oss articles — cronfeed.work

Read article ->

Open Source Mar. 23, 2026

Keycloak architecture in 2026: where realm boundaries, cache topology, and proxy trust decide your incident budget

An architecture note for platform teams running Keycloak at scale: most failures do not come from protocol support, but from three design boundaries—realm partitioning, distributed-cache behavior, and reverse-proxy header trust.

Read article ->

Open Source Mar. 21, 2026

Rust governance signal in 2026: release train discipline, edition resets, and RFC throughput under real load

A governance signal readout for Rust adopters: how six-week trains, opt-in edition boundaries, RFC queue dynamics, foundation structure, and ecosystem scale combine into a predictable but still capacity-sensitive operating contract for platform teams.

Read article ->

Open Source Mar. 21, 2026

Fluent Bit in 2026: an architecture note on buffering, backpressure, and where data loss boundaries really sit

A production architecture note for Fluent Bit operators: how chunk lifecycle, memory/filesystem/memrb buffering modes, retry windows, and Tail input defaults interact to determine latency stability and loss behavior under destination failures.

Read article ->

Open Source Mar. 20, 2026

OpenBao in 2026: a project introduction for platform teams that need Vault-class secrets control under open governance

A project introduction to OpenBao for platform teams evaluating self-hosted secrets control planes: what the architecture keeps, what governance changes, where migration friction actually sits, and the operational checks that decide whether a pilot should scale.

Read article ->

Open Source Mar. 19, 2026

OpenTelemetry Collector in 2026: an architecture note on backpressure, memory limits, and queue semantics

A practical architecture note for platform teams running OpenTelemetry Collector at scale: where backpressure actually starts, how memory_limiter and batch interact, and why exporter queue semantics decide whether overload becomes latency or data loss.

Read article ->

Open Source Mar. 18, 2026

lakeFS in 2026: a project-introduction for data teams that need Git-like control without moving lake data

A practical introduction to lakeFS for engineering teams that need branchable, auditable data-lake workflows: what the control plane actually does, where direct I/O changes operations, and which adoption shape avoids the most common migration mistakes.

Read article ->

Open Source Mar. 13, 2026

NATS JetStream in 2026: an architecture note on streams, consumers, and where failure boundaries actually sit

An architecture-first guide to NATS JetStream for teams evaluating replayable messaging: how stream retention, consumer state, RAFT replication, deduplication, and ack policy decide whether the system behaves like a clean event backbone or a source of operational surprises.

Read article ->

Open Source Mar. 12, 2026

Langfuse in 2026: a project introduction for teams that want one open-source layer for LLM traces, evals, and prompt versions

A project introduction to Langfuse for engineering teams deciding whether to consolidate LLM tracing, evaluations, prompt management, and self-hosted control into one open-source stack instead of stitching together separate point tools.

A project-introduction view of SpiceDB for engineering teams moving beyond ad-hoc RBAC: what it solves, where its consistency model changes system design, and the boundary conditions for a safe pilot.

Read article ->

OSV-Scanner works best when vulnerability scanning stays close to dependency evidence

DVC works when Git keeps the story and storage keeps the weight

Verdaccio is a registry boundary, not a package warehouse

Baserow in 2026: a project introduction for teams that need a no-code database without surrendering the data boundary

