Blog

Engineering, products, and what holds up in production.

Essays on full-stack craft, UX, AI as a tool, and founder reality — from a staff engineer who still ships.

Search by title

May 1, 2026
🔒 Nobody Anticipated This: GitHub Can Lock You Out of Your Entire Business Overnight
One comment. One ban. Your entire startup goes dark. Volodymyr Hordieiev's GitHub account was banned without warning, locking him out of his code, his integrations, and every platform using GitHub OAuth. Here's what happened and how to protect yourself.
Read more
Apr 29, 2026
💥 Railway Production Wipeout: How an AI Agent Found a Token and Deleted Everything
An AI agent found a Railway token and wiped both production and backups. The founder documented everything. Here are 8 lessons to protect your infrastructure.
Read more
Apr 22, 2026
🔓 All We Know About Vercel's 2 Million Dollar Leak; An OAuth Token Gone Wrong
A Vercel employee granted an AI tool full OAuth access to Google Workspace. The tool got hacked. Now stolen data is on sale for 2 million dollars. Here's the full breakdown and a security playbook.
Read more
Apr 9, 2026
🔐 How I Protect My Content From AI Scrapists
Paywalled posts still get lifted into AI Overviews next to ads. Here is the domain-first funnel, unlock license, and 1000x commercial floor I use so my research stays mine to sell.
Read more
Mar 7, 2026
🔓 California's New Law Will Broadcast Your Child's Age to Every App on Their Phone
There's been some news coverage of this law. It fits into a broader trend of trying to make the internet safer for children. That part is important and worth pursuing.
Read more
Feb 4, 2026
🔒 How to Anonymize Private Data Before Feeding It to AI
One of the major difficulties with working with AI models and LLMs is handling of private data. An HR specialist can't use AI to handle resumes without specific provisions to protect the private data. AI can give a lot of possibilities in areas like HR, but also in medicine, fina
Read more
Dec 6, 2025
Developers Die Because Of The New React Vulnerability
Photo by RDNE Stock project: https://www.pexels.com/photo/man-in-orange-polo-shirt-with-hand-on-his-face-5544126/
Read more
Jun 22, 2025
16 Billion Passwords Leaked: If You’ve Reused a Password Since 2012, Assume It’s Compromised
A staggering 16 billion passwords have surfaced in what’s likely the largest credential compilation ever shared online. Sourced from 30…
Read more
Jun 21, 2025
The Supabase RLS Trap: When ‘No Backend’ Breaks Everything
Everyone loves the idea of skipping the backend — just write policies, plug in Auth, and ship. But as soon as your app grows beyond a todo…
Read more
Jun 17, 2025
Think CSP and CORS Are Enough? Think Again
Frontend isn’t just about buttons and pixels — it’s the first line of defense against real-world attacks. If your app loads scripts from…
Read more

Get new posts by email

Engineering, products, and what holds up in production.

🔒 Nobody Anticipated This: GitHub Can Lock You Out of Your Entire Business Overnight

💥 Railway Production Wipeout: How an AI Agent Found a Token and Deleted Everything

🔓 All We Know About Vercel's 2 Million Dollar Leak; An OAuth Token Gone Wrong

🔐 How I Protect My Content From AI Scrapists

🔓 California's New Law Will Broadcast Your Child's Age to Every App on Their Phone

🔒 How to Anonymize Private Data Before Feeding It to AI

Developers Die Because Of The New React Vulnerability

16 Billion Passwords Leaked: If You’ve Reused a Password Since 2012, Assume It’s Compromised

The Supabase RLS Trap: When ‘No Backend’ Breaks Everything

Think CSP and CORS Are Enough? Think Again

Follow along