in-one tech interview prep platform, covering coding, system design, OOD, and machine learning. Launch sale: 50% off. Check it out: https://t.co/dY1ua3DqDz #systemdesign #coding #interviewtips .

Active Directory hardening is free…outside of your time. Overall - PingCastle Passwords - FGPP, LAPS, Lithnet Permissions - ADeleg/ADeleginator Applocker - Applocker Inspector/Applocker gen ADCS - Locksmith Logon scripts - ScriptSentry GPO - GPOZaurr Baselines - CIS/Microsoft Attack surface - ASRGen What am I missing?