
Where a conversation lives, how every message stays durable, and how it fans out live to every screen. Built from the naive design up to Postgres-first with an outbox, then streaming, chaos testing, and the cost.

From a naked cloud box to a hardened server running real apps, the no-lockout way: lock down SSH, serve through Cloudflare Tunnels with no open ports, then deploy with Dokploy.
Not a how-to. This is the changelog of how I think about building software, told through the failures that taught me each rule. Read the timeline on the right as a spine: every node is a scar, and every scar left a principle behind.

The harness behind part one's central claim: seeding Postgres with ten million realistic events and measuring the one read the design depends on. Plus the honest caveat about what a local benchmark cannot tell you.

Building the state engine behind a chat product from the naive design up: where the conversation lives, how every message stays durable, and how it fans out live. Part one of a series.

What this stack actually costs on managed cloud, why the two big providers land within a few dollars, and the single architectural decision worth the largest line item in the budget.

How token streaming bends the design without breaking it, and what actually survives when you break Redis and Postgres on purpose. The failure test that found a real bug.

The internals of the pattern that carries the whole design: two tables, a tiny relay worker, why duplicates are harmless, and how the relay wakes up without hammering Postgres.

How I turned the VPS that hosts my apps into a coding box too, using a resource-capped container I SSH straight into, so a runaway build can never take production down with it.
Part 1 sealed the box so nothing answers the public internet. Now serve a real website to the world without opening a single inbound port, by dialing out instead of letting anything in.
A push-button PaaS on the hardened box, reached through the tunnel and gated by identity. Then the twist part 1 warned about: install Docker and three ports you never opened come back open.
Take a brand-new server from password SSH and an open firewall to key-only, Tailscale-only access with nothing answering the public internet, and prove it from outside. The no-lockout way.

Two strangers on a public network end up with the same secret number, without ever sending it. The Diffie-Hellman idea behind every HTTPS handshake, explained with paint.

Private signs, public verifies. Follow that one idea all the way into JWTs, the JWKS keyring, the kid header, and how an identity provider rotates signing keys with zero downtime.

A terminal has no login box, and a distributed binary cannot keep a secret. How gh, AWS CLI SSO, gcloud, and Claude Code run a real browser OAuth login anyway: loopback redirects, the device grant, and PKCE.

Five acronyms that all show up in login conversations and do completely different jobs. The one distinction that untangles them, and where each one actually fits.

Public encrypts, private decrypts. Why that direction is the whole point, why asymmetric crypto is too slow to use directly, and the envelope trick every real system reaches for.

Every SWE meets keypairs in TLS, SSH, JWT, and git signing and treats each as separate magic. Underneath, there are only three primitives. Here is the mental model.

Moving from long-lived IAM keys to IAM Identity Center on the CLI: why it is worth doing, what each prompt means, the PKCE authorization-code flow behind the browser popup (traced step by step), and the wrong-region bug that kept failing RegisterClient.

An agent in prod was throwing intermittent 500s with a cryptic anyio error. Here is how I tracked it down to a pydantic-ai MCP bug, reproduced it in 40 lines, and found the exact version that fixes it.

I was reading an auth middleware and noticed a lone * sitting in the constructor signature. Here is what that bare *, plus /, *args, and **kwargs actually do, and why I now reach for keyword-only arguments on purpose.

Run two Claude Code accounts (personal and work) on the same machine, side by side, without logging out each time.

How experienced teams ship Postgres schema changes to running prod systems without downtime — and why some migrations are easy while others can take down your service.

A diagnostic mental model for learning hard things. Four kinds of 'hard,' each with a different fix — and why misdiagnosing which kind you're facing is where most time gets wasted.

Skills turn Claude into a specialist on demand. Learn how the three-tier lazy loading system works, how skills differ from MCP tools, and how to build your own skills from scratch.

Learn how to build a production-ready message queue system using Redis Streams that scales from 1 to N workers with guaranteed message isolation and zero coordination overhead.

A hands-on workshop exploring memory systems in AI - from conversation context to vector search. Learn why vectors matter and build RAG systems step by step.

From sub-second responses to 10x throughput improvements. Master the advanced optimization techniques that power production LLM applications.
Stop burning money on AI tokens. Learn the essential techniques that cut LLM costs by 90% while maintaining quality.
The complete guide to deploying your LLM application - from a $5 VM to enterprise Kubernetes. Learn the deployment spectrum that 90% of tutorials skip.
A visual journey through 8 years of explosive AI progress—from shaky text generators to multi-agent ecosystems interoperating over MCP.