The Spanish draft law transposing NIS2 is still in parliament in 2026, but the directive's technical obligations have applied since October 2024. Practical map: the ten minimum security measures, the 24-hour, 72-hour and one-month incident notification window, and the new supply-chain security obligations.
Tested May 2026 recipe: oMLX 0.3.8 on Mac M5 Max with 128 GB, TurboQuant at 3.5-bit, Qwen 3.6 35B-A3B model stack, Claude Code wiring and real benchmarks.
100 must-have apps for your M5 Mac organised into 20 categories: browser, notes, terminal, IDE, containers, AI and more. Each pick with purpose, key features, plugins, pricing in EUR and the official link.
Kubernetes 1.35 GA consolidates three releases of work: native sidecars with full lifecycle management, generalised DRA for FPGAs and NPUs, and a scheduler that cuts resource waste by 15-25% in heterogeneous clusters. An operations-side balance sheet: what to enable now, what to watch before migrating, and what path to follow from 1.30.
NVIDIA still dominates frontier-model training in 2026, but inference tells a different story. AMD MI300X/MI325X with mature ROCm, Intel Gaudi 3, Google TPU v6, and AWS Trainium/Inferentia deliver 20 to 50% lower cost per token without sacrificing quality. Here is when to choose each option.
Cobots have been promising the fenceless factory for almost fifteen years. In 2026, with the market heading toward eleven billion dollars and 70% of orders coming from outside automotive, it is time to review what has delivered and what remains open.
After the 2021 historic peak and the 2022 correction, startup funding in 2023 has been redefined: Series A rounds dropping from $15M to $8-10M, due diligence extending to 14 weeks, and metrics like the real Rule of 40 and NRR above 110% as the new minimum.
Kubernetes won the orchestration battle, but Docker Swarm stays maintained inside Docker Engine and makes real sense for small teams without dedicated SRE, self-hosted stacks on 1-5 VPS, and edge mini-clusters. In those contexts, Swarm's minimal learning curve and low operational cost outweigh Kubernetes's advanced features.
Ollama 0.5 or newer runs Llama 3.3 70B and Mistral Large 2 locally on Ubuntu 24.04: Q4_K_M quantization lets a single NVIDIA GPU with 24 GB of VRAM, an RTX 4090 for example, handle the full model. This guide installs the drivers, sets up Open WebUI, and exposes the service behind Traefik with TLS.
Two years after the final NIST standards, post-quantum migration is no longer hypothetical. What has actually been migrated, what remains stuck, where the real operational problems lie, and how the timelines look from April 2026.
Humanoid robotics left the trade-show floor for factory floors and warehouses during 2025 and 2026. Which companies have really deployed units, which tasks fit, what real costs look like, and where humans remain unbeatable.
NPUs stopped being an accessory and became the component that defines real performance in laptops, phones, and small servers. A practical look at the hardware that rules 2026, which workloads pay off, and where the traditional GPU still wins.
Four and a half years after Rust officially entered Linux 6.1, with real Apple GPU and NVMe drivers in production and several public conflicts between maintainers, it is time for a sober technical balance. What works, what still costs, and where the next phase is heading.
A principios de 2026, varias plataformas de orquestación incluyen carbon-aware scheduling como opción por defecto o muy visible. Con meses de datos reales, toca evaluar si la promesa de reducir emisiones sin dañar rendimiento se cumple y en qué escenarios.
After the 2023-2024 hype cycle led by Apple Vision Pro, the 2025 valley of disillusionment, and the quiet but real consolidation of Meta Quest 3S and the WebXR stack, it is time to assess honestly where extended reality stands. What works, what has died, what is still alive.
WASI preview 3 llegó como estándar estable a finales de 2025 y ha tenido unos meses para demostrar si realmente desbloquea los casos que preview 2 se quedaba cortos. Recorrido honesto por adopciones reales, bibliotecas maduras y patrones que empiezan a funcionar en producción.
After the 2021-2022 cycle, most blockchain projects have vanished from the radar, leaving only the ones that deliver real value. An honest inventory of which use cases work, which failed, and where blockchain is still a sensible idea.
