Categories

Jacar categories — explore the topics A rocket whose eyes follow your cursor.
Architecture

Docker Swarm in 2023: When It Still Makes Sense

Kubernetes won the orchestration battle, but Docker Swarm stays maintained inside Docker Engine and makes real sense for small teams without dedicated SRE, self-hosted stacks on 1-5 VPS, and edge mini-clusters. In those contexts, Swarm's minimal learning curve and low operational cost outweigh Kubernetes's advanced features.

Industry 4.0

Humanoid robotics: beyond the viral videos

Humanoid robotics left the trade-show floor for factory floors and warehouses during 2025 and 2026. Which companies have really deployed units, which tasks fit, what real costs look like, and where humans remain unbeatable.

Methodologies

Carbon-aware scheduling by default: first balance

A principios de 2026, varias plataformas de orquestación incluyen carbon-aware scheduling como opción por defecto o muy visible. Con meses de datos reales, toca evaluar si la promesa de reducir emisiones sin dañar rendimiento se cumple y en qué escenarios.

Architecture

Kubernetes 1.35: what you can already see coming

Con 1.34 liberado en agosto de 2025 y el ciclo de 1.35 en su última fase de congelación de funciones, qué llegará estable, qué quedará en beta, qué nos interesa a quienes mantenemos clústeres pequeños o medianos y qué podemos ignorar sin culpa hasta el siguiente ciclo.

Technology

Observability tools I would recommend in 2026

After a decade of Prometheus, three years of consolidation around OpenTelemetry, and the open stack now mature with Grafana, Loki, and Tempo, concrete recommendations for teams starting or reviewing their observability layer: what fits, what is excess, and what to avoid.

Architecture

containerd with Wasm: mixed workloads in production

La integración de WebAssembly dentro de containerd como tiempo de ejecución alternativo ha madurado. Ya es posible desplegar cargas mixtas Linux y Wasm en el mismo clúster de Kubernetes con argumentos operativos sólidos. Cuándo compensa y cuándo no.

Technology

Quantum computing: real progress without hype

After a decade of grandiose headlines, quantum computing enters this cycle with more honest metrics, thousand-physical-qubit machines, and the first serious signs of error correction at scale. It pays to separate what already works from what remains research.

Technology

Fly.io: deploying globally without complicating your life

Fly.io has spent years selling the idea that deploying an application across several regions should be almost as simple as pushing an image and writing one config line. After several real projects on the platform, here is an honest read on what it delivers, what is missing, and who it is worth choosing over more classic options.

Architecture

Citus: scaling Postgres horizontally without leaving it

Tras la adquisición por Microsoft en 2019, Citus vivió un limbo comercial que terminó con Microsoft abriendo el código completo en 2022. Tres años después, la extensión de particionado para Postgres ha madurado y ofrece una ruta práctica para escalar sin abandonar el motor que ya conoces. Un repaso honesto.

How to Install

How to Install Authentik for Self-Hosted SSO

Authentik is one of the sturdiest self-hosted identity projects in the open-source landscape. A practical Docker Compose install guide, the Redis-free architecture since 2025.10, and the real friction points of a first install.

Technology

Post-quantum cryptography in TLS: real-world adoption

Post-quantum cryptography stopped being an academic topic once Cloudflare, Google, and Apple put ML-KEM hybrids into production. By 2025 it already covers the majority of real web traffic. A look at where adoption stands, where friction still shows up, and what to review in your own infrastructure.

Technology

Dragonfly: the modern cache inspired by Redis

Dragonfly lleva tres años como alternativa compatible con Redis, pero con arquitectura multihilo y sin fork para persistencia. En 2025 ya no es una curiosidad: hay despliegues serios que lo eligen por coste y latencia. Repaso de qué cambia y cuándo compensa mirarlo con calma.

Methodologies

Migrating SSH to post-quantum cryptography: a practical guide

OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.

Technology

Mesh networks with WireGuard without losing your mind

WireGuard is simple over a single link, but hand-building a multi-node mesh quickly turns into a tangle of keys and routes. Patterns that work, when pure WireGuard earns its keep, and when it is worth leaning on Tailscale or Headscale instead.

Mac

Apple M4 Pro on developer machines: real-world experience

I have spent six months using a MacBook Pro with M4 Pro as my main development machine. I lay out what has genuinely changed versus the previous M2 Pro, where the jump is noticeable, and where the investment is not justified if you already own a recent machine.

Architecture

containerd 2.0 in production: real migrations

Six months after containerd 2.0 reached general availability there is enough real-world mileage to judge the migration from the 1.x branch in production. We cover what changes in the config file, what breaks on Kubernetes and Docker Swarm, and when planning the jump actually pays off.

Methodologies

Semgrep: modern SAST in your pipeline

Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.

