https://paolomainardi.com/index.xml

• Cyberwisecon Europe 2024 : [EN] Cyberwisecon | Building a Trusted and Resilient Software Supply Chain

  • Abstract:

    In this talk, It will be presented the current state of the software supply chain, the significant global recent events (SolarWinds, log4shell, codecov, etc..), the state of the Open-Source ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them to improve the integrity and to gain unprecedented levels of knowledge of your digital artifacts and your cloud infrastructures.

Hello, I am Paolo Mainardi, proud founder and CTO of Sparkfabrik, and Linux Foundation Europe advisory member.

My role is to drive the company toward innovation, by building cutting-edge and cloud-native web applications and doing Kubernetes consultancy at different levels, from cluster management to custom implementations; we are also CNCF Silver Member and Kubernetes Certified Service Provider (KCSP).

When I am not too busy with the company stuff, I like to contribute to open source projects, speaking and organizing conferences and actively participating to the community.

If you’re experiencing annoying lag or stutter with your Bluetooth mouse or trackpad on Linux, this post might help you fix it.

This approach works by directly adjusting Bluetooth connection parameters through the debugfs interface.

I was seeing serious stutters with my MX Master 3S, especially under heavy load. It became almost unusable. I also had similar problems with an Apple Magic Trackpad 2. The trackpad performs well on Linux and Sway (yes, even gestures), but it was stuttering a lot, which made it impossible to use.

Two years after my first analysis of Docker performance on MacOS, things have improved significantly. VirtioFS is now much faster (bind mounts are only 3x slower instead of 5-6x), and we have new solutions in the ecosystem. Lima (open-source) performs well and sometimes better than Docker Desktop, while Docker’s new file synchronization feature offers impressive speed improvements (59% faster) but requires a paid subscription. Additionally, OrbStack has emerged as a strong contender, offering excellent performance with bind mounts and native operations. For the most stable performance, the hybrid approach (combining bind mounts with volumes) remains the best practice. Choose your setup based on your needs:

I have a huge collection of mechanical keyboards (> 15 and counting); when I started the journey, I mainly chose TKL layouts, which seemed the simplest choice for a desktop keyboard; they have all the keys I need, such as Home, End, PgUp, PgDown, that at least for me are essential for my writing habits. The issue with this layout is that you have to move your hands a lot to reach some keys, and the mouse is far away from the keyboard, so I started to look for smaller keyboards, such as 60%, 65%, and 75% sizes.

This is a short post to remind myself that is always time to learn something new or to refresh memories that sit there in the back of your head, maybe wrong, maybe right. In this case, they were very wrong.

I was building a Docker image to be used both as a development environment and as a cli tool. To simplify it, it was something like this:

1
2
3
4
5
6

FROM node:20-lts

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]

The entrypoint script was something like this:

Software Supply Chain security issues are hitting hard the whole OSS ecosystem; not a day goes by without a security incident going into the wild, affecting unaware users and companies with software built with the modern patterns of ultra composability made of a dense number of external dependencies in multiple layers.

According to the research conducted by Sonatype in their annual State of Software Supply Chain, Supply Chain attacks have an average increase of 742% per year.

How the actual build look like.

This is not a guide on how-to install and configure Linux, but a list of the components I used to build my personal Linux workstation, to avoid any compatibility issue and to exploit the best in terms of performance and stability. For who’s asking, I am using Arch Linux as my daily driver and it is configured through the Ansible playbook i made.

If you know me, you know how much I love the container ecosystem (and Docker) and how breakthrough they have been in the market the last 10 years, containers changed everything.

Even tho Docker/Podman have become an essential tool in the world of software development, as they allow developers to create, deploy and run applications in containers, sometimes a process needs more than just a container to run; maybe it assumes something from the env vars or a system socket (e.g., like X11).

Thanks to the DALL·E 2, we finally have a very nice graphic representation of the feelings of a Docker container inside a macOS environment, I will try with this article to make this poor container safe to the coast.

At the time of writing, the only viable option to have a decent performance and a good DX are:

What I’ve always loved about Linux is its customizability and the freedom you have to configure your rice exactly you like it, especially when you pass the line of Desktop Environments to embrace more straightforward environments like tiling manager; this is where Linux on the desktop shines.

Tiling managers allow arranging windows in non-overlapping frames and controlling any aspect using the keyboard, including opening, closing, moving, and resizing.

Like the most known desktop environments (including macOS), they also have the concept of workspaces, where you can organize your windows in a way you feel more productive.

After years of procrastination, I’ve finally decided to give a chance to this simple space (based on Hugo), and just focus on writing contents.

I will try to force the nerd side of me not to waste time on techy stuff, which is most of the time the way to mark the bitter destiny of personal side projects.

Writing is hard - it requires focus, skills, and time; ideas are unshaped, and training and patience are needed to transform them into understandable and compelling words.