// chris johnsonField notes on cybersecurity, AI-assisted development, infrastructure, and the craft of shipping things that actually work.
Get a weekly email with what I learned, summaries of new posts, and direct links. No spam, unsubscribe anytime.
A fourth-party supply-chain breach prompted Vercel to flag nine of my production credentials for rotation out of an abundance of caution. Twenty minutes after reading the disclosure I was rotating keys, and sixty minutes later I had a full audit and a hardened account. Here is how Claude Code turned a day of incident response into an hour, and why the chain that got here should change how you pick vendors.
How I built a subscriber-gated comment system with thumbs up/down reactions, admin moderation, and a one-time welcome email blast, including the PowerShell quirks and Vercel WAF rules that nearly blocked everything.
How I built a full newsletter system for this site with secure subscriptions, HMAC-verified unsubscribes, branded HTML emails, and a Vercel Cron that sends a weekly digest every Monday. Includes the WAF rule that broke everything and the firewall tightening that followed.
I've managed firewalls for years. When it came time to add WAF protection to my own site, I evaluated Cloudflare's free tier against Vercel's built-in WAF. Here's the comparison, the implementation, the config that broke the build, and the curl tests that proved it all works.
How I built a custom analytics system with interactive visualizations, IP intelligence, and a Leaflet world map, using Next.js, Neon Postgres, and Claude Code. Includes the full Vercel Analytics integration and why custom tracking fills the gaps.