•5 min read
Three event-sourcing bugs, three pillars of one contract
Six weeks of multiplayer bugs across three games converged on the same contract — deterministic appliers, atomic sequence allocation, server-owned identity.
#security
2 posts tagged with security. This index aggregates both frontmatter tags: entries and inline #security mentions.
•5 min read
Authentication is not authorization: three security stories from one quarter
A planned Google OAuth feature, the March 31 axios npm compromise, and a latent WebSocket subscribe hole — three different shapes, one rule: authorize at every join.