All posts / tag
#platform
-
Catching the secret before the commit, not after the audit
The cheapest place to catch a hardcoded secret is before it is ever committed. On false-positive fatigue and why scanners get muted, the gap between looks-like-a-key and is-this-key-live, and how I built leakferret to classify, verify, and rewrite secrets in the editor, the pre-commit hook, and the AI agent itself.
-
What concurrent Ruby looks like, twelve years after the book
Walking the foundations of Storimer's Working with Ruby Threads with the actual race conditions and deadlocks you'll see in production, then walking the primitives that have shown up since 2014: Ractors, Fiber.scheduler, async, Falcon, and the snapshot-plus-AtomicReference pattern I keep using for hot-path lookups.
-
Debugging Redis::CannotConnectError in Ruby
A month of thousands of connect-timeout errors a day from a Rails app on redis-rb. The dead ends (pool size, KEDA, DNS, kernel knobs you can't tune on managed Redis), the error taxonomy that actually narrows it down, and the four-line fix that turned out to be a footgun in your own code.
-
Dynamic per-user Rails debug logs, scoped to the request
Turning on debug logs for one specific user's next handful of requests. Thread-local silence, request-scoped tags, and how it cooperates with the per-component dial from the previous post.
-
Tuning Rails log levels per class, without a redeploy
A small concern that gives every base class its own logger with a runtime-tunable level, so you can crank debug on one service for thirty minutes without touching the rest of the app.
-
Rolling PgBouncer without dropped queries
On taking the connection-bad spike during PgBouncer rollouts to zero. Pooling modes, the three connection layers a rollout has to cross, the SIGTERM-vs-SIGINT dilemma, and where the actual fix lives.
-
When config edits start feeling like deploys
How to add dynamic configuration to hot, frequently-read request-path code in a Rails-on-Kubernetes app, without restarting any worker. Propagating config edits across the fleet via ConfigMap as an event channel: the alternatives I considered, the shape I shipped, and why most of the design was about what I kept out of the channel.