SecurityLab track — runtime and distributed systems, kernel debugging, eBPF, Go concurrency, memory models, bootloaders, and assembly walkthroughs. Code-first, source-cited, mechanism-deep.
Long-form writing and video on runtime, distributed systems, and kernel internals — the layers below the application where most production reliability is actually decided.
Topics: Go runtime and concurrency, distributed systems patterns (RPC, queues, idempotency), kernel debugging with GDB/QEMU, eBPF, memory models, bootloaders, and assembly walkthroughs.
Companion to the HarrisonSecurityLab YouTube channel. Blog and video are listed below — most recent first.
CodeGraph is the LLM-symbol-graph my prior retrieval post argued should exist. Read against its own SQLite index: why its architectural choices are right, and where the abstraction leaks.
Lossless curated notes vs lossy auto-compression with vector recall: two AI-memory designs that fail differently. One fails like a cache — classical systems already mapped it.
Why Claude Code uses grep instead of RAG: a cost-curve argument, audited against the source — with the Explore vs Fork A/B test nobody mentions.
Go channels are synchronization primitives, not queues. They deliver backpressure only when the producer is bounded — and that's where the real OOM hides.
Most discussions of Node vs Go concurrency stop at 'async vs threaded.' The real split is deeper — where does context switching happen, and what is the unit of scheduling?
A deep dive into query.ts — the 1,729-line async generator at the heart of Claude Code. 10 steps per iteration, 9 continue points, 4-stage compression, streaming tool execution, and error recovery. The engine behind every AI coding agent.
Strong, eventual, causal, read-your-writes, linearizable — consistency models are taught as a taxonomy. Production uses them as a menu. Ten scenarios, the right consistency choice for each, and the engineering that makes the choice work.
gRPC interceptors are where cross-cutting concerns live — auth, tracing, retry, metrics, rate limiting. Most examples online show toy single-interceptor demos. Production systems need to stack, order, and compose them correctly. A practical guide.
Go 1.18 shipped generics in March 2022. Four years later, the honest picture: they're useful for a narrower set of problems than the community hoped, they fit naturally in a few places, and overuse them and your code gets worse. A production retrospective.
Most performance advice for Go is ritual — 'use sync.Pool,' 'avoid interface boxing,' 'preallocate slices.' Useful sometimes, hollow often. A production engineer's guide to profiling Go systems with pprof, reading escape analysis output, and understanding when the compiler actually inlines.
© 2026 HarrisonSec. All rights reserved.