Home / Blog

Blog

Short technical notes on SaaS, iOS, API and WordPress.

WordPress hardening in five layers, from .htaccess to mu-plugins

A default WordPress install is a target. Here's the five-layer hardening I apply, and which attack each layer is meant to shut…

Blog 4 min

Scaling WebSockets past one server: the fixes that actually held

A WebSocket app that held on one server starts misbehaving as soon as you add a second. Here are the sticky session,…

Blog 4 min

In-app review prompts: when and how to fire them

Plenty of apps misuse StoreKit's request review API. The moments that actually work, and the patterns to stay away from.

Blog 4 min

Chaos engineering for small teams: the stripped-down version

Netflix's chaos monkey is famous, but how does a 5-person team actually benefit from chaos engineering? The tiered approach I've landed on.

Blog 4 min

Remote-first teams: the async discipline that actually works

As a freelancer I've worked with a lot of remote teams. Some had async figured out, others wanted everything synchronous. Here's what…

Blog 4 min

JavaScript bundle splitting: when dynamic import actually pays off

Splitting the bundle is the universal advice, but it doesn't help in every situation. With real measurements, when it's actually worth it.

Blog 4 min

Multi-currency WooCommerce: skip the plugin, write the code

Instead of paying $70 for a plugin and inheriting messy behaviour, I wrote a tight implementation for the requirement. What I built…

Blog 4 min

Server-Sent Events vs WebSocket: when SSE is the smarter pick

WebSocket gets the hype but it's overkill for a lot of real-time scenarios. When SSE is the better fit, with examples from…

Blog 3 min

iOS Camera and Photos: the permission flow that ships

Asking for camera and photo permissions the wrong way gets your app rejected or chases users away. The flow that works, and…

Blog 4 min

Retry and idempotency for long-running jobs: the strategy that holds up

One email went out twice. One payment was charged twice. What happens when retry design skips idempotency, and how I fixed it.

Blog 4 min

CI/CD pipeline from 20 minutes to 4: the exact moves

I brought a team's build time down from 20 minutes to 4. Which optimisation bought which minutes, in detail.

Blog 4 min

Third-party script performance: what Tag Manager actually costs you

Google Tag Manager, ads pixels, chat widgets. All of them arrive with a "we're fast" pitch. The performance metrics tell a different…

Blog 3 min