Skip to main content
NewYour Container Is Not a Security Boundary: GhostLock (CVE-2026-43499)

Learn DevOps by doing,
not just reading.

666+ simulators, quizzes, and hands-on exercises for engineers who prefer a terminal over a slide deck.

Join 5,000+ DevOps engineers learning every week

kubectl --watch
$
devops-daily --stats

// featured

Interactive Simulators

Browse all simulators

// categories

Popular Categories

Explore our content by topic

// exercises

Hands-On Exercises

Practice real-world DevOps scenarios with step-by-step guidance

View all exercises

// quizzes

Test Your Knowledge

Short interactive quizzes across Docker, Kubernetes, Terraform, networking, and more

// posts

Latest Posts

Stay up to date with the latest DevOps content

Security

Your Container Is Not a Security Boundary: GhostLock (CVE-2026-43499)

A 15-year-old Linux kernel bug just got a public exploit that breaks out of containers and hands any local user root on the host. GhostLock is a reminder that the container is not your security boundary, the shared kernel is. Here is what actually shrinks the blast radius.

|10 min read
Docker

How Docker Really Works, From docker run to the Kernel

You type docker run and a container appears. Between those two moments the CLI, dockerd, containerd, and runc hand work down a chain until the Linux kernel puts your process in its own namespaces and cgroups. Here is the whole path, with the real commands to watch it happen.

|11 min read
DevOps

Migrating From S3 to Branch-Aware Storage

Neon object storage is S3-compatible, so moving to it is mostly a config change, not a rewrite. Your upload code, your presigned URLs, and your download paths all stay the same. Here is exactly what carries over, the small diff that changes, and a copy script to move the objects, with the honest list of what does not come along.

|9 min read
DevOps

Stop Standing Up an S3 Bucket Per Preview Environment

Giving every preview environment isolated file storage usually means provisioning a real bucket per environment: policies, IAM, lifecycle rules, credentials, and a teardown job that leaves orphans anyway. When the bucket rides the database branch, that whole apparatus disappears. Here is the difference, tested.

|8 min read
DevOps

Stop Prompting, Start Looping: Agentic Loops Explained

The best engineers stopped hand-writing prompts and started writing loops. Here is what an agentic loop actually is, the plan-build-judge pattern behind it, why the judge has to be a separate agent, and how to try it in an interactive simulator.

|9 min read
Docker

The Docker AuthZ Bypass Is Back: CVE-2026-34040

CVE-2026-34040 lets a crafted API request slip past Docker authorization plugins, and it is an incomplete fix of the 2024 maximum-severity bug. Here is how the bypass works, who is exposed, and how to close it.

|8 min read

// guides

Latest Guides

Step-by-step tutorials to boost your DevOps skills

// tools

DevOps Tools and Calculators

Free, browser-only utilities. CIDR, JWT, base64, UUID, cron, K8s sizing, YAML. No sign-up, no server.

// about

DevOps Daily is a free, independent education platform for engineers who want to learn by running things, not by reading pitch decks. Kubernetes, Docker, Terraform, CI/CD, observability, and security, through hands-on simulators, quizzes, exercises, and a weekly newsletter.

Free
$0
forever
Simulators
30+
interactive
Subscribers
5,000+
engineers
Cadence
Weekly
no spam
devops-daily --subscribe
$ echo "Weekly DevOps digest. No spam. Unsubscribe anytime."
Weekly DevOps digest. No spam. Unsubscribe anytime.
$ subscribe --email
$

5,000+ engineers subscribed