"Kubernetes User Namespaces in 1.36 with hostUsers: false"
A hands-on guide to enabling user namespaces in Kubernetes 1.36, the kernel 6.3 and containerd 2.0 prerequisites, the /etc/subuid math, and the silent failures.
Read more
Writing
All Writing
Notes on infrastructure, security, DevOps, and leading technical teams.
"Non-Human Identity Governance: Field Tips for 2026"
How to discover, scope, and govern service accounts, API keys, tokens, and AI agents before machine credentials become your breach path.
Read moreHarden MCP Servers Against Tool Poisoning
A practical 2026 guide to securing MCP servers: inspect tool descriptions, scan for poisoning, pin versions against rug pulls, and add a runtime guardrail.
Read more"Kubernetes Hardening 2026: RBAC, PSS & Unfixed CVEs"
Battle-tested Kubernetes hardening for 2026: enforce Pod Security Standards, fix over-permissive RBAC, default-deny networking, and mitigate the CVEs nobody will patch.
Read more"Sandboxing AI Agent Code: A 2026 Runtime Guide"
AI agent sandboxes isolate untrusted AI-generated code with Firecracker microVMs and gVisor. Here's how to pick an execution runtime in 2026.
Read moreRSA Is on a Clock Now: The 2026 Deadlines Forcing the Post-Quantum Switch
NIST's finalized post-quantum standards plus FIPS and CNSA 2.0 deadlines put RSA and ECC on a countdown. Here's why 2026 is the year to start migrating.
Read moreTypeScript Just Knocked Python Off the Top of GitHub, and AI Did It
TypeScript passed Python as the most-used language on GitHub in August 2025, and the data points straight at AI-assisted coding as the reason.
Read moreThe AI Buildout Has a Plug Problem, Not a Chip Problem
Hyperscalers will spend $650B on AI infrastructure in 2026, but 7 GW of announced capacity sits stranded behind transformer shortages and grid queues.
Read moreDependency Cooldowns Beat Fast Supply Chain Attacks
Dependency cooldowns delay installing brand-new package versions a few days, blocking most npm and RubyGems supply chain attacks before malware lands.
Read moreThe AI Agent You Deployed Last Quarter Is Probably Your Weakest Login
88% of enterprises hit an AI agent security incident in the past year. The cause isn't exotic attacks, it's identities nobody logged out or audited.
Read moreWebMCP Hands Your Site's Tools to AI Agents, and Chrome 149 Just Made It Real
Chrome 149's origin trial ships WebMCP, the Google, Microsoft API that lets sites declare callable tools to AI agents instead of being screenshotted and guessed at.
Read moreDurable Execution Is Moving Into Postgres
Microsoft's pg_durable, DBOS, and Temporal are pushing crash-proof, exactly-once workflows into Postgres in 2026. Here's how to choose.
Read moreNo articles match your search. Try a different term or topic.