Allen
@allen.sanfordtech.xyz
Founder of @sabal.finance. Writing at sanfordtech.xyz.
When your security setup enables faster development instead of fighting it, you can focus on shipping features rather than managing access or compromising security.
August 18, 2025 at 5:46 PM
When your security setup enables faster development instead of fighting it, you can focus on shipping features rather than managing access or compromising security.
The magic happens in your local development setup. Instead of hardcoded keys, you get temporary credentials that automatically expire, generated from a single command.
August 18, 2025 at 5:46 PM
The magic happens in your local development setup. Instead of hardcoded keys, you get temporary credentials that automatically expire, generated from a single command.
AWS Organizations + IAM Identity Center solve this with two key principles: separate AWS accounts for environment isolation and temporary credentials through SSO.
Each environment gets its own account. Dev work stays in dev, prod stays locked down, billing stays consolidated.
Each environment gets its own account. Dev work stays in dev, prod stays locked down, billing stays consolidated.
August 18, 2025 at 5:46 PM
AWS Organizations + IAM Identity Center solve this with two key principles: separate AWS accounts for environment isolation and temporary credentials through SSO.
Each environment gets its own account. Dev work stays in dev, prod stays locked down, billing stays consolidated.
Each environment gets its own account. Dev work stays in dev, prod stays locked down, billing stays consolidated.
A fun post a finished about ranking restaurants based on their Google Maps data. I came up with and tried out two models traveling back to Louisiana from New York.
It was a long drive...
www.sanfordtech.xyz/posts/a-math...
#mathematics #statistics
It was a long drive...
www.sanfordtech.xyz/posts/a-math...
#mathematics #statistics
July 23, 2025 at 7:52 PM
A fun post a finished about ranking restaurants based on their Google Maps data. I came up with and tried out two models traveling back to Louisiana from New York.
It was a long drive...
www.sanfordtech.xyz/posts/a-math...
#mathematics #statistics
It was a long drive...
www.sanfordtech.xyz/posts/a-math...
#mathematics #statistics
Just finished up my post about using #webcomponents for progressive enhancement. I've had a great experience using them to add interactivity to my @astro.build apps and wanted to share some of the patterns.
June 26, 2025 at 12:14 AM
Just finished up my post about using #webcomponents for progressive enhancement. I've had a great experience using them to add interactivity to my @astro.build apps and wanted to share some of the patterns.
Kicking off my personal website with this ad spend planning tool I use to plan my meta campaigns.
The "Copy to CSV" works well with Google Sheets, and "Share Plan" lets you easy share a link to your current plan. Both features were helpful when working with marketers.
#startups #marketing
The "Copy to CSV" works well with Google Sheets, and "Share Plan" lets you easy share a link to your current plan. Both features were helpful when working with marketers.
#startups #marketing
June 18, 2025 at 4:01 PM
Kicking off my personal website with this ad spend planning tool I use to plan my meta campaigns.
The "Copy to CSV" works well with Google Sheets, and "Share Plan" lets you easy share a link to your current plan. Both features were helpful when working with marketers.
#startups #marketing
The "Copy to CSV" works well with Google Sheets, and "Share Plan" lets you easy share a link to your current plan. Both features were helpful when working with marketers.
#startups #marketing
I got tired of the "http://com.chrome.devtools.json" 404s, so I put together this quick solution that works for
@astro.build. It doesn't prevent the request, unfortunately.
@astro.build. It doesn't prevent the request, unfortunately.
June 4, 2025 at 7:47 PM
I got tired of the "http://com.chrome.devtools.json" 404s, so I put together this quick solution that works for
@astro.build. It doesn't prevent the request, unfortunately.
@astro.build. It doesn't prevent the request, unfortunately.
Gave Claude Code access to my full monorepo today.
I'm playing around with project memory imports to give it context about specific areas of my repo. The /memory command shows exactly which files it can access.
Any Claude monorepo tips?
#softwaredev #ai
I'm playing around with project memory imports to give it context about specific areas of my repo. The /memory command shows exactly which files it can access.
Any Claude monorepo tips?
#softwaredev #ai
May 23, 2025 at 6:50 PM
Gave Claude Code access to my full monorepo today.
I'm playing around with project memory imports to give it context about specific areas of my repo. The /memory command shows exactly which files it can access.
Any Claude monorepo tips?
#softwaredev #ai
I'm playing around with project memory imports to give it context about specific areas of my repo. The /memory command shows exactly which files it can access.
Any Claude monorepo tips?
#softwaredev #ai
Microsoft CoPilot's Agent Mode to be backed by Claude 4 and will utilize the new API enhancements, like prompt caching.
They also are using the word "peer programmer", which I'll pass on.
They also are using the word "peer programmer", which I'll pass on.
May 22, 2025 at 5:22 PM
Microsoft CoPilot's Agent Mode to be backed by Claude 4 and will utilize the new API enhancements, like prompt caching.
They also are using the word "peer programmer", which I'll pass on.
They also are using the word "peer programmer", which I'll pass on.
Just tried out ClaudeCode in VSCode!
May 22, 2025 at 5:05 PM
Just tried out ClaudeCode in VSCode!
ClaudeCode moves out of research review, gets an SDK, and native IDE integrations with VSCode and JetBrains.
May 22, 2025 at 4:51 PM
ClaudeCode moves out of research review, gets an SDK, and native IDE integrations with VSCode and JetBrains.