Con 1.34 liberado en agosto de 2025 y el ciclo de 1.35 en su última fase de congelación de funciones, qué llegará estable, qué quedará en beta, qué nos interesa a quienes mantenemos clústeres pequeños o medianos y qué podemos ignorar sin culpa hasta el siguiente ciclo.
After a decade of Prometheus, three years of consolidation around OpenTelemetry, and the open stack now mature with Grafana, Loki, and Tempo, concrete recommendations for teams starting or reviewing their observability layer: what fits, what is excess, and what to avoid.
La integración de WebAssembly dentro de containerd como tiempo de ejecución alternativo ha madurado. Ya es posible desplegar cargas mixtas Linux y Wasm en el mismo clúster de Kubernetes con argumentos operativos sólidos. Cuándo compensa y cuándo no.
After a decade of grandiose headlines, quantum computing enters this cycle with more honest metrics, thousand-physical-qubit machines, and the first serious signs of error correction at scale. It pays to separate what already works from what remains research.
Neural processing units have stopped being a marketing label on Snapdragon, Apple Silicon and AMD Ryzen AI laptops. Here is what you can actually do from code today, which tools are mature, and when it pays off to target the NPU instead of the CPU or GPU.
gVisor interpone un kernel en espacio de usuario entre el contenedor y el anfitrión. Después de años en producción en Google y adopción creciente en plataformas serverless, merece una lectura honesta sobre cuándo compensa frente a microVMs y runtimes clásicos.
Fly.io has spent years selling the idea that deploying an application across several regions should be almost as simple as pushing an image and writing one config line. After several real projects on the platform, here is an honest read on what it delivers, what is missing, and who it is worth choosing over more classic options.
Garnet es el servidor de caché abierto por Microsoft Research que habla el protocolo de Redis pero está escrito en .NET 8 con un núcleo de almacenamiento orientado a hardware moderno. Tras casi dos años en público, muestra números interesantes y una arquitectura que merece mirarse con calma, aunque el ecosistema Redis siga siendo más maduro.
Tras la adquisición por Microsoft en 2019, Citus vivió un limbo comercial que terminó con Microsoft abriendo el código completo en 2022. Tres años después, la extensión de particionado para Postgres ha madurado y ofrece una ruta práctica para escalar sin abandonar el motor que ya conoces. Un repaso honesto.
OSV-Scanner se ha convertido en una referencia silenciosa para escanear dependencias open source. Su valor no está en el escaneo en sí, que muchas herramientas ofrecen, sino en su conexión directa con OSV.dev como fuente de verdad. Un análisis de por qué esto importa más de lo que parece.
Authentik is one of the sturdiest self-hosted identity projects in the open-source landscape. A practical Docker Compose install guide, the Redis-free architecture since 2025.10, and the real friction points of a first install.
CVE-based attack surface management has moved from an abstract list to an engineering practice with real prioritization. We look at how it works once EPSS, KEV and exposure context enter the same equation.
Unikernels were promised as the future of cloud deployment back in 2015, then faded into obscurity soon after. Ten years later, Unikraft has reached a stable release and reads like a more mature, more useful take on that same idea. A review of what has changed.
Wolfi turned three as a public project and has become the base for Chainguard container images and much of the industry chasing clean software supply chains. A field-tested review of what it offers against Alpine and Debian slim.
Post-quantum cryptography stopped being an academic topic once Cloudflare, Google, and Apple put ML-KEM hybrids into production. By 2025 it already covers the majority of real web traffic. A look at where adoption stands, where friction still shows up, and what to review in your own infrastructure.
Dragonfly lleva tres años como alternativa compatible con Redis, pero con arquitectura multihilo y sin fork para persistencia. En 2025 ya no es una curiosidad: hay despliegues serios que lo eligen por coste y latencia. Repaso de qué cambia y cuándo compensa mirarlo con calma.
Four years ago it was an academic curiosity. Today, scheduling workloads by grid carbon intensity is a built-in option in Kubernetes, in several cloud provider services, and in CI tooling. We look at what genuinely changed and what is still more promise than practice.
Los primeros racks GB200 NVL72 llevan meses en manos de los hiperescalares y ya empiezan a verse mediciones públicas. La generación Blackwell no es una mejora incremental sobre Hopper, sino un cambio en la forma de entrenar modelos grandes. Repasamos qué cambia y qué no.
OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.
