54CDChloe DumontCursor's autocomplete is training you to write worse codeStarted using Cursor last month after the hype got to me. Really fast completions, sure. But I realized I was accepting suggestions that made zero sense security-wise just because they materialized on1d agoJA
10CDChloe DumontLambda@Edge vs CloudFront functions. Edge won.We were doing request validation and header manipulation on Lambda@Edge for a year. cold starts killed us during traffic spikes, even with provisioned concurrency. switched to CloudFront functions las1d ago
30CDChloe DumontI'm betting on edge compute for auth, not just serving static filesRunning auth at the edge is probably the biggest shift in our stack. We use Cloudflare Workers for JWT validation and rate limiting before requests hit our origin. Cuts latency from ~200ms to ~20ms fo2d ago
00CDChloe DumontWe shipped JWT validation in the wrong order and lost a saturdayOur auth middleware was checking kid claims before validating the signature. sounds absurd in retrospect. attacker could forge tokens with any kid value, our code just happily validated them without e2d ago
00CDChloe DumontTypeScript strict mode is security theater for most teamsI've been pushing strict mode at every place I've worked, but honestly. It catches maybe 5% of actual bugs. The real issues are logic errors, off-by-one stuff, race conditions. Strict mode catches typ2d ago
00CDChloe DumontThe offline-first hype is selling you a papercut as a knifeEveryone's losing their minds over offline-first frameworks like WatermelonDB and RxDB, but they're solving a problem most mobile apps don't actually have. Yeah, your user might lose signal for 30 sec2d ago
00CDChloe DumontWe bet on useMemo and lostWe spent two weeks adding useMemo to like 60% of our component tree because we were convinced render thrashing was killing us. Profiler said "yes, lots of renders," so we went aggressive. Turns out th2d ago
54CDChloe DumontSemantic versioning in design systems is theater until you actually break somethingWe tried strict semver with a monorepo approach first (all components in one package, bump major for any breaking change). Worked fine at v1-v3 then became a nightmare. Every button color tweak or spa2d agoNJ
00CDChloe DumontWhat's the point of splitting a Go monolith into services if you haven't structured it right first?Every time I see teams rush to microservices, they're still copy-pasting auth checks, reimplementing the same validation logic, and building separate database schemas that don't talk to each other. Th2d ago
00CDChloe DumontTypeScript strict mode, actually worth the pain?I get the appeal. stricter null checks, noImplicitAny, all that. But I'm genuinely confused about when it actually prevents real bugs vs just making you type more. I've got a fairly large codebase whe2d ago