← Blog

Writing archive

Blog page 3

Older notes, lessons, and series entries from the growing technical library.

Archive

Posts page 3

Showing 97-144 of 1,422

5 min readSeries: Tech Explained Simply · Part 189

Security Logging and Audit Trails: Reconstructing Sensitive Actions

Learn which identity, access, configuration, and data events belong in security logs, how audit trails preserve trusted context, and how to protect them from secrets and tampering.

#technology#security#audit-logs#monitoring
5 min readSeries: Tech Explained Simply · Part 188

Cross-Site Request Forgery: When Authentication Does Not Prove Intent

Learn how CSRF abuses browser-attached credentials, how tokens and SameSite cookies help, and why methods, origins, CORS, XSS, APIs, and user confirmation matter.

#technology#security#csrf#web
5 min readSeries: Tech Explained Simply · Part 187

Cross-Site Scripting: When Untrusted Content Becomes Browser Code

Learn stored, reflected, and DOM cross-site scripting, why output encoding must match context, and how safe APIs, sanitization, CSP, cookies, and testing reduce risk.

#technology#security#xss#web
5 min readSeries: Tech Explained Simply · Part 186

SQL Injection: When Data Changes a Database Command

Learn how SQL injection happens, why parameterized queries separate data from syntax, and how dynamic identifiers, stored procedures, validation, privilege, and testing fit together.

#technology#security#sql-injection#databases
5 min readSeries: Tech Explained Simply · Part 185

Input Validation: Enforcing Expectations at Trusted Boundaries

Learn how server-side input validation checks type, size, format, range, structure, and business rules, and why validation differs from sanitization and output encoding.

#technology#security#input-validation#software
6 min readSeries: Tech Explained Simply · Part 184

Secure Software Development: Building Security Through the Lifecycle

Learn how threat modeling, safe design, dependencies, coding, review, testing, delivery, monitoring, and incident response make security a lifecycle property.

#technology#security#secure-development#software-engineering
6 min readSeries: Tech Explained Simply · Part 183

Zero Trust: Explicit, Contextual, and Repeated Verification

Learn what zero trust means in practical architecture, why network location is not identity, and how users, devices, workloads, policy, segmentation, and telemetry interact.

#technology#security#zero-trust#identity
6 min readSeries: Tech Explained Simply · Part 182

Defense in Depth: Building Security That Survives One Failed Control

Learn how preventive, detective, containment, and recovery controls form independent security layers, and why duplicating one weak check is not enough.

#technology#security#defense-in-depth#risk
5 min readSeries: Tech Explained Simply · Part 181

Least Privilege: Give Only the Access a Task Requires

Learn how least privilege limits human and workload permissions by action, resource, condition, and time, reducing damage from mistakes and compromise.

#technology#security#least-privilege#access-control
6 min readSeries: Tech Explained Simply · Part 180

Blameless Post-Incident Learning: Looking Beyond Human Error

Learn how blameless incident reviews examine conditions, decisions, safeguards, and system interactions while preserving accountability and producing useful improvements.

#technology#postmortem#incident-learning#reliability
6 min readSeries: Tech Explained Simply · Part 179

Incident Response: Stabilize, Communicate, Recover, Learn

Learn how incident response organizes severity, roles, evidence, mitigation, communication, recovery, and handoff during serious production degradation.

#technology#incident-response#operations#reliability
5 min readSeries: Tech Explained Simply · Part 178

Service Level Indicators and Objectives: Measuring Reliability

Learn how service level indicators measure user-relevant behavior, how objectives set reliability targets, and how error budgets guide operational risk.

#technology#sli#slo#reliability
5 min readSeries: Tech Explained Simply · Part 177

Monitoring and Alerting: Knowing When a Service Needs Attention

Learn how monitoring evaluates system signals and how alerts should connect urgent user impact to an actionable human response without creating fatigue.

#technology#monitoring#alerting#operations
6 min readSeries: Tech Explained Simply · Part 176

Logs, Metrics, and Traces: Complementary Evidence from Running Systems

Learn how logs record events, metrics summarize behavior, and traces follow work across components, and how to combine them without losing context or exposing sensitive data.

#technology#observability#logs#metrics#tracing
5 min readSeries: Tech Explained Simply · Part 175

Deployment Strategies: Controlling Exposure to a New Version

Learn how recreate, rolling, blue-green, and canary deployments replace software capacity, and how compatibility, rollback, traffic, cost, and state guide the choice.

#technology#deployment#canary#delivery
5 min readSeries: Tech Explained Simply · Part 174

Infrastructure as Code: Reviewable and Reproducible Environments

Learn how infrastructure as code declares resources in versioned definitions, how plans and state work, and how teams manage drift, secrets, modules, policy, and destructive change.

