{talks, podcasts, ...}
I like to share what I learn along the way.
That’s why I give talks and speeches around, even though preparing them is often way harder than the topic itself.
On this page, I collect all my speeches and speaking engagements by year.
2022§
Code Coverage for eBPF programs @ eCHO Livestream #038§
Leo Di Donato demonstrates bpfcov for generating source-based code coverage reports for eBPF programs running in the Linux kernel, with Liz Rice.
Coverage for eBPF programs @ FOSDEM§
eBPF is fastly becoming the first choice for implementing tracing and security-critical applications and software.
Yet, its ecosystem lacks tooling to make developers’ life easier.
Join this talk to get to know bpfcov: an open-source tool I wrote that uses the LLVM pass infrastructure to instrument your eBPF programs to collect coverage data while they run in the eBPF VM in the Linux kernel.
2021§
LSM BPF Changes Everything @ Cloud Native eBPF Day North America§
Much is being said on security recently.
Almost as much was said about tracing the syscalls happening in the Linux Kernel with BPF.
Aside from all the buzz, we need to appraise some gaps in the current narrative.
We need to fill in the gaps in the actual syscall execution flow to avoid attackers using them.
Here enters the game the general security hooks for Linux, namely LSMs, and their integration with BPF.
Scheduling BPF on Kubernetes doesn't have to be difficult @ eBPF …§
The kubectl-trace project is a kubectl plugin that makes our lives easier, allowing us to use BPF programs against our Kubernetes clusters.
You are 5 minutes away from starting scheduling your bpftrace programs (or whatever BPF frontend language) against your clusters.
FalcOMG That's AWESOME @ KubeCon North America§
Updates on everything happening in the Falco project, the de-facto Kubernetes threat detection engine, in 2021.
2020§
Bypass Falco @ KubeCon North America§
Maybe you trust it as your last line of defense in today’s cloud-native environments, and as a consequence, you sleep like a log.
Well, I’m a Falco maintainer, and I definitely wouldn’t.
During this session, we’re gonna explore how to bypass Falco and leave us like sitting ducks, defenseless.
Intro to Falco @ Rawkode Live§
Falco, the open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine.
During this live stream two core maintainers of Falco show how it detects unexpected application behavior and alerts on threats at runtime, even for Kubernetes.
Falco, runtime security analysis through syscalls @ RomHack Rome§
In every Linux system, we have the syscalls interface to trace what userspace processes are doing at the upper level and eventually take action.
Anyway, this is easier said than done. Because tracing and processing every system call in userspace results in a very unique set of challenges.
This is what Falco does.
Going Beyond CI/CD with Prow @ KubeCon Europe§
One of the most untold secrets is how hard and important is to automate the whole set of workflows around the code, not only the testing phase.
We were able to use the native Kubernetes CI/CD system - Prow - to solve CI/CD for Falco.
Designing a gRPC Interface for Kernel Tracing with eBPF @ KubeCon…§
Designing a mutually TLS authenticated API over gRPC in C/C++ to ship alerts and solve the runtime security problem.
In this talk I go through the challenges I faced with designing the interface, as well as the performance concerns with parsing millions of syscalls using eBPF over gRPC.
Falco, runtime security analysis through syscalls @ BSides Athens§
In every Linux system, we have the syscalls interface to trace what userspace processes are doing at the upper level and eventually take action.
Anyway, this is easier said than done. Because tracing and processing every system call in userspace results in a very unique set of challenges.
This is what Falco does.
eBPF & Falco @ Kubernetes Podcast from Google§
We dive into the Linux kernel this week with guest Leonardo Di Donato, Open Source engineer. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter.
Leonardo tells the hosts about the architecture of eBPF, how he has used it before and now, and what’s coming up for Falco.
2019§
Cloud Native eBPF instrumentation @ Cloud_Native Rejekts NA§
How to use eBPF for creating tools aware of both the kernel and the Kubernetes layers.
Go eBPF superpowers @ GoLab Florence§
Write eBPF programs with Go.
Prometheus as exposition format for eBPF programs running on Kube…§
This talk exposes the idea, and a reference implementation, of using eBPF programs for generating Prometheus metrics regarding our Kubernetes cluster.
OpenMetrics: Prometheus Unbound @ Cloud_Native Rejekts EU§
The State of the Art of OpenMetrics and some fundamentals about it.
Prometheus as exposition format for eBPF programs @ Cloud_Native …§
Because the kernel knows more than your programs.
So, let’s inject a BPF ELF into Kubernetes encoding it in YAML file. Why not?!
Prometheus as exposition format for eBPF programs @ CNCF Turin Me…§
Because the kernel knows more than your programs.
So, let’s inject a BPF ELF into Kubernetes encoding it in YAML file. Why not?!
2018§
From logs to metrics @ Kubernetes & Cloud-Native Milano§
Extracting valuable info from logs is possible. Anyway, it can be a time consuming activity.
How to parse Syslog messages in no time? Then, how to ingest them into a time-series database?
First dive in the cryptoverse @ Private Event§
My take on the digital currency revolution in front of a private audience.