Technology

Deno 2.0: Node compatibility without losing identity

Deno 2.0 salió en octubre de 2024 con una apuesta clara: compatibilidad seria con npm, pnpm, package.json y node_modules, manteniendo la identidad del runtime. Medio año después, miramos qué ha supuesto para proyectos reales y dónde sigue cojeando.

Technology

Final NIST PQC standards: what to do with them now

NIST published the final post-quantum cryptography standards in August 2024. Six months on, it is time to move from headline to plan: crypto inventory, crypto-agility, a realistic timeline, and the typical mistakes of teams jumping in now.

Software Development

WASI preview 3: threads and async in WebAssembly

WASI 0.3, also known as preview 3, was ratified on June 11, 2026, adding native asynchronous concurrency to the WebAssembly component model through streams, futures, and async functions. It fixes old fragmentation across languages and runtimes, enables real composition between Wasm services, and paves the way for cooperative threads planned in upcoming 0.3.x releases.

Mac

Apple Silicon M3 and M4: The Silent Advance in Portable Computing

M3 and M4 solidified the Apple Silicon advantage: unified memory up to 128 GB shared across CPU, GPU, and Neural Engine; 12 to 16 hours of real battery life; and a 38-TOPS Neural Engine that runs large language models directly on the laptop. The practical difference for developers is measurable.

Technology

Vector: A Log Agent Worth Trying

Vector is the Datadog observability agent, written in Rust with its own transformation language VRL. Typically 30-100 MB memory, handling logs, metrics, and traces from dozens of sources. The right choice when pipelines are too complex for Fluent Bit and a modern alternative to Logstash.

Technology

eBPF for Continuous Profiling: Parca and Beyla

eBPF-based continuous profiling captures CPU flame graphs for every process on a Linux node around the clock, without instrumenting code or restarting services, at under 1% overhead. Parca covers the whole cluster, Beyla adds automatic HTTP/gRPC metrics and traces, and Pyroscope brings native per-language detail to the most critical services.

Technology

NIST PQC: The Post-Quantum Cryptography Standards

In August 2024, NIST published its first finalized post-quantum cryptography standards: FIPS 203 (ML-KEM) for key exchange, FIPS 204 (ML-DSA) for digital signatures, and FIPS 205 (SLH-DSA) as a hash-based alternative. They replace RSA and ECDSA before a quantum computer can break them, and hybrid implementations are already live in Chrome and Cloudflare.

Technology

Trivy and Grype a Year Later: Which Matured Better

Trivy and Grype have spent years competing to be the default container scanner. Trivy broadened its scope to IaC, Kubernetes, and Git repos in one binary; Grype specialised in SBOM precision and lower false-positive rates. After a year of intensive CI use with real images, here is a side-by-side breakdown of where each one wins.

Architecture

Kubernetes 1.30: The Improvements Operators Actually Appreciate

Kubernetes 1.30, released in April 2024, brings ValidatingAdmissionPolicy to general availability, eliminating the need for external webhooks for CEL-based admission policies. It adds pod scheduling readiness to control when a pod enters the scheduling cycle, and job success policy to define which index combination counts as success in distributed indexed Jobs.

Methodologies

Alertmanager: Routing That Doesn’t Wake Your Team at 3am

A badly configured Alertmanager turns every incident into noise: a single unrouted receiver ends with an ignored Slack channel within a week. This article covers, on Alertmanager 0.27 and Prometheus 2.54, how to design the routing tree, inhibition rules, silences and on-call rotations to curb alert fatigue without losing real incidents.

Technology

Docker Scout: Vulnerabilities from Build to Registry

Docker Scout continuously scans container images against CVE databases including NVD and ecosystem-specific advisories, and recommends base-image changes to remove vulnerabilities. Built into Docker Desktop and Hub, it competes with Trivy, Grype and Snyk. Best fit for teams already running end-to-end on the Docker ecosystem.

Technology

Grafana Beyla: Auto-Instrumentation Without Touching Code

Grafana Beyla is an eBPF agent that automatically instruments existing applications without touching their code: it observes kernel syscalls and generates OpenTelemetry traces and RED metrics for services written in Go, Java, Python, Node, and Rust. It gives broad, immediate coverage, but it does not replace the manual SDK for business metrics and internal logic.

Architecture

Cloudflare Workers in 2024: KV, D1, and the New Edge Stack

Cloudflare Workers is no longer an isolated edge function. In 2024, together with KV, D1, R2, and Durable Objects, it forms a complete platform that matches AWS on latency and drops egress fees, though it still falls short on long-running compute and the mature managed databases AWS offers.

Architecture

Kubernetes 1.31: the stabilisations that matter day to day

Kubernetes 1.31 brings no fireworks, but it closes old debts: AppArmor reaches GA, native sidecars now run enabled by default on their way to stable in 1.33, and DRA moves through alpha toward beta. A practical review from the perspective of someone operating clusters in production.

