<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Rico Twesten-Weber</title>
    <link>https://ricotwestenweber.com</link>
    <description>I build platforms that run themselves, and write about DevOps and AI.</description>
    <language>en</language>
    <atom:link href="https://ricotwestenweber.com/rss.xml" rel="self" type="application/rss+xml" />

    <item>
      <title><![CDATA[Infrastructure testing — why your Terraform plan is not a test]]></title>
      <link>https://ricotwestenweber.com/blog/infrastructure-testing-terraform-plan-is-not-a-test</link>
      <guid>https://ricotwestenweber.com/blog/infrastructure-testing-terraform-plan-is-not-a-test</guid>
      <pubDate>Fri, 10 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Terraform plan tells you what will change. It doesn't tell you if the change is correct. Real infrastructure testing requires real assertions.]]></description>
    </item>
    <item>
      <title><![CDATA[Azure DevOps Pipelines — the parts they don't document]]></title>
      <link>https://ricotwestenweber.com/blog/azure-devops-pipelines-the-parts-they-dont-document</link>
      <guid>https://ricotwestenweber.com/blog/azure-devops-pipelines-the-parts-they-dont-document</guid>
      <pubDate>Thu, 09 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[The official docs cover the happy path. Here's what I learned from the edge cases: conditional stages, variable group scoping, and service connection gotchas.]]></description>
    </item>
    <item>
      <title><![CDATA[The CI/CD pipeline nobody maintains — why pipeline-as-code needs ownership]]></title>
      <link>https://ricotwestenweber.com/blog/the-cicd-pipeline-nobody-maintains</link>
      <guid>https://ricotwestenweber.com/blog/the-cicd-pipeline-nobody-maintains</guid>
      <pubDate>Thu, 09 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Pipeline YAML is code. It has bugs, tech debt, and dependencies. But nobody owns it, so it rots in place until something breaks at 2 AM.]]></description>
    </item>
    <item>
      <title><![CDATA[Your cluster is not as secure as you think — common K8s security gaps]]></title>
      <link>https://ricotwestenweber.com/blog/your-cluster-is-not-as-secure-as-you-think</link>
      <guid>https://ricotwestenweber.com/blog/your-cluster-is-not-as-secure-as-you-think</guid>
      <pubDate>Wed, 08 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Default Kubernetes is designed for convenience, not security. Most clusters have the same five gaps, and most teams don't know until something breaks.]]></description>
    </item>
    <item>
      <title><![CDATA[Workload Identity federation beyond CI/CD — securing service-to-service communication]]></title>
      <link>https://ricotwestenweber.com/blog/workload-identity-beyond-cicd</link>
      <guid>https://ricotwestenweber.com/blog/workload-identity-beyond-cicd</guid>
      <pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Workload Identity federation solved secrets in pipelines. The same pattern works for service-to-service auth, and it eliminates an entire class of credential management.]]></description>
    </item>
    <item>
      <title><![CDATA[Network segmentation with Ubiquiti — why your homelab needs VLANs]]></title>
      <link>https://ricotwestenweber.com/blog/network-segmentation-with-ubiquiti</link>
      <guid>https://ricotwestenweber.com/blog/network-segmentation-with-ubiquiti</guid>
      <pubDate>Mon, 06 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[A flat network is fine until your smart bulb talks to your NAS. VLANs with Ubiquiti keep IoT, lab, and management traffic properly separated.]]></description>
    </item>
    <item>
      <title><![CDATA[Paperless-ngx on Kubernetes — from scanner to searchable archive]]></title>
      <link>https://ricotwestenweber.com/blog/paperless-ngx-on-kubernetes</link>
      <guid>https://ricotwestenweber.com/blog/paperless-ngx-on-kubernetes</guid>
      <pubDate>Sun, 05 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Documents go from a network scanner to a classified, searchable archive without manual steps. The entire pipeline runs on Kubernetes, backed by NAS storage.]]></description>
    </item>
    <item>
      <title><![CDATA[Running Kubernetes on Raspberry Pi — the real cost and the real lessons]]></title>
      <link>https://ricotwestenweber.com/blog/running-kubernetes-on-raspberry-pi</link>
      <guid>https://ricotwestenweber.com/blog/running-kubernetes-on-raspberry-pi</guid>
      <pubDate>Fri, 03 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Everyone shows the glamorous kubectl output. Nobody shows the SD card failures, the ARM64 image hunt, or the power draw math. Here's the honest version.]]></description>
    </item>
    <item>
      <title><![CDATA[When AI-generated YAML breaks production — lessons from real failures]]></title>
      <link>https://ricotwestenweber.com/blog/when-ai-generated-yaml-breaks-production</link>
      <guid>https://ricotwestenweber.com/blog/when-ai-generated-yaml-breaks-production</guid>
      <pubDate>Wed, 01 Apr 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[AI-generated infrastructure code looks correct. It passes linting. Then it breaks in ways you didn't think to test for. Three failures I learned from.]]></description>
