#security

A deliberately hostile post body used to confirm the render-time sanitizer holds.

Lena NovakJune 5, 2026 · 1 min read

A token bucket gives you smooth rate limits with burst tolerance in about a dozen lines. Here is the whole thing.

Lena NovakFebruary 18, 2026 · 1 min read

Long-lived tokens are a liability. We moved to 10-minute access tokens with rotating refresh tokens — here is the tradeoff.

Lena NovakFebruary 10, 2026 · 1 min read