Categories

Jacar categories — explore the topics A rocket whose eyes follow your cursor.
Artificial Intelligence

LLM guardrails: frameworks and their real cost

Guardrails frameworks promise to filter language-model inputs and outputs to block data leaks, harmful content, or hallucinations. After evaluating four of the most popular ones in production, I cover what they actually do, what latency and billing cost they add, and when they pay off over simpler controls.

Artificial Intelligence

AI agent observability: what to instrument first

Agents that chain calls to models, tools and memory are hard to debug without instrumentation designed for them. After a long year running agents in production, I cover what to measure first, which standards are consolidating, and which costly mistakes are avoided by getting the traces right from the start.

Architecture

Platform engineering: consolidation after the boom

After three years of expansion and an overheated ecosystem around the term, platform engineering enters 2025 in a consolidation phase. The internal platforms that survive are the ones that understood their real function; those that mistook the label for the solution are dismantling their teams or cutting them drastically.

Artificial Intelligence

Testing with AI: the determinism problem

Probar sistemas que incluyen modelos de lenguaje rompe la primera regla del testing: la misma entrada da la misma salida. Analizo las estrategias que han funcionado tras un año largo integrando IA en productos reales, por qué los tests deterministas tradicionales no bastan y cómo plantear un cinturón de pruebas que capture regresiones sin bloquearse en la varianza.

Methodologies

Carbon-aware computing: now the default behavior

Four years ago it was an academic curiosity. Today, scheduling workloads by grid carbon intensity is a built-in option in Kubernetes, in several cloud provider services, and in CI tooling. We look at what genuinely changed and what is still more promise than practice.

Methodologies

User research in the age of generative AI

Los equipos de producto están tentados de sustituir entrevistas y tests reales por síntesis de IA. Dos años de experiencia ya permiten separar dónde la IA ayuda de verdad y dónde genera una falsa sensación de entender al usuario.

Methodologies

Migrating SSH to post-quantum cryptography: a practical guide

OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.

Methodologies

Continuous profiling with eBPF in production

Continuous profiling with eBPF samples every process's execution stack every few milliseconds without touching the code, then stores the history so you can compare last week's performance with today's. The cost measured in production runs between 1% and 3% of CPU, and it pays off most in databases, API gateways and high-concurrency services.

Methodologies

VEX: filtering vulnerability noise with context

Después de años acumulando SBOMs, el cuello de botella es filtrar qué CVEs afectan de verdad. VEX aparece como la pieza que convierte el ruido en señal, y en 2025 empieza a tener adopción real en pipelines de supply chain.

Methodologies

Semgrep: modern SAST in your pipeline

Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.