    </item>
    <item>
      <title><![CDATA[Prompt engineering for infrastructure — what works and what doesn't]]></title>
      <link>https://ricotwestenweber.com/blog/prompt-engineering-for-infrastructure</link>
      <guid>https://ricotwestenweber.com/blog/prompt-engineering-for-infrastructure</guid>
      <pubDate>Tue, 31 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Most prompt engineering advice assumes you're writing marketing copy. Infrastructure prompts have different failure modes, and the patterns that work are counterintuitive.]]></description>
    </item>
    <item>
      <title><![CDATA[Building an AI review layer for Helm charts]]></title>
      <link>https://ricotwestenweber.com/blog/building-an-ai-review-layer-for-helm-charts</link>
      <guid>https://ricotwestenweber.com/blog/building-an-ai-review-layer-for-helm-charts</guid>
      <pubDate>Sun, 29 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Helm chart reviews are tedious and error-prone. I built an AI layer that catches misconfigs before they reach staging, and it found things I would have missed.]]></description>
    </item>
    <item>
      <title><![CDATA[The platform engineer's job is to delete toil, not build portals]]></title>
      <link>https://ricotwestenweber.com/blog/platform-engineers-job-is-to-delete-toil</link>
      <guid>https://ricotwestenweber.com/blog/platform-engineers-job-is-to-delete-toil</guid>
      <pubDate>Fri, 27 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Platform engineering got hijacked by portal builders. The actual job is making repetitive work disappear, not putting a UI on top of it.]]></description>
    </item>
    <item>
      <title><![CDATA[FluxCD vs ArgoCD — an opinionated comparison]]></title>
      <link>https://ricotwestenweber.com/blog/fluxcd-vs-argocd</link>
      <guid>https://ricotwestenweber.com/blog/fluxcd-vs-argocd</guid>
      <pubDate>Wed, 25 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Both reconcile. Both work. But they make fundamentally different assumptions about who controls the cluster. Here's why I chose FluxCD.]]></description>
    </item>
    <item>
      <title><![CDATA[Branch-based environments — how we stopped sharing staging]]></title>
      <link>https://ricotwestenweber.com/blog/branch-based-environments</link>
      <guid>https://ricotwestenweber.com/blog/branch-based-environments</guid>
      <pubDate>Mon, 23 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Shared staging environments are where feature branches go to conflict. Branch-based environments gave every PR its own isolated world, and it changed how we ship.]]></description>
    </item>
    <item>
      <title><![CDATA[GitOps is not about Git]]></title>
      <link>https://ricotwestenweber.com/blog/gitops-is-not-about-git</link>
      <guid>https://ricotwestenweber.com/blog/gitops-is-not-about-git</guid>
      <pubDate>Tue, 10 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Most teams adopt GitOps and end up with git-flavored CI/CD. The part that actually matters is the reconciliation loop, not the repo.]]></description>
    </item>
    <item>
      <title><![CDATA[AI won't replace your pipeline — it will replace your patience]]></title>
      <link>https://ricotwestenweber.com/blog/ai-wont-replace-your-pipeline-it-will-replace-your-patience</link>
      <guid>https://ricotwestenweber.com/blog/ai-wont-replace-your-pipeline-it-will-replace-your-patience</guid>
      <pubDate>Sat, 07 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Senior DevOps engineers spend most of their time reviewing YAML, not writing it. AI is starting to change that, and the shift matters more than the hype suggests.]]></description>
    </item>
    <item>
      <title><![CDATA[Your homelab is your best interview]]></title>
      <link>https://ricotwestenweber.com/blog/your-homelab-is-your-best-interview</link>
      <guid>https://ricotwestenweber.com/blog/your-homelab-is-your-best-interview</guid>
      <pubDate>Wed, 04 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Running production-grade infrastructure at home taught me more about DevOps than any certification prep course. Here's why I think every engineer should try it.]]></description>
    </item>
    <item>
      <title><![CDATA[Zero secrets in pipelines — and why most teams still get this wrong]]></title>
      <link>https://ricotwestenweber.com/blog/zero-secrets-in-pipelines</link>
      <guid>https://ricotwestenweber.com/blog/zero-secrets-in-pipelines</guid>
      <pubDate>Sun, 01 Mar 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[Stored credentials in CI/CD pipelines are a liability. How Azure Workload Identity federation eliminates the most common secret management failure.]]></description>
    </item>
    <item>
      <title><![CDATA[Hello World]]></title>
      <link>https://ricotwestenweber.com/blog/hello-world</link>
      <guid>https://ricotwestenweber.com/blog/hello-world</guid>
      <pubDate>Fri, 13 Feb 2026 00:00:00 GMT</pubDate>
      <description><![CDATA[My first blog post on this new site.]]></description>
    </item>
  </channel>
</rss>