Articles
$44,000 in a Day: What Happens When Your APK Ships an Unrestricted API Key
A real incident where an unrestricted Google Cloud API key in an Android APK led to $44,000 of unauthorized Gemini API usage in a single day — the root cause, the 43-minute response, and the API key hygiene that would have prevented it.
April 27, 2026When the Ecosystem Lags: Adding gpt-image-2 to an MCP Server Myself
I needed image generation in Claude Code, but the best MCP server only supported gpt-image-1. OpenAI had released gpt-image-2 days earlier. So I forked the server, added support, and submitted a PR.
April 22, 2026The Greenfield Trap and the Brownfield Edge
Why pure greenfield projects are rarer than the industry pretends, why the most demanding engineering happens in mature systems, and how the best engineers bring discipline from each world into the other.
April 22, 2026Failure Is the Default: Building Web Systems That Expect to Break
Why the web's default state is broken, not working — and the design philosophy that separates systems that survive from systems that collapse.
April 16, 2026Deliberate Deployment Friction: Why Slower Pipelines Ship Better Software
Why a multi-stage deployment pipeline with manual promotion gates between environments ships more reliable software than continuous deployment — and when each approach is the right choice.
April 15, 2026Static Site Hosting with S3 and CloudFront: The Decisions That Actually Matter
Why your S3 bucket should block all public access, how CloudFront Functions solve the URL rewriting problem that DefaultRootObject doesn't, and the caching strategy that keeps your static site fast without busting your invalidation budget.
April 8, 2026CloudFormation's Quiet Renaissance
How AWS CloudFormation's recent tooling improvements — the Language Server, IaC MCP Server, drift-aware change sets, and Hooks — have quietly addressed its biggest pain points and reinforced its position for AWS-native teams.
April 1, 2026CloudFormation Basics: A Practical Introduction for New Developers
A hands-on introduction to AWS CloudFormation for developers who are new to infrastructure as code — covering templates, stacks, parameters, and the mental model that makes it all click.
March 25, 2026Self-Hosted GitHub Actions Runners That Scale to Zero
How to build a webhook-driven, auto-scaling GitHub Actions runner system on AWS using Lambda, SQS, and ephemeral EC2 instances — with spot instance fallback and zero idle cost.
March 18, 2026Spec-Driven Development: What Comes After Vibe Coding
How to structure AI agent workflows around specifications instead of ad-hoc prompts — a practical guide to the workflow shift that makes agentic development production-ready.
March 11, 2026AI Coding Agents: What Actually Works After Six Months of Daily Use
Practical patterns and hard-won lessons from integrating AI coding agents into a senior engineer's daily workflow — context engineering, CI/CD integration, and where human judgment still matters.