Writing

RSS

Every essay and deep dive I have published, aggregated here and from Dev.to.

Dev.toMay 13, 20266 min read

I asked Cursor to rename a function. It sent 8,400 tokens. I checked.

The afternoon I learned what my AI subscription was actually doing, and the 200 lines that took my...

aicursorclaudeproductivity

Dev.toMay 12, 202610 min read

AWS Lambda Is Dead. The $0.20 Was Never the Price

Last quarter we migrated 47 Lambda functions off AWS. The monthly bill dropped from $8,362 to $1,790....

awsserverlesscloudflarewebdev

Dev.toMay 10, 20265 min read

The first time you watch an AI agent buy something, you will feel something you cannot name.

A 91 second experiment, an $11.78 charge, and a moment of hesitation that surprised me more than the...

aiagentscloudflarestripe

Dev.toMay 9, 20266 min read

Anthropic hit B ARR in 16 months. I went looking for where the money is actually coming from.

A revenue chart that goes vertical does not tell you who pays. It tells you who gets charged. A...

anthropicaistartupeconomics

Dev.toMay 7, 20266 min read

Anthropic just rented Elon Musk's data center. The price of a Claude token is about to make sense.

A 300 megawatt deal, a $180 a month decision, and the strange feeling of having a vendor solve your...

anthropicaiinfrastructurestartup

Dev.toMay 7, 20266 min read

I built a 200 line AI router in TypeScript. My monthly bill dropped 41%.

I track my own AI spend across three projects. In March, the line item that grew fastest was not...

typescriptaiwebdevtutorial

Dev.toMay 7, 20266 min read

Cloudflare and Stripe just let agents buy domains and ship code. Here is the API.

On April 30, Cloudflare quietly published a blog post and a docs page that nobody outside the agentic...

aijavascriptwebdevcloudflare

Dev.toMay 3, 20264 min read

Giving an AI agent permission to spawn sub-agents (without losing control)

Giving an AI agent permission to spawn sub-agents (without losing control) A reader asked...

aitypescriptsecurityopensource

Dev.toMay 2, 20265 min read

Free SVG brand icons in 2026: thesvg.org vs svgl vs Simple Icons

Three free SVG brand icon libraries compared on icon count, color support, license, and integration. Pick the right one for your project.

designwebdevopensourcejavascript

Dev.toApril 30, 20264 min read

I rewrote my auth library to run on Cloudflare Workers. Here is what broke.

Most TypeScript auth libraries assume Node.js. They reach for crypto.randomBytes, Buffer, the Node fs...

cloudflaretypescriptwebdevserverless

Dev.toApril 29, 20265 min read

Adding OAuth 2.1 to your MCP server in TypeScript

If you're building an MCP server, sooner or later someone is going to ask: how does authentication...

tutorialoauthtypescriptai

Dev.toApril 29, 20266 min read

Prompt Caching With the Claude API: A Practical Guide

I noticed a pattern looking at three months of Anthropic invoices. The same 8 KB system prompt was...

aianthropicapiperformance

Dev.toApril 28, 20266 min read

An AI Tool Had OAuth to Their Whole Google Workspace. Then Vercel Got Breached.

A Vercel employee clicked Allow All on an AI app's OAuth consent screen. Three weeks later, customer environment variables were on a hacker's drive with a $2 million asking price. Here is the four-layer audit your org probably has not run.

securitywebdevdevtoolsai

Dev.toApril 28, 20266 min read

GitHub Copilot Switches to Usage-Based Billing on June 1. The Token Tab Came Due.

Microsoft announced Copilot Pro is still $10 per month, but $10 now buys $10 in AI credits, and a single Opus agent session can consume that. Here is what your real bill looks like.

aiwebdevdevtoolsproductivity

Dev.toApril 25, 20265 min read

The Quiet Sabotage: Why Most of My Dead Projects Died of Overthinking

Kevin Lynagh published a short essay this week about how he sabotages his own projects by...

productivityaiwebdevtutorial

Dev.toApril 23, 20265 min read

Claude Code Felt Off for a Month. Here Is What Broke.

For about four weeks in March and April, Claude Code felt noticeably worse. I was not imagining it....

aiproductivitywebdevtutorial

Dev.toApril 23, 20267 min read

The Token Tab: A Developer's Audit of the AI Hype Stack

A four-layer teardown of what you are actually buying when you follow an AI tutorial in 2026, with real numbers and a checklist you can run before you commit hardware or a subscription.

aidevtoolsproductivitycareer

On this siteApril 22, 20267 min read

Local-First Is Here, Loudly: Why Three of My Products Made the Switch

For years I dismissed local-first as a correctness-obsessed ideology. In the last twelve months three of my products adopted it, and the reasons were not what the manifestos said they would be.

Local-FirstArchitectureCRDTSync

On this siteApril 19, 20267 min read

The Pricing Tier I Deleted and What Happened Next

I had a $9 Starter tier on one of my tools for eighteen months. Deleting it was the best pricing decision I made last year. Here is the math, the customer impact, and the lesson I am now applying to every other product.

PricingProductGlinckerSolo Founder

Dev.toApril 18, 20267 min read

I replaced Auth0 with an open source library in 30 minutes. Here is what broke.

A real Auth0 migration to kavachOS, with the bill, the diff, the things that broke in prod, and the call I would make again.

authenticationopensourcejavascriptdevops

Dev.toApril 18, 20267 min read

How to build a secure password reset flow in Next.js (the short version)

Password reset is where most apps leak. Here is a working Next.js 15 implementation, the 3 security mistakes I keep finding in code reviews, and a 12 line version using kavachOS.

nextjsauthenticationwebdevtutorial

Dev.toApril 18, 202610 min read

How to build a login flow in Next.js 15 (sessions, cookies, CSRF, and the timing attack nobody talks about)

A working login flow in Next.js 15. The form, the session cookie, CSRF, remember me, and a look at the constant-time comparison that keeps attackers from enumerating accounts.

nextjsauthenticationwebdevtutorial

Dev.toApril 18, 20269 min read

How to build a register user flow in Next.js 15 (frontend, backend, database, email)

A working register user flow in Next.js 15. Frontend form with real validation, a server endpoint that does the right things, the database schema, and the email verification handoff.

nextjsauthenticationwebdevtutorial

Dev.toApril 18, 202610 min read

The 8 tables behind a real auth system (Postgres schema, explained column by column)

Day 2 of the auth from scratch series. The full Postgres schema for users, sessions, OAuth, reset tokens, magic links, verification, passkeys, and agent tokens. Every column, every index, every decision.

postgresauthenticationdatabasewebdev