A real-world wake-up call from an unexpected place A media startup I advised had solid cloud controls. Their Kubernetes clusters were locked down, CI secrets were rotated, and production access required hardware keys. Then an internal scan found an exposed…
Author: Ankur Sharma
-
The Tuesday Memory Leak: A Java Production Triage Playbook with JFR, Heap Histograms, and async-profiler
Practical Java memory leak troubleshooting with JFR, heap histograms, and async-profiler, including Kubernetes debug workflows and production tradeoffs.
-
The Silent Device Problem: Building DevOps Automation That Finds and Fixes Misconfigurations Before They Reach Production
A tiny device, a very loud incident Last year, a media team added a new USB audio interface to a production studio workstation. Nothing unusual, just another peripheral in a busy setup. Two weeks later, security flagged unexpected east-west traffic…
-
The Friday Fork Scare: GitHub Actions Pipeline Hardening with OIDC, Pinned SHAs, and Safer Deploys
Learn GitHub Actions pipeline hardening with OIDC workload identity, pinned action SHAs, and least-privilege tokens to ship safely without slowing teams.
-
The Open Port Incident: A Kubernetes Admission Control Playbook with Pod Security, CEL Policies, and Gatekeeper Audits
Kubernetes admission control playbook using Pod Security Admission, CEL policies, and Gatekeeper audits to prevent risky deploys without slowing teams.
-
The Fast UI, Slow Team Problem: Frontend Performance Engineering with AI Assistants in 2026
A quick story from a launch that looked fine on paper A product team shipped a redesigned pricing page on a Thursday night. Lighthouse score was decent in staging, synthetic checks were green, and the feature flags rolled out smoothly….
-
The Push Alerts That Arrived After the Sale Ended: A Mobile Push Notification Reliability Playbook for FCM and APNs
Build mobile push notification reliability with FCM and APNs: token hygiene, TTL policy, invalid-token cleanup, and troubleshooting for real production apps.
-
When “Helpful” Changes Keep Breaking Prod: A Backend Reliability Guide for Managing Intent Debt in 2026
A short story from a long night on call A platform team pushed what looked like a safe patch to their order service: a few “cleanup” refactors, renamed variables, and a helper function split into two files. The core logic…
-
The Clicks That Felt Broken: JavaScript INP Optimization with Long-Task Budgets and scheduler.postTask
JavaScript INP optimization guide with PerformanceObserver, long-task budgeting, and scheduler.postTask patterns that make clicks feel instant on real devices.
-
The Inference Bill Shock Week: A Practical AI/ML Production Playbook for Small Models, Fast Feedback, and Real-World Reliability
A Tuesday morning incident that changed how one team shipped AI At 10:07 AM, a support platform rolled out a “better” response model for ticket triage. Quality looked great in offline evaluation, and early demos impressed leadership. By 1:30 PM,…
-
From OTP Fatigue to One-Tap Trust: Implementing Android Passkeys with Credential Manager in a Legacy App
Practical guide to Android passkeys with Credential Manager: Kotlin + Node.js verification, migration tradeoffs, and fixes for real login rollout issues.
-
The Plugin Update That Flattened Checkout: A WordPress Engineering Playbook for Safe Releases in 2026
A small Friday update, a very expensive Saturday A WooCommerce team pushed what looked like a routine plugin update late Friday: payment gateway minor version bump, security patch in an SEO plugin, and a theme helper tweak. No major code…