Gregorio Palamà
GDE Cloud | Mia-Platform Expert | Senior Enterprise Architect @ Adesso | Community Manager @ GDG Pescara
GDE Cloud | Mia-Platform Expert | Senior Enterprise Architect @ Adesso | Community Manager @ GDG Pescara
Pescara, Italy
Actions
I have been working in the IT industry for over 15 years. I currently hold the role of Senior Enterprise Architect in Adesso. I am a Google Developer Expert on GCP and a Google Cloud Innovator Champion on the topic of modern architecture. I manage GDG Pescara together with other developers, I love sharing my knowledge and trying to do it in a fun way.
Lavoro nell'industria IT da oltre 15 anni. Attualmente ricopro il ruolo di Senior Enterprise Architect in Adesso. Sono Google Developer Expert su GCP e Google Cloud Innovator Champion sulla tematica relativa alla modern architecture. Gestisco il GDG Pescara assieme ad altri sviluppatori, amo condividere le mie conoscenze e cercare di farlo in maniera divertente.
Links
Badges
Area of Expertise
Topics
See the Unseen: Perfecting image descriptions for screen readers with GenAI en
As the web evolves, so must our approach to accessibility. The potential of GenAI allows us to optimize digital content for users with visual impairments and with tools like Lighthouse we can improve the quality of the alt description of our images.
Providing an alt description is crucial, but how good is the text that we are using? Today’s technology gives us the great potential to create what we could consider a quality gate for accessibility powered by GenAI. Join us to understand how we made this possible with a custom Lighthouse audit and get ready to improve the accessibility of your websites!
SLSA on GCP: let's mitigate Supply Chain threats en
The recent backdoor inserted in XZ makes us reflect on the ever-increasing importance of inserting mitigation mechanisms on threats to which the entire Supply Chain is exposed in the software development cycle. After introducing a classification of threats through the SLSA security framework, we will see how GCP allows us to address and mitigate the threats.
Even a Byzantine general can agree on lunch en
A group of Byzantine generals, notoriously unreliable and prone to treachery, are trying to agree on lunch.
This situation usually leads to failures. They even invented the "Byzantine generals problem" around it! Why is it so important? Well, imagine having distributed systems that have to agree on something. Oh, wait... isn't it just the same condition?
This talk will be your hilarious guide through the world of consensus algorithms, focusing on Paxos and Raft.
I will show you some examples and talk about products and services using both the algorithms.
Unlocking Data Secrets: Row Level Security with Spring and Hibernate en it
Row Level Security (RLS) lets us to achieve granular data protection in our Spring applications, but how to implement it in an effective way? Triggers, Filters, Aspects, there are a bunch of different approaches, and all of them lead to different considerations. This talk provides an insight into implementing RLS using Spring and Hibernate. We'll explore practical techniques like Hibernate filters, Spring AOP aspects for security enforcement, and robust testing strategies to guarantee data integrity.
K8s Gateway API 101 en
As the Gateway API recently reached the stable level, we really should start switching from Ingresses to a more efficient way to route the requests to our k8s orchestrated services.
We will delve into this role-oriented, expressive and extensible project, with some examples and live demo, comparing it with other major solutions.
Tales of Dockerfile and Buildpacks en
Once upon a time, there were Dockerfiles. And developers used to write them, adding layers and layers on their own, manually. And then came Buildpacks, automating the containers' creation without the need of a Dockerfile. And it was great, if not for...
In this session, we will delve into the pros and cons of Buildpacks, a CNCF's incubating project that aims to automatically generate containers without a Dockerfile, just analyzing the source code of our application.
Si sta come sulle nuvole in un tubo i dati en
Cloud Dataflow è un servizio disponibile sulla Google Cloud Platform che permette di trasformare e arricchire dati sia in modalità stream (real time) che in modalità batch. Il suo approccio serverless per la gestione e il provisioning delle risorse permette di avere a disposizione una potenza elaborativa virtualmente illimitata, pagando soltanto per quello che si utilizza. Ma quali sono le criticità da un punto di vista di uno sviluppatore? Vedremo insieme gioie e dolori di questo strumento potentissimo tramite esempi pratici di elaborazione dati in modalità stream.
