Riccardo Padovani

Hi! In this corner of web you'll find my posts about different topics in the C.S. field: I'm a Solutions Architect with a strong passion for F/OSS and bug bounties!

Introducing Daintree.app: an opensource alternative implementation of the AWS console.


aws and daintree.app

Daintree.app is a website to manage some of your AWS resources: since this is an early preview, at the moment, it supports a subset of Networking, EC2, SQS, and SNS

Read More

Leveraging AWS Lambda to notify users about their old access keys


aws

I love to spend time trying to automatize out boring part of my job. One of these boring side is remembering people to rotate AWS Access Keys, as suggested also by AWS in their best practices.

Read More

My year on HackerOne


security

Last year, totally by chance, I found a security issue over Facebook - I reported it, and it was fixed quite fast. In 2018, I also found a security issue over Gitlab, so I signed up to HackerOne, and reported it as well. That first experience with Gitlab was far from ideal, but after that first report I’ve started reporting more, and Gitlab has improved its program a lot.

Read More

Exploring Gitlab Visual Reviews


gitlab

With version 12.0 Gitlab has introduced a new interesting feature: Visual Reviews! You can now leave comments to Merge Requests directly from the page you are visiting over your stage environment, without having to change tab.

Read More

Using AWS Textract in an automatic fashion with AWS Lambda


aws

During the last AWS re:Invent, back in 2018, a new OCR service to extract data from virtually any document has been announced. The service, called Textract, doesn’t require any previous machine learning experience, and it is quite easy to use, as long as we have just a couple of small documents. But what if we have millions of PDF of thousands of page each? Or what if we want to analyze documents loaded by users?

Read More

Responsible disclosure: improper access control in Gitlab private project.


security

As I said back in September with regard to a responsible disclosure about Facebook, data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a practical side.

Read More

Glasnost: yet another Gitlab's client.


gitlab and glasnost

I love Gitlab. I have written about it, I contribute (sporadically) with some code and I am a big fan of their CI/CD system (ask my colleagues!). Still, they need to improve on their mobile side.

Read More

Responsible disclosure: retrieving a user's private Facebook friends.


security

Data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a pratical side.

Read More

AWS S3 + GitLab CI = automatic deploy for every branch of your static website


gitlab and aws

You have a static website and you want to share to your team the last changes you have done, before going online! How to do so?

Read More

A generic introduction to Gitlab CI


gitlab and gitlab ci

At fleetster we have our own instance of Gitlab and we rely a lot on Gitlab CI. Also our designers and QA guys use (and love) it, thanks to its advanced features.

Read More