I use AI coding agents every day. I believe they are reshaping how we build software, and I think the teams that adopt them deliberately will outperform those that don't. I am not writing this to warn you away from AI-assisted development. I am writing this because the loudest voices in the AI enthusiasm camp are also the most allergic to discussing what can go wrong. And that worries me more than
How to Prevent IDOR Vulnerabilities in Django REST APIs An authenticated user changes /api/orders/42/ to /api/orders/43/ and reads someone else's order. No privilege escalation needed — the endpoint just returns it. This is IDOR in its simplest form, and it's endemic in Django REST Framework code because DRF makes it trivially easy to wire up a ModelViewSet that exposes every object in a table.
A few months ago I was thinking about a problem that almost every freelancer and small business owner faces: customers message at midnight asking "are you free Thursday?" and by morning, they've already booked someone else. So I built SmartDeskPro — a tool that gives small businesses a professional booking page and a 24/7 AI chat assistant. No staff required. Small businesses lose bookings every d
On Second Thought — Episode 06 The ORM hides the SQL. The cache hides the ORM. The service mesh hides the services. The operator hides the YAML, which already hid the kubelet, which already hid the container, which already hid the process. By Tuesday, nobody quite remembers what the original problem was. They are too busy configuring its sixth wrapper. This is the post about that wrapper. When som
Every team experiences incidents. The teams that grow stronger from them are the ones that take postmortems seriously — not as blame sessions, but as structured learning opportunities. Yet most postmortems end up as a wall of text nobody reads twice, filed away and forgotten until the same incident happens again six months later. This guide walks you through writing postmortems that genuinely chan