#technology#infrastructure-as-code#cloud#delivery
6 min readSeries: Tech Explained Simply · Part 173

Continuous Delivery and Deployment: Releasable Versus Automatically Released

Learn the difference between continuous delivery and continuous deployment, how artifacts move through environments, and what gates, rollout, rollback, and observability require.

#technology#continuous-delivery#continuous-deployment#delivery
5 min readSeries: Tech Explained Simply · Part 172

Continuous Integration: Making Integration Routine

Learn how continuous integration combines small changes frequently, runs automated checks, protects a healthy shared branch, and shortens feedback on incompatibility.

#technology#continuous-integration#ci#delivery
6 min readSeries: Tech Explained Simply · Part 171

What DevOps Means: Shortening the Path from Change to Learning

Learn why DevOps is a way of working rather than one tool or job title, and how shared ownership, automation, flow, feedback, and learning improve delivery.

#technology#devops#delivery#operations
6 min readSeries: Tech Explained Simply · Part 170

Cloud Cost Models: Architecture Multiplied by Usage

Learn how cloud bills combine compute, storage, requests, managed features, data transfer, commitments, and elastic usage, and how teams govern variable spending.

#technology#cloud#cost#finops
6 min readSeries: Tech Explained Simply · Part 169

Shared Responsibility in the Cloud: Know Which Layer You Own

Learn how cloud security and reliability responsibilities are divided between provider and customer, how the boundary changes across IaaS, PaaS, SaaS, and managed services.

#technology#cloud#shared-responsibility#security
6 min readSeries: Tech Explained Simply · Part 168

Cloud Identity and Access Management: Who Can Do What?

Learn how cloud IAM connects principals, policies, roles, resources, and conditions, and how least privilege and short-lived credentials reduce cloud risk.

#technology#cloud#iam#security
6 min readSeries: Tech Explained Simply · Part 167

Autoscaling: Turning Demand Signals into Capacity

Learn how autoscaling changes resource capacity from metrics, schedules, and queue depth, and why startup time, thresholds, limits, dependencies, and cost matter.

#technology#cloud#autoscaling#scalability
5 min readSeries: Tech Explained Simply · Part 166

Managed Databases: What the Provider Operates and What You Still Own

Learn which provisioning, patching, backup, replication, failover, and monitoring tasks managed databases automate, and which data and application responsibilities remain.

#technology#cloud#managed-databases#data
6 min readSeries: Tech Explained Simply · Part 165

Object, Block, and File Storage: Choosing the Right Interface

Learn how object, block, and file storage differ in interface, sharing, performance, consistency, durability, scale, and cost, with practical workload examples.

#technology#cloud#storage#data
5 min readSeries: Tech Explained Simply · Part 164

Software as a Service: Using a Complete Provider-Operated Application

Learn how SaaS differs from hosting software, what customers configure instead of operate, and why identity, data governance, integration, continuity, and exit still matter.

#technology#cloud#saas#software
6 min readSeries: Tech Explained Simply · Part 163

Platform as a Service: Deploying Code to a Managed Runtime

Learn how Platform as a Service shifts server, runtime, patching, scaling, and deployment work to a provider, and what constraints and portability tradeoffs remain.

#technology#cloud#paas#managed-platforms
6 min readSeries: Tech Explained Simply · Part 162

Infrastructure as a Service: Renting Foundational Cloud Resources

Learn what Infrastructure as a Service provides, what customers still manage, and how virtual machines, networks, storage, patching, access, and resilience fit together.

#technology#cloud#iaas#virtual-machines
5 min readSeries: Tech Explained Simply · Part 161

Cloud Regions and Availability Zones: Designing for Location and Failure

Learn how cloud regions and availability zones organize infrastructure, which failures each boundary addresses, and how latency, data residency, and cost shape deployment.

#technology#cloud#regions#availability-zones
7 min readSeries: Tech Explained Simply · Part 160

CAP as a Failure Trade-Off

Learn what the CAP theorem actually says about consistency and availability during network partitions, why partition tolerance is not an optional feature, and how choices differ by operation.

#technology#distributed-systems#cap-theorem#consistency
7 min readSeries: Tech Explained Simply · Part 159

Distributed Transactions and Sagas: Coordinating Work Across Services

Learn why one database transaction cannot easily span independent services, how two-phase commit differs from sagas, and how compensating actions manage partial workflow failure.

#technology#distributed-systems#sagas#transactions
6 min readSeries: Tech Explained Simply · Part 158

Eventual Consistency: Temporary Disagreement with a Convergence Promise

Learn why replicas and derived views can temporarily disagree, what eventual consistency does and does not guarantee, and how products handle stale reads and convergence.

