Blogs

Things I’ve learned, broken, and figured out — mostly about security and JavaScript tooling.

Bun: Rethinking the JavaScript Runtime

I didn’t think I needed another JavaScript runtime. Then I tried Bun and it changed how I think about JS tooling.

I’ve built projects with all three. Here’s what actually matters when choosing between them, from someone who cares about security.

Most breaches happen because of things we already know are broken. A breakdown of real-world attack vectors.

Environment variables are convenient, not safe. How they leak and what to use instead for secrets management.

Modern apps fail because they trust code they didn't write. Exploring the hidden attack surface of npm and supply chains.

Copilot and Claude write code fast. They also write insecure code fast. Real examples from my own projects.

Passwords were always broken. Passkeys are the first replacement that actually works for normal humans.

Containers feel secure by default. They're not. Every mistake I've made and what I do differently now.