Things I've learned the hard way.
Engineering notes on full stack development, PostgreSQL, DevOps, and shipping real products.
First posts coming soon
I'm working through a backlog of things I've been meaning to write down. Drop your email below if you want a heads-up when they're out — no spam, just the posts.
In the pipeline
-
PostgreSQL Row Level Security is underused by application developers
Most teams implement data isolation in application code — which means every new query path is a new potential hole. Here's why doing it at the database layer is almost always better.
-
Why I stopped using ORMs for complex queries
ORMs are great for CRUD. They're terrible for anything involving window functions, CTEs, or non-trivial aggregations. Here's my mental model for when to reach for raw SQL.
-
The real cost of optimistic UI (and how to do it safely)
Optimistic updates make apps feel fast. They also create a class of bugs that only appear in production under real network conditions. Here's what I've learned from shipping them at scale.
-
Building a deployment ledger that makes rollbacks trivial
After enough rollback postmortems, I built an append-only deployment ledger into every system I work on. Here's the design and why it changed how our team deploys.
-
FastAPI vs Express: my honest take after using both in production
Not a benchmark — a real comparison from someone who has shipped production APIs in both. The answer depends heavily on what you're building and who's on your team.
-
Multi-vendor payment splits in LATAM: what nobody tells you
MercadoPago's sandbox does not reflect production behavior. OXXO Pay has quirks. IVA calculations vary by country. Here's everything I wish I had known before building Nexara's payment layer.