Blog & Articles by Joy Heron

Blog Post

Let’s Not Normalize Insecure AI Assistants

AI assistants like OpenClaw promise convenience, autonomy, and increasingly personalized help. But beneath that promise lies an architecture that quietly combines private data, internet access, and exposure to untrusted content—the lethal trifecta of security risk. Sandboxing and physical isolation help, but they don’t address the core problem. As we add more capabilities, the potential blast radius only grows. This post is a case for slowing down, questioning defaults, and refusing to normalize insecure architectures.

Blog Post

What to Do While the AI Is Thinking

AI can write code while we wait — but that doesn’t mean we suddenly have free time. Whether we should think, multitask, review, or rest depends on what kind of work we are doing.

Blog Post

I sandboxed my coding agents. You should too.

My Lima VM + JetBrains Gateway setup for safe agentic development

Blog Post

Context Engineering: Managing AI-Generated Code Complexity

AI tools make developers more productive at writing code, but can overwhelm code reviewers with massive changes. Learn practical strategies for managing context in AI-assisted development to keep your code comprehensible, your reviews manageable, and your team’s productivity genuinely improved. Small scope was always good practice—with AI, it’s essential.

Blog Post

Git Clarity: Building Meaningful Commits and Linear History

Feeling overwhelmed by Git’s complexity? Discover a streamlined workflow that centers on creating single, comprehensible commits. Learn how this approach leads to clearer code reviews, fewer merge conflicts, and a beautiful linear commit history that tells the story of your code. This isn’t just about Git commands—it’s about aligning your tools with how your brain works.

Blog Post

AI — Behind the Buzzword Garbage
Blog Post

Custom Elements are NOT for Templating

Custom elements are a main technology included in the Web Components Browser specification. They provide a set of APIs for adding custom behavior and interactions to an HTML element – and they do this very well. However, they often are unfairly compared with JavaScript component frameworks. Custom elements were never intended to be a drop-in replacement for a JavaScript framework. This article focuses on what custom elements are, what they do well, and, most importantly, what they do not do.

Blog Post

Innovation in the web without sacrificing accessibility

We’ve truly stretched the boundaries of what is possible on the web. However, to do this we’ve sacrificed semantic HTML and made our applications inaccessible to a huge amount of different users. Instead of breaking the foundation of the web, we should consider this as an opportunity: how can we implement applications in a way that works for any user who might come along and want to interact with it?

Blog Post

Don’t tell me I’m not building a web application
Article

JavaScript? Yes, but in moderation

The benefits of classic architecture decisions for web applications.

Blog Post

A Playground for Testing OpenID Connect

This post describes how you can set up a development environment in order to play around with your OpenID client implementation. When running your application in a cluster, it can be difficult to test how it will behave behind a load balancer. One factor that can be particularly difficult to test is when you are communicating with an OAuth 2.0 or OpenID Connect server which expects that a request will be redirected back to the same application instance that it came from.

Blog Post

The Power of the HTML Form
Blog Post

Simplicity - Fighting Complexity At All Costs

My colleague recently wrote an excellent post discussing the functional and object-oriented paradigms. As someone who comes from a functional programming background, I definitely agreed with one thing: We need to stop building arbitrary walls that prevent us from learning from and helping each other.