Categories

Jacar categories — explore the topics A rocket whose eyes follow your cursor.
Methodologies

Alertmanager: Routing That Doesn’t Wake Your Team at 3am

A badly configured Alertmanager turns every incident into noise: a single unrouted receiver ends with an ignored Slack channel within a week. This article covers, on Alertmanager 0.27 and Prometheus 2.54, how to design the routing tree, inhibition rules, silences and on-call rotations to curb alert fatigue without losing real incidents.

Technology

Docker Scout: Vulnerabilities from Build to Registry

Docker Scout continuously scans container images against CVE databases including NVD and ecosystem-specific advisories, and recommends base-image changes to remove vulnerabilities. Built into Docker Desktop and Hub, it competes with Trivy, Grype and Snyk. Best fit for teams already running end-to-end on the Docker ecosystem.

Technology

Grafana Beyla: Auto-Instrumentation Without Touching Code

Grafana Beyla is an eBPF agent that automatically instruments existing applications without touching their code: it observes kernel syscalls and generates OpenTelemetry traces and RED metrics for services written in Go, Java, Python, Node, and Rust. It gives broad, immediate coverage, but it does not replace the manual SDK for business metrics and internal logic.

Technology

Snapdragon X Elite: ARM Arrives at Productivity PCs

Qualcomm Snapdragon X Elite is the first ARM chip to match Apple M3 performance in Windows laptops, with 22+ hours of battery life and a 45 TOPS NPU for on-device AI. Most software runs well via the Prism emulator, though it is not yet ready for anti-cheat gaming or specialized x86 workloads.

Architecture

Cloudflare Workers in 2024: KV, D1, and the New Edge Stack

Cloudflare Workers is no longer an isolated edge function. In 2024, together with KV, D1, R2, and Durable Objects, it forms a complete platform that matches AWS on latency and drops egress fees, though it still falls short on long-running compute and the mature managed databases AWS offers.

Architecture

Kubernetes 1.31: the stabilisations that matter day to day

Kubernetes 1.31 brings no fireworks, but it closes old debts: AppArmor reaches GA, native sidecars now run enabled by default on their way to stable in 1.33, and DRA moves through alpha toward beta. A practical review from the perspective of someone operating clusters in production.

How to Install

How to Install CrowdSec as a Community WAF

CrowdSec installs on Debian or Ubuntu with an official script and the crowdsec package; you then enable the Traefik, WordPress and Gitea collections, configure acquisition to read the right logs, and add the Traefik bouncer as a middleware to block or captcha-challenge IPs flagged by the LAPI in real time.

Technology

OpenTofu in Production: The First Year After the Fork

OpenTofu reached GA in January 2024 as an open-source Terraform fork under MPL 2.0, with Linux Foundation governance. Six months later, it is a stable drop-in replacement: same configs, same state format, same CLI. Version 1.7 adds native state encryption, the first real technical edge over Terraform.

Software Development

Rust in Linux: Experimental Drivers Opening the Way

Rust joined Linux mainline in version 6.1 (2022), and by 6.9 (2024) it already ships experimental drivers, including Asahi's GPU driver for Apple Silicon. In C/C++ projects like Chromium, around 70 percent of serious security bugs are memory-safety bugs, the real reason kernel maintainers are debating whether to adopt it.

Technology

NIS2: Transposition Status Across Member States

The NIS2 directive entered into force on October 17, 2024, but by mid-2026 only part of the member states have fully transposed it: Germany and the Netherlands closed their law, Spain and France remain in process under pressure from Brussels. Here is what already applies and how to prepare without panic.

Software Development

WASI 0.2 GA: Truly Composable WebAssembly

WASI 0.2 reached GA in January 2024, bringing WebAssembly's Component Model into production: typed WIT interfaces that let Rust, Go, and JavaScript code compose without manual glue code. That shift makes edge functions with sub-1 ms cold start, secure plugins, and untrusted-code sandboxing viable today, though it does not replace containers for traditional apps.

