Thoughts on cybersecurity, open source, SDR, and technology experiments.
Canary tokens are fake credentials, URLs, and files you plant in your infrastructure to detect breaches before your SIEM wakes up. Here's how to wire them in and actually get alerted.
Most databases only store the current state โ the last write wins and history vanishes. Event Sourcing flips this on its head: store what happened, derive what is. Here's how to apply it without drowning in ceremony.
Every engineering team eventually faces the IDP question: do you stitch together Backstage, Argo, and a dozen other tools, or pay for something that just works? Spoiler โ the answer is messier than a vendor's pricing page.
Containers are not virtual machines. That mental model mismatch is exactly what attackers exploit to break out of your 'isolated' workloads and own the host.
A 503 page is not a resilience strategy. Learn how to design services that deliver reduced-but-real value when dependencies fail โ fallback chains, stale caches, and the art of saying 'here's what I can still do.'
100% code coverage and a green CI pipeline โ yet silent logic bugs still sneak into production. Mutation testing is the brutal honesty your test suite has been avoiding.
Attackers published public packages with the same names as your private ones โ and package managers installed them anyway. Here's how dependency confusion works, why it's still biting teams in 2026, and how to shut the door.
Adding a userId label to your metrics sounds harmless โ until Prometheus runs out of memory. Here's what high cardinality actually means, why it kills time-series databases, and how to get useful per-user insights without nuking your infra.
Everyone wants a multi-region architecture until they see the bill. Here's a clear-eyed breakdown of when active-active across AWS regions is genuinely worth it โ and when a read replica and a CDN will quietly solve the same problem for a fraction of the cost.
You add a cache and everything gets faster โ until the cache expires and 10,000 requests simultaneously obliterate your database. Here's how cache stampedes happen and how to stop them.
Encrypting the disk or the connection is table stakes. If a stolen backup or a rogue SQL query exposes your users' SSNs in plaintext, you had encryption theater โ not encryption. Here's how field-level encryption actually works.
Drift detection catches problems after the fact. Policy as code stops them at the gate โ before a misconfigured S3 bucket or an unrestricted security group ever touches your cloud account.