RootNode.es

Es un placer poder apoyaros y colaborar con vosotros.

Nos morimos de ganas de aprender compartiendo experiencias con los asistentes. ✨💖

Imagen con fondo negro que presenta a RootNode.es como sponsor oficial de #SOSZ26. A la izquierda aparece su logotipo junto al nombre de la marca y, separado por una línea vertical, a la derecha se muestra el nombre del evento Startup Open Space acompañado del logotipo de Cachirulo Valley. Debajo se indica Zaragoza y la fecha 21 de marzo de 2026. En la parte inferior se lee “Sponsor oficial #SOSZ26”. El diseño mantiene una estética limpia y corporativa que destaca la colaboración entre la empresa patrocinadora y el evento.

¡Un sponsor salvaje del #SOSZ apareció!
Por primer año, @rootnode.es patrocina el #SOSZ26

En RootNode.es hacen marketing técnico y de producto. 🗣️
Ayudan a startups a conectar con su audiencia mediante contenido técnico que educa, inspira, y soluciona sus problemas.

How to run rootless containers | Sysdig Discover how to run containers without root, adapt images for unprivileged users, and use capabilities and user namespaces to reduce container escape risk.

Running workloads unprivileged is one of security's best practices. Discover with Matt Kim, @captaingolo.net and @sysdig.com several strategies to run rootless containers:

🛠️ What to modify in your images.
👥 How to use User Namespaces.
🔐 When to use Capabilities.

www.sysdig.com/blog/how-to-...

AI is still a workload: A practical guide to securing AI workloads | Sysdig AI workloads aren’t magic — they’re code running on servers, and they need the same security fundamentals as any other workload. This article breaks down the key risks and mitigations for three common...

🔮 AI looks like black magic.
🤖 However it’s made of old-style servers and APIs.

Secure:
- LLM clients like any SaaS.
- External agents like APIs.
- Your own agents like other backend workloads.

Learn more in this article by @alejandrovu.bsky.social for @sysdig.com
www.sysdig.com/blog/ai-is-s...

Holidays greeting card surrounded by christmas decorations

3D Printed tree decoration ball

3D Printed tree decoration ball, next to the flat parts it is made of.

Happy Holidays! We wish you a joyful 2026.

To celebrate the new year, we designed a tree decoration you can 3D print yourself. It's a ball formed by three flat stripes that fold. Check it out here:
rootnode.es/misc/2025-ne...

Kubernetes 1.35 - New security features | Sysdig Discover the new security features in Kubernetes 1.35, from breaking changes like cgroup v1 removal to safer defaults for auth, images, and namespaces.

🚮 Kubernetes 1.35 is letting go of some old technology:

cgroup v1 in favor of cgroup v2
SPDY in favor of WebSockets
gogo protobuf in favor of standard libs

ℹ️ www.sysdig.com/blog/kuberne...

Kubernetes 1.35 - New security features | Sysdig Discover the new security features in Kubernetes 1.35, from breaking changes like cgroup v1 removal to safer defaults for auth, images, and namespaces.

🔑 Token secrets for CSI drivers in Kubernetes 1.35:

🗂️ New field to provide secrets to CSI drivers.
🛡️ Keeping sensitive data separate from configuration.

ℹ️ www.sysdig.com/blog/kuberne...

Kubernetes 1.35 - New security features | Sysdig Discover the new security features in Kubernetes 1.35, from breaking changes like cgroup v1 removal to safer defaults for auth, images, and namespaces.

🦹🏻 Constrained impersonation in Kubernetes 1.35:

💡 Impersonator: User acting as another user.
🚧 They are now limited to their original permissions.
🛡️ This prevents privilege escalations.

ℹ️ www.sysdig.com/blog/kuberne...

Kubernetes 1.35 - New security features | Sysdig Discover the new security features in Kubernetes 1.35, from breaking changes like cgroup v1 removal to safer defaults for auth, images, and namespaces.

🌐 User namespaces when using the host network in Kubernetes 1.35:

🛡️ Pods using the host network no longer need to also use the host users.
🔐 They can run as privileged without being root.

ℹ️ www.sysdig.com/blog/kuberne...

Kubernetes 1.35 - New security features | Sysdig Discover the new security features in Kubernetes 1.35, from breaking changes like cgroup v1 removal to safer defaults for auth, images, and namespaces.

🪪 Increased verifications when pulling images in Kubernetes 1.35:

🔎 Performs credentials check when accessing images, not only on pull.
👥 To keep images secure in multi-tenant clusters.

ℹ️ www.sysdig.com/blog/kuberne...

Kubernetes 1.35 - New security features | Sysdig Discover the new security features in Kubernetes 1.35, from breaking changes like cgroup v1 removal to safer defaults for auth, images, and namespaces.

Kubernetes 1.35 brings changes around security:

🚮 Removal of cgroup v1 support
🪪 Increased verifications when pulling images
🦹🏻 Limits to impersonation
🌐 User namespaces when using the host network
🔑 Token secrets for CSI drivers

And more!
www.sysdig.com/blog/kuberne...
#Kubernetes #Security #k8s

🔥 Codex can help with the basics. It correctly identifies the source of the alert and can create a GitHub issue.

💣 However, it doesn’t explain things correctly and can be manipulated to ignore some data. You must supervise it.

This article covers this use case by connecting Codex to several MCPs.

First, retrieves a list of alerts using the Sysdig MCP

Then investigates the issue with the GitHub MCP without downloading the code.

It ends by creating a GitHub issue with context for the relevant team to implement a fix.

🤔 Should you use AI to investigate security alerts?

The one investigating a security alert is not usually who wrote the code that triggered the alert, so they struggle investigating if it’s a real security incident.

🤖 Can AI help here?

Check the full experiment at:
www.sysdig.com/blog/investi...

Why Chat Control, the European Proposal for Scanning Private Communications, is a Shitshow Chat Control is the popular name given to a regulation proposal inside the European Council to scan all private communications in hopes of protecting children from sexual abuse. It expands over the ex...

🚨 Europe almost turned into a police state. 🇪🇺👀

📝 A regulation proposal referred to as ”Chat Control” aimed to protect children by spying on all private communications.

Discover why Chat Control is both ineffective and dangerous.
rootnode.es/blog/chat-co...

Cutting Edge Technology is not a Feature History is full of visionary products that didn’t sell well. What happened? And, what can we learn to save our startup from that fate?

🎉 ¡First Article in our blog! → Most technology startups position their technology as a game-changer. However, their clients just want solutions to their problems.

👀 Let’s analyze some failures and successes and see what we can learn from them.

rootnode.es/blog/technol...

Selfie of capitangolo smiling and pointing to a computer screen. The computer screen shows the rootnode.es website. Capitangolo wears a white, blue, and green striped t-shirt on a similar palette to the website.

We are open for business! 🎉

At RootNode.es, we craft messaging that aligns with the pains of your potential clients and highlights the value of your product.

Then, we produce engaging content that organically pushes that messaging and positions your brand.

We would love to work with you. Ping us!