Infrastructure

By mid-2026, AI build vs buy has nothing to do with novelty. It is a ruthless mathematical calculation of telemetry, context freshness, and infrastructure lock-in.

Local-first, hardware-aware architecture is becoming the default for high-reliability AI systems. The cloud-heavy pattern costs too much and fails too unpredictably for agentic workloads.

AI data pipelines aren't some new paradigm. They're ETL with a retrieval layer bolted on. The discipline that makes them work is the same discipline that has always made pipelines work: detect change, chunk intelligently, keep indexes fresh.

AI infrastructure at scale is just infrastructure. The same boring patterns -- gateways, caching, circuit breakers, budget enforcement -- solve the same boring problems.

The GPU shortage is real, rate limits are a production constraint, and your AI demo is going to collapse under real traffic. Some annoyed thoughts on infrastructure realism.

A practical guide to vector databases -- what they store, how similarity search works, and the architectural decisions that matter in production.

Most cloud cost problems are visibility problems. Fix tagging, kill idle resources, right-size what remains, and make cost a regular engineering conversation.

Platform engineering is what happens when you realize 'you build it, you run it' does not scale past a handful of teams.

Cloud cost management is not a discipline. It is basic engineering hygiene dressed up with a consulting-friendly name.

After assessing platform maturity at a dozen enterprises, the pattern is clear: most platform teams build tools nobody asked for while developers wait in ticket queues.

Most Kubernetes clusters are 40-60% over-provisioned. Here's how I help teams cut their bills without sacrificing reliability.

Practical database reliability from running Postgres at the fintech startup and at large enterprises. Includes config examples, migration patterns, and the operational habits that actually prevent outages.

A comparison of data ingestion patterns from building the fintech startup's financial data pipelines, plus when each one actually makes sense.

Multi-cloud sounds great in vendor pitches. In practice, it doubles your operational burden for benefits most teams will never need.

The M1 is impressive hardware. The 'ARM everywhere in the data center' takes are not. Here's what actually matters for server infrastructure.

The industry loves renaming things. Platform engineering is DevOps done properly — and most companies still won't do it right.

Lessons from building production operators at Decloud: the reconciliation loop, controller-runtime patterns, and the mistakes that cost us sleep.

Most K8s clusters I audit are either wildly overprovisioned or one bad deploy away from eviction storms. Here's how I set requests, limits, and guardrails.

COVID broke everyone's VPN. Good. It was a terrible security model to begin with. The answer isn't scaling your VPN — it's replacing the mental model entirely.

Everyone's scrambling to scale cloud infrastructure overnight. I've seen what happens when security gets deprioritized under pressure — at NATO exercises, at Decloud, at the fintech startup. Here's how to not become a headline.

Most companies building video calling right now are making the same three architecture mistakes. Here's what I keep seeing and how to fix it before your SFUs fall over.

I tested Terraform modules with unit checks, policy engines, and full integration runs side by side. Here's what each approach actually catches and what it misses.

Lessons from splitting a 4000-resource Terraform state into something teams can actually work with -- state layout, module boundaries, and the workflow discipline nobody wants to do until they have to.

Kubernetes defaults optimize for fast adoption, not safety. A hardening checklist drawn from running clusters at the fintech startup, Dropbyke, and early Decloud work.

A direct comparison of cloud cost optimization strategies -- what actually moves the needle vs. what just makes finance feel better.

How I moved three teams off ad-hoc kubectl deployments and onto Git-driven infrastructure -- with code examples, repo layouts, and the mistakes I made along the way.

Most Kubernetes outages come from skipping the basics. Here's the checklist I use after running clusters at the fintech startup and now at Decloud.

My honest take on evaluating Istio at the fintech startup — what it actually gives you, what it costs you, and why most teams should think twice before adopting it.

Opinionated Infrastructure as Code patterns from running Terraform at the fintech startup. Repo layout, modules, state management, and the stuff that burns you if you ignore it.

Operators are the hot thing in the Kubernetes world right now. They're genuinely useful — but the hype is outpacing the reality for most teams.

Perimeter security is dead. At the fintech startup, I ripped out the castle-and-moat model and replaced it with zero trust — identity-first, micro-segmented, no implicit trust anywhere. Here's what that actually looked like.

Year two of running Kubernetes at the fintech startup. The panic is gone. Now it's networking, resource tuning, and all the operational grunt work nobody blogs about.

Five days after the Spectre/Meltdown disclosure, a CTO's raw take on what happened, what we patched, and why this changes the game for anyone running shared infrastructure.

Containers give you process isolation, not a security boundary. I break down how we hardened images, locked down runtimes, and segmented networks at the fintech startup — plus the stuff nobody warns you about.

We serve financial data to users across Europe at the fintech startup. Here's what I've learned about going multi-region -- the patterns that work, the ones that burn you, and when you should even bother.

Your board doesn't care about Kubernetes. They care about money, risk, and speed. Here's how I learned to pitch infra investment at the fintech startup.

That clean AWS pricing page has almost nothing to do with your actual invoice. I learned this the hard way at the fintech startup.

After a year of running Kubernetes in production, the wins are real but the sharp edges drew blood first. Here's what paid off, what bit us, and what I'd do differently.

ELK is powerful. It's also a second full-time job. Here's what I learned running it at Dropbyke, and what I'd consider instead.

Most startups have no business running their own servers. The math is not close.

I used all three. Ansible required the least ceremony. That's the whole argument.

Running Docker in production at Dropbyke forced us to get serious about image builds, container networking, log aggregation, and security. Here is what actually worked.