Developer & Web Utility Guides
Practical guides on the technologies behind everyday web utilities — encoding standards, regex patterns, color theory, hashing, and more. Every guide links to the relevant tool so you can apply what you learn immediately.
26 articles and growing.
SQL Indexing Fundamentals: When (and What) to Index
Indexes are the single biggest performance lever in SQL. They're also the most over- and under-applied. Here's a practical framework for deciding what to index and what to leave alone.
JWT Security Best Practices: The Bugs That Keep Showing Up
JWTs are fine until they aren't. Most JWT vulnerabilities come from the same five mistakes — algorithm confusion, missing verification, leaky storage, sloppy expiration, and silent revocation. Here's how to avoid them.
CSS Units Explained: px, em, rem, vw, vh, and the Rest
Eight CSS units, four mental models, and one decision tree for picking the right one. With the actual rules browsers apply when they compute final pixel values.
HTTP Caching: The Headers, the Strategies, and Why Your Site Is Slower Than It Needs to Be
Caching is the single biggest performance lever most sites miss. Learn the layers (browser, CDN, reverse proxy), the headers that drive each, and the patterns that make your site feel instant.
HTTP Headers Deep Dive: The Ones You Actually Need to Know
Hundreds of HTTP headers exist. About 30 matter day-to-day. Learn the request and response headers that drive caching, security, content negotiation, and the security headers that defend against common attacks.
Semantic Versioning: The Rules, the Edge Cases, and Why People Get It Wrong
SemVer looks simple — major.minor.patch. The hard part is judging what counts as a breaking change. Learn the rules, the dependency-resolution implications, and the practical patterns that make versioning useful.
HTTP Cookies and Sessions: The Attributes That Decide Security
A cookie is a tiny key-value pair with five security attributes that decide whether your auth is hardened or hilariously broken. Learn each attribute, the SameSite changes, and the modern session-cookie patterns.
WebSocket vs HTTP: When You Actually Need a Persistent Connection
WebSocket gets reached for whenever real-time appears in requirements. Often, Server-Sent Events or polling is the right choice. Learn the tradeoffs, the protocol details, and the operational gotchas.
XML vs JSON vs YAML: Which Data Format for Which Job
Three data formats with overlapping use cases, very different strengths. Learn when to use each, the security gotchas, and the surprising places XML still wins.
Unicode, UTF-8, and Why "String Length" Lies to You
Codepoints, code units, grapheme clusters, surrogate pairs. Learn why JavaScript says "👨👩👧".length is 8, why emoji break your form validation, and how to actually count characters correctly.
CORS Errors: Why They Happen and How to Actually Fix Them
CORS is the browser security mechanism every web developer eventually fights. Learn the actual model (it's not what you think), the headers, the preflight dance, and the right way to configure it.
REST vs GraphQL vs gRPC: How to Pick the Right API Style
Three popular API styles, each with strong opinions about how clients and servers communicate. Learn the architectural fit for each, the real performance numbers, and when hybrids beat purity.
JWT Tokens Explained: Structure, Security, and the Common Mistakes
JWT is a clean, stateless way to transport claims — and a security minefield if you treat it like an opaque session token. Learn the format, the algorithms, and the patterns that prevent the most common JWT bugs.
Markdown vs HTML: When to Choose Each (and How to Mix Them Safely)
Markdown is fast and writeable. HTML is precise and powerful. Learn the tradeoffs, the security implications of mixing them, and the surprising places Markdown wins for content workflows.
HTTP Status Codes: A Practical Reference for Each Class and the Ones You're Probably Misusing
Five classes, dozens of codes, and a small set of frequent misuses (404 vs 410, 401 vs 403, 500 vs 503). Learn which code to actually return when, with an emphasis on real-world API design choices.
Word Count and Reading Time: Why Estimates Vary and What's Actually Accurate
Different tools count words differently. Reading-time estimates range 50% across platforms. Learn what counts (and what doesn't), why Medium's estimate differs from yours, and how to make accurate reading-time predictions.
Lorem Ipsum: The 500-Year-Old Placeholder Text and How to Use It Right
It comes from Cicero. It was scrambled by a printer in the 1500s. It's shaped how every modern designer mocks up content. Learn the history, the alternatives, and when to never use it.
Timestamp Conversion: Unix Time, ISO 8601, and the Time Zone Problems Nobody Warns You About
Time zones, daylight saving, leap seconds, the Year 2038 problem. Learn the formats, the gotchas, and the rules that make timestamps reliable across systems.
Naming Conventions: camelCase, snake_case, kebab-case Explained
A practical guide to the casing conventions used across programming languages, frameworks, and platforms.
UUID v4 vs UUID v7: Choosing the Right Identifier
Why time-ordered UUIDs are quietly replacing v4 for database primary keys — and when v4 is still the right choice.
Color Theory for Developers: HEX, RGB, HSL, and WCAG Contrast
Everything a developer needs to know about color models — and why HSL changes how you think about palettes.
Hashing vs Encryption: Two Concepts Constantly Confused
Hashing is one-way; encryption is two-way. Get the difference right and avoid catastrophic security mistakes.
Base64 & Data URLs: When to Inline Binary Content
Why we encode binary data as text, when data URLs help, and when they hurt page performance.
Regex Cheatsheet & Common Patterns: Email, URL, Phone Validation
Practical regex patterns for everyday validation tasks — and the tricky edge cases that catch most developers.
JSON Essentials for Developers: Beyond Pretty-Printing
Schemas, validation, common pitfalls, and the parser quirks every developer should know about JSON.
URL Encoding Explained: When and Why Characters Are Percent-Encoded
Learn why URLs need encoding, how percent-encoding works, and when to use encodeURIComponent vs encodeURI in real applications.