Writing about development and technology.
Understanding the evolution from script tags to Webpack and Vite. How Tree Shaking, Minification, and Dead Code Elimination work under the hood.
Users think your app is broken not because the API is slow, but because the UI is rude. I share how I replaced flickering loading screens with Skeleton UI and swapped alert() boxes for graceful Error Boundaries to dramatically improve UX.
Understanding idempotency concepts and implementation through practical experience
Passing functional tests doesn't mean your server can handle real traffic. '100 tests by one person' and '1 test by 100 people simultaneously' are completely different problems. Here's how to get started with k6 load testing, find bottlenecks, and fix them.
When ChatGPT first came out, developers were terrified. 'Coding is dead.' I was scared too. But after integrating LLMs into production for a year, I realized: AI is not a God, but an incredibly smart intern who sometimes hallucinates confidently.
Did you silence the 'unique key prop' warning with 'index' because it was annoying? That habit is destroying your form data and driving users crazy. I share my debugging nightmare where inputs swapped values and focus jumped around, explaining specificially why 'index' keys are evil in dynamic lists.
My app made users wait 3 seconds after clicking 'Sign Up' just to send a welcome email. If the email server failed, the sign-up failed too. I share how I used a Message Queue (BullMQ) to decouple these processes, explained with a 'Restaurant Order Ticket' analogy.
I adopted Kubernetes (k8s) blindly because it was 'trendy' and 'scalable'. The result? A massive infrastructure bill and YAML hell. I share my honest retrospective on the dangers of over-engineering and when you should actually use Kubernetes.
Stop using 'any'. How to build reusable, type-safe components using Generics. Advanced patterns with extends, keyof, and infer.
One week after launch, I got an angry email: 'I lost all my work because I was logged out!' The culprit was JWT expiration. I share the hard lessons learned about balancing security and UX, implementing Silent Refresh with Axios Interceptors, and choosing the right storage to prevent XSS attacks.
From simple CRUD to an append-only log of immutable events. We dissect Event Sourcing—the architecture behind scalable financial systems. Learn why it pairs perfectly with CQRS, how to handle the versioning of events (Schema Evolution), and the trade-offs involved in complexity versus auditability.
Started building a smart home for convenience, but realized security is a nightmare. From WiFi bulbs to smart locks, I share my journey of securing IoT devices, setting up a local control system with Home Assistant, and preventing my house from becoming a zombie botnet.
Managing infrastructure manually via a web console is a disaster waiting to happen. I share my horror story of accidentally terminating a production database server and how Infrastructure as Code (IaC) with Terraform saves us from human error, providing version control, reproducibility, and peace of mind.
Understanding SSRF attack principles and defense methods through practical experience
Redirecting HTTP to HTTPS isn't enough to secure your users. You are still vulnerable to Man-in-the-Middle (MITM) attacks during that first split-second redirect. Learn how HSTS (HTTP Strict Transport Security) forces browsers to use HTTPS automatically, closing that critical security gap.
I found my website running inside an iframe on a shady domain. I dive deep into 6 essential security headers (HSTS, X-Frame-Options, CSP, Permissions-Policy, etc.) to stop Clickjacking and XSS, with implementation guides for Nginx and Next.js.
You changed the code, saved it, but the browser does nothing. Tired of hitting F5 a million times? We dive into how HMR (Hot Module Replacement) works, why it breaks (circular dependencies, case sensitivity, etc.), and how to fix it so you can regain your development speed.
Why your server isn't hacked. From 'Packet Filtering' checking ports/IPs to AWS Security Groups. Evolution of Firewalls.
3 days after launch, our DB CPU spiked to 100%. Logs showed a SQL Injection attack. This is a war story of how we urgently deployed AWS WAF to block the attack. I also explain Positive vs Negative Security Models and the OWASP Core Rule Set (CRS).
How to survive Apple App Store and Google Play reviews. Covering Privacy Manifests, In-App Purchase pitfalls, Copyright issues, and strategies leveraging the fact that 'Humans Review Your App'.
