Developer Guides
The concepts behind the tools — how JWTs, cron, Base64, regex, and the rest actually work, written for developers who want to understand, not just copy.
Network
HTTP Status Codes as a Debugging Compass: What Each Class Really Tells You
Status codes are the API's first diagnostic signal. What 4xx vs 5xx actually assigns blame for, the codes developers routinely confuse (401/403, 301/302/307, 502/503/504), and how to pick codes for your own APIs.
4 min read
Encoding
URL Encoding: Why Your Query Strings Break and How to Fix Them for Good
Percent-encoding from first principles: reserved vs unreserved characters, the +/%20 space schism, double encoding, and the component-wise discipline that ends the whack-a-mole.
3 min read
Identifiers
UUIDs Explained: Versions, Collision Math, and Database Reality
How 128 bits deliver coordination-free uniqueness, what v1/v4/v5/v7 are each for, the birthday-paradox numbers, and why random UUIDs fragment database indexes.
3 min read
Security
What Actually Makes a Password Strong (The Math, Not the Myths)
Entropy explained with real numbers, why length beats complexity rules, how offline cracking actually works, and the modern NIST guidance that retired the 90-day rotation ritual.
3 min read
Security
Hashing vs Encryption vs Encoding: Three Different Jobs, One Endless Confusion
The three transformations developers mix up constantly — what each guarantees, what each doesn't, and how to pick the right one for passwords, tokens, integrity checks, and transport.
3 min read
Regex
Regex Fundamentals: A Mental Model That Actually Scales
Learn regex as an engine, not incantations: how matching and backtracking work, greedy vs lazy quantifiers, anchors and groups, and how to avoid the patterns that melt CPUs.
3 min read
Time
Unix Time and Time Zones: The Mental Model That Prevents Date Bugs
Instants versus wall clocks, seconds versus milliseconds, why 'store UTC, display local' works, and the DST edge cases that break schedulers and date math.
3 min read
JSON
JSON in Practice: Strict Syntax, Sloppy Reality, and the Errors In Between
Why valid-looking JSON fails to parse, what the specification actually allows, how numbers silently lose precision, and a field guide to every common JSON.parse error.
3 min read
Encoding
Base64 Explained: What It Is, What It Isn't, and When to Use It
Why binary data needs text armor, how Base64's 3-bytes-to-4-characters math works, the base64url variant that powers JWTs, and the security misconceptions that refuse to die.
3 min read
DevOps
Cron Expressions Explained: From */5 to the OR-Rule Nobody Expects
Learn to read and write cron schedules with confidence: the five fields, steps and ranges, the day-of-week OR trap, DST pitfalls, and dialect differences across crontab, Kubernetes, and Quartz.
3 min read
Security
How JWT Authentication Works: Structure, Signing, and Where It Breaks
A working developer's guide to JSON Web Tokens: what the three segments mean, how signatures actually protect you, and the five mistakes behind most JWT security incidents.
3 min read