Fly.io has spent years selling the idea that deploying an application across several regions should be almost as simple as pushing an image and writing one config line. After several real projects on the platform, here is an honest read on what it delivers, what is missing, and who it is worth choosing over more classic options.
Garnet es el servidor de caché abierto por Microsoft Research que habla el protocolo de Redis pero está escrito en .NET 8 con un núcleo de almacenamiento orientado a hardware moderno. Tras casi dos años en público, muestra números interesantes y una arquitectura que merece mirarse con calma, aunque el ecosistema Redis siga siendo más maduro.
Tras la adquisición por Microsoft en 2019, Citus vivió un limbo comercial que terminó con Microsoft abriendo el código completo en 2022. Tres años después, la extensión de particionado para Postgres ha madurado y ofrece una ruta práctica para escalar sin abandonar el motor que ya conoces. Un repaso honesto.
OSV-Scanner se ha convertido en una referencia silenciosa para escanear dependencias open source. Su valor no está en el escaneo en sí, que muchas herramientas ofrecen, sino en su conexión directa con OSV.dev como fuente de verdad. Un análisis de por qué esto importa más de lo que parece.
Authentik is one of the sturdiest self-hosted identity projects in the open-source landscape. A practical Docker Compose install guide, the Redis-free architecture since 2025.10, and the real friction points of a first install.
CVE-based attack surface management has moved from an abstract list to an engineering practice with real prioritization. We look at how it works once EPSS, KEV and exposure context enter the same equation.
Unikernels were promised as the future of cloud deployment back in 2015, then faded into obscurity soon after. Ten years later, Unikraft has reached a stable release and reads like a more mature, more useful take on that same idea. A review of what has changed.
Wolfi turned three as a public project and has become the base for Chainguard container images and much of the industry chasing clean software supply chains. A field-tested review of what it offers against Alpine and Debian slim.
Post-quantum cryptography stopped being an academic topic once Cloudflare, Google, and Apple put ML-KEM hybrids into production. By 2025 it already covers the majority of real web traffic. A look at where adoption stands, where friction still shows up, and what to review in your own infrastructure.
Dragonfly lleva tres años como alternativa compatible con Redis, pero con arquitectura multihilo y sin fork para persistencia. En 2025 ya no es una curiosidad: hay despliegues serios que lo eligen por coste y latencia. Repaso de qué cambia y cuándo compensa mirarlo con calma.
Four years ago it was an academic curiosity. Today, scheduling workloads by grid carbon intensity is a built-in option in Kubernetes, in several cloud provider services, and in CI tooling. We look at what genuinely changed and what is still more promise than practice.
Los primeros racks GB200 NVL72 llevan meses en manos de los hiperescalares y ya empiezan a verse mediciones públicas. La generación Blackwell no es una mejora incremental sobre Hopper, sino un cambio en la forma de entrenar modelos grandes. Repasamos qué cambia y qué no.
OpenSSH added hybrid post-quantum key exchange with ML-KEM in version 9.9 and made it the default algorithm in 10.0. The question is no longer whether to migrate SSH to post-quantum, but how to do it without breaking old clients: enable the hybrid mode, keep a classical fallback, and verify with ssh -v that the active algorithm is the right one.
The combination of Parca for continuous profiling, Beyla for eBPF auto-instrumentation, and Grafana as the visualisation layer delivers deep observability without touching code. A look at how the three pieces fit together and where the limits still show.
Kubernetes 1.34 ships with Dynamic Resource Allocation (DRA) graduating to stable, scheduler improvements, and CEL-based mutating admission policies that replace webhooks. A practical rundown of what is safe to upgrade now, what can wait, and what actually changes for teams running production clusters.
WireGuard is simple over a single link, but hand-building a multi-node mesh quickly turns into a tangle of keys and routes. Patterns that work, when pure WireGuard earns its keep, and when it is worth leaning on Tailscale or Headscale instead.
After years of pilots, private 5G is starting to show up in plants, ports, and warehouses with cases that actually work. What changed in 2025, which deployments make sense, and where WiFi 6E or a wired network still win the comparison.
I have spent six months using a MacBook Pro with M4 Pro as my main development machine. I lay out what has genuinely changed versus the previous M2 Pro, where the jump is noticeable, and where the investment is not justified if you already own a recent machine.
Continuous profiling with eBPF samples every process's execution stack every few milliseconds without touching the code, then stores the history so you can compare last week's performance with today's. The cost measured in production runs between 1% and 3% of CPU, and it pays off most in databases, API gateways and high-concurrency services.
Six months after containerd 2.0 reached general availability there is enough real-world mileage to judge the migration from the 1.x branch in production. We cover what changes in the config file, what breaks on Kubernetes and Docker Swarm, and when planning the jump actually pays off.
Prompt injection is the most common vulnerability in LLM applications, and many teams defend against it with filters that do not work. We review defense layers backed by evidence, what actually works, and what is security theater.
Kubernetes 1.32 Penelope shipped in December and has been running in clusters for several months. It is a good time to look at which changes have aged well, which created extra work, and what lessons to carry into the jump to 1.33.
Rust entered the Linux kernel as an experiment in 2022. Three years on it has stable in-tree drivers, an increasingly polished internal API, and a first wave of contributors who treat the language as the default choice for new code.
Headscale es una reimplementación libre del plano de control de Tailscale. Con la versión 0.25 estable, es una opción sensata para mallas WireGuard privadas sin depender de la plataforma comercial. Cuento cómo, cuándo y dónde duele.
4 min290
We use first- and third-party cookies to analyze site traffic. You can accept them, reject them, or configure your choice.
Learn more about cookies
Cookie preferences
NecessaryEssential for the site to work. Always on.
AnalyticsHelp us understand how the site is used (Google Analytics).