37 posts tagged with "Linux"

You just deployed a server on the internet — here are the 20 things you must do before going to sleep. Every minute an unhardened server is exposed, automated scanners are probing it. Shodan indexes new IPs within hours. This isn't theoretical — this is Tuesday.

By default, the Docker daemon runs as root. Every container you start has root-level access to the host kernel. If an attacker escapes the container — through a kernel vulnerability, a misconfigured volume mount, or a privileged container — they land on the host as root. Game over. Rootless mode eliminates this risk by running both the Docker daemon and containers under a regular, unprivileged user account.

Docker isn't magic — here's how to build a container with just Linux commands. Containers are nothing more than regular Linux processes with three layers of isolation: namespaces (what a process can see), cgroups (what a process can use), and a changed root filesystem (where a process lives). Once you understand these primitives, Kubernetes networking, Docker storage drivers, and container security all start making sense.

Default kernel settings are for laptops — here's how to tune for production. Every Linux server ships with conservative defaults designed for general-purpose use. If you're running a web server handling thousands of concurrent connections, a database, or a Kubernetes node, those defaults are actively hurting you.

Your server handles 1,000 requests per second — here's how to push it to 10,000. Performance tuning isn't about guessing; it's about measuring, identifying bottlenecks, and making targeted changes to CPU scheduling, memory management, and disk I/O.

Containers are ephemeral. When a container is removed, everything inside it — application data, uploaded files, database tables — is gone. Docker offers three storage mechanisms to persist data beyond the container lifecycle, and choosing the wrong one causes problems ranging from poor performance to data loss. Here is when and why to use each.