Blog
Channels Aren't Message Passing — How Parked Goroutines OOM-Killed a Pod
Go channels are synchronization primitives, not queues. They deliver backpressure only when the producer is bounded — and that's where the real OOM hides.
[ SECURITYLAB ]
SecurityLab track — runtime and distributed systems, kernel debugging, eBPF, Go concurrency, memory models, bootloaders, and assembly walkthroughs. Code-first, source-cited, mechanism-deep.
Long-form writing and video on runtime, distributed systems, and kernel internals — the layers below the application where most production reliability is actually decided.
Topics: Go runtime and concurrency, distributed systems patterns (RPC, queues, idempotency), kernel debugging with GDB/QEMU, eBPF, memory models, bootloaders, and assembly walkthroughs.
Companion to the HarrisonSecurityLab YouTube channel. Blog and video are listed below — most recent first.
Blog
Node Turns Waiting Into Events. Go Moves Context Switching Into User Space.
Most discussions of Node vs Go concurrency stop at 'async vs threaded.' The real split is deeper — where does context switching happen, and what is the unit of scheduling?
Video
Why Claude Code's Agent Loop Is 1,421 Lines
A deep dive into query.ts — the 1,729-line async generator at the heart of Claude Code. 10 steps per iteration, 9 continue points, 4-stage compression, streaming tool execution, and error recovery. The engine behind every AI coding agent.
Blog
Consistency in Distributed Systems: Scenarios, Trade-offs, and What Actually Works
Strong, eventual, causal, read-your-writes, linearizable — consistency models are taught as a taxonomy. Production uses them as a menu. Ten scenarios, the right consistency choice for each, and the engineering that makes the choice work.
Blog
gRPC Interceptors in Production: Design Patterns That Survive Real Load
gRPC interceptors are where cross-cutting concerns live — auth, tracing, retry, metrics, rate limiting. Most examples online show toy single-interceptor demos. Production systems need to stack, order, and compose them correctly. A practical guide.
Blog
Go Generics, One Year In: Which Promises Held, Which Didn't
Go 1.18 shipped generics in March 2022. Four years later, the honest picture: they're useful for a narrower set of problems than the community hoped, they fit naturally in a few places, and overuse them and your code gets worse. A production retrospective.
Blog
Go Profiling in Anger: pprof, Escape Analysis, and Inlining Without Magic
Most performance advice for Go is ritual — 'use sync.Pool,' 'avoid interface boxing,' 'preallocate slices.' Useful sometimes, hollow often. A production engineer's guide to profiling Go systems with pprof, reading escape analysis output, and understanding when the compiler actually inlines.
Blog
sync.Pool in Go: When It Actually Helps, and When It Quietly Hurts
sync.Pool is the Go feature most likely to be used incorrectly. A working engineer's guide to when pooling buffers actually saves GC pressure, when it just adds complexity, and the benchmark methodology that tells the difference.
Blog
Why Your "Fail-Fast" Strategy is Killing Your Distributed System (and How to Fix It)
Why blind fail-fast during leader election causes retry storms, and how bounded retry budgets, failure boundaries, and error normalization create predictable distributed systems.
Blog
RPC vs NATS: It's Not About Sync vs Async — It's About Who Owns Completion
The most common microservices mistake isn't picking the wrong transport. It's misreading who is responsible for knowing the work finished. A field guide to completion ownership in RPC, message bus, and event-driven systems.