poke
LightNews LightNews
cg9rzqo.bsky.social
poke
@cg9rzqo.bsky.social
6 followers 2 following 7 posts
Posts Replies Media Videos
cg9rzqo.bsky.social
I walk through how we at Riptides run our kernel module in a real, production-like environment using a debug kernel inside actual Kubernetes clusters.

riptides.io/blog-post/fr...
From Build to Root Cause: How Riptides Debugs Its Kernel Module in Real Clusters
At Riptides, SPIFFE-based identities and encrypted communication start in the kernel. When your trust fabric lives that deep, fast builds and full test coverage aren't optional, they're essential. In ...
riptides.io
November 24, 2025 at 1:32 PM
cg9rzqo.bsky.social
Pushing the boundaries of kernel development! In my latest post, I share how I tackled the challenges of building kernel drivers using GitHub, overcoming some of the native limitations along the way.

riptides.io/blog-post/be...
Beyond the Limits: Scaling Our Kernel Module Build Pipeline Even Further
For Riptides, secure SPIFFE-based workload identities and encrypted communication begin in the kernel. When your trust fabric runs that deep, build speed and coverage become mission-critical. This pos...
riptides.io
October 20, 2025 at 1:17 PM
cg9rzqo.bsky.social
We ran WebAssembly inside the Linux kernel to evaluate Open Policy Agent policies in real-time. It was fast. It was elegant. It was... a nightmare to maintain.

Here's what we learned moving from kernel-space WASM to user-space policy evaluation.

riptides.io/blog-post/fr...
From Kernel WASM to User-Space Policy Evaluation: Lessons Learned at Riptides
At Riptides, we issue identities directly to workloads in the kernel and use OPA policies to secure and orchestrate their communication. These policies govern socket connections in real time, allowing...
riptides.io
October 6, 2025 at 6:20 PM
cg9rzqo.bsky.social
Securing workloads starts with SPIFFE-based identity and that identity starts in the kernel. Here’s how we built an automated system to compile, test, and ship hundreds of secure kernel modules daily.

riptides.io/blog-post/bu...
Building Linux Driver at Scale: Our Automated Multi-Distro, Multi-Arch Build Pipeline
Managing driver builds for every major Linux distribution, kernel version, and architecture can be challengeing.
riptides.io
July 28, 2025 at 11:26 AM
cg9rzqo.bsky.social
riptides.io/blog-post/sh...
SharePoint Under Siege: Lateral Movement Is Still Security’s Blind Spot
The ToolShell SharePoint 0-day shows how easily attackers move laterally once inside - even without escalated privileges. Riptides stops this by enforcing per-process mTLS, posture checks, SPIFFE-base...
riptides.io
July 24, 2025 at 9:40 AM
cg9rzqo.bsky.social
Most workload identity systems are flawed:
– Identity is assigned to neighboring processes
– Trust boundaries are blurred
– Lateral movement becomes trivial

It's time for kernel-level identity. No sidecars, no proxies.

riptides.io/blog-post/re...
Rethinking Workload Identity at the Kernel Level
Today’s workload identity systems are overengineered, inefficient, and fundamentally misplaced. Relying on userspace constructs like sidecars and proxies have worked at smaller scale — but they break ...
riptides.io
July 14, 2025 at 5:51 PM
cg9rzqo.bsky.social
riptides.io/blog-post/se...
Securing MCP Communication with Riptides
Agentic workload security is becoming increasingly important in today’s AI-driven world. This post explores how Riptides secures communication between agents and MCP servers using kernel-level mTLS, S...
riptides.io
June 30, 2025 at 4:31 PM