SecurityLab track — runtime and distributed systems, kernel debugging, eBPF, Go concurrency, memory models, bootloaders, and assembly walkthroughs. Code-first, source-cited, mechanism-deep.
Long-form writing and video on runtime, distributed systems, and kernel internals — the layers below the application where most production reliability is actually decided.
Topics: Go runtime and concurrency, distributed systems patterns (RPC, queues, idempotency), kernel debugging with GDB/QEMU, eBPF, memory models, bootloaders, and assembly walkthroughs.
Companion to the HarrisonSecurityLab YouTube channel. Blog and video are listed below — most recent first.
Go 1.18 shipped generics in March 2022. Four years later, the honest picture: they're useful for a narrower set of problems than the community hoped, they fit naturally in a few places, and overuse them and your code gets worse. A production retrospective.
Most performance advice for Go is ritual — 'use sync.Pool,' 'avoid interface boxing,' 'preallocate slices.' Useful sometimes, hollow often. A production engineer's guide to profiling Go systems with pprof, reading escape analysis output, and understanding when the compiler actually inlines.
sync.Pool is the Go feature most likely to be used incorrectly. A working engineer's guide to when pooling buffers actually saves GC pressure, when it just adds complexity, and the benchmark methodology that tells the difference.
Why blind fail-fast during leader election causes retry storms, and how bounded retry budgets, failure boundaries, and error normalization create predictable distributed systems.
The most common microservices mistake isn't picking the wrong transport. It's misreading who is responsible for knowing the work finished. A field guide to completion ownership in RPC, message bus, and event-driven systems.
All three are 'messaging systems.' None of them is interchangeable with the others. A practical breakdown of NATS, Kafka, and MQTT — by the actual design axes that determine which one breaks when you misuse it.
Docker is not a virtual machine. Kubernetes is not a container tool. Fifteen years in, both are misunderstood — and misused — as a result. A working engineer's explanation of what they actually changed.
The 'which language is fastest' benchmark wars miss the real question. Rust, Go, Java, and Python aren't competing on the same axis. They're tuned for different scaling strategies — and picking the wrong one costs you years.
The unit-vs-integration framing is a junior lens. Production Go backends need a different taxonomy: deterministic tests, contract tests, race tests, and fidelity tests. The ones that actually catch production bugs.
Tracing systems optimize for signal-to-noise. Billing systems optimize for accuracy and auditability. They look similar and they are not the same thing. A dual-path architecture for running both without cross-contamination.
© 2026 HarrisonSec. All rights reserved.