Multi-Container Pod Design Patterns in Kubernetes en it
More often than not, a pod contains only one container. And this approach is correct for countless cases, although it is not the only approach we can adopt when we bring our Cloud Native application to a Kubernetes cluster. However, having multiple containers in the same pod brings benefits only in certain cases, mapped by Design Patterns suitably designed to ensure the simplicity of application containers, adding capabilities to solve specific problems using other containers. We will see together the most common patterns in detail, trying to understand in which occasion they are most useful.
How I will explain Kubernetes to my daughter en it
Once upon a time there was Bino, a little elephant who sold feathers. And Bino wanted to explore the world, and he ventured out to sea together with Ual, a whale who taught him to stay on a raft. But Bino wanted to meet many other animals, and learn about the world, and be able to be quick and efficient to sell as many feathers as possible, until he encountered a large ship full of promises and magic.
Kubernetes is a complex system and not at all obvious. It is almost impossible to explain its internal functioning to non-experts, but fairy tales allow us to use our imagination to transform usually complex concepts into something magical. In this talk I will tell you about the mechanisms of container orchestration as I intend to do it with my daughter in a few years, exploiting the magic of fairy tales.
The Agile dance en it
Scrum, Kanban, Scaled, XP. The Agile world has an ever-growing number of methodologies, but always refers to a single Manifesto, which is the main guide for each framework. Beyond methodologies, daily standups, sprint plannings, what can a developer do to be a better Agile developer? Let's retrace the career of a great sport champion like Michael Jordan to find out how Chicago Bull's two three-peats can also give advice in the Dev world.
The Agile dance en it
Scrum, Kanban, Scaled, XP. Il mondo Agile ha un numero di metodologie in continua crescita, ma fa sempre riferimento ad un unico Manifesto, che è la guida principale per ogni framework. Aldilà delle metodologie, dei daily standup, dei sprint planning, cosa può fare uno sviluppatore per essere uno sviluppatore Agile migliore? Ripercorriamo insieme la carriera di un grande dello sport come Michael Jordan per scoprire come i due three-peat dei Bulls possano dare consigli anche nel mondo Dev.
Multi-Container Pod Design Patterns in Kubernetes en it
Spesso e volentieri un pod contiene un solo container. E questo approccio è corretto per innumerevoli casistiche, pur non essendo l'unico approccio che possiamo adottare quando portiamo su un cluster Kubernetes la nostra applicazione Cloud Native. Avere più container in uno stesso pod, però, porta benefici solo in determinate casistiche, mappate da Design Pattern pensati opportunamente per assicurare la semplicità dei container applicativi, aggiungendo capabilities per risolvere problematiche specifiche tramite altri container. Vedremo insieme nel dettaglio i pattern più diffusi, cercando di capire in quale occasione tornano maggiormente utili.
Microservices: Awareness and Discovery Patterns on K8s en it
The potential offered by Kubernetes in orchestrating our microservices puts us with problems that we would not encounter in a monolithic context. Does a single microservice A need to know whether or not there are multiple replicas of a microservice B that it needs to query? And how is it best to solve this problem? These and other cases are the topic we will address, with examples and real use cases.
Microservizi: Awareness e Discovery Pattern su K8s en it
Le potenzialità offerte da Kubernetes nell'orchestrare i nostri microservizi ci mettono di fronte a problematiche che, in un contesto monolitico, non incontreremmo. Il singolo microservizio A deve sapere o meno che esistono più repliche di un microservizio B che ha bisogno di interrogare? E in che modo è maggiormente conveniente risolvere questa problematica? Queste ed altre casistiche sono l'argomento che affronteremo, con esempi e casi d'uso reali.
Come racconterò Kubernetes a mia figlia en it
C'era una volta Bino, un elefantino che vendeva piume. E Bino voleva esplorare il mondo, e si avventurò per mare assieme a Ual, una balena che gli insegnò a stare su una zattera. Ma Bino voleva incontrare tanti altri animali, e conoscere il mondo, e poter essere veloce ed efficiente per vendere quante più piume possibile, fino a quando non incontrò una grande nave piena di promesse e magie.
Kubernetes è un sistema complesso e per nulla scontato. Risulta quasi impossibile spiegarne il funzionamento interno ai non addetti ai lavori, ma le favole ci permettono di usare la fantasia per trasformare concetti solitamente complessi in qualcosa di magico. In questo talk vi racconterò meccanismi dell'orchestrazione dei container così come intendo farlo con mia figlia tra qualche anno, sfruttando la magia delle favole.
