GETTING STARTED WITH OPEN SOURCE: MAKING MY FIRST CONTRIBUTION TO HUGO.

Lots of people ask for advice on how to get started in open source.

THE HIDDEN RISKS OF HIGH-QUALITY CODE

Haunted Graveyards in Consulting

Popularized by Google[1][2], Haunted Graveyards are pieces of code that, while providing a business value, are so ancient, obtuse, or complex that no one dares enter them.

MAKE CHROME GO BRRRRRR....

Everything started with a simple question: “Why does my laptop get hot watching YouTube?”, and led to a rabbit hole of hardware acceleration, Chrome flags, and Intel iGPU monitors.

GITSIGN IN REMOTE ENVIRONMENTS

After attending SigstoreCon, I got inspired by Priya Wadhwa’s Keynote: Signing Git Commits with Gitsign, to finally set up gitsign for my dev environment. It seemed straightforward enough, right?

BRINGING FIRST-CLASS SUPPORT TO SBOMS AND ATTESTATIONS FOR CONSTELLATION CONTAINERS

In a previous post, we explored how to generate a Software Bill of Materials (SBOM) and subsequently scan them for vulnerabilities. In this post, we show you how SBOMs can be signed and then stored in the same container registry as the scanned image. This improves security & discoverability!

MY FAVORITE TOOLS TO KEEP A ZERO VULNERABILITIES POSTURE FOR CONSTELLATION

In our last post, we explored how Software Bill of Materials (SBOMs) provide us with a transparent view of all dependencies in Constellation. In this post, we explore how we can use this information to continuously monitor vulnerabilities and upgrade to patched versions as soon as they are available.

GENERATING SBOMS FOR CONFIDENTIAL KUBERNETES IS EASIER THAN YOU THINK!

Constellation is an infrastructure product and includes several different components:

VERIFY COSIGN SIGNATURES IN GO USING SIGSTORE/SIGSTORE

After integrating cosign into the release process of Constellation’s CLI, I also wanted to improve the supply chain security of our metadata that are used for attestation.

WHAT CAN CONFIDENTIAL COMPUTING DO FOR THE KUBERNETES COMMUNITY?

This is a summary of the talk I gave at the Kubernetes Community Days (KCD) Berlin 2022. Both, the slides and a recording are available.

POSTMORTEM: UNRAID FLASH DEVICE FAILURE

Status: Complete, action items in progress.

Summary: unRAID’s OS Flash Device failed undetected for 14 days, preventing server to successfully reboot, taking all internal services down, including pfSense VM which prevented home network from accessing internet.