The recent Trivy GitHub Actions security incident got me thinking more seriously about the security model around CI systems. Most teams spend a lot of time thinking about dependency security, but I increasingly think GitHub Actions workflows deserve to be viewed through the exact same lens. In some cases, they may actually represent a larger […] The post Is GitHub…
#development practices
16 posts
Yesterday
8 Jun
As a Junior Developer who is just starting out, I never really got to witness the world of Software design without virtual backlog management. I often hear about the boards filled with sticky notes as the backlog stand-in, but I always just assumed that since we don’t do it anymore, it must be inefficient and […] The post The Value…
2 Jun
Have you ever wondered if there was an easier way to sort imports automatically in your Angular project? Disorganized imports make code harder to read, slow down code reviews, and cause unnecessary merge conflicts. Sorting them manually requires a lot of effort — what if you could automate it? Introducing simple-import-sort simple-import-sort is an ESLint […] The post How to…
28 May
At Atomic Object we have a pair lunch policy that allows Atoms to take each other out to lunch on the company’s dime. Free lunch is a no-brainer, right? Well, yes, but every time I decide I’m in the mood for a pair lunch, I need to make a few decisions: Who do I ask? […] The post I Almost…
26 May
Most list endpoints start the same way: a SQL query, a few joins, a LIMIT/OFFSET, and a DTO. It works fine. Until it doesn’t. I had a breaking point with a list page that needed to filter by data three relationships away from the root entity. The join got ugly fast. Pagination got weird. Adding […] The post Graph-Style Queries…
20 May
Eight months ago, I joined a large-scale database migration project. I had already written C# in small Unity AR applications and multiplayer game prototypes but nothing quite of this magnitude. My prior projects had tight scopes and short feedback loops. This codebase has hundreds of thousands of lines, a deep domain, and translation logic driven […] The post From Unity…
5 May
Recently, my software development team needed to upgrade our Expo version (it was at 52). Doing so in a monorepo containing multiple web and mobile apps was a big job—when we upgraded, we’d need to verify that the React and React Native versions in all the apps in the monorepo were compatible with the new […] The post How My…
28 Apr
A few years back, I created portable-color for adding color to shell scripts. Then I deprecated it in favor of a new library, dye, that fixed a number of things that bothered me about portable-color. dye eventually added its own built-in templating, which meant users could just print a string full of things like “{{red}}” […] The post How I…
24 Apr
I don’t know about most developers, but there is a very specific kind of sinking feeling you get when you join a project, clone a repo, and realize you’ve just inherited a total disaster. I’m talking about the kind of codebase where you don’t even know left from right: unhelpful generic variable names, no documentation, […] The post Help! I…
16 Apr
Running and deploying with Kubernetes may sound excessive and intimidating, but it’s not nearly as hard as it once was. The immense popularity of Kubernetes over the past decade means tools can quickly set up and deploy a cluster in almost any environment. And what once was a technology platform requiring deep systems knowledge to […] The post K3s: A…
6 Apr
On a recent project, my client had a firm rule: one commit per pull request. No exceptions. At first, it seemed like a minor constraint. But it quickly pushed me to get comfortable with a handful of Git commands I’d been using only occasionally: git commit, git rebase, and git reset –soft. Each one solves […] The post Git Commands…
30 Mar
Let’s say you install a tool. Maybe it’s Node, or maybe it’s a CLI for a project you just cloned. The installer runs successfully. Then you open your terminal and type: node And your shell responds: zsh: command not found: node A completely normal reaction to seeing “command not found.” At some point, most of […] The post What the…
25 Mar
Somewhere in your backlog is a ticket for a bug you already fixed. The user just didn’t know. Writing Release Notes Nobody Reads My software team recently took over the release notes process. Originally, we started with a long document that comprehensively covered each JIRA ticket, complete with a Figma link and sections like “How […] The post Release Notes…
17 Mar
A few months into a recent project, my software development team hit a bug that took much longer to diagnose than it should have. We were generating PDFs server-side — filling in form fields with data from our system, saving the document, and returning it to the user. In Adobe Acrobat, the fields looked perfect, […] The post 3 Reasons…
10 Mar
In Android, there are many ways to persist data. We have Room for databases, in-memory storage, SharedPreferences, and DataStore. One interesting method is SavedStateHandle, which serves a specific purpose: preserving UI state through process death. The Problem: Process Death. Let’s start with a relatable example. You’re using Google Maps, looking for late-night restaurants for your […] The post Survive Android…
2 Mar
Healthcare dev teams need to ship features and fixes quickly. HIPAA’s Security Rule requires a detailed audit trail. How do we square this circle? Here, I’ll make the case for turning every promise into code: Terraform modules, CI gates, deployment guardrails, and runnable scripts that emit verifiable proof as the default behavior. Setting this stuff […] The post Make HIPAA…