All articles

KDE's release train is turning desktop polish into governance

Valhalla makes routing a graph-costing problem, not a map screenshot

Polars is fastest when the DataFrame becomes a query plan

Starship works when the prompt becomes shared context

k6 makes load testing a code review artifact, not a late-stage ritual

calibre makes ebooks behave like a local library again

maturin is the bridge when Python needs Rust without packaging theater

Jitsi Meet is an SFU stack before it is a meeting link

Prosody keeps XMPP useful by staying small

Zulip's governance signal is topic discipline at maintainer scale

Open WebUI is the local AI layer where chat becomes administration

Jellyfin is the media server to adopt when the library is the product

Mosquitto makes MQTT useful by refusing to hide the broker

uutils/coreutils turns a Rust rewrite into a compatibility audit

KiCad makes PCB work look like a software release

Zigbee2MQTT turns a smart home into a message bus problem

Superset is the BI migration to make when ownership matters more than polish

GStreamer is a negotiation engine before it is a media toolkit

Krita's strongest 2026 signal is artist-shaped release discipline

Miniflux is the reader to adopt when feeds need control, not ceremony

OpenRefine keeps data cleaning close to human judgment

OpenDroneMap is strongest when the photo pile becomes a pipeline

Kiwix makes offline knowledge an architecture, not a download

Tekton is a CI/CD control plane, not a Jenkins-shaped replacement

eBPF is safest when you read it as a kernel extension contract

FOSDEM is open source's working map, not just a weekend conference

Vector is an observability pipeline, not just a faster log shipper

Open Food Facts turns grocery labels into public infrastructure

Casbin is an authorization contract before it is a permission table

Svelte 5 is a compiler contract before it is a syntax change

Jaeger v2 is a tracing backend, not just a place traces go

OpenBSD's governance signal is discipline you can inspect

CUE makes configuration safer when types and values share one contract

Kaniko's archive made daemonless builds a maintenance decision

Zotero is strongest when citations become research infrastructure

Paperless-ngx works when the inbox becomes a workflow, not a dumping ground

OpenSCAD is best when CAD needs to behave like source code

FFmpeg is clearest when the command line is read as a media pipeline

MediaWiki's governance signal is the release train beneath the wiki

pandas 2.0 made the DataFrame a contract surface: an annotated viewing of Arrow, Copy-on-Write, and compatibility

Nextcloud adoption works when files stay the core and apps stay deliberate

MariaDB is strongest when storage and replication stay separate

Playwright is a waiting machine before it is a browser robot

Inkscape works best when SVG remains the contract

QGIS works because desktop GIS became the ecosystem hub

Reproducible builds make binary trust an operations problem

Apache DataFusion turns query planning into a reusable engine boundary

LibreOffice's strongest feature is the institution behind the document

GNU Emacs stays alive because Lisp is the extension boundary

KEDA is strongest when autoscaling follows the queue, not the pod

ActivityPub is an inbox/outbox protocol before it is a social network

Blender's governance signal is the clock behind the creative suite

GNOME's governance signal is the release team behind the desktop

Open Source Pledge turns maintainer funding into a budget line, not a thank-you note

OpenObserve is clearest when observability is treated as a storage-shape problem

ElectricSQL works best when sync is a read path, not a second write model

Mosh stays useful because it treats the terminal as synchronized state, not a fragile TCP stream

Wireshark gets powerful when packets become plug-ins: an annotated viewing of dissectors, bytes, and protocol boundaries

Kubernetes needs a complexity budget before it needs another surface

Samba adoption works when identity mapping is treated as the migration, not a footnote

Gitleaks in 2026: an adoption note on local scans, git history, baselines, and the remediation trap

PostGIS in 2026: an architecture note on geometry, GiST, and keeping spatial work inside SQL

Apache OpenDAL in 2026: an ecosystem map for making object storage a service boundary, not SDK sprawl

Meshtastic in 2026: an architecture note on LoRa airtime, channels, and MQTT boundaries

Woodpecker CI in 2026: a project introduction for teams that want self-hosted pipelines without rebuilding GitHub Actions

Consul in 2026: an architecture note on local agents, gossip, Raft, and the catalog boundary

Typesense in 2026: a project introduction for teams that want typo-tolerant search, facets, and hybrid retrieval in one engine

llama.cpp in 2026: an ecosystem map of GGUF, hardware backends, and the OpenAI-compatible layer that made local models portable

Supabase in 2026: a project introduction for teams that want Postgres to stay the center while auth, storage, and realtime move into the same control plane

NumPy in 2026: the governance signal is the council-plus-release machine that lets a scientific core break carefully

rsync in 2026: an architecture note on file lists, rolling checksums, and the pipeline that keeps remote copies cheap

K9s in 2026: a project introduction for operators who want Kubernetes triage to stay terminal-native

WireGuard in 2026: an architecture note on cryptokey routing, handshake timing, and roaming without a control plane

Lazygit in 2026: an adoption / migration note on patch staging, worktrees, and reflog-backed Git speed

Plausible in 2026: a project introduction for teams that want analytics without a consent-engineering sidecar