Read more here:
15.02.2026 13:33
π 0
π 0
π¬ 0
π 0
If you've ever had a production incident caused by an upstream image change, a mutable tag, or a dependency you didn't know existed in your Dockerfile β this is the post I wish I'd had. Docker build policies in 5 minutes, two copy-paste examples, zero excuses left.
Unpopular opinion: your Dockerfile review process is security theater.
Humans miss things. AI assistants suggest things. Tags are mutable. latest is a lie.
The only review that can't be skipped is one that runs before the build starts. Wrote about how to set that up with .rego policies in ~5 min.
Stop writing Dockerfiles like itβs 2015.
You donβt need 47 lines of apt-get install, apt cache clean, and rm -rf just to build a base image.
DHI lets you build Docker base images without a Dockerfile at all. Define what you want, skip the boilerplate, and stop pretending that cleanup is fun.
First day back and I'm already gearing up for the hardest conversation of the year. My CTO's tech stack choice is fundamentally broken, ChatGPT agrees with me, and now I have to somehow convince leadership they're wrong without becoming the person who got fired on day one. This is going to be fun.
Only one day left in 2025!
Overall, it was a fantastic year. The only downside was that two long projects finally came to an end. One of them, which I'd been working on for ten years, was finally finished.
What about yours?
Another issue with Ghostty, particularly on SSH connections, is that it doesnβt recognize the terminal type.
While itβs easy to fix by adding a SetEnv command inside the .ssh/config file, itβs still an annoying problem that doesnβt work out of the box.
Everyone is excited about AI.
Many of us are using AI workflows to optimize our daily tasks.
However, would you trust AI to manage payroll, or an accountant to use AI to automate the transfer of employee salaries?
.NET, about a week ago:
We wanted notifications on changes/deletions of specific entities. Simple. Override SaveChanges and fire based on ChangeTracker.
Implemented. Works.
Yesterday: Something wrong. Zero deletes.
A few breakpoints later: Using a helper which doesnβt use EntityFramework. π
Vibe coding without Vibe bill?
It's possible.
Qwen Code.
Docker Model Runner.
0$
Want more details?
The loneliest founder journey? Solo SaaS builder.
The hardest founder journey? Solo SaaS builder WITH a family.
If you're doing both, you're built different. Let's connect π
Just opened a 3-year-old iOS project.
Hit build.
It compiled. First try. No errors. No warnings.
Meanwhile, Android projects after 6 months:
β’ AGP version incompatible
β’ SDK target outdated
β’ Gradle sync failed
β’ "Google is your only hope" error messages.
Building a SaaS solo while juggling family life (partner + kids)?
Drop a comment below π
You're the real heroes and I want to follow your journey. The hustle hits different when you're debugging at midnight and packing school lunches at 6am.
Hi
Big month is here:
β’ In a few weeks I'm going to speak about #Docker Model Runner at #helmes
β’ In the end of month - going to Turkey to meet other Docker Captains & Employees.
What is your AI assistant persona? Mine, is always making weird jokes at the end. π
This year I'm not buying the latest iPhone 17 Pro Max.
But I'm just one click away from getting DJI Mini 5 π€©
Solvable, by just rotating a key. And let's hope, we don't have an issue somewhere in the codebase/deployment where we do expose these secrets...
It looks like 500+ weird domains are sending fake events into our analytics instance. Looks like real spam, but also, some well-known trusted domains (not ours) too...
First idea, as we use Measurement Protocol API key got leaked somewhere, and someone are just spamming us.
Another day - another story, or should I call it - the more access you get - the more issues you see?
Got a bug raised around GoogleAnalytics & Google Ads conversion tracking. That numbers looked weird. To solve this, I also got access go GA console, and the fun started...
It's the .NET app deployed on Azure. LogAnalytics really simple to setup
Yesterday, I've asked how we can access application logs of live/prod deployments.
I got answer, that I need to contact one person, and he will give me the zip archive with the logs of application on demand. No central logging are in place.
With my DevOPS background - I felt like in stone age.
Docker just open-sourced a new CLI tool for managing AI agents called cagent:
π§ Agents can use external tools and APIs via the MCP protocol
π Built-in "think", "todo" and "memory" tools
π Support for OpenAI, Anthropic, Gemini and Docker Model Runner.
Give it a try: github.com/docker/cagent
Got yet another offer to host someone else app in my google play console.
This is against developer agreement first, so I wonder what they are even trying to scam?
Have you ever had to create a lecture or tutorial for specific tasks, such as getting started with a particular SDK, introducing a framework, or testing?
What tools have you found most helpful for this purpose? How have you ensured that students have all the necessary tools ready?
So this idea - felt way more challenging and interesting for my DevOPS background.Β
And it's one of the tools, there I really need it.
So, I've started building my own uptime monitoring solution, after multiple years of using uptimerobot.Β
I still use Pulsetic now, but I hope to build something better than it myself.
Why? Well, I want to build something myself, and I'm already tired of everyone doing yet another habit/todo app.
I prefer aiming for exit. Although it might get very challenging to leave your "startup" you grew from an idea stage, to successful business.
Have you replublished all your Android apps with 16kb page size requirement already?
Never build an audience on a single social network only.
I did that mistake, and now - I need to start from scratch. (Still hoping I can regain access to that account)