The Autonomous Paradox In 2026, we’ve moved past simple chatbots. We are building Production-Grade RAG pipelines and autonomous agents that can plan, execute, and iterate. But as an architect, I’ve noticed a glaring hole in our "Agentic" future: Identity Sprawl. We are giving agents non-human identities (NHI) with "Full Admin" permissions just to ensure the RAG works smoothly. We are effectively
This is, admittedly, more of a personal ramble than a technical article. For the past few years, I have become something of a Crystal believer. Looking at recent movements in Ruby from the perspective of a Crystal believer, I sometimes find myself thinking: “That is the area Crystal people have been digging into for years, and Ruby’s real strengths are not really there, are they…?” I have not been
An opinionated list of Python frameworks, libraries, tools, and resources
Tbh I had no idea this was even a thing until recently. I've been working with Rails for a while now and somehow never came across it. So let me explain it the way I understood it. You know how we normally do associations in Rails, User has many Posts, Post belongs to User. Two different models, two different tables. Simple. But what if a model needs to reference itself? Like same table, same mode
What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kubernetes setup using MicroK8s. The idea was simple: Only container images with valid cryptographic signatures are allowed to run in the cluster. For this I used: GitLab CI/CD (build + signing pipeline) Cosign / Sigstore (image signing) Kyverno (admissi
TL;DR. golang.org/x/net/idna.Lookup.ToASCII runs UTS-46 NFKC mapping 0-9. A pre-IDNA net.ParseIP check rejects the NO_PROXY lists, TLS-SNI routers, and cookie-domain validators that TrimRight + ParseAddr golang.org/x/net/http/httpproxy, the canonical safe pattern, and two I ran into this one while writing a Go HTTP client for a private project. I idna.Lookup.ToASCII canonicalising the host The sha
Comments
Most teams I have worked with have one auth test in their suite. It looks like this: test('valid token verifies', () => { const token = signSync({ sub: 'user-1', aud: 'api://backend' }, secret); const result = verify(token, options); expect(result.valid).toBe(true); }); That test is fine. It is also a smoke test, not a regression suite. It catches the case where verification is completely b