When we think about deploying modern web services, containers are the default answer. They offer fantastic density and operational speed compared to traditional virtual machines. Yet, that efficiency comes with a well-known trade-off: a reduced security boundary that, while often sufficient, has proven vulnerable to escape exploits. On the other side, VMs provide robust isolation but feel too heavy and slow for the dynamic, scalable world of cloud-native applications. This tension led me to look for a middle path—a way to achieve the strong security of a VM with the lightweight, fast-booting nature of a container. My exploration brought me to the compelling world of Unikernels and the tools, like Unikraft, that are bringing them into mainstream consideration. This article dives into that journey, examining how these specialized kernels work and why they might be the next step in our quest for performant and secure infrastructure.

Last year, 2025, reinforced a familiar and worrying pattern: critical vulnerabilities, often stemming from memory-safety issues in foundational C++ code, continue to plague our most essential software. The logical, compelling answer from many corners of the industry is a shift towards memory-safe languages like Rust. I understand this push completely. However, by framing Rust as a silver-bullet solution, we risk addressing only the symptom while ignoring the underlying disease of complexity and superficial understanding in massive codebases. This article explores the tangible benefits and subtle pitfalls of the Rust transition, the immense reality of our C++ legacy, and why the future of software safety might not be decided by a compiler, but by the tools we build to augment our understanding.

Dependency management with Go Modules has become a standard part of the workflow, but it only solves one part of the puzzle. In environments with multiple repositories, we often need to share more than just libraries—think configuration templates, Docker service definitions, or shared mock objects for testing. These resources don't fit neatly into the module system and demand different approaches. This article looks at the landscape of options, from project generators that create and maintain snapshots of code to more direct methods like Git subtrees or even simple curl scripts. The goal is to find maintainable ways to ensure consistency and reduce manual toil, whether you're bootstrapping a new service or keeping a suite of projects in sync.

Over the past year, my writing has ventured deeper into the technical trenches while also stepping back to question broader industry trends. The journey moved from specific optimizations in Go and Rust to fundamental discussions about infrastructure resilience, developer workflows, and the role of AI. A consistent thread has been the pursuit of pragmatism—finding the right tool for the job, understanding the trade-offs, and building systems that are not just clever, but truly reliable and maintainable. This collection captures that ongoing dialogue between innovation, craftsmanship, and practical reality.

The software engineering conversation today is dominated by languages like Go, Rust, and Zig. Having worked extensively with them, I’ve often found them to be more 'different' than fundamentally innovative compared to my established tools. This led me to a surprising question: what if the real evolution wasn't in a new language, but in the modernization of an old one? My journey back to C++—a language I had long dismissed—revealed a ecosystem transformed by smart tooling, powerful paradigms like data-oriented design, and a philosophy that now feels strikingly aligned with clarity and performance. This is not the C++ I remembered.