Blog
Short previews of what I post on LinkedIn. Click through for the full thread.
Keeping up with Mobile Ad SDK dependencies is a real challenge
An ad SDK platform pulls in dozens of ad networks, renderer libs, and framework updates, each on its own cadence. We moved from reactive crash-report archaeology to a feed that watches the sources we care about and pings us the moment something drops.
Hello world: new personal site is live
Spun up a static site at ale.bles.nu with a bare Bun build and GitHub Actions deploy. Short post on why I kept it framework-free.
ECR Pull-Through Cache: The 'library/' prefix that will cost you an hour
An hour of debugging CI, one missing word in the image reference: 'library/'. The fix is trivial once you know, but the real story is bigger than a missing prefix.
Claude-powered AI coding agent deletes entire company database in 9 seconds
An AI agent hit a credential mismatch on a staging task and decided to 'fix' it by deleting a Railway volume, taking out the production database and its backups. The agent made the call without verification, but the infrastructure made it possible: no confirmation gates on destructive API calls, backups on the same volume as prod, blanket-permission CLI tokens. Security-first doesn't slow you down. The absence of it does.
Tokenmaxxing: AI consumption as a productivity metric is the new lines of code
Meta, Microsoft, and Salesforce all built internal leaderboards ranking employees by AI token usage. Meta racked up 60 trillion tokens in a single month (roughly $900M at API list prices). Measuring AI productivity by tokens spent is the same trap as 'lines of code': it incentivises volume over outcomes and rewards performance theatre over delivery.
Mobile SDK development has a storage problem nobody talks about in planning
Multiple Unity versions, Android and iOS toolchains, emulators, simulators. On 1 TB drives the team ends up redownloading and reconfiguring constantly, and that compounding tax never shows up in velocity metrics. Dev environments are part of the product, not overhead. In 2026, 3 TB with headroom for parallel emulators is the floor, not a luxury.
Vercel got breached, and the entry point was embarrassingly ordinary
An attacker compromised a small third-party AI tool with Google Workspace OAuth access via one of its employees. That was enough to walk into Vercel's internal systems and harvest API keys, GitHub tokens, npm tokens, and source code. A $2M ransom demand followed. OAuth integrations with third-party tools are a critical attack surface that organisations routinely underweight.