Security

Cedar

Designing safer listItems and getItem permissions

When you implement authorization for an endpoint that returns a list of items, there is an optimization that simplifies the policy structure a bit: define only the permission to list but not to get items. This makes it a bit easier for a policy writer to think about permissions as there is less duplication.

Continue reading →

Tamás Sallai

May 9, 2026

---

IoT

ESP32 time bootstrap problem

The past couple of weeks, I've been working with an ESP32 chip. I'm making experiments at this moment: my goal is to find out if these chips are good enough now. Many years ago I started with ESP8266 chips and they were clearly not: they were so resource-limited that they could not do TLS (and by extension, HTTPS). Any interesting use-case requires a server reachable over the internet, the lack of secure communication disqualified that chip.

Continue reading →

Tamás Sallai

April 30, 2026

---

AI

My first two months using AI

I started using AI more seriously in early November, so around this time marks my second month. When I talk to others, everyone's experience feels very different. So to add one more data point, here is mine.

Continue reading →

Tamás Sallai

January 11, 2026

---

I'm changing my mind about serverless

Read more >

January 3, 2026

---

Why I prefer multi-tenant systems

Read more >

December 30, 2025

---

AppSync subscriptions: waiting for start_ack can still result in missing events

Read more >

December 18, 2025

---

Closing issues because they are unplanned is bad UX

Read more >

December 15, 2025

---

Hardening with Firejail, Landlock, and bubblewrap

Read more >

December 2, 2025

---

CloudFormation

AWS

Edge cases in CloudFormation

CloudFormation is a declarative infrastructure management tool, meaning you describe what you want, upload, and the service will figure out what changes it needs to make to match reality with the configuration.

Continue reading →

Tamás Sallai

June 23, 2025

---