Hi! 👋 my name is Andrea Manzini. I’m an Unix System Administrator and a developer. As you can see, I enjoy minimalism and pragmatic solutions for a problem. I am focused on delivery, curious and enjoy learning new things. If you are interested, you can find my resume following this link or contact me using social links on this page. If you appreciate my work, you can buy me a book from my Amazon Wishlist. Thanks!
Mid 2026 recap: coding, conferences, and workshops
📝 Too Long; Didn’t Read We are already at the halfway mark of 2026, and these first six months have been intense. Between coding, conferences, and workshops across Europe, I worked on systems management, green computing, local AI, and software security. This post is a recap of the projects and talks that shaped my February-to-June journey. 🛠️ February to May: deep dive into the Uyuni project For the first four months of this year, my main engineering focus was almost entirely dedicated to the fascinating world of the Uyuni project. If you have not had a chance to work with it yet, Uyuni is an incredibly powerful, completely open-source configuration and infrastructure management solution. It originally started as an evolution of Spacewalk, and today it serves as the upstream community project that feeds directly into SUSE Multi-Linux Manager, which was formerly known as SUSE Manager. ...
How much code are you testing ? (4)
🧭 Where we left off Welcome back to our ongoing series on measuring test coverage for binary programs! In part 1 we used Go’s built-in -cover flag — clean and accurate, but only works if you own the source and can recompile. In part 2 we used valgrind and gdb to trace gzip without touching its source. In part 3 we explored Intel PIN, a proper dynamic binary instrumentation framework — powerful, but it came with a ~100MB proprietary C++ SDK and was limited to x86_64. ...
Flatpak: unboxing the sandbox
📦 That new package smell We’ve all been there: you see a shiny new app on GitHub and you want to “unwrap” it immediately. But in the traditional Linux world, opening a package often feels like opening a box of glitter in your living room—before you know it, dependencies are scattered everywhere, and you’re still finding weird library versions in /usr/lib three months later. This is why I’ve started reaching for the Flatpak. It’s like an unboxing experience where the box stays a box. You get all the “goodies” inside, but the mess stays contained. Let’s see what happens when we tear off the shrink-wrap. ...
Landlock idiomatic sandboxing in Nim
👋 Intro If you have ever spent time hardening Linux applications, you probably know the frustration of the all-or-nothing permission model. In the standard Linux environment, once a process starts running, it usually has far more filesystem access than it actually needs. While we have tools like seccomp, chroot, or heavy-duty modules like SELinux and AppArmor, they often feel too complex for simple, application-level sandboxing. Landlock changes this. Since its merge into the Linux kernel in version 5.13, it has become a game-changer for developers. It allows a process to restrict itself without requiring root privileges, moving security away from global system policies and directly into your application code. ...