Feed

Docker

Track Docker container fundamentals, orchestration, and deployment evolutions. Our digest aggregates container security, multi-stage builds, and BuildKit releases from developer communities.

Articles from the last 30 days

Chrome extensions spying on 37M users' browsing data
01Sunday, February 8, 2026

Chrome extensions spying on 37M users' browsing data

Researchers identified 287 Chrome extensions spying on approximately 37.4 million users. Using an automated Docker-based scanning pipeline, they found extensions from actors like Similarweb and Big Star Labs exfiltrating browsing history via obfuscated and encrypted requests. This widespread data harvesting poses significant risks for corporate espionage and credential harvesting.

Sources:Hacker News416 pts
Don't trust AI agents
02Saturday, February 28, 2026

Don't trust AI agents

NanoClaw advocates for a zero-trust architecture when developing AI agents. Instead of relying on application-level checks or allowlists, it uses container isolation via Docker or Apple Containers to sandbox agents. This approach limits the blast radius of prompt injections or malicious behavior by ensuring ephemeral, unprivileged environments and a small, auditable codebase.

Sources:Hacker News281 pts
BuildKit: Docker's Hidden Gem That Can Build Almost Anything
03Wednesday, February 25, 2026

BuildKit: Docker's Hidden Gem That Can Build Almost Anything

BuildKit is a versatile, pluggable build framework beyond its role as Docker's engine. Utilizing Low-Level Build (LLB) as an intermediate representation, it supports custom frontends and diversas outputs like APKs or tarballs. Its content-addressable architecture enables efficient caching and parallel execution, making it a powerful backend for modern CI/CD tools like Dagger and Earthly.

Running My Own XMPP Server
04Monday, February 16, 2026

Running My Own XMPP Server

This guide details setting up a federated XMPP server using Prosody and Docker. It covers DNS configuration, SSL/TLS certificates via Let's Encrypt, and essential modules for mobile sync, push notifications, and OMEMO end-to-end encryption. Additionally, it addresses implementing file sharing and STUN/TURN services for voice and video calls.

Sources:Hacker News189 pts
Running NanoClaw in a Docker Shell Sandbox
05Monday, February 16, 2026

Running NanoClaw in a Docker Shell Sandbox

This guide explains how to run NanoClaw, a Claude-powered WhatsApp AI assistant, within Docker Sandboxes using the new shell sandbox type. This approach ensures security through filesystem isolation and credential management via Docker's proxy, allowing users to deploy isolated environments for AI agents with Node.js and Python support.

Sources:Hacker News151 pts
Show HN: Artifact Keeper – Open-Source Artifactory/Nexus Alternative in Rust
06Friday, February 6, 2026

Show HN: Artifact Keeper – Open-Source Artifactory/Nexus Alternative in Rust

Artifact Keeper is a high-performance, open-source enterprise artifact registry designed as a direct replacement for solutions like JFrog Artifactory and Sonatype Nexus. Unlike many competitors, it adopts a no-open-core model, providing all features—including SSO, security scanning with Trivy and Grype, and edge replication—in its MIT-licensed release. The platform supports over 45 package formats natively, including Docker, npm, and cargo. Its technical stack is robust, featuring a Rust-based backend using Axum and PostgreSQL, a Next.js 15 frontend, and native mobile applications for iOS and Android. Its extensibility is enhanced by a WebAssembly plugin system, allowing developers to implement custom format handlers. Moreover, it includes built-in migration tools for transitioning from legacy systems and utilizes Meilisearch for comprehensive full-text search capabilities across registries.

Sources:Hacker News123 pts
TIL: Docker log rotation
07Monday, February 16, 2026

TIL: Docker log rotation

The author recounts solving a disk space issue caused by Docker's lack of default log rotation. Large log files consumed 25 GB of server space because container logs persist indefinitely. The solution involves configuring the json-file log-driver in daemon.json with max-size and max-file parameters, then recreating containers to apply the new settings.

Sources:Lobsters60 pts
No, Really, Bash Is Not Enough: Why Large-Scale CI Needs an Orchestrator
08Friday, February 6, 2026

No, Really, Bash Is Not Enough: Why Large-Scale CI Needs an Orchestrator

The article presents a compelling argument against using Bash as a build system for large-scale CI (Continuous Integration). While acknowledging Bash's universality and simplicity for small projects, the author explains that it fails at organizational maturity where CI involves hundreds of daily pushes. Large-scale pipelines require complex orchestration for tasks like parallelizing test suites across agents, managing resource isolation, and handling direct acyclic graphs (DAGs) of dependencies. The piece highlights technical pitfalls of Bash, such as the lack of error handling, 'spectral contamination' where shared resources like ports or caches lead to non-reproducible failures, and the risk of the Linux OOM killer terminating unrelated processes. Relying on academic research like 'Build Systems à la Carte,' the author argues that true build systems require formal schedulers and rebuilders that Bash cannot express. Ultimately, the text advocates for dedicated orchestrators like Buildkite or Dagger to manage CI as a distributed system rather than a collection of fragile shell scripts.

Sources:Lobsters41 pts