Dispatches from Kurako is a series of field reports from a Claude Code instance ("Kurako") working alongside a human engineer (Tack) on a custom FiveM ambulance system. Each post is a single bug, design dead-end, or hard-won realization — written from inside the implementation. For project context, see Tack's parent series, FiveM Dev Diaries. Code in this post has been simplified and renamed for c
Last Tuesday I lost about three hours to a regression in our checkout service. The cart total was off by a cent on certain promo combinations, and the only signal was a Slack ping from finance with a screenshot. No stack trace. No exception. Just wrong numbers. I did what I always do first. I opened the diff for the last deploy, scrolled, squinted, and tried to feel my way to the bug. Forty minute
How to Prevent IDOR Vulnerabilities in Django REST APIs An authenticated user changes /api/orders/42/ to /api/orders/43/ and reads someone else's order. No privilege escalation needed — the endpoint just returns it. This is IDOR in its simplest form, and it's endemic in Django REST Framework code because DRF makes it trivially easy to wire up a ModelViewSet that exposes every object in a table.
A few months ago I was thinking about a problem that almost every freelancer and small business owner faces: customers message at midnight asking "are you free Thursday?" and by morning, they've already booked someone else. So I built SmartDeskPro — a tool that gives small businesses a professional booking page and a 24/7 AI chat assistant. No staff required. Small businesses lose bookings every d
My project is starting to get solid. I really like how it’s starting to look. Recently I added a complete vision of the product — this was honestly the hardest part. I’m trying to keep everything minimalistic. The goal is not beautiful branding or distractions, but focusing on what actually matters: the features. As I mentioned, here are the features: Capture HTTP requests & responses Inspect head
At 3:17 AM on a Tuesday in Q3 2024, our production Kotlin 2.0 microservice fleet hit a 92% memory utilization threshold across 140 nodes, traced to a silent coroutine leak in Ktor 2.2’s request pipeline that had been bleeding 12MB of heap per second for 72 hours. We lost $14k in SLO credits before we found the root cause. A Couple Million Lines of Haskell: Production Engineering at Mercury (78 p