Practical articles on AI, DevOps, Cloud, Linux, and infrastructure engineering.
We use blue-green for stateful services where canary doesn't fit. The actual mechanics, the data-layer subtleties, and when blue-green isn't the right answer.
We collect ~800GB of logs per day across our fleet. The shape of our logging stack, what we keep, what we drop, and what we'd build differently.
A focused look at the techniques that shrink container images: which actually pay off, which are folklore, and the discipline that keeps images small over time.
We've had to restore a Kubernetes cluster from backup twice. Once it worked. Once it took 14 hours. Here's the strategy we run now.
We ran Istio for a year, then switched to Linkerd. Both can do the job. The decision came down to operational fit, not features.
We scan every container image in CI and at runtime. Trivy + Cosign + admission controllers. The setup that earns its place and what we wish we'd known.
How a packet actually gets from the internet to a pod, walked layer by layer. Plus the things that surprise people the first time they hit them.
Prompt injection, data leakage, jailbreaks, and the boring controls that actually keep production AI features safe. The threat model that matters once you ship.
A flat VPC is fine until you need to prove who can reach what. Five segmentation patterns that work in AWS without requiring a service mesh.
We had four different patch cadences across our fleet and routinely missed CVEs by weeks. The unified workflow that finally caught up.
Harden container images and runtime. Image scanning, minimal base, and supply chain security.
AWS bill grew 40% YoY for two years before we got serious. Tagging, scoped budgets, and a weekly review meeting did 80% of the work.
