Loading...
Loading...
Loading...
DYKWYBLSby Island Pitch
Do You Know What You Built Last Summer?!
You vibe coded it. You shipped it. Now let's find out if you actually know what's in there. No shame — just truth.
Do You Know What You Built Last Summer?!
You vibe coded it. You shipped it. Now let's find out if you actually know what's in there. No shame — just truth.
Knowledge Is Protection
Set up monitoring so you know when something goes wrong before your users tell you.
Your app is live. Users are signing up. Everything seems fine. But here is the thing — how would you know if it was not fine? Equifax did not know. Attackers ran approximately 9,000 queries against their systems and extracted data from 51 databases over several months without anyone noticing. That breach affected 147 million people and cost $425 million. The difference between "we had a rough hour" and "we lost everything" is almost always monitoring.
Monitoring is your app's nervous system — it tells you when something hurts. Logging is the detailed record of what your app is doing, moment by moment, so when something goes wrong you can figure out why.
Monitoring comes in different flavors. Uptime monitoring checks whether your app is reachable at all. Performance monitoring tracks how fast your pages load and your APIs respond. Error monitoring catches exceptions and failures in real time. Health checks are endpoints your infrastructure can ping to verify the app is actually working, not just running.
Logging is the complementary piece. Good logs tell you what happened, when it happened, and in what context. When a user reports "the checkout page broke," logs are how you trace back through the sequence of events to find the actual problem.
Most AI-generated projects ship with console.log statements scattered around and absolutely nothing else. That works during development. In production, it is like driving at night with no headlights.
And your monitoring dashboards need to be accessible too. Dashboards that rely solely on color coding — red for bad, green for good — exclude colorblind operators. Alert systems that are only auditory exclude deaf engineers. If your ops team includes people with disabilities (and it should), your monitoring tools need to work for them.
Console.log is not monitoring. It is whispering into the void and hoping someone hears.
OWASP Top 10 #9: Security Logging Failures. 723 CVEs mapped. Hard to test for the absence of something.
Security Logging and Alerting Failures holds the number 9 spot in the OWASP Top 10:2025, voted in by the community for the third time. It has only 723 CVEs mapped to it because, as OWASP notes, it is "incredibly difficult to test for." You cannot scan for the absence of something.
Here is what that absence costs. The 2024 Snowflake breaches affecting 160+ organizations were made catastrophically worse by insufficient logging. Many customer instances lacked audit logging entirely, meaning attackers could exfiltrate data without triggering a single alert. One hundred and sixty companies breached, and the logging that could have caught it was turned off.
A children's health plan provider could not detect a breach due to lack of monitoring. The breach may have been in progress since 2013 — more than seven years before anyone noticed.
The IBM Cost of a Data Breach Report puts hard numbers on this: organizations that detect and contain breaches within 200 days save $1.02 million compared to those that take longer. The average detection and containment time is still 241 days. That is eight months. If you had monitoring, you could cut that to hours. The dollar difference is seven figures.
With basic monitoring, you would get an alert within minutes of the first error. You could scale up, add capacity, or at minimum put up a maintenance page. The difference between a rough hour and a lost launch day is almost always whether someone was watching.
Seven years. A children's health provider was breached for seven years before anyone noticed. That is a kid starting first grade and graduating middle school.
241 days average detection time. $1.02M saved by detecting within 200 days. Monitoring ROI is measurable.
At minimum, something should be pinging your app's URL every few minutes and alerting you if it goes down. Services like UptimeRobot (free tier available), Pingdom, or even a simple cron job can handle this. If your app goes down at 3 AM, you should know by 3:05 AM.
Console.log disappears when the process restarts. Use an error tracking service like Sentry, LogRocket, or Datadog that captures errors, groups them, and alerts you. Most have generous free tiers for small projects.
Create a simple /api/health endpoint that checks your database connection, external service connections, and returns a status. This gives monitoring tools something meaningful to check beyond "the server is responding."
A log entry that says "Error: something went wrong" is useless. Good logs include: what operation was happening, which user was affected, what the input was, and a correlation ID that ties related log entries together. This is how you go from "something broke" to "here is exactly what broke and why."
Four items. Start with uptime monitoring — it is free and takes ten minutes. Then work your way down.
4 items flagged. Uptime monitoring: free tier available. Error tracking: free tier available. Health endpoint: 20 lines of code.
If you cannot see what your app is doing in production, you are flying blind. Equifax ran 9,000 undetected queries. Snowflake had logging turned off. A children's health provider was breached for seven years without knowing. Monitoring does not have to be complicated or expensive — even basic uptime checks and error tracking put you miles ahead of most AI-built projects. The goal is simple: know about problems before your users do.
You cannot fix what you cannot see. And you definitely cannot fix it if you find out from an angry tweet.
Detection speed directly correlates with breach cost. Every hour of monitoring pays for itself.
Want to see how your monitoring and observability stack up? A DYKWYBLS comprehension check looks at your actual infrastructure and tells you what gaps exist between what you think is being monitored and what actually is. Part of how Island Pitch helps you Do Cool Things the Right Way!
Meet Your Code