Libertà vo cercando, ch'è sì cara, come sa chi per lei vita rifiuta

Categoria: sharing

#4 Sharing Friday

Google has agreed to a settlement over a class-action lawsuit regarding Chrome’s “Incognito” mode, which involves deleting billions of data records of users’ private browsing activities.
The settlement includes maintaining a change to Incognito mode that blocks third-party cookies by default, enhancing privacy for users and reducing the data Google collects.

Profile-guided optimization – The Go Programming Language (

Go: The Complete Guide to Profiling Your Code | HackerNoon

Have you already tried Go profiling with PGO?

  • More informed compiler optimizations lead to better application performance.
  • Profiles from already-optimized binaries can be used, allowing for an iterative lifecycle of continuous improvement.
  • Go PGO is designed to be robust to changes between the profiled and current versions of the application.
  • Storing profiles in the source repository simplifies the build process and ensures reproducible builds.

Here’s a list of useful git options that could be very useful!

Observability is highlighted as the fundamental practice for all other Site Reliability Engineering (SRE) areas, essential for avoiding “flying blind.”

The article discusses common misconceptions that hinder success in observability, emphasizing the need for the right mindset and avoidance of overly complex solutions.§

The shift towards event-based Service Level Objectives (SLOs) is recommended over time-based metrics, advocating for simplicity and the importance of leadership support in SLO implementation.

The article discusses the security risks associated with Terraform state files in DevOps, particularly when an attacker gains the ability to edit them.

It highlights that while the Terraform state should be secure and only modifiable by the CI/CD pipeline, in reality, an attacker can exploit it to take over the entire infrastructure.
The piece emphasizes the importance of securing both the Terraform files and the state files, as well as implementing measures like state locking and permission configurations to prevent unauthorized access and modifications.
It also explores the potential for attackers to use custom providers to execute malicious code during the Terraform initialization process.

The article details a cybersecurity breach where the Russian hacker group Midnight Blizzard accessed Microsoft’s source code and internal systems.

Microsoft confirmed the breach originated from a password spray attack on a non-production test account without multi-factor authentication.

The attack, which began in November 2023, led to the theft of undisclosed customer secrets communicated via email. Microsoft has contacted affected customers and increased security measures, but the full extent and impact of the breach remain under investigation. The incident highlights the global threat of sophisticated nation-state cyber attacks.

#3 Sharing Friday

This page provides an in-depth look at how Cloudflare harnesses physical chaos to bolster Internet security and explores the potential of public randomness and timelock encryption in applications.

There is the story of Cloudflare’s LavaRand, a system that uses physical entropy sources like lava lamps for Internet security, has grown over four years, diversifying beyond its original single source.
Cloudflare handles millions of HTTP requests secured by TLS, which requires secure randomness.
LavaRand contributes true randomness to Cloudflare’s servers, enhancing the security of cryptographic protocols.

Here’s you can find a very interesting public dashboard provided by CloudFlare showing a lot of stats about current cyber attacks

avelino/awesome-go: A curated list of awesome Go frameworks, libraries and software (

A curated list of awesome Go frameworks, libraries and software

ChatGPT4 has been beaten.

Introducing three new AI models – Haiku, Sonnet, and Opus – with ascending capabilities for various applications1.
Opus and Sonnet are now accessible via and the Claude API, with Haiku coming soon.
Opus excels in benchmarks for AI systems.

All models feature improved analysis, forecasting, content creation, code generation, and multilingual conversation abilities.

kubectl trick of the week.


function k_get_images_digests {
  kubectl --context ${ENV}-aks \
          -n ${ENV}-security get pod \
          -l${APP} \
          -o json| jq -r '.items[].status.containerStatuses[].imageID' |uniq -c

alias k-get-images-id=k_get_images_digests

Through this alias you can get all the image digests of a specific release filtering by its label and then filter for unique values

#2 Sharing Friday


  • Found a new security bug in Apple M-series chipset
    The article discusses a new vulnerability in Apple’s M-series chips that allows attackers to extract secret encryption keys during cryptographic operations.
    The flaw is due to the design of the chips’ data memory-dependent prefetcher (DMP) and cannot be patched directly, potentially affecting performance.
  • Redis is changing its licensing
    Redis is adopting a dual licensing model for all future versions starting with Redis 7.4, using RSALv2 and SSPLv1 licenses, moving away from the BSD license.
    Future Redis releases will integrate advanced data types and processing engines from Redis Stack, making them freely available as part of the core Redis product.
    The new licenses restrict commercialization and managed service provision of Redis, aiming to protect Redis’ investments and its open source community.
    Redis will continue to support its community and enterprise customers, with no changes for existing Redis Enterprise customers and continued support for partner ecosystem.
  • Nobody wants to work with our best engineer
    The article discusses the challenges faced with an engineer who was technically skilled but difficult to work with.
    It highlights the importance of teamwork and collaboration in engineering, emphasizing that being right is less important than being effective and considerate.


Get your current branch fast up-to-date with master with this alias

alias git-update-branch="current_branch=$(git branch --show-current); git switch master && git pull --force && git switch $current_branch && git merge master"

Software Architecture

  • Chubby OSDI paper by Mike Burrows
    and here’s their presentation on this topic

  • Chubby is intended to provide coarse-grained locking and reliable storage for loosely-coupled distributed systems, prioritizing availability and reliability over high performance.

    It has been used to synchronize activities and agree on environmental information among clients, serving thousands concurrently.

    Similar to a distributed file system, it offers advisory locks and event notifications, aiding in tasks like leader election for services like the Google File System and Bigtable.

    The emphasis is on easy-to-understand semantics and moderate client availability, with less focus on throughput and storage capacity.

    Database Simplification: It mentions the simplification of the system through the creation of a simple database using write-ahead logging and snapshotting.
  • Introduction to Google Site Reliability Engineering slides by Salim Virji
    The presentation introduces key concepts related to SRE, emphasizing the importance of automating processes for reliability and efficiency.

    It also delves into the delicate balance between risk-taking and maintaining system stability.

    Throughout the slides, the material highlights teamwork, effective communication, and the impact of individual behavior within engineering teams. Overall, the session aims to equip students with practical insights for successful SRE practices while navigating the complexities of modern software systems.

#1 Sharing Friday


  • To quickly check for all images in all #pods from a specific release (eg: Cassandra operator):
kubectl get pods -n prod-kssandra-application -l -o jsonpath="{.items[*].spec.containers[*].image}" | tr -s '[[:space:]]' '\n' |sort |uniq -c




  • To generate strong random #password you don’t need online suspicious services but just old plain bash/WSL.
    This function leverages your filesystem folder /dev/urandom,
    the output is cryptographically secure and we then match only acceptable characters in a list and finally cut a 16 length string.

    Keep it with you as an alias in your .bashrc maybe 🙂
function getNewPsw(){   
  tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 16; echo 

Powered by WordPress & Theme by Anders Norén