Categories

Jacar categories — explore the topics A rocket whose eyes follow your cursor.
Methodologies

VEX: filtering vulnerability noise with context

Después de años acumulando SBOMs, el cuello de botella es filtrar qué CVEs afectan de verdad. VEX aparece como la pieza que convierte el ruido en señal, y en 2025 empieza a tener adopción real en pipelines de supply chain.

Methodologies

Semgrep: modern SAST in your pipeline

Semgrep has grown into one of the most pragmatic static analyzers in the ecosystem. A look at why it works where other SAST tools fail, and how to fit it into a pipeline without turning it into noise.

Technology

Nebula: Slack’s overlay VPN explained

Nebula es una VPN peer-to-peer liberada por Slack en 2019 que ha ido madurando sin mucho ruido. Explico cómo funciona, cuándo tiene sentido frente a WireGuard o Tailscale, y qué aprendí desplegándola entre varios nodos.

Technology

Deno 2.0: Node compatibility without losing identity

Deno 2.0 salió en octubre de 2024 con una apuesta clara: compatibilidad seria con npm, pnpm, package.json y node_modules, manteniendo la identidad del runtime. Medio año después, miramos qué ha supuesto para proyectos reales y dónde sigue cojeando.

Technology

Final NIST PQC standards: what to do with them now

NIST published the final post-quantum cryptography standards in August 2024. Six months on, it is time to move from headline to plan: crypto inventory, crypto-agility, a realistic timeline, and the typical mistakes of teams jumping in now.

Software Development

WASI preview 3: threads and async in WebAssembly

WASI 0.3, also known as preview 3, was ratified on June 11, 2026, adding native asynchronous concurrency to the WebAssembly component model through streams, futures, and async functions. It fixes old fragmentation across languages and runtimes, enables real composition between Wasm services, and paves the way for cooperative threads planned in upcoming 0.3.x releases.

Architecture

Cloudflare Workers in 2025: from edge to enterprise

Cloudflare Workers turned eight in 2025 without slowing down: it now ships D1 for databases, R2 for egress-free storage, Durable Objects for distributed state, and Workers AI for running models without managing GPUs. It remains the fastest option for edge logic; for large in-memory processes or strict global consistency, other platforms fit better.

Artificial Intelligence

NPU in the PC: faster, cheaper local AI

Qualcomm, Intel and AMD Copilot+ processors have normalised the presence of an NPU in everyday PCs. A 40 TOPS NPU can run quantised Phi-3 Mini drawing just 5-10 W, versus 40-50 W for a laptop GPU doing the same task. What actually changes for running AI models locally, and when it is worth it.

Mac

Apple Silicon M3 and M4: The Silent Advance in Portable Computing

M3 and M4 solidified the Apple Silicon advantage: unified memory up to 128 GB shared across CPU, GPU, and Neural Engine; 12 to 16 hours of real battery life; and a 38-TOPS Neural Engine that runs large language models directly on the laptop. The practical difference for developers is measurable.

Technology

Vector: A Log Agent Worth Trying

Vector is the Datadog observability agent, written in Rust with its own transformation language VRL. Typically 30-100 MB memory, handling logs, metrics, and traces from dozens of sources. The right choice when pipelines are too complex for Fluent Bit and a modern alternative to Logstash.

Industry 4.0

IEC 62443: OT Cybersecurity Explained for IT Teams

IEC 62443 is the international cybersecurity standard for industrial control systems (ICS) and OT networks. Its four series blocks define security zones and conduits, four protection levels (SL 1-4) and seven foundational requirements. NIS2 pressure is accelerating adoption across Europe. IT teams need to master it to coordinate network segmentation, monitoring and incident response with OT environments.

Technology

eBPF for Continuous Profiling: Parca and Beyla

eBPF-based continuous profiling captures CPU flame graphs for every process on a Linux node around the clock, without instrumenting code or restarting services, at under 1% overhead. Parca covers the whole cluster, Beyla adds automatic HTTP/gRPC metrics and traces, and Pyroscope brings native per-language detail to the most critical services.

Technology

NIST PQC: The Post-Quantum Cryptography Standards

In August 2024, NIST published its first finalized post-quantum cryptography standards: FIPS 203 (ML-KEM) for key exchange, FIPS 204 (ML-DSA) for digital signatures, and FIPS 205 (SLH-DSA) as a hash-based alternative. They replace RSA and ECDSA before a quantum computer can break them, and hybrid implementations are already live in Chrome and Cloudflare.

Industry 4.0

Industrial Edge Computing: Low Latency Where Data Happens

Industrial edge computing moves processing capacity from the centralised cloud to the plant floor, the machine, or the robotic cell. Local latency (10-50 ms) is critical for process control, machine vision, and safety systems: it is a physical limit that bandwidth alone cannot solve. OPC UA, K3s, and private 5G now form a proven production-ready stack.

Technology

Trivy and Grype a Year Later: Which Matured Better

Trivy and Grype have spent years competing to be the default container scanner. Trivy broadened its scope to IaC, Kubernetes, and Git repos in one binary; Grype specialised in SBOM precision and lower false-positive rates. After a year of intensive CI use with real images, here is a side-by-side breakdown of where each one wins.

Architecture

Kubernetes 1.30: The Improvements Operators Actually Appreciate

Kubernetes 1.30, released in April 2024, brings ValidatingAdmissionPolicy to general availability, eliminating the need for external webhooks for CEL-based admission policies. It adds pod scheduling readiness to control when a pod enters the scheduling cycle, and job success policy to define which index combination counts as success in distributed indexed Jobs.