The Infrastructure Wall: Why Your Agent Demo Died in Production
Everyone prototypes an AI agent in a weekend. Almost nobody ships it cleanly. Here's the wall you're about to hit — and how the platform is evolving to remove it.
#platform-engineering
FedRAMP, From the Platform Side — Part 3: Where FIPS Lives Inside FedRAMP Part 3
FIPS-validated crypto is a hard requirement inside a FedRAMP boundary — not a best practice. A practitioner's walkthrough of where FIPS lands across 800-53 control families, and how the Building for Compliance supply-chain work maps onto it.
FedRAMP, From the Platform Side — Part 2: The Basics Part 2
A platform engineer's plain-English walkthrough of what FedRAMP actually is — impact levels, the document set (SSP, SAR, POA&M), the ATO process, and how Rev5 and 20x change the picture in 2026.
FedRAMP, From the Platform Side — Part 1: Why You Probably Need a Partner Part 1
A platform engineer's take on starting the FedRAMP journey from outside the US — why a third-party partner matters, and what the '90 days' promise really means in 2026.
From API to Owned: MiniMax M2.7, Gemma 4, and the Case for Running Models on Your Laptop
Two major open-source model releases in one week signal a tipping point. Here's why I'm running capable agent models on my own hardware — and how you can too.
Andrej Karpathy Just Made RAG Obsolete — And All You Need Is Three Folders
Andrej Karpathy dropped a paradigm-shifting gist on building personal knowledge bases with LLMs — no vector DB, no embeddings, just raw/wiki/output folders. Here's what it means for the rest of us.
The View from Outside the Glass: Why Growing Organizations Need the Outsider's Mirror
How a consultant's external perspective helps scaling organizations shift from reactive execution to intentional alignment — and why staying silent is the real failure.
The $1,892 Agent: MiniMax M2.5 and the Dawn of Always-On Intelligence
MiniMax M2.5 achieves near-Opus 4.6 performance at 3% the cost. What this means for always-on agents, the SWE-bench, and the falling cost of intelligence.
DNS Series Glossary — The Terms That Keep Showing Up
A practical glossary for the DNS Evolution in Practice series: core DNS records, service discovery terms, traffic management concepts, and DNS security vocabulary.
DNS — The Internet's Quiet Backbone: A Series Introduction Series Recap
Why I'm writing a four-part DNS series in 2026. Notes from 25 years of teaching the topic that most engineers — and most curricula — quietly underestimate.
DNS, Part 4 — When DNS Lies: Cache Poisoning, Spoofing, and How to Defend Yourself Part 4
How DNS attacks actually work — Kaminsky, Sea Turtle, MyEtherWallet, DigiNotar — and the layered defenses that hold up: DNSSEC, DoH, CAA, registrar lock.
DNS, Part 1 — From /etc/hosts to BIND-9: The Origin Story Every SRE Should Know Part 1
A practitioner's tour of DNS — from the hosts file era and BIND at Berkeley to CoreDNS in Kubernetes — and the record types every engineer should actually understand.
SOC 2 for ISVs, Part 4: Continuous Compliance — Making SOC 2 a Byproduct, Not a Project Part 4
How to turn SOC 2 from a yearly fire drill into a byproduct of how you build — AWS SCPs, GCP Org Policies, OPA, drift detection, and automated evidence collection.
SOC 2 for ISVs, Part 3: From Zero to Audit-Ready — The Technical Foundation Part 3
How to map SOC 2 controls to your AWS, GCP, and Kubernetes stack — IAM, logging, encryption, change management, and what auditors actually want to see.