Zero-Code Instrumentation of an Envoy TCP Proxy Using eBPF and Docker
TL;DR An engineer investigating intermittent HTTP 499 errors on an Envoy network proxy used OpenTelemetry eBPF Instrumentation (OBI) to capture…
FediMeteo: How a €4 FreeBSD VPS Evolved into a Global Weather Service
TL;DR FediMeteo began as a personal project that publishes short weather forecasts as federated accounts, built on a low-cost FreeBSD…
Simple Kubernetes egress control using Squid proxy and NetworkPolicy
TL;DR A straightforward pattern uses a Squid HTTP/HTTPS proxy inside Kubernetes and a NetworkPolicy to force outbound traffic through it.…
How I think about Kubernetes — More than a container orchestrator
TL;DR The author reframes Kubernetes as a runtime for declarative infrastructure with a built-in type system, not merely a container…
Witr — tool that explains why a process is running on Linux systems
TL;DR Witr is a read-only Linux utility that traces why a process, service, or port is active by building a…
Atlassian’s four-year push untangles dependency hell in its PaaS
TL;DR Atlassian spent four years reducing dangerous internal dependencies after a tabletop disaster recovery exercise exposed wide recovery failures. The…
Docker Compose path-traversal bug lets attackers write to host — update now
TL;DR A path traversal vulnerability in Docker Compose's OCI artifact handling (CVE-2025-62725, NIST severity 8.9) could let attackers cause Compose…