The combination of Parca for continuous profiling, Beyla for eBPF auto-instrumentation, and Grafana as the visualisation layer delivers deep observability without touching code. A look at how the three pieces fit together and where the limits still show.
Kubernetes 1.34 ships with Dynamic Resource Allocation (DRA) graduating to stable, scheduler improvements, and CEL-based mutating admission policies that replace webhooks. A practical rundown of what is safe to upgrade now, what can wait, and what actually changes for teams running production clusters.
WireGuard is simple over a single link, but hand-building a multi-node mesh quickly turns into a tangle of keys and routes. Patterns that work, when pure WireGuard earns its keep, and when it is worth leaning on Tailscale or Headscale instead.
After years of pilots, private 5G is starting to show up in plants, ports, and warehouses with cases that actually work. What changed in 2025, which deployments make sense, and where WiFi 6E or a wired network still win the comparison.
I have spent six months using a MacBook Pro with M4 Pro as my main development machine. I lay out what has genuinely changed versus the previous M2 Pro, where the jump is noticeable, and where the investment is not justified if you already own a recent machine.
Continuous profiling with eBPF samples every process's execution stack every few milliseconds without touching the code, then stores the history so you can compare last week's performance with today's. The cost measured in production runs between 1% and 3% of CPU, and it pays off most in databases, API gateways and high-concurrency services.
Six months after containerd 2.0 reached general availability there is enough real-world mileage to judge the migration from the 1.x branch in production. We cover what changes in the config file, what breaks on Kubernetes and Docker Swarm, and when planning the jump actually pays off.
Prompt injection is the most common vulnerability in LLM applications, and many teams defend against it with filters that do not work. We review defense layers backed by evidence, what actually works, and what is security theater.
Kubernetes 1.32 Penelope shipped in December and has been running in clusters for several months. It is a good time to look at which changes have aged well, which created extra work, and what lessons to carry into the jump to 1.33.
Rust entered the Linux kernel as an experiment in 2022. Three years on it has stable in-tree drivers, an increasingly polished internal API, and a first wave of contributors who treat the language as the default choice for new code.
Headscale es una reimplementación libre del plano de control de Tailscale. Con la versión 0.25 estable, es una opción sensata para mallas WireGuard privadas sin depender de la plataforma comercial. Cuento cómo, cuándo y dónde duele.
NIS2 entered force on 17 October 2024. Six months later, companies are in the trenches. I cover what has actually changed in operational security, what was paper theater, and where the directive still bites.
Cuando un LLM pasa de contestar texto a ejecutar herramientas, la superficie de ataque cambia de categoría. La inyección de prompts, la contaminación de memoria y el abuso de protocolos entre agentes son el nuevo OWASP Top 10.
Valkey 8.1 salió el 31 de marzo y marca el momento en que la alternativa comunitaria de Redis deja de ser experimento. Cuenta una migración real: qué cambió, qué se mantuvo igual, y dónde hubo sobresaltos.
Kubernetes 1.33 (Octarine) lands April 23. In-place pod resize moves to beta and ships on by default, sidecar containers finally reach GA, and several endpoint and security deprecations arrive that operators should review before upgrading from 1.32.
Después de años acumulando SBOMs, el cuello de botella es filtrar qué CVEs afectan de verdad. VEX aparece como la pieza que convierte el ruido en señal, y en 2025 empieza a tener adopción real en pipelines de supply chain.
Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.
Two years after Zero Trust stopped being a marketing word, it is worth looking at how it connects with the SIEM teams run day to day. A look at useful signals, avoidable noise, and the decisions that actually change security posture.
CodeQL lleva años siendo el motor de análisis estático de GitHub, pero su alcance real no siempre está claro. Balance de qué detecta bien, qué se le escapa y cómo conviene integrarlo en el flujo de revisión.
Nebula es una VPN peer-to-peer liberada por Slack en 2019 que ha ido madurando sin mucho ruido. Explico cómo funciona, cuándo tiene sentido frente a WireGuard o Tailscale, y qué aprendí desplegándola entre varios nodos.
Deno 2.0 salió en octubre de 2024 con una apuesta clara: compatibilidad seria con npm, pnpm, package.json y node_modules, manteniendo la identidad del runtime. Medio año después, miramos qué ha supuesto para proyectos reales y dónde sigue cojeando.