How to Install

How to Install CrowdSec as a Community WAF

CrowdSec installs on Debian or Ubuntu with an official script and the crowdsec package; you then enable the Traefik, WordPress and Gitea collections, configure acquisition to read the right logs, and add the Traefik bouncer as a middleware to block or captcha-challenge IPs flagged by the LAPI in real time.

Software Development

Rust in Linux: Experimental Drivers Opening the Way

Rust joined Linux mainline in version 6.1 (2022), and by 6.9 (2024) it already ships experimental drivers, including Asahi's GPU driver for Apple Silicon. In C/C++ projects like Chromium, around 70 percent of serious security bugs are memory-safety bugs, the real reason kernel maintainers are debating whether to adopt it.

Software Development

WASI 0.2 GA: Truly Composable WebAssembly

WASI 0.2 reached GA in January 2024, bringing WebAssembly's Component Model into production: typed WIT interfaces that let Rust, Go, and JavaScript code compose without manual glue code. That shift makes edge functions with sub-1 ms cold start, secure plugins, and untrusted-code sandboxing viable today, though it does not replace containers for traditional apps.

Architecture

Valkey: The Open Fork After Redis’s License Change

Redis moved to dual SSPL/RSAL licensing in March 2024, no longer meeting the OSI open-source definition. Valkey emerged as a BSD 3-Clause fork backed by AWS, Google Cloud, Oracle, and the Linux Foundation, fully protocol-compatible with Redis 7.2. Migrating is almost always trivial: swap the binary or the Docker image.

Artificial Intelligence

Llama 3: Meta’s New Open Standard

Llama 3 is the open-model family Meta released on April 18, 2024, in 8-billion and 70-billion-parameter sizes, trained on 15 trillion tokens. The 70B beat Claude Sonnet, Mistral Medium, and GPT-3.5 in Meta's own human evaluation, and its licence allows free commercial use up to 700 million monthly active users.

Technology

Chainguard Images: Minimal and Signed Images

Chainguard Images are minimal Docker containers from the company behind Sigstore, with zero known CVEs, Cosign-signed SBOMs and daily rebuilds on top of Wolfi, its own glibc-based distribution. They pay off over official images when strict compliance, supply chain audits or sensitive production workloads are at stake.

Technology

Falco: Runtime Threat Detection with eBPF

Falco is a graduated CNCF project that hooks the Linux kernel via eBPF and detects syscall anomalies in real time without instrumenting applications. Deployed as a DaemonSet on Kubernetes, it emits JSON events and requires a triage process to deliver value. In production, alert fatigue is the most common operational pitfall.

Methodologies

Practical DevSecOps with Sigstore and cosign

Signing images and artifacts with Sigstore has stopped being a rare experiment: projects like Kubernetes already use it. The keyless model in cosign, Fulcio, and Rekor removes private-key management, but it only protects you if deployment verifies who signed, not just whether a signature exists.

Architecture

containerd: The Runtime Underpinning Kubernetes

containerd is the runtime that runs containers in most modern Kubernetes clusters, and almost nobody notices. It manages the full container lifecycle: pulling the image, starting it, networking, and mounting the filesystem. It became the default runtime after Kubernetes 1.24 removed dockershim in May 2022.

Architecture

eBPF: Kernel Observability Without Recompiling

eBPF is a Linux kernel technology that lets you load and run verified, high-performance programs without recompiling the kernel or rebooting the system. It runs safely inside a virtual machine in the kernel and underpins tools such as Cilium, Pixie, Falco, and Tetragon for real-time tracing, networking, and security.

Architecture

PostgreSQL 16: Changes That Affect Day-to-Day Work

PostgreSQL 16, released in September 2023, adds logical replication from a standby, the pg_stat_io view for breaking down I/O by operation type and context, and parallel FULL OUTER JOIN support. Upgrading from 15 is straightforward; 13 loses support in November 2025, so plan the update soon.

Technology

Trivy and Grype: Container Image Scanning in CI

Trivy and Grype are the two leading open-source tools for container image scanning in CI/CD pipelines. Both detect CVEs in OS packages and language dependencies with less than 5% coverage difference. Trivy stands out for IaC scanning; Grype natively integrates the SBOM workflow with Syft.

Technology

Supply-Chain Attacks: Lessons from 2023

In 2023, software supply chains became attackers' favourite target: MOVEit exposed data from hundreds of organisations through a zero-day flaw, 3CX shipped a trojanised installer to millions of users, and npm and PyPI kept receiving malicious typosquatted packages. The practical defence combines SBOM, artefact signing with Sigstore, SLSA maturity levels, and continuous dependency scanning.

