Andrea Casarin

The cache poisoning attack is a sophisticated method used by hackers to manipulate data in a server's cache. This article discusses one of the most common cache poisoning attacks that exploit the HTTP X-Forwarded-Host header. This type of attack is particularly insidious because it can result in the display of harmful content to users, data manipulation, or theft of sensitive information. The HTTP X-Forwarded-Host header is commonly used in network environments where a proxy server or load bala

If you are a developer who uses Docker Desktop on your Mac, you might have noticed that it can be quite slow when it comes to file sharing between the host and the guest operating systems. This can affect the performance and responsiveness of your applications, especially if they rely on a lot of disk IO operations. Fortunately, there is a new feature that can significantly improve the file sharing speed and make your development experience much smoother: VirtIOfs. VirtIOfs is a virtualization

Alfred is a popular productivity app for macOS that allows you to launch apps, search for files, and automate tasks using custom workflows. If you would like to integrate OpenAI's GPT-3 based ChatGPT with Alfred, you can do so by building a custom workflow in Alfred. Here's a step-by-step guide on how to integrate ChatGPT with Alfred, written by ChatGPT itself: 1. Install the Alfred app on your Mac if you haven't already. 2. Create a new workflow in Alfred by clicking on the "Workflows" t

As a software developer, you’re probably familiar with the time it takes to build a Docker image, especially if your application is complex and requires many dependencies. But did you know that you can speed up your builds by using caching strategies? In this article, we’ll explore the different ways to optimize your Docker builds in GitLab, by using the BUILDKIT_INLINE_CACHE, tagging with both latest and sha_commit, and using the docker-compose cache from option. BUILDKIT_INLINE_CACHE Th

Last week I was trying to deploy a MariaDB container to my home lab which has to use TrueNAS share as persistent storage. I'm currenly using NFS storage for my homelab docker cluster. I wasn't working right, due to some Lock errors. So I found out that running a Sqlite db or really anything which requires files lock over NFS keep is really buggy when managed remotely via rpc.statd and rpc.lockd. You can however opt for local locks, if the share is mount only by one user/server. To enable loca

Un augurio di serene feste e felice nuovo anno. Colgo l’occasione per segnalarvi che sarò in ferie dal 24/12 all’8/1. A presto, Andrea Casarin andreacasarin.com Facebook | Twitter | Linkedin

When moving your workload from some VMs to a Kubernetes cluster you may find yourself losing grasp on what's happening, it happens to all of us. However K8S has some great ways to make sure you are on top of your cluster status, you just have to make sure you setup them right. metrics-server Gets resource metrics from Kubelets and exposes them through the Kubernetes Api Server via Metrics API, think at them as: * CPU * memory * network usage Used primarly for horizontal and vertical auto

Some days ago I was working on a project which uses Postgres as DBMS. Postgres is great, but it has some significant differences if you are used to MySql. I learned one of them the hard way. While doing a simple select query I was looking for tuples which were where x != 42 trying to extract all of them regardless of x being some number or null. That didn't work as I expected. In Postgres if you select something via where x != 42 it will not extract tuples where x is null. So, if you are doin

OpenSSH 8.8 is deprecating ssh-rsa and ssh-dss as key types. In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm. It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. [https://www.openssh.com/txt/release-8.7] So you will get this error: no matching host key type found. Their offer: ssh-rsa,ssh-dss You can add those algorithms back, with: HostKeyAlgorithms +ssh-

Nginx ingress is one of the best ingress you can use on your K8S cluster, by default it comes with a lot of features but caching is not enabled. Let's see how to set up a simple static cache for our websites. On cluster ingress (this is managed by an Nginx config map): proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:32m max_size=5g inactive=7d use_temp_path=off; proxy_cache_valid any 5m; proxy_cache_valid 200 30m; On application ingress (managed via deploy): proxy_ignore_

I recently restyled my website (this one!) switching from Wordpress to GhostCMS and SvelteKit (which are great,but that's a story for another day). In the process I wanted to reach some good speed to please both the users and Google. One of the mayor aspect of this is static assets optimization, here are a few tips I found out in my journey. Images PJPEG: jpeg images are loaded from top to bottom, progressive jpeg from back to front. So they will load the whole sized image and then refine it

If your inventory contains the same host multiple times (think dynamic inventories or something defined via Terraform) and then you run a playbook against that (eg. target: all) you'll end up trying to run the same tasks simultaneously on the same host. That's not usually an issue, however some tasks require a lock (eg. apt install pkg) thus breaking for errors or timeouts. Ansible has some attributes to manage this situations, like: * forks at a configuration level * serial at a playbook l

Just a quick one, since I recently found out about Pixie which is a super interesting opensource project recently bought by NewRelic. It's an agent which you can install on your k8s cluster (or on your standard VM). It uses eBPF to collect deep data from Linux Kernel, granting the ability to monitor an application without the need of an APM (Application Performance Management). It promises a maximum 5% overhead. The frontend uses PxL Script (which is similar to python + panda) to fetch data fr

When using Kops on AWS to deploy your Kubernetes cluster you'll find yourself with multiple elastic block storage volumes which are the PersistentVolumeClaim implementation on AWS. Snapshots are then a great way to provide backups, and especially so if coupled with lifecycle manager which can define your backup schedule and retention. Usually when defining a life-cycle policy you create a tag filter to select specifics volumes and then a schedule to snapshot them and how many you want to keep.

DevPresto is a fast online resource collection for developers. It features some tools (like markup formatting, sql formatting, md5 calculation) and will host a series of hand-picked guides and tutorials. It aims to be a useful website for everyday development or system administration. Most of our favorite instruments live in our editor/terminal of choice, but sometimes you just need a quick tool to be able to share or check something on the go. I've been there a few times. I used to search G