When we migrated from Ingress to Gateway API, developers lost the ability to manage their own TLS certificates. I spent an afternoon getting ListenerSets to work with Envoy Gateway and cert-manager. Here’s every wrong turn I made so you don’t have to.

My LUKS-encrypted disk kept asking for a password every time I booted back from Windows. Here’s how TPM PCR registers work, why PCR 7 breaks in dual-boot, and the auto re-enrollment service I built to fix it.

Metrics went from telling you something broke to deciding which GPU handles your inference request. The pattern hasn’t changed in 20 years, we just got better at acting on the data.

Debugging an NVIDIA RTX 3070 eGPU that refused to work on a Framework 13 with Arch Linux. Covers PCI BAR allocation, Thunderbolt bridge windows, and getting KDE Wayland to composite on the right GPU.

MCP has been called ‘a layer of unnecessary indirection.’ It’s not, but it’s not a universal solution either. Here’s when MCP makes sense, when a REST API is enough, and why the real value is in a place nobody talks about.

How I built a fully keyless CI/CD pipeline from GitLab to Google Cloud, with Workload Identity Federation, Binary Authorization, vulnerability scanning, and progressive delivery. No service account keys were harmed.

How we managed 3,000 servers across 4 datacenters with a team of four, and what I learned about automation, constraints, and doing more with less.