A decade of Docker containers

#668 – March 15, 2026

docker is now integrated into the standard cloud and desktop development workflows with millions of developers using it

A decade of Docker containers
26 minutes by Anil Madhavapeddy

Docker packages apps and their dependencies into portable containers, solving the longstanding problem of running software consistently across different machines. It uses Linux namespaces to isolate processes without the overhead of full virtual machines. On Mac and Windows, Docker embeds a lightweight Linux kernel inside a desktop app, hiding all complexity from the developer. Support for ARM chips, GPUs, and AI workloads continues to expand the tool beyond its original scope.

There Are Monsters Inside This Low-Level Book About Processors
sponsored by Kevin Focke

Processors. You use them every day, but do you know how they work? Learn the principles of processors and discover the monsters causing havoc in your code!

How I became good at leading incidents
6 minutes by Tomasz Tomczyk

Responding well to incidents gets easier when you know your stack deeply, from DNS to deployment steps. Good monitoring tools and the ability to read error logs quickly help you find the cause faster. In the moment, keeping the "war room" focused and calm matters as much as the technical work. Following up with honest postmortems and acting on lessons learned is what stops the same problems from happening again.

Decision trees
15 minutes by Jared Wilber

Decision trees classify data by applying a series of nested yes/no rules based on input features. The tree is built by finding splits that best separate different categories, repeating this process until the data is well sorted. Going too deep risks overfitting, where the model learns noise instead of useful patterns. These models are popular because they are easy to understand and work for both classification and regression tasks.

Containers are not automatically secure
20 minutes by Luca Cavallin

Containers are just Linux processes with some isolation. They share the host kernel, so a weak kernel, too much privilege, or flat networking puts every workload at risk. The core fixes are not complicated: run as non-root, drop capabilities, pin image digests, restrict network paths, handle secrets properly, and use seccomp. Containers are great packaging tools, but they do not fix broken application code, erase trust boundaries, or make the shared kernel any safer on their own.

An ode to bzip
11 minutes by Alisa Sireneva

BWT-based compression (bzip) beats common alternatives like gzip, zstd, and xz on text and code. It works by reordering characters to group similar patterns together rather than finding repeated sequences, which makes it more predictable and easier to implement correctly. For a Lua codebase, bzip2 achieved the best ratio while keeping the decoder small enough to be practical. Unlike LZ77-based tools, bzip has no heuristics to tune, so getting good results requires little effort.

And the most popular article from the last issue was:

newsletters