lucavallinThe blog
Long-form notes on platform engineering, cloud-native infrastructure, the Linux kernel and the messy reality of running AI workloads. Written in the open, occasionally opinionated.
More writing
Containers Are Not Automatically Secure
Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That was probably the main thing I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.
A Tour of eBPF in the Linux Kernel: Observability, Security and Networking
eBPF lets you run small, verified programs inside the Linux kernel, enabling fast observability, security, and networking without changing application code. This practical tour explains why eBPF matters now, how programs are compiled, verified, JITed, and attached to events, and how maps and ring-3 buffers move data. You'll leave with simple demos and a clear mental model to start experimenting.
How to Configure OIDC with Terraform for GitHub Enterprise Server
OpenID Connect (OIDC) is an authentication protocol that extends OAuth 2.0, providing a solid and standardized method for authentication often involving an ID token in the JWT (JSON Web Token) format. OIDC is the recommended way to authenticate with GitHub Enterprise Server when setting up GitHub Actions. Since the setup can be tricky, I've created a Terraform configuration that makes it easier to get started.
How to Safely Store Secrets in Terraform Using Cloud KMS
Protecting Terraform secrets using Cloud KMS for seamless git commit experience.