Writing
Notes on AI engineering, programming, and shipping software in the AI-native era.
November 28, 2022 · 5 min read
Audit Logging for Backend APIs
November 25, 2022 · 5 min read
Input Validation and the OWASP Top 10
November 23, 2022 · 4 min read
CSRF Defense Patterns in 2022
November 21, 2022 · 4 min read
CORS, What It Actually Protects
November 18, 2022 · 4 min read
API Keys vs OAuth for Third-Party Access
November 16, 2022 · 4 min read
Distributed Rate Limiting with Redis
November 14, 2022 · 5 min read
Rate Limiting Algorithms, Token Bucket, Leaky Bucket, Sliding Window
November 11, 2022 · 3 min read
OAuth 2.1 vs OAuth 2.0, What Changed
November 9, 2022 · 4 min read
Refresh Tokens and Token Revocation
November 7, 2022 · 4 min read
Why JWT for Sessions Is Usually Wrong
November 4, 2022 · 5 min read
JWT Done Right, Signing, Verifying, Rotating Keys
November 2, 2022 · 4 min read