Andrea Casarin

Andrea Casarin

Published on: 5/13/2023, 1:32:22 PM - Reading time: 1 minute

Ruby on Rails cache poisoning

The cache poisoning attack is a sophisticated method used by hackers to manipulate data in a server's cache. This article discusses one of the most common cache poisoning attacks that exploit the HTTP X-Forwarded-Host header. This type of attack is particularly insidious because it can result in the display of harmful content to users, data manipulation, or theft of sensitive information. The HTTP X-Forwarded-Host header is commonly used in network environments where a proxy server or load bala

Published on: 4/8/2023, 10:12:46 AM - Reading time: 2 minutes

Docker for Mac 98% faster with VirtIOfs

If you are a developer who uses Docker Desktop on your Mac, you might have noticed that it can be quite slow when it comes to file sharing between the host and the guest operating systems. This can affect the performance and responsiveness of your applications, especially if they rely on a lot of disk IO operations. Fortunately, there is a new feature that can significantly improve the file sharing speed and make your development experience much smoother: VirtIOfs. VirtIOfs is a virtualization

Published on: 3/11/2023, 11:32:20 AM - Reading time: 2 minutes

ChatGPT "kinda" integrates itself with Alfred App on MacOS

Alfred is a popular productivity app for macOS that allows you to launch apps, search for files, and automate tasks using custom workflows. If you would like to integrate OpenAI's GPT-3 based ChatGPT with Alfred, you can do so by building a custom workflow in Alfred. Here's a step-by-step guide on how to integrate ChatGPT with Alfred, written by ChatGPT itself: 1. Install the Alfred app on your Mac if you haven't already. 2. Create a new workflow in Alfred by clicking on the "Workflows" t

Published on: 2/11/2023, 12:37:40 PM - Reading time: 2 minutes

Docker build caching in GitLab

As a software developer, you’re probably familiar with the time it takes to build a Docker image, especially if your application is complex and requires many dependencies. But did you know that you can speed up your builds by using caching strategies? In this article, we’ll explore the different ways to optimize your Docker builds in GitLab, by using the BUILDKIT_INLINE_CACHE, tagging with both latest and sha_commit, and using the docker-compose cache from option. BUILDKIT_INLINE_CACHE Th

Published on: 1/14/2023, 1:14:04 PM - Reading time: 1 minute

Databases on NFS shares

Last week I was trying to deploy a MariaDB container to my home lab which has to use TrueNAS share as persistent storage. I'm currenly using NFS storage for my homelab docker cluster. I wasn't working right, due to some Lock errors. So I found out that running a Sqlite db or really anything which requires files lock over NFS keep is really buggy when managed remotely via rpc.statd and rpc.lockd. You can however opt for local locks, if the share is mount only by one user/server. To enable loca

Published on: 12/10/2022, 10:22:38 AM - Reading time: 1 minute

Kubernetes state and metrics monitoring

When moving your workload from some VMs to a Kubernetes cluster you may find yourself losing grasp on what's happening, it happens to all of us. However K8S has some great ways to make sure you are on top of your cluster status, you just have to make sure you setup them right. metrics-server Gets resource metrics from Kubelets and exposes them through the Kubernetes Api Server via Metrics API, think at them as: * CPU * memory * network usage Used primarly for horizontal and vertical auto

Published on: 11/13/2022, 1:51:38 PM - Reading time: 0 minute

Postgres, where and null

Some days ago I was working on a project which uses Postgres as DBMS. Postgres is great, but it has some significant differences if you are used to MySql. I learned one of them the hard way. While doing a simple select query I was looking for tuples which were where x != 42 trying to extract all of them regardless of x being some number or null. That didn't work as I expected. In Postgres if you select something via where x != 42 it will not extract tuples where x is null. So, if you are doin

Published on: 10/8/2022, 8:05:00 AM - Reading time: 0 minute

OpenSSH ssh-dsa and ssh-rsa

OpenSSH 8.8 is deprecating ssh-rsa and ssh-dss as key types. In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 hash algorithm in conjunction with the RSA public key algorithm. It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. [https://www.openssh.com/txt/release-8.7] So you will get this error: no matching host key type found. Their offer: ssh-rsa,ssh-dss You can add those algorithms back, with: HostKeyAlgorithms +ssh-

Published on: 9/11/2022, 8:43:00 AM - Reading time: 1 minute

Nginx caching on Kubernetes

Nginx ingress is one of the best ingress you can use on your K8S cluster, by default it comes with a lot of features but caching is not enabled. Let's see how to set up a simple static cache for our websites. On cluster ingress (this is managed by an Nginx config map): proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:32m max_size=5g inactive=7d use_temp_path=off; proxy_cache_valid any 5m; proxy_cache_valid 200 30m; On application ingress (managed via deploy): proxy_ignore_

Published on: 7/9/2022, 9:17:11 AM - Reading time: 1 minute

Static assets optimization for websites

I recently restyled my website (this one!) switching from Wordpress to GhostCMS and SvelteKit (which are great,but that's a story for another day). In the process I wanted to reach some good speed to please both the users and Google. One of the mayor aspect of this is static assets optimization, here are a few tips I found out in my journey. Images PJPEG: jpeg images are loaded from top to bottom, progressive jpeg from back to front. So they will load the whole sized image and then refine it

Published on: 6/11/2022, 10:17:19 AM - Reading time: 1 minute

Ansible forks/serial on a task level

If your inventory contains the same host multiple times (think dynamic inventories or something defined via Terraform) and then you run a playbook against that (eg. target: all) you'll end up trying to run the same tasks simultaneously on the same host. That's not usually an issue, however some tasks require a lock (eg. apt install pkg) thus breaking for errors or timeouts. Ansible has some attributes to manage this situations, like: * forks at a configuration level * serial at a playbook l

Published on: 5/3/2022, 4:23:00 PM - Reading time: 0 minute

eBPF application monitoring on Kubernetes

Just a quick one, since I recently found out about Pixie which is a super interesting opensource project recently bought by NewRelic. It's an agent which you can install on your k8s cluster (or on your standard VM). It uses eBPF to collect deep data from Linux Kernel, granting the ability to monitor an application without the need of an APM (Application Performance Management). It promises a maximum 5% overhead. The frontend uses PxL Script (which is similar to python + panda) to fetch data fr

Published on: 4/9/2022, 10:04:17 AM - Reading time: 1 minute

Backup Kubernetes volumes in AWS

When using Kops on AWS to deploy your Kubernetes cluster you'll find yourself with multiple elastic block storage volumes which are the PersistentVolumeClaim implementation on AWS. Snapshots are then a great way to provide backups, and especially so if coupled with lifecycle manager which can define your backup schedule and retention. Usually when defining a life-cycle policy you create a tag filter to select specifics volumes and then a schedule to snapshot them and how many you want to keep.

Published on: 2/7/2022, 8:33:45 AM - Reading time: 1 minute

DevPresto resources for developers

DevPresto is a fast online resource collection for developers. It features some tools (like markup formatting, sql formatting, md5 calculation) and will host a series of hand-picked guides and tutorials. It aims to be a useful website for everyday development or system administration. Most of our favorite instruments live in our editor/terminal of choice, but sometimes you just need a quick tool to be able to share or check something on the go. I've been there a few times. I used to search G