Things I've learned the hard way.
Engineering notes on full stack development, PostgreSQL, DevOps, and shipping real products.
Published
-
PostgreSQL Row Level Security is underused by application developers
Most teams put data isolation in application code — every new query path is a new potential hole. Here's why the database layer is almost always better.
In the pipeline
-
Why I stopped using ORMs for complex queries
ORMs are great for CRUD. They're terrible for anything involving window functions, CTEs, or non-trivial aggregations. Here's my mental model for when to reach for raw SQL.
-
The real cost of optimistic UI (and how to do it safely)
Optimistic updates make apps feel fast. They also create a class of bugs that only appear in production under real network conditions. Here's what I've learned from shipping them at scale.
-
Building a deployment ledger that makes rollbacks trivial
After enough rollback postmortems, I built an append-only deployment ledger into every system I work on. Here's the design and why it changed how our team deploys.
-
FastAPI vs Express: my honest take after using both in production
Not a benchmark — a real comparison from someone who has shipped production APIs in both. The answer depends heavily on what you're building and who's on your team.
-
Multi-vendor payment splits in LATAM: what nobody tells you
MercadoPago's sandbox does not reflect production behavior. OXXO Pay has quirks. IVA calculations vary by country. Here's everything I wish I had known before building Nexara's payment layer.