netlens - writing

netlens - writingEssays on SRE, security, applied AI, and network diagnostics by Yossi Ben Hagai.https://netlens.pages.dev/en-usWhy raw lookup tools are not enough for SRE workflowshttps://netlens.pages.dev/blog/raw-lookup-tools-not-enough/https://netlens.pages.dev/blog/raw-lookup-tools-not-enough/Commodity DNS/IP lookup sites optimize for the wrong problem. Here is what engineers actually need from a diagnostics tool.Sat, 18 Apr 2026 00:00:00 GMTsretoolingdiagnosticsYossi Ben HagaiApplied AI for infra teams: patterns that actually workhttps://netlens.pages.dev/blog/applied-ai-for-infra-teams/https://netlens.pages.dev/blog/applied-ai-for-infra-teams/LLMs are good at narrow, read-only, well-evaluated tool calls. They are bad at long autonomous loops in production. Here is the shape of the systems that actually hold up.Wed, 15 Apr 2026 00:00:00 GMTaisreYossi Ben HagaiHow to investigate a misconfigured domainhttps://netlens.pages.dev/blog/investigating-misconfigured-domain/https://netlens.pages.dev/blog/investigating-misconfigured-domain/A short, opinionated playbook for the first 5 minutes of a 'the site is acting weird' incident.Fri, 10 Apr 2026 00:00:00 GMTsrednshttpdebuggingYossi Ben HagaiDNS is still the attack surface everyone forgetshttps://netlens.pages.dev/blog/dns-attack-surface-2026/https://netlens.pages.dev/blog/dns-attack-surface-2026/Subdomain takeovers, dangling CNAMEs, NS hijacks, and DMARC spoofing are not exotic. They are this quarter's incident. Here is what to actually check.Sun, 05 Apr 2026 00:00:00 GMTsecuritydnsYossi Ben HagaiSLOs that survive contact with realityhttps://netlens.pages.dev/blog/slos-that-survive/https://netlens.pages.dev/blog/slos-that-survive/Most SLO dashboards lie because they measure the wrong thing. The fix is cheaper than you think, and it is not another vendor.Sat, 28 Mar 2026 00:00:00 GMTsreYossi Ben HagaiMCP for SRE: giving agents real tools, safelyhttps://netlens.pages.dev/blog/mcp-for-sre/https://netlens.pages.dev/blog/mcp-for-sre/Model Context Protocol is the right primitive for on-call agents. It is also a footgun if you expose write tools without thinking. Here is a safer default.Fri, 20 Mar 2026 00:00:00 GMTaisresecurityYossi Ben HagaiWhere the edge actually lives in 2026https://netlens.pages.dev/blog/edge-compute-2026/https://netlens.pages.dev/blog/edge-compute-2026/Cloudflare Workers, Fastly Compute, Vercel Edge, Deno Deploy, Lambda@Edge. They are not interchangeable. Here is what each one lets you measure, and what each one hides.Tue, 10 Mar 2026 00:00:00 GMTsrenetworkingedgeYossi Ben Hagai