Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production (4 minute read)
Docker Hardened Images (DHI) were introduced by Docker as secure-by-default container images for modern production environments. These images reduce the attack surface by up to 95% and are continuously updated to ensure near-zero known CVEs, with critical and high-severity CVEs patched within 7 days. DHI supports distros like Alpine and Debian and integrates with platforms like Microsoft, NGINX, and Sonatype.
|
|
How to install and run Minikube with Rootless Podman on ARM-based MacBooks (6 minute read)
Minikube can be installed and run on ARM-based MacBooks using rootless Podman by setting up a Podman machine with Homebrew, configuring it appropriately, and starting it in rootless mode for improved security. Once Podman is running, Minikube can be installed via Homebrew, configured for rootless operation, and started using the Podman driver to provide a local Kubernetes environment, with deployment and port-forwarding managed through kubectl or minikube kubectl.
|
Too Much Go Misdirection (3 minute read)
Go's interface design and standard library conventions often hinder zero-copy optimizations, especially when working with io.Reader and trying to reuse existing []byte buffers. Due to missing implementations like Peek on bytes.Reader and hidden wrappers like bufio.Reader, developers must resort to custom types and undocumented interface patternsβwhat amounts to a βshadow APIββto achieve efficient behavior without relying on unsafe hacks.
|
|
GitDiagram (GitHub Repo)
GitDiagram transforms GitHub repositories into interactive diagrams using Mermaid.js and OpenAI's o4-mini.
|
A2A (GitHub Repo)
Google's Agent2Agent (A2A) protocol was released as an open-source project to establish a common language for gen AI agents across diverse frameworks. A2A aims to enable seamless communication and collaboration between these agents, fostering a more interconnected and innovative AI ecosystem.
|
|
OpenVox InfraTales - macOS Signing and Notarization (5 minute read)
This post describes the process of making the OpenVox macOS agent fully signed and notarized to meet Apple's stricter Gatekeeper requirements in macOS 15, ensuring binaries, dylibs, and bundles are properly secured. The new build system centralizes signing and notarization within Vanagon, with future plans to streamline builds via GitHub Actions and increase accessibility beyond the current VM setup.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
|
Track your referrals here.
|
|
Want to advertise in TLDR? π°
If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? πΌ
Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Kunal Desai & Martin Hauskrecht
|
|
|
|
