Categories

Jacar categories — explore the topics A rocket whose eyes follow your cursor.
Architecture

Platform engineering: consolidation after the boom

After three years of expansion and an overheated ecosystem around the term, platform engineering enters 2025 in a consolidation phase. The internal platforms that survive are the ones that understood their real function; those that mistook the label for the solution are dismantling their teams or cutting them drastically.

Artificial Intelligence

Testing with AI: the determinism problem

Probar sistemas que incluyen modelos de lenguaje rompe la primera regla del testing: la misma entrada da la misma salida. Analizo las estrategias que han funcionado tras un año largo integrando IA en productos reales, por qué los tests deterministas tradicionales no bastan y cómo plantear un cinturón de pruebas que capture regresiones sin bloquearse en la varianza.

Methodologies

Carbon-aware computing: now the default behavior

Four years ago it was an academic curiosity. Today, scheduling workloads by grid carbon intensity is a built-in option in Kubernetes, in several cloud provider services, and in CI tooling. We look at what genuinely changed and what is still more promise than practice.

Methodologies

User research in the age of generative AI

Los equipos de producto están tentados de sustituir entrevistas y tests reales por síntesis de IA. Dos años de experiencia ya permiten separar dónde la IA ayuda de verdad y dónde genera una falsa sensación de entender al usuario.

Methodologies

Migrating SSH to post-quantum cryptography: a practical guide

OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.

Methodologies

Continuous profiling with eBPF in production

Continuous profiling with eBPF samples every process's execution stack every few milliseconds without touching the code, then stores the history so you can compare last week's performance with today's. The cost measured in production runs between 1% and 3% of CPU, and it pays off most in databases, API gateways and high-concurrency services.

Methodologies

VEX: filtering vulnerability noise with context

Después de años acumulando SBOMs, el cuello de botella es filtrar qué CVEs afectan de verdad. VEX aparece como la pieza que convierte el ruido en señal, y en 2025 empieza a tener adopción real en pipelines de supply chain.

Methodologies

Semgrep: modern SAST in your pipeline

Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.

Methodologies

SLSA v1.0: a mature framework for the software supply chain

SLSA v1.0 splits software supply-chain security into three tracks (Build, Source, and Dependencies), of which only Build is stabilized, with three levels: L1, L2, and L3. If you build in GitHub Actions, reaching L2 with Sigstore-signed provenance takes a few hours and is the starting point I recommend to any team.

Artificial Intelligence

How to Evaluate a RAG System Without Fooling Yourself

Measuring RAG quality rigorously takes more than skimming a handful of answers: it requires objective metrics (faithfulness, relevance, context precision, and coverage), a golden set of hundreds of curated questions, and regular human validation of the LLM judge to avoid misleading conclusions.

Methodologies

Green Software Principles: A Checklist for Teams

Software is not immaterial: every request and database query consumes electricity with a carbon footprint. The Green Software Foundation encodes eight practical principles to reduce that footprint without rewriting systems. The result is a more efficient service, a lower cloud bill, and readiness for ESG regulation.

Artificial Intelligence

LLM Observability: Traces, Costs, and Quality

LLM applications need three distinct observability planes: prompt and response traces for debugging hallucinations, per-token and per-feature cost tracking, and response quality evaluation. Mature tools like Langfuse, LangSmith, and Helicone cover all three planes with specific instrumentation.