Blogs

Blogs

Series

Building a Real-Time Chat State Engine

Building a Real-Time Chat State Engine

5 / 6 parts

Where a conversation lives, how every message stays durable, and how it fans out live to every screen. Built from the naive design up to Postgres-first with an outbox, then streaming, chaos testing, and the cost.

  1. 1Building a Real-Time Chat State Engine13 min read
  2. 2The Benchmark Harness: Ten Million Events in Postgres11 min read
  3. 3The Outbox and Relay, in Detail9 min read
  4. 4Streaming and Chaos Injection9 min read
  5. 5The Cost Breakdown: Postgres and Redis on Managed Cloud9 min read
  6. 6Deploying to the Cloud, and What the Latencies Actually Look Likecoming soon
Securing a VPS

Securing a VPS

3 / 3 parts

From a naked cloud box to a hardened server running real apps, the no-lockout way: lock down SSH, serve through Cloudflare Tunnels with no open ports, then deploy with Dokploy.

  1. 1Hardening a Fresh VPS Without Locking Yourself Out13 min read
  2. 2Cloudflare Tunnels: Serve Apps With No Open Ports9 min read
  3. 3Dokploy: Deploy Your First App Behind the Tunnel12 min read

All posts

Every Principle Has a ScarPinned

Every Principle Has a Scar

Not a how-to. This is the changelog of how I think about building software, told through the failures that taught me each rule. Read the timeline on the right as a spine: every node is a scar, and every scar left a principle behind.

7/4/20269 min read
The Benchmark Harness: Ten Million Events in Postgres

The Benchmark Harness: Ten Million Events in Postgres

The harness behind part one's central claim: seeding Postgres with ten million realistic events and measuring the one read the design depends on. Plus the honest caveat about what a local benchmark cannot tell you.

7/4/202611 min read
Building a Real-Time Chat State Engine

Building a Real-Time Chat State Engine

Building the state engine behind a chat product from the naive design up: where the conversation lives, how every message stays durable, and how it fans out live. Part one of a series.

7/4/202613 min read
The Cost Breakdown: Postgres and Redis on Managed Cloud

The Cost Breakdown: Postgres and Redis on Managed Cloud

What this stack actually costs on managed cloud, why the two big providers land within a few dollars, and the single architectural decision worth the largest line item in the budget.

7/4/20269 min read
Streaming and Chaos Injection

Streaming and Chaos Injection

How token streaming bends the design without breaking it, and what actually survives when you break Redis and Postgres on purpose. The failure test that found a real bug.

7/4/20269 min read
The Outbox and Relay, in Detail

The Outbox and Relay, in Detail

The internals of the pattern that carries the whole design: two tables, a tiny relay worker, why duplicates are harmless, and how the relay wakes up without hammering Postgres.

7/4/20269 min read
One Server, Two Jobs

One Server, Two Jobs

How I turned the VPS that hosts my apps into a coding box too, using a resource-capped container I SSH straight into, so a runaway build can never take production down with it.

7/2/20267 min read
Cloudflare Tunnels: Serve Apps With No Open Ports

Cloudflare Tunnels: Serve Apps With No Open Ports

Part 1 sealed the box so nothing answers the public internet. Now serve a real website to the world without opening a single inbound port, by dialing out instead of letting anything in.

6/29/20269 min read
Dokploy: Deploy Your First App Behind the Tunnel

Dokploy: Deploy Your First App Behind the Tunnel

A push-button PaaS on the hardened box, reached through the tunnel and gated by identity. Then the twist part 1 warned about: install Docker and three ports you never opened come back open.

6/29/202612 min read
Hardening a Fresh VPS Without Locking Yourself Out

Hardening a Fresh VPS Without Locking Yourself Out

Take a brand-new server from password SSH and an open firewall to key-only, Tailscale-only access with nothing answering the public internet, and prove it from outside. The no-lockout way.

6/29/202613 min read
Key Exchange: The Crypto Primitive You Use But Never See

Key Exchange: The Crypto Primitive You Use But Never See

Two strangers on a public network end up with the same secret number, without ever sending it. The Diffie-Hellman idea behind every HTTPS handshake, explained with paint.

6/27/20268 min read
Digital Signatures: From JWT to JWKS to Key Rotation

Digital Signatures: From JWT to JWKS to Key Rotation

Private signs, public verifies. Follow that one idea all the way into JWTs, the JWKS keyring, the kid header, and how an identity provider rotates signing keys with zero downtime.

6/27/202613 min read
How CLI Tools Sign You In: Loopback, the Device Grant, and PKCE

How CLI Tools Sign You In: Loopback, the Device Grant, and PKCE

A terminal has no login box, and a distributed binary cannot keep a secret. How gh, AWS CLI SSO, gcloud, and Claude Code run a real browser OAuth login anyway: loopback redirects, the device grant, and PKCE.

