I send HTML emails using Django templates for consistent branding. The EmailMultiAlternatives class supports both plain text and HTML versions. I render templates with render_to_string and context data. For transactional emails, I queue them via Celer

Compressing responses is an easy bandwidth win for JSON APIs, but only when it's done carefully. I check Accept-Encoding for gzip, set Vary: Accept-Encoding so caches behave correctly, and stream output through gzip.Writer so we don't buffer full resp

For webhooks, I assume the internet is hostile by default. I don’t trust that a request ‘looks like’ it came from Stripe/GitHub/etc; I verify the signature over the raw request body and use crypto.timingSafeEqual to avoid leaking information via timin

For internal admin endpoints, I often add a network allowlist in addition to auth. The tricky part is deciding which IP to trust: if you’re behind a proxy, you might need X-Forwarded-For, but only if the proxy is controlled by you. The middleware belo

I often need a fast read path for small datasets (like a list of active plans or an allowlist) that updates periodically. Instead of locking on every read, I store a pointer to an immutable snapshot in atomic.Pointer. Reads are lock-free and safe; ref

Typing indicators can be done without a complex protocol. I broadcast a small turbo stream replace to a typing_indicator target when a user starts typing, and another replace to clear it after a timeout. On the client, a Stimulus controller sends “typ

Avoid loading whole records when you only need to know if something exists. exists? is good; for complex joins, a scoped select(1).limit(1) can be clearer and keeps the DB workload low.

Jobs should accept simple primitives (IDs, strings), not full objects. It avoids serialization surprises and makes jobs resilient across deploys. This also reduces job payload size.

When latency matters, I benchmark the smallest interesting unit and watch allocations. In Go, a surprising number of regressions come from accidental heap churn: converting []byte to string, building lots of temporary maps, or using fmt.Sprintf in loo

GraphQL makes it very easy to accidentally create N+1 query explosions. DataLoader batches requests for the same resource during a single tick and gives you per-request caching. The trick is scoping: loaders must be per-request, not global singletons,

When I need a modal (new/edit/show), I avoid client-side templating by using a dedicated turbo_frame_tag as the modal container (often id='modal'). Links target that frame, so the response only replaces the modal content. Closing the modal is just swa

I stopped doing row-by-row imports once they started hammering the DB. In Migration (unique index), I added a real uniqueness guarantee on provider + uid, because bulk writes only stay correct if the database can enforce constraints. Then, in Bulk ups