#technology#distributed-systems#eventual-consistency#data
6 min readSeries: Tech Explained Simply · Part 157

Publish-Subscribe Systems: Sharing Events with Many Consumers

Learn how publish-subscribe systems distribute events to independent subscribers, how topics and subscriptions differ from queues, and why event contracts and replay matter.

#technology#distributed-systems#publish-subscribe#events
6 min readSeries: Tech Explained Simply · Part 156

Message Queues: Buffering Work Between Producers and Consumers

Learn how message queues decouple producers and workers, absorb bursts, support retries, and require explicit handling for duplicates, ordering, poison messages, and backlog.

#technology#distributed-systems#message-queues#asynchronous-processing
6 min readSeries: Tech Explained Simply · Part 155

Synchronous and Asynchronous Work: When Must the Caller Wait?

Learn how synchronous and asynchronous workflows differ, when background processing improves responsiveness, and what status, durability, retries, and cancellation async work requires.

#technology#distributed-systems#asynchronous-processing#architecture
6 min readSeries: Tech Explained Simply · Part 154

Idempotency: Making Repeated Requests Safer

Learn how idempotent operations prevent duplicate consequences, how idempotency keys work, and what storage, scope, concurrency, and response rules servers need.

#technology#distributed-systems#idempotency#apis
7 min readSeries: Tech Explained Simply · Part 153

Retries and Backoff: Repeating Work Without Making Failure Worse

Learn when retries recover transient failures, why immediate repetition can amplify outages, and how limits, exponential backoff, jitter, and idempotency make retries safer.

#technology#distributed-systems#retries#reliability
7 min readSeries: Tech Explained Simply · Part 152

Network Timeouts: How Long Should a Service Wait?

Learn why every remote call needs a timeout, how connection and response deadlines differ, and how to choose limits without confusing timeout with cancellation.

#technology#distributed-systems#timeouts#reliability
2 min readSeries: AWS from Zero · Part 1125

Cost Explorer: Provide anomaly feedback from the CLI

Use the AWS CLI to provide anomaly feedback in Cost Explorer, identify required inputs, and inspect the modeled response.

#aws#cli#cost-explorer#finops#cost
6 min readSeries: Tech Explained Simply · Part 151

Distributed Systems: When One Application Spans Computers

Learn how networks, partial failure, concurrency, clocks, and imperfect knowledge change software when components run across multiple computers.

#technology#distributed-systems#networks#reliability
7 min readSeries: Tech Explained Simply · Part 150

Quality as a Team System

Learn how software quality emerges from product decisions, design, implementation, review, testing, deployment, operations, and feedback across the whole team.

#technology#software-quality#teamwork#engineering
6 min readSeries: Tech Explained Simply · Part 149

Static Analysis and Linters: Finding Problems Before Execution

Learn how static tools inspect code and artifacts for type errors, unsafe flows, suspicious patterns, and style violations without running the program.

#technology#static-analysis#linters#software-quality
6 min readSeries: Tech Explained Simply · Part 148

Usability Testing: Watching People Use the Product

Learn how usability testing observes representative people performing realistic tasks to reveal confusion, hidden assumptions, and workflow friction.

#technology#usability-testing#user-experience#quality
6 min readSeries: Tech Explained Simply · Part 147

Performance Testing: Workloads, Targets, and Bottlenecks

Learn how performance tests measure latency, throughput, resource use, and failure under realistic workloads, and why results need explicit targets and environments.

#technology#performance-testing#load-testing#quality
6 min readSeries: Tech Explained Simply · Part 146

Regression Testing: Keeping Fixed Behavior Fixed

Learn how regression tests preserve corrected behavior, why a test should reproduce a bug before its fix, and how suites evolve with software risk.

#technology#regression-testing#software-testing#quality
7 min readSeries: Tech Explained Simply · Part 145

Test Doubles and Mocks: Controlled Boundaries

Learn why tests replace dependencies, how fakes, stubs, spies, and mocks differ, and how excessive mocking can prove implementation details instead of behavior.

#technology#test-doubles#mocks#software-testing
6 min readSeries: Tech Explained Simply · Part 144

End-to-End Tests: Protecting Critical User Journeys

Learn how end-to-end tests exercise realistic workflows through external interfaces, what broad confidence they provide, and how to reduce their cost and flakiness.

#technology#end-to-end-testing#software-testing#quality
6 min readSeries: Tech Explained Simply · Part 143

Integration Tests: Verifying Real Boundaries

Learn how integration tests exercise databases, files, queues, frameworks, and service contracts to find mismatched assumptions between components.

#technology#integration-tests#software-testing#quality