Categories

Jacar categories — explore the topics A rocket whose eyes follow your cursor.
Methodologies

Carbon-aware scheduling by default: first balance

A principios de 2026, varias plataformas de orquestación incluyen carbon-aware scheduling como opción por defecto o muy visible. Con meses de datos reales, toca evaluar si la promesa de reducir emisiones sin dañar rendimiento se cumple y en qué escenarios.

Architecture

Kubernetes 1.35: what you can already see coming

Con 1.34 liberado en agosto de 2025 y el ciclo de 1.35 en su última fase de congelación de funciones, qué llegará estable, qué quedará en beta, qué nos interesa a quienes mantenemos clústeres pequeños o medianos y qué podemos ignorar sin culpa hasta el siguiente ciclo.

Technology

Observability tools I would recommend in 2026

After a decade of Prometheus, three years of consolidation around OpenTelemetry, and the open stack now mature with Grafana, Loki, and Tempo, concrete recommendations for teams starting or reviewing their observability layer: what fits, what is excess, and what to avoid.

Architecture

containerd with Wasm: mixed workloads in production

La integración de WebAssembly dentro de containerd como tiempo de ejecución alternativo ha madurado. Ya es posible desplegar cargas mixtas Linux y Wasm en el mismo clúster de Kubernetes con argumentos operativos sólidos. Cuándo compensa y cuándo no.

How to Install

How to Install Authentik for Self-Hosted SSO

Authentik is one of the sturdiest self-hosted identity projects in the open-source landscape. A practical Docker Compose install guide, the Redis-free architecture since 2025.10, and the real friction points of a first install.

Technology

Post-quantum cryptography in TLS: real-world adoption

Post-quantum cryptography stopped being an academic topic once Cloudflare, Google, and Apple put ML-KEM hybrids into production. By 2025 it already covers the majority of real web traffic. A look at where adoption stands, where friction still shows up, and what to review in your own infrastructure.

Technology

Dragonfly: the modern cache inspired by Redis

Dragonfly lleva tres años como alternativa compatible con Redis, pero con arquitectura multihilo y sin fork para persistencia. En 2025 ya no es una curiosidad: hay despliegues serios que lo eligen por coste y latencia. Repaso de qué cambia y cuándo compensa mirarlo con calma.

Methodologies

Migrating SSH to post-quantum cryptography: a practical guide

OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.

Technology

Mesh networks with WireGuard without losing your mind

WireGuard is simple over a single link, but hand-building a multi-node mesh quickly turns into a tangle of keys and routes. Patterns that work, when pure WireGuard earns its keep, and when it is worth leaning on Tailscale or Headscale instead.

Mac

Apple M4 Pro on developer machines: real-world experience

I have spent six months using a MacBook Pro with M4 Pro as my main development machine. I lay out what has genuinely changed versus the previous M2 Pro, where the jump is noticeable, and where the investment is not justified if you already own a recent machine.

Methodologies

Semgrep: modern SAST in your pipeline

Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.

Technology

Trivy and Grype a Year Later: Which Matured Better

Trivy and Grype have spent years competing to be the default container scanner. Trivy broadened its scope to IaC, Kubernetes, and Git repos in one binary; Grype specialised in SBOM precision and lower false-positive rates. After a year of intensive CI use with real images, here is a side-by-side breakdown of where each one wins.

Methodologies

Alertmanager: Routing That Doesn’t Wake Your Team at 3am

A badly configured Alertmanager turns every incident into noise: a single unrouted receiver ends with an ignored Slack channel within a week. This article covers, on Alertmanager 0.27 and Prometheus 2.54, how to design the routing tree, inhibition rules, silences and on-call rotations to curb alert fatigue without losing real incidents.

Architecture

Kubernetes 1.31: the stabilisations that matter day to day

Kubernetes 1.31 brings no fireworks, but it closes old debts: AppArmor reaches GA, native sidecars now run enabled by default on their way to stable in 1.33, and DRA moves through alpha toward beta. A practical review from the perspective of someone operating clusters in production.

How to Install

How to Install CrowdSec as a Community WAF

CrowdSec installs on Debian or Ubuntu with an official script and the crowdsec package; you then enable the Traefik, WordPress and Gitea collections, configure acquisition to read the right logs, and add the Traefik bouncer as a middleware to block or captcha-challenge IPs flagged by the LAPI in real time.

Architecture

containerd: The Runtime Underpinning Kubernetes

containerd is the runtime that runs containers in most modern Kubernetes clusters, and almost nobody notices. It manages the full container lifecycle: pulling the image, starting it, networking, and mounting the filesystem. It became the default runtime after Kubernetes 1.24 removed dockershim in May 2022.

Technology

Microsoft 365 Copilot: The Technical Assistance Tool

Microsoft 365 Copilot integrates large language models into Word, Excel, Teams, and Outlook to draft, summarise, and analyse data without leaving the usual workflow. It operates inside the tenant's data graph, respects the organisation's existing permissions, and never uses that data to train the base OpenAI or Anthropic model.