Listening in on Anthropic's live stream for ClaudeCode. I use Claude and ClodeCode very heavily, so I've very excited.🧵
First up: Opus and Sonnet 4
#softwaredev #ai
First up: Opus and Sonnet 4
#softwaredev #ai
May 22, 2025 at 4:48 PM
Listening in on Anthropic's live stream for ClaudeCode. I use Claude and ClodeCode very heavily, so I've very excited.🧵
First up: Opus and Sonnet 4
#softwaredev #ai
First up: Opus and Sonnet 4
#softwaredev #ai
Breaking: Ive and Altman Team Up
Jony Ive's design philosophy could finally push GenAI out of the chat box. I'd love to see truly simpler and more intuitive experiences. Imagine AI that feels as natural as the original iPhone felt compared to BlackBerry.
Jony Ive's design philosophy could finally push GenAI out of the chat box. I'd love to see truly simpler and more intuitive experiences. Imagine AI that feels as natural as the original iPhone felt compared to BlackBerry.
May 21, 2025 at 5:52 PM
Breaking: Ive and Altman Team Up
Jony Ive's design philosophy could finally push GenAI out of the chat box. I'd love to see truly simpler and more intuitive experiences. Imagine AI that feels as natural as the original iPhone felt compared to BlackBerry.
Jony Ive's design philosophy could finally push GenAI out of the chat box. I'd love to see truly simpler and more intuitive experiences. Imagine AI that feels as natural as the original iPhone felt compared to BlackBerry.
Spotted on r/Entrepreneur.
My take: Success isn't random. Your effort, skills, and environment create a probability distribution. Luck is just which point gets sampled.
My take: Success isn't random. Your effort, skills, and environment create a probability distribution. Luck is just which point gets sampled.
May 19, 2025 at 5:21 PM
Spotted on r/Entrepreneur.
My take: Success isn't random. Your effort, skills, and environment create a probability distribution. Luck is just which point gets sampled.
My take: Success isn't random. Your effort, skills, and environment create a probability distribution. Luck is just which point gets sampled.
Which of these 3 descriptions actually makes you curious about what I'm building at @sabal.finance? Be brutally honest.
As an engineer, my default is to be feature focused and precise. I'm working on speaking directly to how people feel, not what I've built.
#startups #requestforfeedback
As an engineer, my default is to be feature focused and precise. I'm working on speaking directly to how people feel, not what I've built.
#startups #requestforfeedback
May 14, 2025 at 4:53 PM
Which of these 3 descriptions actually makes you curious about what I'm building at @sabal.finance? Be brutally honest.
As an engineer, my default is to be feature focused and precise. I'm working on speaking directly to how people feel, not what I've built.
#startups #requestforfeedback
As an engineer, my default is to be feature focused and precise. I'm working on speaking directly to how people feel, not what I've built.
#startups #requestforfeedback
The 'passkey-sign-in' web component handles three things:
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
May 9, 2025 at 5:37 PM
The 'passkey-sign-in' web component handles three things:
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
This @astro.build component lets me trigger auth from several places in my app.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
May 9, 2025 at 5:37 PM
This @astro.build component lets me trigger auth from several places in my app.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
The passkey authentication at @sabal.finance is pretty streamlined at ~100 lines of code: web components and events keep things simple.
I'm using @bitwarden.bsky.social to handle the cryptography, building on their security expertise.
Code 🧵
#softwaredev #webdev #webcomponents #passkeys
I'm using @bitwarden.bsky.social to handle the cryptography, building on their security expertise.
Code 🧵
#softwaredev #webdev #webcomponents #passkeys
May 9, 2025 at 5:37 PM
The passkey authentication at @sabal.finance is pretty streamlined at ~100 lines of code: web components and events keep things simple.
I'm using @bitwarden.bsky.social to handle the cryptography, building on their security expertise.
Code 🧵
#softwaredev #webdev #webcomponents #passkeys
I'm using @bitwarden.bsky.social to handle the cryptography, building on their security expertise.
Code 🧵
#softwaredev #webdev #webcomponents #passkeys
The 'passkey-sign-in' web component handles three things:
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
May 9, 2025 at 5:21 PM
The 'passkey-sign-in' web component handles three things:
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
This @astro.build build component lets me trigger auth from several places in my app.
Note how the @htmx.bsky.social mx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
Note how the @htmx.bsky.social mx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
May 9, 2025 at 5:21 PM
This @astro.build build component lets me trigger auth from several places in my app.
Note how the @htmx.bsky.social mx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
Note how the @htmx.bsky.social mx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
The 'passkey-sign-in' web component handles three things:
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
May 9, 2025 at 5:17 PM
The 'passkey-sign-in' web component handles three things:
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
1. Creating a signed token using WebAuthn and Bitwarden
2. Adding the token to the 'hx-vals' attribute so that we can send it to our server
3. Triggering the 'validate-token' event to make the request
This @astro.build component lets me trigger auth from several places in my app.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
May 9, 2025 at 5:17 PM
This @astro.build component lets me trigger auth from several places in my app.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
Note how the @htmx.bsky.social attributes (hx-*) describe both browser and the server interactions, resulting in a declarative approach that's easy to reuse and reason about.
The server interactivity is managed by
@htmx.bsky.social using DOM attributes. The `hx-trigger` determines when the request is sent: 200ms after a keydown event if the input's value has changed.
Using `display: contents` on the component makes styles "pass-through" to its children.
@htmx.bsky.social using DOM attributes. The `hx-trigger` determines when the request is sent: 200ms after a keydown event if the input's value has changed.
Using `display: contents` on the component makes styles "pass-through" to its children.
May 7, 2025 at 11:11 PM
The server interactivity is managed by
@htmx.bsky.social using DOM attributes. The `hx-trigger` determines when the request is sent: 200ms after a keydown event if the input's value has changed.
Using `display: contents` on the component makes styles "pass-through" to its children.
@htmx.bsky.social using DOM attributes. The `hx-trigger` determines when the request is sent: 200ms after a keydown event if the input's value has changed.
Using `display: contents` on the component makes styles "pass-through" to its children.