October 2016 saw several DDoS (Distributed Denial of Service) attacks of unprecedented magnitude and impact. When I am impacted by such things, I'm always a little irritated. "Well, if I were administering that (network|data center|server)," I tell myself, "this would never have happened." But let's be real. I can't say that. Not with any degree of certainty, anyway, and most certainly not without a LOT of hubris. Even with the best centralized logging and diligent engineering teams, during events like the October 2016 attack, any analysis or determination of causality will likely be post-mortem. Mitigation measures have proven themselves effective to varying degrees, but they all have one thing in common: they're reactive, not proactive.
Build your own Linux... from scratch. I can hear you thinking: "Build my own Linux... ok. But from scratch? Like a cake?!" Rest assured, no baked goods are produced (or harmed) in this course. But it is possible to build a Linux distro a la "The Cake Boss" — using a bit from this can, that box, this jar. Assuming things fit together and work properly, the problem with this process are the limitations inherent in working with pre-packaged components. Don't want wheat in your cake? If there's no pre-packaged gluten-free cake mix, you're out of luck. In much the same fashion, if you want userland binaries or the Kernel built (a) with (or without) certain features, (b) to fit into a pre-determined space, (c) optimized for a specific CPU...well, if you can't find a box on the shelf, so to speak, you're also out of luck, unless...
Alpine Linux is a relative new-comer in terms of Linux distributions, one of several in a recent proliferation of distros tailored for virtualization, containerization and the cloud. As noted on its website, Alpine Linux is “...an independent, non-commercial, general purpose Linux distribution designed for power users who appreciate security, simplicity, and resource efficiency.” Performance and security being more or less universal goals, Alpine’s self-proclaimed focus is hardly earth-shattering. This particularly in light of the growing number of performance- and security-oriented distros available. So what makes Alpine different – sufficiently different enough to warrant Docker switching to Alpine for its base images?