Here there are some notes that I’d like to share with you :-)

How I improved consistency and performance in a Go crawler with retry logics and network tuning

Introduction wfind is a simple web crawler for files and folders in web pages hyerarchies. The goal is basically the same of GNU find for file systems. At the same time it’s inspired by GNU wget, and it merges the find features applied to files and directories exposed as HTML web resources. In this blog we’ll go through the way I improved consistency in this crawler, by implementing retry logics and tuning network and transport in the HTTP client....

September 4, 2023 · 12 min

A journey into the Linux scheduler

Two years ago more or less I started my journey in Linux. I was scared at first and I didn’t know where to start from. But then I decided to buy a book - and what a book! - in order to follow a path. Along the way, I integrated the material with up-to-date documentation from kernel.org and source code. In the meantime, I started to learn C a bit so that I also could have played with what I was learning, step by step....

June 24, 2022 · 21 min

STRIDE threat modeling on Kubernetes pt.6/6: Elevation of privilege

Hello everyone, a long time has passed after the 5th part of this journey through STRIDE thread modeling in Kubernetes has been published. If you recall well, STRIDE is a model of threats for identifying security threats, by providing a mnemonic for security threats in six categories: Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege In this last chapter we’ll talk about elevation of privilege. Well, this category can be very wide, but let’s start thinking about what it can comprises and what we can do against this category of threats....

July 5, 2021 · 9 min

STRIDE threat modeling on Kubernetes pt.5/6: Denial of service

I’m back after a long time with the fifth episode of this mini-series about STRIDE threat modeling in Kubernetes. In the previous one we talked about Information disclosure. This part is about the D that stands for Denial Of Service. DOS is the attempt to making a resource unavailable. For instance, a Kubernetes dashboard is left exposed on the Internet, allowing anyone to deploy containers on your company’s infrastructure to mine cryptocurrency and starve your legitimate applications of CPU (really happened - thanks Peter)....

September 7, 2020 · 6 min

STRIDE threat modeling on Kubernetes pt.4/6: Information disclosure

This is the fourth part of a series about STRIDE threat modeling in Kubernetes. In the previous part we talked about repudiation, instead today we’ll going to address information disclosure. Information disclosure happens with data leaks or data breaches, whenever a system that is designed to be closed to an eavesdropper unintentionally reveals some information to unauthorized parties. To prevent this we should protect data in transit and at rest by guaranteeing confidentiality, which can be guaranteed with encryption....

March 23, 2020 · 14 min