6/27/202613 min read
The Auth Protocol Map: OAuth2 vs OIDC vs SAML vs LDAP vs SCIM

The Auth Protocol Map: OAuth2 vs OIDC vs SAML vs LDAP vs SCIM

Five acronyms that all show up in login conversations and do completely different jobs. The one distinction that untangles them, and where each one actually fits.

6/27/202614 min read
Public-Key Encryption: How Asymmetric Keys Keep Secrets

Public-Key Encryption: How Asymmetric Keys Keep Secrets

Public encrypts, private decrypts. Why that direction is the whole point, why asymmetric crypto is too slow to use directly, and the envelope trick every real system reaches for.

6/27/20267 min read
Public-Private Keys: The 3 Things They Actually Do

Public-Private Keys: The 3 Things They Actually Do

Every SWE meets keypairs in TLS, SSH, JWT, and git signing and treats each as separate magic. Underneath, there are only three primitives. Here is the mental model.

6/27/20269 min read
How aws configure sso Actually Works

How aws configure sso Actually Works

Moving from long-lived IAM keys to IAM Identity Center on the CLI: why it is worth doing, what each prompt means, the PKCE authorization-code flow behind the browser popup (traced step by step), and the wrong-region bug that kept failing RegisterClient.

6/25/20269 min read
The Cancel Scope Bug: Debugging Intermittent 500s in a pydantic-ai MCP Agent

The Cancel Scope Bug: Debugging Intermittent 500s in a pydantic-ai MCP Agent

An agent in prod was throwing intermittent 500s with a cryptic anyio error. Here is how I tracked it down to a pydantic-ai MCP bug, reproduced it in 40 lines, and found the exact version that fixes it.

6/16/202612 min read
Python's Argument Markers: the bare *, /, *args, and **kwargs

Python's Argument Markers: the bare *, /, *args, and **kwargs

I was reading an auth middleware and noticed a lone * sitting in the constructor signature. Here is what that bare *, plus /, *args, and **kwargs actually do, and why I now reach for keyword-only arguments on purpose.

6/16/20266 min read
Running Personal and Work Claude Code Accounts on One Machine

Running Personal and Work Claude Code Accounts on One Machine

Run two Claude Code accounts (personal and work) on the same machine, side by side, without logging out each time.

5/5/20264 min read
Database Migrations Mental Model

Database Migrations Mental Model

How experienced teams ship Postgres schema changes to running prod systems without downtime — and why some migrations are easy while others can take down your service.

4/29/202625 min read
Learning Efficiently: The Four Kinds of 'Hard'

Learning Efficiently: The Four Kinds of 'Hard'

A diagnostic mental model for learning hard things. Four kinds of 'hard,' each with a different fix — and why misdiagnosing which kind you're facing is where most time gets wasted.

4/25/202610 min read
Claude Skills: The Complete Guide to Teaching Claude New Tricks

Claude Skills: The Complete Guide to Teaching Claude New Tricks

Skills turn Claude into a specialist on demand. Learn how the three-tier lazy loading system works, how skills differ from MCP tools, and how to build your own skills from scratch.

4/17/202625 min read
Building Scalable Message Queues with Redis Streams and Dynamic Consumers

Building Scalable Message Queues with Redis Streams and Dynamic Consumers

Learn how to build a production-ready message queue system using Redis Streams that scales from 1 to N workers with guaranteed message isolation and zero coordination overhead.

10/30/202535 min read
Memory Systems & Vector Foundations

Memory Systems & Vector Foundations

A hands-on workshop exploring memory systems in AI - from conversation context to vector search. Learn why vectors matter and build RAG systems step by step.

8/16/202520 min read
LLM Cost Optimization Part 2: Advanced Techniques for Scale

LLM Cost Optimization Part 2: Advanced Techniques for Scale

From sub-second responses to 10x throughput improvements. Master the advanced optimization techniques that power production LLM applications.

1/20/202530 min read
LLM Cost Optimization: From Observability to Production

LLM Cost Optimization: From Observability to Production

Stop burning money on AI tokens. Learn the essential techniques that cut LLM costs by 90% while maintaining quality.

1/20/202525 min read
Deploying LLM Applications: From Prototype to Production

Deploying LLM Applications: From Prototype to Production

The complete guide to deploying your LLM application - from a $5 VM to enterprise Kubernetes. Learn the deployment spectrum that 90% of tutorials skip.

1/20/202545 min read
The LLM Evolution Story: 15 Game-Changing Moments That Created Today's AI

The LLM Evolution Story: 15 Game-Changing Moments That Created Today's AI

A visual journey through 8 years of explosive AI progress—from shaky text generators to multi-agent ecosystems interoperating over MCP.

12/16/202415 min read