I wrote my first CI pipeline with dagger

Disclaimer #1: the aim of this article is to provide constructive and objective criticism. I don’t want to undervalue the work of the contributors. I would not be able to do a hundredth of what they did. I highly respect their commitment to this project. Disclaimer #2: I chose to illustrate this article with an example. As a dagger newbie, I’m pretty sure there is room for improvement. But it’s working and the purpose is to introduce the concepts through an example. [Read More]

What does the future of data engineering look like

The field of data engineering is evolving quickly. This article describes three major trends I see become prominent in the coming years. The role of a data engineer was almost nonexistent ten years ago. But, the need for this particular kind of software engineer has grown. As the field got more mature, the role evolved. The responsibilities of a data engineer vary from one company to another and the role does not evolve at the same pace everywhere. [Read More]

Supply Chain Security Python

TL;DR A new kind of cyber threat has come to light recently: software supply chain attacks. While rare, they have massive impacts, and protecting against them is a rising concern. Because of its variety of use cases, there is no single rule to apply to your python projects to be safe and as always it depends on your context. Introduction In traditional industries, a supply chain is anything that allows a company to deliver a product to the customer. [Read More]

The Best Advice I've received as a junior developer

Freshly graduate, you are enthusiastic about your first job but it’s more difficult than you expected. We have all been there at some point. I have been lucky to receive great advice and I would like to share some of those as I think they can be very valuable. Software engineering is hard, especially for newcomers. It’s easy to feel overwhelmed by the number of things you have to learn. Job descriptions are intimidating and you might end up with this feeling that you are not ready, that there is still so much to learn. [Read More]

5 Advanced Pytest Tricks

We write tests because they help us build confidence in our code. They also help us write clean and maintainable code. Yet, writing tests requires some effort. Fortunately, there are libraries we can leverage. Pytest, for example, comes with a lot of handy features that are often not used. In this article, I will introduce you to 5 of them. Test logging with caplog fixture Sometimes, logging is part of your function and you want to make sure the correct message is logged with the expected logging level. [Read More]

How to write a TCP scanner in Go

In the toolbox of any pen tester, there is an app that allows them to detect open ports on a given server. Thanks to such an app, they can list all network entry points available on the system. These entry points can be open doors for attackers and this is why they need to identify them early in the process. The most famous TCP port scanner is a tool called nmap. [Read More]

Learning Go, first impressions

Over the past couple of weeks, I have been interested in Go. I have been developing mostly in Java and Python for 3 years now and I was keen to learn a new language. As I was looking for a new language to learn, Go caught my attention. Indeed, this language created by Googlers in 2007 has a lot of traction, especially with the rise of cloud-native apps and projects like Kubernetes or CockroachDB that are essentially developed in Go. [Read More]

K8s security - part 0 - Security Model

Prerequisite You already know Kubernetes architecture, its components and have notions of cybersecurity. Abstract In this introduction of a series devoted to Kubernetes security, we will first see that Kubernetes, although very popular and used by thousands of companies, is very hard to completely protect from attacks espescially if you create and operate your own cluster. Vulnerabilities have been discovered in the past and have sometimes been exploited by attackers. We will explore what makes Kubernetes hard to secure by default and propose a model that represents the layers that need to be secured. [Read More]

My first talk at a meetup

This week I gave my first talk at a meetup. It was in Hong Kong on the occasion of episode 11 of the Hong Kong machine learning meetup. It was a fantastic experience and I am going to relate why. How did I come up to talk at a meetup? In the past few years, I have been attending many meetups especially in Paris where there is an important community of developers. [Read More]

Time series forecasting series, part 1: introduction

Forecasting has fasinated people for thousands of years because it is about prediciting the future. It sounds magical but it is not. There are metods to do so and this is the aim of this series: showing the different techniques and present real-world use cases. There are many applications of those techniques in various fields such as politics, finance, healthcare, energy and many others. This series will be very practical with code examples and real-world data. [Read More]