SecurityLab track — runtime and distributed systems, kernel debugging, eBPF, Go concurrency, memory models, bootloaders, and assembly walkthroughs. Code-first, source-cited, mechanism-deep.
Long-form writing and video on runtime, distributed systems, and kernel internals — the layers below the application where most production reliability is actually decided.
Topics: Go runtime and concurrency, distributed systems patterns (RPC, queues, idempotency), kernel debugging with GDB/QEMU, eBPF, memory models, bootloaders, and assembly walkthroughs.
Companion to the HarrisonSecurityLab YouTube channel. Blog and video are listed below — most recent first.
All three are 'messaging systems.' None of them is interchangeable with the others. A practical breakdown of NATS, Kafka, and MQTT — by the actual design axes that determine which one breaks when you misuse it.
Docker is not a virtual machine. Kubernetes is not a container tool. Fifteen years in, both are misunderstood — and misused — as a result. A working engineer's explanation of what they actually changed.
The 'which language is fastest' benchmark wars miss the real question. Rust, Go, Java, and Python aren't competing on the same axis. They're tuned for different scaling strategies — and picking the wrong one costs you years.
The unit-vs-integration framing is a junior lens. Production Go backends need a different taxonomy: deterministic tests, contract tests, race tests, and fidelity tests. The ones that actually catch production bugs.
Tracing systems optimize for signal-to-noise. Billing systems optimize for accuracy and auditability. They look similar and they are not the same thing. A dual-path architecture for running both without cross-contamination.
context.Context is not documentation, not a metadata bag, and not optional. A production-hardened guide to cancellation propagation, the background-goroutine trap, and the patterns that keep services alive when downstreams slow down.
After a few years writing production Go, I stopped thinking of chan as a data pipe and context as a parameter. They're both lifecycle primitives — chan draws the boundary of 'how many alive', context draws the boundary of 'when to die'. Here's why that mental model changes the code you write.
After Four Pillars of Concurrency, the natural question: what does a system actually look like when it uses all of them deliberately? IronSys is a composite blueprint — the concurrency architecture I'd build today if I were starting over, with the trade-offs each choice buys.
Most engineers still reach for the mutex. That's one of four options, and usually not the best one. A working engineer's map of shared-state, CSP, actors, and STM — and when each is the right tool.
Go isn't magic and it isn't faster than Java. It just stops asking the kernel to help. A first-principles look at goroutines, 2KB stacks, and why high-frequency trading engines chase the exact same answer.
© 2026 HarrisonSec. All rights reserved.