NIST published the final post-quantum cryptography standards in August 2024. Six months on, it is time to move from headline to plan: crypto inventory, crypto-agility, a realistic timeline, and the typical mistakes of teams jumping in now.
WASI 0.3, also known as preview 3, was ratified on June 11, 2026, adding native asynchronous concurrency to the WebAssembly component model through streams, futures, and async functions. It fixes old fragmentation across languages and runtimes, enables real composition between Wasm services, and paves the way for cooperative threads planned in upcoming 0.3.x releases.
Meta publicó Llama 3.2 con modelos tan pequeños como 1B y 3B, pensados específicamente para ejecutarse en dispositivos. Análisis de qué pueden hacer realmente y cómo se comparan con las alternativas.
Cloudflare Workers turned eight in 2025 without slowing down: it now ships D1 for databases, R2 for egress-free storage, Durable Objects for distributed state, and Workers AI for running models without managing GPUs. It remains the fastest option for edge logic; for large in-memory processes or strict global consistency, other platforms fit better.
Qualcomm, Intel and AMD Copilot+ processors have normalised the presence of an NPU in everyday PCs. A 40 TOPS NPU can run quantised Phi-3 Mini drawing just 5-10 W, versus 40-50 W for a laptop GPU doing the same task. What actually changes for running AI models locally, and when it is worth it.
M3 and M4 solidified the Apple Silicon advantage: unified memory up to 128 GB shared across CPU, GPU, and Neural Engine; 12 to 16 hours of real battery life; and a 38-TOPS Neural Engine that runs large language models directly on the laptop. The practical difference for developers is measurable.
Vector is the Datadog observability agent, written in Rust with its own transformation language VRL. Typically 30-100 MB memory, handling logs, metrics, and traces from dozens of sources. The right choice when pipelines are too complex for Fluent Bit and a modern alternative to Logstash.
Terraform 1.6, 1.7, 1.8 y 1.9 han traído import blocks, removed, ephemeral values, un framework de tests nativo y el preview de stacks. Mientras tanto, OpenTofu consolida su fork tras el cambio a BSL.
IEC 62443 is the international cybersecurity standard for industrial control systems (ICS) and OT networks. Its four series blocks define security zones and conduits, four protection levels (SL 1-4) and seven foundational requirements. NIS2 pressure is accelerating adoption across Europe. IT teams need to master it to coordinate network segmentation, monitoring and incident response with OT environments.
eBPF-based continuous profiling captures CPU flame graphs for every process on a Linux node around the clock, without instrumenting code or restarting services, at under 1% overhead. Parca covers the whole cluster, Beyla adds automatic HTTP/gRPC metrics and traces, and Pyroscope brings native per-language detail to the most critical services.
In August 2024, NIST published its first finalized post-quantum cryptography standards: FIPS 203 (ML-KEM) for key exchange, FIPS 204 (ML-DSA) for digital signatures, and FIPS 205 (SLH-DSA) as a hash-based alternative. They replace RSA and ECDSA before a quantum computer can break them, and hybrid implementations are already live in Chrome and Cloudflare.
Industrial edge computing moves processing capacity from the centralised cloud to the plant floor, the machine, or the robotic cell. Local latency (10-50 ms) is critical for process control, machine vision, and safety systems: it is a physical limit that bandwidth alone cannot solve. OPC UA, K3s, and private 5G now form a proven production-ready stack.
Trivy and Grype have spent years competing to be the default container scanner. Trivy broadened its scope to IaC, Kubernetes, and Git repos in one binary; Grype specialised in SBOM precision and lower false-positive rates. After a year of intensive CI use with real images, here is a side-by-side breakdown of where each one wins.
Kubernetes 1.30, released in April 2024, brings ValidatingAdmissionPolicy to general availability, eliminating the need for external webhooks for CEL-based admission policies. It adds pod scheduling readiness to control when a pod enters the scheduling cycle, and job success policy to define which index combination counts as success in distributed indexed Jobs.
5 min1884.4
We use first- and third-party cookies to analyze site traffic. You can accept them, reject them, or configure your choice.
Learn more about cookies
Cookie preferences
NecessaryEssential for the site to work. Always on.
AnalyticsHelp us understand how the site is used (Google Analytics).