Latest posts

Description: I ditched dual-boot and set up a full Linux dev environment on Windows using WSL2 and Zsh. Here’s exactly how I did it — step by step, with every gotcha documented. Last updated: May 10, 2025 Introduction For years, developing on Windows felt like swimming upstream. I kept a dual-boot Ubuntu setup and rebooted

Read more

description: I integrated Trivy into our GitHub Actions pipeline to catch CVEs before they reach production. Here’s my exact workflow config, the gotchas I hit, and how to tune severity thresholds. Introduction My team shipped a Node.js API to production last year with a critical CVE hiding inside our base image. We didn’t know until

Read more

Published on SpiritCode.blog | Performance Engineering & Data Science I’ll be straight with you: I was a Pandas loyalist for years. I knew its quirks, had workarounds for its memory issues, and defended it in architecture meetings. Then I hit a 40GB CSV that had to be processed in under 10 minutes on a machine

Read more

Published on SpiritCode.blog | Data Engineering & Compliance When I joined a healthcare analytics startup a few years back, one of the first things that landed on my desk was a compliance audit report with a long list of red flags. Patient names in plaintext. Social Security Numbers sitting in a staging table. ZIP codes

Read more

How I Stopped Getting Paged at 3 AM by Learning to Profile Heap and Goroutine Leaks Before They Escalate Introduction: The OOM Kill Nightmare at 3 AM It was a Tuesday night. I was deep in sleep when my phone blew up. PagerDuty. Then Slack. Then a second PagerDuty alert. Our Go API — handling

Read more

Stop Trusting the Defaults. Your Containers Are More Exposed Than You Think. Introduction: The Danger of Unfiltered Syscalls A few years back, I was doing a security audit for a fintech client running a fairly standard Docker setup on AWS. Their containers were “secured” — namespaces, cgroups, a non-root user, the whole checklist. What they

Read more

The honest, production-tested guide to implementing micro-frontend architecture with Webpack 5 and Rspack — including the mistakes I made so you don’t have to. The Monolith That Almost Broke My Team Picture this: a 400,000-line React monolith shared by six product teams across three time zones. Every dependency upgrade becomes a negotiation. A react-dom version

Read more

How I stopped shipping “mystery meat” container images — and the tools that changed the way my team thinks about Docker security in 2025. Why This Keeps Me Up at Night (And Should Keep You Up Too) A few years back, I inherited a microservices platform that had been running in production for 18 months.

Read more

By SpiritCode | Security Engineering · DevOps Culture There’s a mental model baked into most corporate security infrastructure that goes something like this: inside the network is safe, outside is hostile. The VPN was the drawbridge. Get across it, and the castle trusts you. That model is dead. It has been dead for a while.

Read more

By SpiritCode | LLM Engineering · Applied AI There’s a moment every AI-curious engineer hits: you’ve written a clever system prompt, chained a few tools together, and the demo looks great. Then someone from the actual business team says “can it understand what we mean by a ‘C3 deviation’ or a ‘closed-won reforecast’?” and the

Read more

How I Cut Our Snowflake Bill by 40% Without Touching a Single Pipeline A battle-tested, SQL-heavy playbook from the trenches of a $300K/month data warehouse problem. By Rafael Dias · Senior Data Engineer · May 2026 · ~2,400 words The $87,000 Wake-Up Call I still remember the exact moment. It was a Tuesday morning in

Read more

Your LLM is Lying About Its JSON. Here’s How I Force it to Tell the Truth. There is nothing quite as frustrating as watching your beautifully crafted agentic workflow crash because GPT-4 decided to wrap its JSON response in conversational prose. You asked for a schema; it gave you: “Sure! Here is the data you

Read more

Ditch the Legacy VPN: My Guide to a Secure, Fast Remote Dev Setup with Tailscale I’ve spent a non-trivial portion of my career fighting with legacy VPNs. You know the drill: clunky clients that drop connection when your laptop sleeps, complex firewall rules that feel like playing Jenga, and the constant anxiety of exposing your

Read more

Why Every Megabyte Matters for Your Install Rate Let’s be real: nobody likes a bloated app. We’ve all seen the data—for every 6MB increase in APK size, you can expect a 1% drop in install conversion rates. In emerging markets, that number is even more brutal. Yet, as developers, we keep adding libraries like they’re

Read more

Stop Storing JWTs in LocalStorage: The Secure Way to Handle Auth in React We’ve all been there. You’re building a sleek React SPA, you’ve got your JWT (JSON Web Token) from the backend, and you need a place to put it. The easiest path? localStorage.setItem(‘token’, jwt). It’s simple, it persists through refreshes, and it’s what

Read more

Beyond Compliance: My Guide to Building WCAG-Ready Forms for Government Contracts When I first started consulting for US government contractors, I quickly realized that “accessibility” wasn’t just a checkbox for a better UI—it was a strict federal mandate. In the world of public sector tech, if your forms aren’t Section 508 compliant, you aren’t just

Read more

Why Your “Out-of-the-Box” Vector Search is Failing Your Customers (And How I Fixed It) If you’ve been building in the AI space lately, you’ve likely realized that semantic search is the “gold rush” of modern e-commerce. Last year, I was tasked with overhauling the search engine for a high-end vintage auto parts retailer. We started

Read more

Killing Latency: Why I’m Moving Back to Local-First Development in 2026 I’ve spent the better part of the last decade chasing the “perfect” development environment. For a while, we were told the cloud was the final destination. “Just move your IDE to a browser,” they said. “Latency is a thing of the past.” Well, it’s

Read more

Federal SBOM Compliance in 2026: Moving from ‘Nice-to-Have’ to Legal Obligation In my decade of navigating the trenches of AppSec and DevOps here in the US, I’ve seen plenty of “mandatory” trends come and go. But as we sit here in 2026, the secure software supply chain SBOM 2026 landscape isn’t just another trend—it’s the

Read more

The High-Stakes Reality of Performance as ROI In my years of consulting for major US retailers, I’ve seen the same pattern repeated: a marketing team spends millions on Black Friday top-of-funnel traffic, only to watch the conversion rate crater because the site feels “heavy.” I once performed an audit for a luxury apparel brand that

Read more

Defeating the Ghost in the Machine: Preventing SQL Injection in TypeORM I’ll never forget the “Black Tuesday” of my early career. I was working for a FinTech startup in New York, and we were using a popular ORM. I felt untouchable—after all, ORMs handle the messy SQL stuff, right? Wrong. A clever attacker exploited a

Read more

The Latency War: Architecting HFT Backends with Rust vs. Go In the world of High-Frequency Trading (HFT), we don’t measure success in seconds or even milliseconds. We measure it in ticks-to-trade latency. My team at a Tier-1 firm once spent three months shaving 400 nanoseconds off an execution gateway because that delta meant the difference

Read more

Preventing Burnout in Agile Environments with 2-Week Sprints In my fifteen years leading engineering teams across Silicon Valley, I’ve seen the same pattern repeat itself like clockwork. A company adopts Scrum, sets up two-week sprints, and for the first few months, velocity climbs. Leadership is thrilled. Then, around month six, the “Agile hangover” sets in.

Read more