September 13, 2020
On September 1st, 2020, the maximum lifetime of TLS certificates signed by Public Certificate Authority got reduced to 13 months.
How did we arrive here, and what’s to come?
Let’s start from understanding who decides the maximum lifetime of certificates and many other limitations around them.
Who decides the TLS certificate guidelines
Ultimately, the client (often a browser or an operating system) identifies the certificate as trustable or not (based on the CA that signed it as well as many other parameters), so the client can decide which parameters to look for and which values are acceptable and which are not.
This clients’ freedom makes the whole situation very messy since every client can decide their own set, and a subset of the options accepted by every client can be very small if not empty.
Read More 
August 20, 2020
This year I managed to partecipate to KubeCon + CloudNativeCon Europe 2020.
As you can imagine, the conference did not happen in real life, but it was converted to an online conference.
More virtual conferences I attend to, more I understand the limits and the advantages of them compared to real conferences.
In this particular conference, I realized that one of the biggest problems I have with virtual conferences is that, during the conference, the conference events and talks add to your usual events and meetings, making it impossible to follow all events you wanted to follow.
Read More 
August 10, 2020
This year Flock did not happen due to COVID-19, and in its place, Fedora Nest happened.
After many events I’ve seen going virtual in the last few months, I was skeptical.
I was yet to see an acceptable online platform to run events.
I was wrong on the platform.
Fedora Nest used Hopin, which is by far the best platform for events I’ve seen so far.
Don’t get your expectations too high, though, because when I say the best one I’ve seen so far, only means that it is usable, and it does not mean in any way that is on par of real conferences.
Read More 
July 19, 2020
Today I did a big update to this website.
The goal of today’s update is the removal of Disqus.
I have decided to remove Disqus more than a year ago, with the decision to remove all cookies from this website.
The plan was to remove both Google Analytics and Disqus since those were the only two reasons this website was distributing cookies.
I removed Google Analytics in June 2019, and now I’ve removed Disqus, so this goal has now been achieved.
Read More 
June 25, 2020
In the last couple of months, we have seen a lot of news around ARM.
More specifically, the most relevant ones, in my opinion, are (sorted by date):
- On May 11, AWS announced the availability of new instance types (M6g, C6g, R6g) based on Graviton2, a new version of their in-house developed ARM processor
- On June 17, Ampere announced a 128 core ARM processor that will be added to their current line (that includes 32, 48, 64, 72, 80 cores ARM CPUs)
- On June 22, was made public that Fugaku, an ARM-based supercomputer, is the most potent publicly disclosed supercomputer
- On June 22, Apple announced that Macs will move to ARM
Those pieces of news demonstrate how much the processors’ landscape is changing, and how fast the rate of change is.
The topic I would like to focus on is why, today, the x86 platform is not that appealing as it was in the ’90s when it became the de-facto standard.
I think that there are two primary causes for this change of direction:
Read More 
May 25, 2020
As it is becoming a sort of tradition, here we are, after two years from the enactment of GDPR to see how it performs in the real world.
In our previous yearly check, we analyzed the situation from two points of view: the banners and the fines.
Let’s see how those two topics have evolved in the last year.
The Cookie Banners
On the 1st of October 2019, with the judgment in case C-673/17, the European Union Court of Justice clarified that pre-ticketed consent checkboxes are not sufficient since the consent has to be expressed actively by the user.
This requirement was clear to me since my initial approaches to the GDPR, since it was clear that this was the only way to respect the Regulation’s spirit.
Still, it is very nice to see it stated explicitly by the European Union Court of Justice.
Read More 
April 15, 2020
Yesterday, a controversial proposal got posted in the Fedora Devel mailing list: enable systemd-resolved by default.
I see this change favorably since I already enabled it a few weeks ago, and I find it a very sensible option.
First, I have to admit that I see systemd and its mission of standardizing the core of the Linux user-space very favorably.
At the current level of evolution of Linux, over time, this standardization and consistency will pay off much more than other alternatives.
Therefore, I see the introduction of systemd-resolved positively and as an excellent way to abstract many DNS-related problems the rest of the applications.
Read More 
March 1, 2020
Google Cloud provides the capability of terminating a VPN connection with a VPN Gateway.
The problem is that the VPN Gateway - at the moment - is relatively limited in capabilities.
One of the missing capabilities I would have liked to see implemented is the NAT capability.
VPNs can be used to connect the machines of two different parties.
Although this is usually not the best architectural pattern, since a connection on the public internet encrypted at the Transport Layer is often a better option, it’s relatively common in more legacy environments.
When a VPN is used in this way, it is very common to incur in an IP space collision, and therefore it becomes required to use some form of NAT.
Let’s see how to implement this scenario in Google Cloud without terminating the VPN directly on an instance (which is possible but has its problems, and maybe we’ll be discussing it some point in the future).
Read More 
February 28, 2020
In the last few months, I’ve decided to clean up many old backups I have lying around.
Since I don’t want to lose any data that is still relevant, I’m checking all files within those backups.
I found multiple backups of my old web blogs in the process, and I’ve decided to get the posts (and maybe also the comments in a second phase) out of those backups and re-publish them here on this website.
So, if some old posts will appear in this blog in the next few months, don’t be surprised!
Read More 
February 2, 2020 - Bruxelles, BE
This year, as it has happened for the last few years, I’ve been at FOSDEM.
As always, I’ve enjoyed it a lot, and that’s why I continue to go there, and every time I have to suggest other people which events to attend in Europe, I always mention FOSDEM as the main event.
I think it’s fascinating to see how room sizes and crowdedness of the rooms changes over time.
Years ago, the container-related rooms (containers, container security, Go) were relatively small, but already crowded, and over the years, the rooms got bigger and bigger.
Every year they have been very crowded to the point that for the majority of sessions, some people were turned away.
This year this pattern continued for those rooms, except for the Go one, which had a massive improvement in size, and, as far as I know, it never turned away people due to the over-crowdedness.
I think this speaks clearly on the importance that containers are getting in those years and the fact that they are quickly moving.
If there were no innovations in the container space for the whole year between two FOSDEMs, I think many people would prefer to go to other rooms.
I think this is what is happening to the Go room.
Even though I really appreciate the Go room and the Go language, I think it will shrink over the next years because - as it’s sane for a programming language - Go is not getting tons of new features every year.
Due to this lack of news, people that already know the language might opt for different rooms since, at FOSDEM, there are always many exciting talks at the same time.
Read More 
(Fabio Alessandro Locati|Fale)'s blog