What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kubernetes setup using MicroK8s. The idea was simple: Only container images with valid cryptographic signatures are allowed to run in the cluster. For this I used: GitLab CI/CD (build + signing pipeline) Cosign / Sigstore (image signing) Kyverno (admissi
Every distributed system you build is already taking a side in the CAP trade-off. The question is whether you made that choice deliberately or discover it during an incident. CAP states that a distributed system can guarantee at most two of three properties: Consistency, Availability, and Partition Tolerance. The critical insight most teams miss — P is not optional. Networks fail. Pods crash. AZs
Em sistemas distribuídos modernos, garantir que todos os nós tenham exatamente os mesmos dados ao mesmo tempo pode ser caro, lento ou simplesmente inviável. É aí que entra o conceito de consistência eventual, um dos pilares fundamentais de arquiteturas escaláveis. O que é Consistência Eventual? Consistência eventual é um modelo de consistência onde, dado tempo suficiente e ausência de novas atuali
When people start working with high performance computing or parallel systems, “memory” often sounds like a background detail. It’s not. The way memory is structured can completely change how your applications behave, scale, and even fail. Let’s break it down in a practical way. ⸻ What is Shared Memory? In a shared memory system, all processors access the same memory space. Think of it
Introduction Picture two doctors updating the same patient record at the same time - one in São Paulo, the other in London. Both are offline. When connectivity returns, whose changes prevail? This is not a hypothetical. It is the everyday reality of distributed systems: multiple nodes, no shared clock, no guaranteed network. The conventional answer has long been locking - one node waits while an
Most teams I have worked with have one auth test in their suite. It looks like this: test('valid token verifies', () => { const token = signSync({ sub: 'user-1', aud: 'api://backend' }, secret); const result = verify(token, options); expect(result.valid).toBe(true); }); That test is fine. It is also a smoke test, not a regression suite. It catches the case where verification is completely b
The on-call alert at 02:14 said auth_5xx_rate spiked from 0.01 to 31.4. Not a deploy window. Not a traffic spike. Just thirty-one percent of authenticated requests failing for ~four minutes, then back to baseline. The cause was a JWKS rotation on the issuer side. New keys came in. Old keys went out. Caches in our service didn't refresh fast enough. Tokens signed with the new key were rejected beca
In August 2025, a user reported that Apache Kafka v3.9.0 dropped consumer throughput by 10x. Other users reproduced it. The culprit was a configuration called min.insync.replicas, and the fix was three lines of code. Sharad Garg opened a ticket titled "Consumer throughput drops by 10 times with Kafka v3.9.0 in ZK mode." Ritvik Gupta ran controlled tests and traced the issue to min.insync.replicas.