maria khan.

Backend Platform · Systems · AI Tooling

maria khan.

pages from a runbook

I'm Maria. I started this blog to write down the things I've spent a week debugging, partly so I remember them, partly because writing forces me to actually understand them. Email's on the contact page.

  • 0 posts
  • 0 topics
  • 0 mo writing
  • 2026 since
The interesting parts of any system are the ones nobody designed on purpose. The bottleneck nobody named, the retry that fans out, the cache that benchmarked clean and turned into a serial choke point the moment production thread count went up.
Production scale is the only honest test of an idea. Everything before it is a hypothesis with good intentions.
Every system has a hidden serial bottleneck. The job is finding the one nobody put there on purpose.
Most platform incidents aren't caused by the design. They're caused by the gap between the design and how the design actually runs.
A retry without a budget is a fan-out generator.
If your test passes the first time, the test is wrong.
Postgres did exactly what you asked it to. You asked for the wrong thing.
The framework default is rarely wrong. It's also rarely right at production scale.
The runbook entry that helps the most is the one you wrote at 2am after the incident, not the one you wrote when you finally knew what to say.
You don't get to thread-safe Ruby by sprinkling Mutexes over an existing design. You get there by deciding ahead of time who owns each piece of mutable state.
The dashboard tells you what is on fire. It doesn't tell you what just got dry.
Half of platform work is convincing the other half that the boring fix is the right fix.
Most performance bugs hide one syscall down from where you are looking. The application sees a slow query; one strace later, the truth is a 5ms futex wait under it.
Read the library's source before reading its docs. The docs are aspirational. The source is what runs at 2am.
Every abstraction is a lie at one layer down. The fun part is which layer.
When in doubt, strace it.

Shipped

leakferret

context-aware secret scanner leakferret.com ↗ GitHub ↗

A secret scanner I built end to end. A Rust engine that finds hardcoded secrets, confirms which ones are actually live by calling the provider, and rewrites them to read from the environment. It ships as a CLI, an MCP server an agent can call before it commits, a VS Code extension, and a package in every major registry.

4,800+ downloads across

  • crates.io
  • npm
  • RubyGems
  • Go
  • VS Code
  • Open VSX
  • GitHub Actions
  • MCP Registry

What I think about

Lately

  • Drafting a long-form piece on the dynamic-config system I shipped. The kind of post I wish I had read before I started.
  • Sat through a secure code review. Half intimidating, half satisfying, half a long list of things I now want to read about.
  • Built a small in-browser etcd-watch playground for my own learning. Useless, fun, the kind of project a Saturday demands.
  • Read 'Designing Data-Intensive Applications' (again). Different parts hit this time.
  • Quietly removed three layers of caching that were each there to fix the previous one. Felt like cleaning a kitchen.
  • Started writing in the open after a year of journal entries that nobody read.

Reading shelf

  • Designing Data-Intensive Applications Martin Kleppmann
    the book everyone owns and re-reads. earned.
  • Site Reliability Engineering Google
    skip the fluff chapters. the post-mortem and capacity ones are gold.
  • Working Effectively with Legacy Code Michael Feathers
    older than half the platforms it would help with. still right.
  • Database Internals Alex Petrov
    the right level of detail for someone who works with databases but does not write them.
  • Understanding Distributed Systems Roberto Vitillo
    covers the parts of distributed systems that nobody warns you about until you ship something.
  • Working with Ruby Threads Jesse Storimer
    the GVL chapter is the one I send people first. still right in 2026 even though half the toolbox is new.
  • AI Fluency: Framework & Foundations Anthropic
    anthropic's free course on working with claude. the 4D framework is genuinely useful once you stop treating ai as autocomplete.
  • The Code Book Simon Singh
    read this as a teen. got me into the field and never left.

Stack

Daily

RubyRailsKubernetesPostgreSQLRedisRabbitMQSidekiqBash

Watching

RustZigetcdTigrisTemporalScyllaDB

Topics

platform 7 rails 5 kubernetes 2 logging 2 redis 2 ruby 2 semantic_logger 2 active record 1 async 1 concurrency 1 configmap 1 debugging 1 devsecops 1 fiber 1 mcp 1 performance 1 pgbouncer 1 postgresql 1 pre-commit 1 ractor 1 rust 1 secret scanning 1 security 1 shift left 1

Writing timeline

When config edits start feeling like deploys · April 2026 Rolling PgBouncer without dropped queries · May 2026 Tuning Rails log levels per class, without a redeploy · May 2026 Dynamic per-user Rails debug logs, scoped to the request · May 2026 Debugging Redis::CannotConnectError in Ruby · May 2026 What concurrent Ruby looks like, twelve years after the book · May 2026 Catching the secret before the commit, not after the audit · June 2026

April 2026 hover a dot to see what published when June 2026

Recent writing

All posts →