Insights
Insights
Notes from actual engineering work — what breaks, what the fix looked like, and what to check before it breaks in your system too.
- 01
The webhook that lied about a payment
A forged Stripe webhook got a security researcher a free subscription. How I verify every Plaid webhook in production: signature, raw body, five-minute window. - 02
How Engineering Teams Adopt AI Coding Agents Without Wrecking Quality
Review gates, hooks, and the conventions that keep velocity from becoming debt. - 03
A Pragmatic Security Hardening Checklist for Early-Stage SaaS
The encryption, access control, and audit gaps due diligence actually finds. - 04
What Goldratt knew about the AI bottleneck
A 1984 manufacturing theory predicted exactly what AI is doing to software, and where it stops being useful. - 05
What It Really Takes to Ship a Production Plaid Integration
Webhook verification, idempotency, and the failure modes the sandbox won't show you. - 06
Where I keep AI out of the loop
The four-step loop I run when AI builds the product, and the two steps where I deliberately keep it out. - 07
What is an AI harness?
A plain-English breakdown of the term that's everywhere right now, what's actually inside one, and what to listen for when someone uses it. - 08
Why I built my own finance dashboard instead of opening a Monarch account
Personal-finance apps let you rename categories. They don't let you change the questions the dashboard answers. That's why I built my own. - 09
Why I stopped paying Splitwise $36/year and built 'Float' in a day
Every SaaS subscription is a tax on capability you don't have yet. AI is making that capability cheap enough that a lot of $36/year tools aren't worth paying for anymore.
GET THE NEXT ONE
I write these when I ship something worth writing about.
Leave your email and new posts land in your inbox. Nothing else does.