Written to hold up.
Technical writing on DevTools, security, and infrastructure: explainers, teardowns, and the occasional strong opinion that survives a close read from the people who'd know. How we'd write for you.
The first pieces are being written, on public and open-source subjects.
- Opinion
Developer docs and developer marketing are the same discipline
Stripe treats docs as positioning. Teams that wall docs off from marketing ship content a technical reader doesn't trust, because the seam between them shows.
- Field guide
GitHub Actions supply-chain hygiene, after tj-actions
The 2025 tj-actions compromise was preventable with three habits most pipelines still skip. Here's the hardening that would have stopped it.
- Explainer
How real APIs handle errors, pagination, and auth — and what good looks like
Errors, pagination, and auth are the three things a developer judges your API on in the first hour, and the common defaults get all three wrong.
- Field guide
Cryptographic right answers for marketers: what your security copy is allowed to claim
The phrases that get a security post mocked on Hacker News ('military-grade,' 'unhackable'), and the accurate claim to make instead.
- Decision
Terraform vs OpenTofu in 2026: a license call, not a feature one
The two are interchangeable for almost every workload. The only real difference is the license and who governs the tool.
- Opinion
Why observability bills explode
Usage-based observability pricing meters on the spikes you most need to see, so the bill climbs fastest right when an incident hits. The cause is structural, and it generalizes past any one vendor.