Dietro ai segreti dei dati: Row Level Security con Spring e Hibernate en it
Row Level Security (RLS) ci consente di ottenere una protezione granulare dei dati nelle nostre applicazioni Spring, ma come implementarla in modo efficace? Trigger, Filter, Aspect, ci sono diversi approcci, e ognuno di essi porta a considerazioni diverse. In questo talk vedremo i dettagli dell'implementazione di RLS utilizzando Spring e Hibernate. Esploreremo tecniche pratiche come i filtri di Hibernate, gli aspetti Spring AOP per l'applicazione della sicurezza e solide strategie di test per garantire l'integrità dei dati.
The good, the bad, the native en
Native image from GraalVM offers a good, wonderful way to optimize our application, written for the JVM, and transform it in a native executable that will guarantee low startup times, low resources consumption, high performances.
A lot of libraries and frameworks are still not ready for this, and that's bad!
Come discover my personal journey in the native compilation of a JVM-based application. We will see the good things, as well as the pains, the struggles and some of the ways I've found to be effective to solve difficult moments.
"Spanner"ing the competition: a wrench in the battle of SQL vs NoSQL en
Key-value store, but with a SQL interface. Shard-like, globally distributed, but with a full support for ACID transaction and TrueTime deceiving time under the hood. The power of Google Cloud Platform that brings scalability to a high standard. In this talk we will discover how Spanner can guarantee a strong consistency while seamlessly scaling and distributing datas all around the world: is it SQL or NoSQL? Or maybe we have a NewSQL?
OpenTelemetry and Black Holes: a security matter en
OpenTelemetry collector helps us to enable observability in an easy way. But are we aware of the security threats we could encounter if we are not using it correctly? Just think about the exposure of sensitive data... This talk wants to cover some of the vulnerabilities, and more importantly, to show the best practices we should implement when using observability tools like OpenTelemetry.
The sound of malware en it
Hello CVEs, my old friends
I've come to deal with you again
Because a backdoor softly creeping...
Ops, sorry, we were singing out loudly. That's something we keep doing everytime a new vulnerability breaks in our daily routine. Lately, that has happened because of our software's dependencies, more and more often. Log4J, you say? Oh, well, let's not forget about XZUtils! Supply chain attacks, they call them. We started dealing with them to the rythm of SLSA (read "salsa"), but then we noticed that we could do more. A lot more! And we turned our malicious binaries into...well, waveforms, music. And we started rocking them! By reading those binaries like if they were normal waveforms, and by analyzing them with some math (Cepstum, Fourier series, etc.) we created a model that aims to detect if a dependency is malicious. And also, to classify it by the type of malware. Fascinating, isn't it? The sound of malware...
The sound of malware en it
Hello CVEs, my old friends
I've come to deal with you again
Because a backdoor softly creeping...
Ops, scusate, stavamo cantando a voce alta. È qualcosa che facciamo ogni volta che una nuova vulnerabilità irrompe nella nostra routine quotidiana. Ultimamente e sempre più spesso, ci è capitato di farlo per colpa delle dipendenze del nostro software. Log4J, dite? Oh, beh, non dimentichiamoci di XZUtils! Attacchi alla supply chain, li chiamano. Abbiamo iniziato ad affrontarli al ritmo di SLSA (leggi "salsa"), ma poi abbiamo notato che si poteva fare di più. Molto più! E abbiamo trasformato i nostri binari malevoli in... beh, forme d'onda, musica. E abbiamo iniziato a farci del rock! Leggendo questi binari come se fossero normali forme d'onda musicali e analizzandoli con un po' di matematica (Cepstum, serie di Fourier, ecc.) abbiamo creato un modello che mira a rilevare se una dipendenza è dannosa. E classificarlo in base al tipo di malware. Affascinante, vero? The sound of malware...
SharpCoding 2024 Roma Sessionize Event
DevFest Venezia 2023 Sessionize Event
DevFest Milano 2023 Sessionize Event
DevFest Pisa 2023 Sessionize Event
DevFest Bari 2022 Sessionize Event
DevFest Pisa 2020 Sessionize Event
GDG DevFest Urbino 2019 Sessionize Event
GDG DevFest Pescara 2019 Sessionize Event
Gregorio Palamà
GDE Cloud | Mia-Platform Expert | Senior Enterprise Architect @ Adesso | Community Manager @ GDG Pescara
Pescara, Italy
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top