• Posts
CVE-2024-21626
• Exploring Hidden Vulnerabilities in Legacy Docker Versions
• Playing with CVE-2024-21626
DevSecOps
• Building a Secure Local Hugo Environment
Reverse Engineering
• Playing with Unicorn framework [1]
Software Development
• Test Driven Development
  • Exercise: Catch and report setUp errors
  • Exercise: Create TestSuite from a TestCase class
  • Exercise: Invoke tearDown even if the test method fails
  • TDD by example
Workstation Setup
• Second Life - Installing Ubuntu on MBP-2019 16-inch

Second Life: Installing Ubuntu on MBP 2019 16-inch

It’s Christmas Eve. I should probably be wrapping gifts or drinking hot cocoa. Instead, I found myself staring at my 2019 MacBook Pro, which was currently hot enough to roast chestnuts on an open fire. You know the feeling. You own what was once a “flagship” machine, but now it’s plagued by thermal throttling, fans that sound like a jet engine, and the looming threat of losing official macOS support next year. So, I decided to perform a holiday miracle. 🪄

Monday, December 22, 2025 | 7 minutes Read

Building a Secure and Clean Local Hugo Environment with Docker

I sat down to write a blog post about something else, but I ended up fighting dependency hell instead. You know the feeling. You open your IDE to write a simple article, and you remember that your personal site uses npm 🫠 (yes, I know, the original sin is mine). Suddenly, you remember the news: malicious preinstall scripts, supply chain attacks, and worms targeting developers. You look at your node_modules folder and realize you can’t in good conscience just “run the code” on your machine anymore. I mean, do I really trust the entire dependency tree of a static site theme?

Sunday, December 21, 2025 | 7 minutes Read

Exercise: Catch and report setUp errors

To gain a better understanding of the context, begin by reading the contents of the xUnit/ch18 directory, where you will find the relevant code and tests that illustrate the concepts discussed in this chapter. It is possible to find all the source code of this exercise here. Exercise: Catch and report setUp errors Implement the task: Catch and report setUp errors. There is a subtlety hidden inside this method.

Tuesday, May 20, 2025 | 6 minutes Read

Exercise: Create TestSuite from a TestCase class

To gain a better understanding of the context, begin by reading the contents of the xUnit/ch18 directory, where you will find the relevant code and tests that illustrate the concepts discussed in this chapter. It is possible to find all the source code of this exercise here. Exercise: The last task to complete is creating a Create TestSuite from a TestCase class — that is, constructing a suite automatically from a test class.

Tuesday, May 20, 2025 | 4 minutes Read

Exercise: Invoke tearDown even if the test method fails

To gain a better understanding of the context, begin by reading the contents of the xUnit/ch18 directory, where you will find the relevant code and tests that illustrate the concepts discussed in this chapter. It is possible to find all the source code of this exercise here. Exercise: Invoke tearDown even if the test method fails Implement the task Invoke tearDown even if the test method fails.

Tuesday, May 20, 2025 | 2 minutes Read

TDD by example

The Joy of Reading In recent months, I’ve discovered the joy of reading. I started with books far from the world of software development topic, but eventually, I landed on this vast and fascinating topic. Even though I have a Master’s degree in Computer Science and some experience in coding, only now have I found these books and realized the enormous value and knowledge they contain. Better late than never!

Tuesday, May 20, 2025 | 4 minutes Read

Exploring Hidden Vulnerabilities in Legacy Docker Versions: Lessons from CVE-2024–21626

The content of this article is for educational and research use only. The information provided must not be implemented in a real-world environment, and no responsibility is assumed for any consequences resulting from its application in a real-world scenarios. You are responsible for any risks arising from any behavior not related to the above scope. 1. Introduction 1.1 Why this article? During my analysis about CVE-2024–21626 I discovered some interesting thing in old legacy runc components (that is not mentioned in the security advisory GHSA-xr7r-f8xq-vfvv). In this article I want to show you what I found and what I did. To understand what it is, how it works and a deep dive on CVE-2024–21626 vulnerability read my previously article here.

Friday, November 8, 2024 | 5 minutes Read

Playing with Unicorn framework [1]

The main purposes of this article it is to learn what is unicorn engine, how to install it and understand the main features. Recall general CPU architecture basic concepts and how memory is used and organized by the operating system when a program is running. How to setup a project starting from a skeleton and in the end real examples to understand APIs and different scenarios where it is possible to use the unicorn engine.

Friday, June 21, 2024 | 13 minutes Read

Playing with CVE-2024-21626

The content of this article is for educational and research use only. The information provided must not be implemented in a real-world environment, and no responsibility is assumed for any consequences resulting from its application in a real-world scenarios. You are responsible for any risks arising from any behavior not related to the above scope. Related Article While investigating CVE-2024–21626, I discovered an overlooked vulnerability in older versions of Docker and runC. To learn more about what I found, read the following article: “Exploring Hidden Vulnerabilities in Legacy Docker Versions: Lessons from CVE-2024–21626”.

Friday, May 17, 2024 | 17 minutes Read