Technology

Parca: Open eBPF-Based Continuous Profiling

Parca is a continuous profiling tool based on eBPF that samples CPU usage across an entire Kubernetes cluster around the clock, without instrumenting application code and with under 1% overhead. It catches performance regressions before production and makes flame graphs practical for everyday debugging.

Architecture

Valkey: The Open Fork After Redis’s License Change

Redis moved to dual SSPL/RSAL licensing in March 2024, no longer meeting the OSI open-source definition. Valkey emerged as a BSD 3-Clause fork backed by AWS, Google Cloud, Oracle, and the Linux Foundation, fully protocol-compatible with Redis 7.2. Migrating is almost always trivial: swap the binary or the Docker image.

Architecture

Container Monitoring: Beyond cAdvisor

cAdvisor is still embedded in kubelet and covers surface metrics, but falls short for production Kubernetes. The modern minimum stack pairs it with kube-state-metrics, node-exporter, Prometheus, and Grafana as a base, eBPF for deep network and syscall visibility, and OpenTelemetry for application context.

Artificial Intelligence

Llama 3: Meta’s New Open Standard

Llama 3 is the open-model family Meta released on April 18, 2024, in 8-billion and 70-billion-parameter sizes, trained on 15 trillion tokens. The 70B beat Claude Sonnet, Mistral Medium, and GPT-3.5 in Meta's own human evaluation, and its licence allows free commercial use up to 700 million monthly active users.

Technology

Chainguard Images: Minimal and Signed Images

Chainguard Images are minimal Docker containers from the company behind Sigstore, with zero known CVEs, Cosign-signed SBOMs and daily rebuilds on top of Wolfi, its own glibc-based distribution. They pay off over official images when strict compliance, supply chain audits or sensitive production workloads are at stake.

Industry 4.0

Sustainable Data Centers: What Changes in 2024

In 2024 sustainable data centers move beyond PUE: liquid cooling becomes standard in AI GPU racks, carbon-aware workload scheduling is already practical with tools like the Carbon Aware SDK, and waste-heat reuse has real cases in Stockholm and Helsinki. The EU-wide energy efficiency directive already requires honest metrics instead of greenwashing.

Methodologies

Sigstore in Image Registries: Adoption and Reality

Sigstore has become the standard signing layer for OCI artefacts. GHCR is the best-integrated registry; Harbor 2.5+ and Quay offer native support; AWS ECR pushes its own KMS scheme. Verification earns its keep at three points: the cluster admission controller, the GitOps layer, and the CI/CD pipeline. The public Rekor has rate limits that force self-hosting past a certain build volume.

Artificial Intelligence

ONNX Runtime at the Edge: Portable, Fast Inference

A model trained in PyTorch or TensorFlow, running the same way on a server, a phone, a browser tab, or an ARM gateway on the factory floor: that is what ONNX Runtime solves. It turns the ONNX format into a genuinely portable artifact, exported once, at the cost of some peak performance versus a platform-native runtime.

Technology

Deno Deploy: TypeScript at the Edge Without a Server

Deno Deploy is the serverless-edge platform from the team that built Deno: native TypeScript without a transpile step, standard Web APIs, and global deployment to ~35 regions. Cold start runs ~50ms vs Cloudflare Workers (~5ms). Best for lightweight APIs and Fresh/Astro SSR; less ideal when your project needs the full Cloudflare infrastructure stack.

Technology

Loki at Scale: Lessons from High-Volume Logs

Loki indexes only labels, not log content, which cuts storage costs dramatically compared to Elasticsearch. The main production risk is cardinality explosion each unique label-value combination generates a stream that inflates the index and slows queries. Separating read and write paths ensures a heavy query cannot saturate ingestion.

Technology

Fastly Compute: High-Performance Edge with WebAssembly

Fastly Compute runs WebAssembly code on its ~70 global PoPs with a 35-microsecond cold start. Supports Rust, Go, and JavaScript compiled via Javy. Competes directly with Cloudflare Workers, with advantages for compute-intensive workloads and teams already on Fastly CDN, but at a higher entry cost.