Andrea Cervesato

From Alerting to Inference: Metrics Never Stopped Mattering

Tue, 07 Apr 2026 00:00:00 +0000

Your LLM is slow. Users are complaining. Queues are growing. Someone on the team is already profiling the model, looking at batch sizes, considering a bigger GPU.

Nine times out of ten, the answer is already in the metrics.

I’ve spent most of my career staring at metrics. Bare-metal servers, Kubernetes clusters, managed services on public cloud. And if there’s one thing I keep re-learning, it’s that the infrastructure is lying to you, and you’re not asking the right questions.

This isn’t a new lesson. Same lesson, different domain.

Making an NVIDIA eGPU Actually Work on Linux (The Hard Way)

Fri, 27 Mar 2026 00:00:00 +0000

I have a Framework Laptop 13 (Intel 13th gen) and an RTX 3070 sitting in a Thunderbolt 3 eGPU enclosure. On Windows it just works. On Linux, I got this:

NVRM: This PCI I/O region assigned to your NVIDIA device is invalid:
NVRM: BAR1 is 0M @ 0x0 (PCI:0000:04:00.0)

The GPU was right there on the PCI bus. The driver loaded. And then it gave up because BAR1 — the 256MB framebuffer aperture the GPU needs to function — had zero bytes allocated. A 220W GPU reduced to a very expensive space heater.

I spent the better part of a weekend on this. Here is what I found.

About

Sat, 21 Mar 2026 00:00:00 +0000

I’m Andrea Cervesato, based in Milan, Italy. I work on infrastructure — mostly cloud, mostly Kubernetes, mostly trying to keep things from falling over.

I started in 2004 doing sysadmin work on HP-UX boxes in a telco. Since then I’ve racked servers, run cables, debugged things at 3 AM, and slowly moved up the stack from bare metal to cloud. Along the way I picked up some certifications, some scars, and a healthy distrust of slides that say “it just works.”

Maslow's Hammer and the MCP Debate

Sat, 21 Mar 2026 00:00:00 +0000

A few days ago, a Principal Software Engineer at Red Hat posted a one-liner on LinkedIn that split the comments section in half:

“MCP is a layer of unnecessary indirection. A properly documented REST API is enough and works for everyone, not just agents.”

33 reactions, 13 comments, and a thread that surfaced some genuinely good arguments on both sides. I jumped in with my take, but a LinkedIn comment is not the right format for a nuanced opinion. So here’s the long version.

Kill Your Service Account Keys: Secure GitLab CI/CD on Google Cloud

Sun, 15 Dec 2024 00:00:00 +0000

If your CI/CD pipeline authenticates to Google Cloud with a service account key stored in a CI variable, you have a problem. You might not know it yet, but you have a problem.

That JSON key file is a static credential. It doesn’t expire (unless you rotate it, which you don’t). It has no context about who or what is using it. If it leaks — and CI variables leak more often than anyone admits — an attacker gets the same access your pipeline has. Forever, or until someone notices.

So I built a POC to try the alternative: a keyless, signed, vulnerability-gated pipeline from GitLab to Google Cloud. No service account keys. No stored secrets.

Four People, Four Datacenters, Three Thousand Servers

Thu, 08 Jun 2023 00:00:00 +0000

In 2015 I joined Irideos (then KPNQwest Italia) as a Cloud Architect. The job sounded fancy. The reality was four datacenters, roughly three thousand servers, a team of four engineers, and a budget that could generously be described as “creative.”

This is the story of how we made it work — and what I still carry from that experience today.