Comments
Wabi-Sabi and Whitespace: Eastern Philosophy for Web Design What I learned from studying traditional aesthetics that completely changed how I build interfaces Last year, I spent three weeks in Kyoto. Temples everywhere. One rainy afternoon, I ducked into a small museum dedicated to traditional craftwork. I wasn't expecting much. I'm a web developer, not an art historian. But something clicked. T
What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kubernetes setup using MicroK8s. The idea was simple: Only container images with valid cryptographic signatures are allowed to run in the cluster. For this I used: GitLab CI/CD (build + signing pipeline) Cosign / Sigstore (image signing) Kyverno (admissi
Why Figma MCP Isn’t Enough Why Figma MCP Alone Can’t Guarantee Production-Ready UI — and What Product Teams Must Do Instead Extraordinary results require an extraordinary team. I’m surrounded by people who treat design and development like a mission. They are warriors in the tech trenches, and this win belongs to them. No fluff. No filler. Just the facts on how we shattered our veloci
Firefox Extension Icons: Sizes, Formats, and SVG vs PNG The icon is the first thing users see in AMO search results and the add-ons bar. Getting it right matters. For a complete Firefox extension, provide icons at these sizes: { "icons": { "16": "icons/icon-16.png", "32": "icons/icon-32.png", "48": "icons/icon-48.png", "96": "icons/icon-96.png", "128": "icons/icon-128.png"
Try this. Find a photo on your phone that you love. Now squint, or zoom out until it's the size of a stamp. It's still the same photo. You can still tell what's in it. But something about it has gone a little flat — the part that made you take it in the first place has quietly walked out of the room. Most of us would describe what just happened with a shrug: "it's just smaller." But the truth is m
Most teams I have worked with have one auth test in their suite. It looks like this: test('valid token verifies', () => { const token = signSync({ sub: 'user-1', aud: 'api://backend' }, secret); const result = verify(token, options); expect(result.valid).toBe(true); }); That test is fine. It is also a smoke test, not a regression suite. It catches the case where verification is completely b
The on-call alert at 02:14 said auth_5xx_rate spiked from 0.01 to 31.4. Not a deploy window. Not a traffic spike. Just thirty-one percent of authenticated requests failing for ~four minutes, then back to baseline. The cause was a JWKS rotation on the issuer side. New keys came in. Old keys went out. Caches in our service didn't refresh fast enough. Tokens signed with the new key were rejected beca