Writing

RSS

Every essay and deep dive I have published, aggregated here and from Dev.to.

Dev.toApril 23, 20265 min read

Claude Code Felt Off for a Month. Here Is What Broke.

For about four weeks in March and April, Claude Code felt noticeably worse. I was not imagining it....

aiproductivitywebdevtutorial

Dev.toApril 23, 20267 min read

The Token Tab: A Developer's Audit of the AI Hype Stack

A four-layer teardown of what you are actually buying when you follow an AI tutorial in 2026, with real numbers and a checklist you can run before you commit hardware or a subscription.

aidevtoolsproductivitycareer

On this siteApril 22, 20267 min read

Local-First Is Here, Loudly: Why Three of My Products Made the Switch

For years I dismissed local-first as a correctness-obsessed ideology. In the last twelve months three of my products adopted it, and the reasons were not what the manifestos said they would be.

Local-FirstArchitectureCRDTSync

On this siteApril 19, 20267 min read

The Pricing Tier I Deleted and What Happened Next

I had a $9 Starter tier on one of my tools for eighteen months. Deleting it was the best pricing decision I made last year. Here is the math, the customer impact, and the lesson I am now applying to every other product.

PricingProductGlinckerSolo Founder

Dev.toApril 18, 20267 min read

I replaced Auth0 with an open source library in 30 minutes. Here is what broke.

A real Auth0 migration to kavachOS, with the bill, the diff, the things that broke in prod, and the call I would make again.

authenticationopensourcejavascriptdevops

Dev.toApril 18, 20267 min read

How to build a secure password reset flow in Next.js (the short version)

Password reset is where most apps leak. Here is a working Next.js 15 implementation, the 3 security mistakes I keep finding in code reviews, and a 12 line version using kavachOS.

nextjsauthenticationwebdevtutorial

Dev.toApril 18, 202610 min read

How to build a login flow in Next.js 15 (sessions, cookies, CSRF, and the timing attack nobody talks about)

A working login flow in Next.js 15. The form, the session cookie, CSRF, remember me, and a look at the constant-time comparison that keeps attackers from enumerating accounts.

nextjsauthenticationwebdevtutorial

Dev.toApril 18, 20269 min read

How to build a register user flow in Next.js 15 (frontend, backend, database, email)

A working register user flow in Next.js 15. Frontend form with real validation, a server endpoint that does the right things, the database schema, and the email verification handoff.

nextjsauthenticationwebdevtutorial

Dev.toApril 18, 202610 min read

The 8 tables behind a real auth system (Postgres schema, explained column by column)

Day 2 of the auth from scratch series. The full Postgres schema for users, sessions, OAuth, reset tokens, magic links, verification, passkeys, and agent tokens. Every column, every index, every decision.

postgresauthenticationdatabasewebdev

Dev.toApril 18, 20265 min read

I've built auth six times. Here's the system I would build today

A 12 part series on building real authentication from scratch in Next.js and Postgres. Start here for the architecture, the tables you will need, and a diagram of the whole system

authenticationwebdevnextjstutorial

On this siteApril 18, 20267 min read

The Auth Tax: Why I Stopped Rebuilding Login Flows for Every Product

Every product I shipped in year one reimplemented auth. Year two I started extracting it. Year three I built my own service. Here is what that path actually cost, and when you should follow it.

AuthKavachosArchitectureSolo Founder

On this siteApril 16, 20266 min read

MCP Is the Actually Interesting AI Protocol of 2026

Everyone's chasing foundation models and agent frameworks. The quieter story is a protocol that's becoming the USB-C of AI tooling, and most devs are still sleeping on it.

MCPAIProtocolsAgents

Dev.toApril 15, 20263 min read

Checking TLS cert expiry across your infrastructure

A cert expired on one of our staging services last month. Nobody noticed for two hours because our...

githubopensourcedevelopmentjavascript

Dev.toApril 15, 20264 min read

I stopped memorizing openssl flags

Every few weeks I need to do something with a certificate. Check when it expires. Look at what SANs...

rustclisecurityproductivity

Dev.toApril 15, 20265 min read

Your terminal is mass, here are 280+ tools to fix it

I replaced every classic Unix tool I use daily. Here's what I found.

showdevcliterminalopensource

On this siteApril 15, 20265 min read

I Built a List of 284+ Modern CLI Tools (and What I Learned)

How I went from bookmarking random GitHub repos to curating a list that hit 150+ stars on day one.

Open SourceCLIRustDeveloper Tools

Dev.toApril 13, 20265 min read

Your VS Code Extensions Are a Supply Chain Attack Surface

The GlassWorm campaign is targeting developer IDEs right now. Here's how to audit yours.

securityvscodewebdevproductivity

Dev.toApril 13, 20267 min read

How I Built a Multi-Agent Code Review Pipeline

A practical guide to wiring up AI agents that review PRs before your team does

aigithubtutorialproductivity

Dev.toApril 13, 20265 min read

How I Built a Multi-Agent Code Review Pipeline

A practical guide to wiring up AI agents that review PRs before your team does

aigithubtutorialproductivity

On this siteApril 11, 20267 min read

Humanizing AI-Written Content: What a Rule Engine Actually Catches

I built a six-rule engine that scans my own blog drafts for AI-writing patterns. Three months in, here is what it catches that human editors miss, and why the rules are smaller than you would expect.

AIWritingHumanizerContent

Dev.toApril 10, 20264 min read

Parsing 11 languages in pure Go without CGO: how I replaced regex with a tree-sitter runtime

I had a problem. I was building a codebase indexer that needed to extract imports, exports, and type...

gowebdevprogrammingopensource

Dev.toApril 10, 20265 min read

I tested 4 codebase-to-AI tools on FastAPI (108k lines). Here are the token costs.

Stacklit on GitHub -- the tool I built after running these tests. I have been using AI agents...

productivityopensourceaiprogramming

Dev.toApril 10, 20263 min read

$0.60 per session, just on orientation. Here is what my AI agent was doing before writing any code.

GitHub: github.com/glincker/stacklit | npm: npx stacklit init I have been counting. Every time...

aiwebdevprogrammingjavascript

On this siteApril 8, 20266 min read

Building Filagram: 28 File Tools That Never Touch a Server

How I built a browser-based file toolkit where everything runs client-side. No uploads, no server processing, no data leaves your browser.

Next.jsTypeScriptWASMPrivacy