$ cat ~/blog/*

Blog

Thoughts on software engineering, infrastructure, and the tools I use. I write about what I learn to solidify my understanding and help others.

Side-by-side comparison of HTTP stateless API and WebSocket persistent session for AI agents

March 5, 20267 min read

Every Tool Call Your Agent Makes Is Resending Your Entire Conversation History

The stateless HTTP API problem is quietly bankrupting your agent in tokens and time — and WebSockets are the fix nobody talks about enough

ai-agentswebsocketopenaiperformanceinfrastructurellm

SSH architecture showing key pairs, SSH agent wallet, and bastion host tunnelling

March 4, 202612 min read

Keys, Wallets, and Jump Hosts: Understanding SSH from First Principles

A clear, analogy-first guide to SSH key authentication, the SSH agent, bastion hosts, ProxyJump vs agent forwarding, and the scripting traps that catch everyone eventually.

sshdevopssecurityinfrastructuregit

Kubernetes security layers diagram showing kube-bench, Pod Security Standards, and NetworkPolicies working together

January 21, 202610 min read

Kubernetes Security Auditing: From kube-bench Findings to Pod Security Standards

Running a security audit on my Kubernetes cluster revealed some uncomfortable truths. Here is what I learned about CIS Benchmarks, Pod Security Standards, and why your kubeconfig is probably world-readable too.

kubernetessecuritykube-benchpsscis-benchmarkdevops

A majestic elephant made of glowing green and amber terminal code standing in a dark minimalist room

January 9, 202615 min read

The Elephant in the Terminal: How AI Took Over My Dev VM (and Why I Let It)

I handed my homelab to Claude Code—skills, MCP servers, automated diagnostics, phone deployments. The productivity gains were real. So are the questions about what this all means.

claude-codehomelabproductivityaikubernetesdevopsclimcpn8ntailscale

Kubernetes event watcher architecture showing event flow from cluster to n8n webhook

December 31, 202518 min read

Building a Kubernetes Event Watcher: Teaching My Cluster to Tattle on Itself

How I built a controller that watches for cluster drama (CrashLoopBackOff, OOMKilled, the usual suspects) and tattles to an LLM for automated remediation. Because apparently I want AI to fix my 3am problems.

kubernetespythonautomationdevopsllmn8nkopfsveltefastapipostgresql

RAG system architecture diagram showing data flow from user query through vector database to AI response

December 20, 202512 min read

Building a RAG-Powered Terminal: Teaching My Portfolio to Answer Questions About Itself

How I added semantic code search to my portfolio using pgvector, OpenAI embeddings, and a healthy dose of trial and error

ragnextjspostgresqlaitypescriptvector-search

Semantic versioning and release automation pipeline diagram

December 20, 202513 min read

Stop Guessing Versions: How I Finally Escaped Timestamp Hell

The messy journey from timestamp chaos to semantic versioning with automated releases, changelogs, and a workflow that actually makes sense (most days)

devopsci-cdgithub-actionsautomationversioning

Architecture diagram showing the Live Infrastructure dashboard with Chaos Monkey

December 17, 202512 min read

Building a Live Infrastructure Dashboard with Chaos Monkey: Letting Visitors Break My Cluster

How I built a real-time Kubernetes metrics dashboard that lets visitors delete pods and watch self-healing in action. Covers Prometheus integration, SSE streaming, secure RBAC, and the engineering behind controlled chaos.

kubernetesprometheuschaos-engineeringdevopsreactsse

GitOps pipeline architecture showing Git, ArgoCD, and Kubernetes cluster with auto-sync flow

December 16, 202516 min read

From kubectl apply to Sleep: How GitOps Transformed My Homelab

A beginner's journey building a production-grade GitOps pipeline with ArgoCD, and the lessons that translate to real-world infrastructure

gitopskubernetesargocdhomelabdevops

kubectl TLS authentication handshake with mutual certificate verification

December 11, 202512 min read

Kubernetes Authentication: The Certificate Dance Behind kubectl

How I learned that every kubectl command involves a sophisticated cryptographic handshake (and why that's actually pretty cool)

kubernetescertificatesauthenticationtlssecurity

Kubernetes control loop architecture with watch streams and reconciliation

December 11, 202510 min read

Kubernetes Controllers: Why Your Cluster Feels Like Magic (It's Not)

A journey through control loops, watch streams, and custom resources—discovering how Kubernetes actually stays in sync with itself, and why controllers are the real MVPs of the platform.

kubernetescontrollersdevopsinfrastructurereconciliation

Gateway API vs Ingress architecture comparison

December 11, 202511 min read

Kubernetes Gateway API: My Journey From Ingress Confusion to Modern Routing

How I ditched vendor annotations and discovered a cleaner way to route traffic in Kubernetes—and why you should care

kubernetesgateway-apinetworkinginfrastructuredevops

systemd architecture showing PID 1 managing all system services

December 11, 202513 min read

Systemd Deep Dive: From Confused to Actually Managing Services

A journey through systemd, systemctl, and D-Bus—discovering why restarting nginx works so differently from running it manually, and what all those mysterious *ctl commands actually do.

linuxsystemdinfrastructuredevops

Kubeseal encryption and decryption workflow in a GitOps pipeline

November 30, 20258 min read

Kubeseal: How I Stopped Losing Sleep Over Secrets in Git

My journey from "surely I can just base64 encode it" to actually securing Kubernetes secrets in a GitOps workflow - complete with the paranoia that keeps me backing up keys.

kubernetessecuritygitopsdevopsargocd

Tailscale mesh network topology with direct connections and relay fallback

January 15, 20259 min read

How Tailscale Gets Devices Talking to Each Other (Without a Central VPN Middleman)

I went down the rabbit hole of understanding how Tailscale actually works—from WireGuard protocol magic to NAT traversal wizardry to making your Kubernetes cluster talk over encrypted tunnels

networkingsecuritykubernetesinfrastructurevpn