Technology

The Grafana Stack: Loki, Tempo, and Mimir for Open Observability

The Grafana stack combines three open source projects: Loki for logs, Tempo for traces, and Mimir for metrics. All three keep data in object storage (S3/GCS) with a minimal index instead of indexing everything like Elasticsearch, which cuts cost sharply at high volume and lets you correlate metric, log, and trace from a single Grafana panel.

Software Development

WebAssembly: The Component Model as the Next Frontier

WebAssembly is moving beyond the browser through WASI, the standard system interface, and the component model, which defines declarative WIT interfaces so modules written in different languages can compose with each other. Cold start lands around 1 ms versus roughly 500 ms for a container, a key difference for serverless and edge computing teams.

Technology

nerdctl: A Lightweight Docker Alternative Over containerd

nerdctl is a Docker-compatible CLI that talks directly to containerd, the standard Kubernetes runtime since dockershim was removed in 2022. It adds rootless support by default, encrypted images with ocicrypt, lazy-pulling, and native CNI. It fits best where containerd already runs, though Docker Engine still wins on advanced Compose and Swarm.

Technology

NIS2: What Europe’s New Directive Changes for Cybersecurity

The NIS2 Directive expands European cybersecurity from 7 to 18 sectors, mandates 10 minimum technical measures and 24-hour incident notification, and imposes fines of up to 10 million euros or 2% of global turnover, with personal liability for management bodies that fail to comply.

Methodologies

Prometheus: Writing Alerts That Won’t Get Ignored

To write Prometheus alerts that won't get ignored, alert on customer-observable symptoms (latency, error rate, saturation) instead of internal causes like CPU or memory, define SLOs with multi-window burn rate to scale severity, add a watchdog alert that confirms the system is still alive, and review the signal-to-noise ratio every quarter.

Technology

eBPF: High-Performance Monitoring in Linux

eBPF (Extended Berkeley Packet Filter) is a Linux kernel technology that runs verified programs directly inside the kernel, with no modules and no source-code changes. The kernel verifier rejects any unsafe program before it runs, letting teams monitor system calls, network traffic, and I/O at a much lower CPU cost than traditional external probes.

Architecture

From Monolith to Microservices: Transforming the Architecture

Migrating from monolith to microservices means splitting a single system into independent services that deploy and scale on their own. It gains granular scalability and team autonomy, but adds real operational complexity: stable interfaces, Kubernetes orchestration, and a mature DevOps culture are conditions, not optional extras, for the migration to pay off.

Technology

The 3D Printing Revolution: Transformative Technology

3D printing, or additive manufacturing, has moved beyond the lab to become a real production technology: it builds medical prostheses, aircraft parts and entire houses layer by layer from a digital file. This guide explains FDM, SLA and SLS technologies, which industries already use them, and today's limits on speed and material certification.

Technology

Exploring Augmented Reality: Innovative Technology

Augmented reality (AR) overlays digital information onto the physical world in real time, anchors virtual objects in space using computer vision and position sensors, and is already used in industrial maintenance, guided surgery, educational labs and e-commerce product try-on, with battery life and glasses field of view as the main open challenges.

Technology

IoT: The Intelligent Connection of the World

The Internet of Things (IoT) is a network of sensors, actuators, and internet-connected devices that collect data from the physical world, transmit it through protocols like MQTT or Zigbee, and trigger automatic actions. It already transforms industrial maintenance, precision irrigation, and the smart home.

Technology

Cybersecurity: Protection Against Digital Threats

Cybersecurity combines technical controls (encryption, MFA, network segmentation), team training and an incident response plan to reduce the risk of ransomware, phishing, malware and identity theft. No single measure is enough: effectiveness depends on applying every layer at once and auditing the system regularly.

Technology

Development and Advances in Artificial Intelligence

Modern artificial intelligence rests on three pillars: machine learning, deep neural networks, and natural language processing. These techniques have pushed image recognition and machine translation past human-level precision on specific tasks, though the overall system still depends on quality data and constant human oversight.

Technology

Cryptocurrencies: Technical and Professional Analysis

Technical analysis uses Japanese candlestick charts, indicators such as RSI and MACD, and support and resistance levels to read the historical behaviour of price. It does not eliminate risk, but it helps separate impulsive decisions from informed ones in a market as volatile as cryptocurrency.

Technology

Programming with GitHub Codespaces

GitHub Codespaces brings the complete development environment to the cloud: editor, dependencies, extensions, and project configuration live in a remote container. It eliminates environment divergence between developers, reduces onboarding from days to minutes, and lets you work from any device without installing anything locally.

Technology

Microsoft 365 Copilot: The Technical Assistance Tool

Microsoft 365 Copilot integrates large language models into Word, Excel, Teams, and Outlook to draft, summarise, and analyse data without leaving the usual workflow. It operates inside the tenant's data graph, respects the organisation's existing permissions, and never uses that data to train the base OpenAI or Anthropic model.