Docker

Researchers identified 287 Chrome extensions spying on approximately 37.4 million users. Using an automated Docker-based scanning pipeline, they found extensions from actors like Similarweb and Big Star Labs exfiltrating browsing history via obfuscated and encrypted requests. This widespread data harvesting poses significant risks for corporate espionage and credential harvesting.

NanoClaw advocates for a zero-trust architecture when developing AI agents. Instead of relying on application-level checks or allowlists, it uses container isolation via Docker or Apple Containers to sandbox agents. This approach limits the blast radius of prompt injections or malicious behavior by ensuring ephemeral, unprivileged environments and a small, auditable codebase.

BuildKit is a versatile, pluggable build framework beyond its role as Docker's engine. Utilizing Low-Level Build (LLB) as an intermediate representation, it supports custom frontends and diversas outputs like APKs or tarballs. Its content-addressable architecture enables efficient caching and parallel execution, making it a powerful backend for modern CI/CD tools like Dagger and Earthly.

This guide details setting up a federated XMPP server using Prosody and Docker. It covers DNS configuration, SSL/TLS certificates via Let's Encrypt, and essential modules for mobile sync, push notifications, and OMEMO end-to-end encryption. Additionally, it addresses implementing file sharing and STUN/TURN services for voice and video calls.

This guide explains how to run NanoClaw, a Claude-powered WhatsApp AI assistant, within Docker Sandboxes using the new shell sandbox type. This approach ensures security through filesystem isolation and credential management via Docker's proxy, allowing users to deploy isolated environments for AI agents with Node.js and Python support.

Artifact Keeper is a high-performance, open-source enterprise artifact registry designed as a direct replacement for solutions like JFrog Artifactory and Sonatype Nexus. Unlike many competitors, it adopts a no-open-core model, providing all features—including SSO, security scanning with Trivy and Grype, and edge replication—in its MIT-licensed release. The platform supports over 45 package formats natively, including Docker, npm, and cargo. Its technical stack is robust, featuring a Rust-based backend using Axum and PostgreSQL, a Next.js 15 frontend, and native mobile applications for iOS and Android. Its extensibility is enhanced by a WebAssembly plugin system, allowing developers to implement custom format handlers. Moreover, it includes built-in migration tools for transitioning from legacy systems and utilizes Meilisearch for comprehensive full-text search capabilities across registries.

The author recounts solving a disk space issue caused by Docker's lack of default log rotation. Large log files consumed 25 GB of server space because container logs persist indefinitely. The solution involves configuring the json-file log-driver in daemon.json with max-size and max-file parameters, then recreating containers to apply the new settings.

The article presents a compelling argument against using Bash as a build system for large-scale CI (Continuous Integration). While acknowledging Bash's universality and simplicity for small projects, the author explains that it fails at organizational maturity where CI involves hundreds of daily pushes. Large-scale pipelines require complex orchestration for tasks like parallelizing test suites across agents, managing resource isolation, and handling direct acyclic graphs (DAGs) of dependencies. The piece highlights technical pitfalls of Bash, such as the lack of error handling, 'spectral contamination' where shared resources like ports or caches lead to non-reproducible failures, and the risk of the Linux OOM killer terminating unrelated processes. Relying on academic research like 'Build Systems à la Carte,' the author argues that true build systems require formal schedulers and rebuilders that Bash cannot express. Ultimately, the text advocates for dedicated orchestrators like Buildkite or Dagger to manage CI as a distributed system rather than a collection of fragile shell scripts.