Guides

JSON Web Token (JWT) explained from header/payload/signature to verification, secret rotation, and common security pitfalls.

2026-05-16·~9 min

Base64 is binary-to-text encoding, not encryption. Understand padding, URL-safe variants, common pitfalls, and the encoded size overhead.

2026-05-16·~7 min

UUID v4, UUID v7, ULID, and Snowflake compared on sortability, database performance, URL friendliness, and collision risk.

2026-05-16·~8 min

Hands-on regex tutorial covering character classes, quantifiers, groups, lookaround, and the catastrophic backtracking patterns to avoid.

2026-05-16·~10 min

Cron field-by-field syntax, special tokens, timezone behavior across Unix cron, Kubernetes, and AWS, and the patterns that cause silent failures.

2026-05-16·~8 min

Why webhooks need HMAC signatures, how providers like Stripe and GitHub sign payloads, constant-time comparison, replay protection, and a step-by-step verifier.

2026-05-16·~8 min

Definitive reference for HTTP status codes — class meanings, the most common codes in REST APIs, frequently confused pairs (401 vs 403, 400 vs 422), and how to pick the right one.

2026-05-16·~9 min

Why you can't store passwords with SHA-256, what makes bcrypt and Argon2 different, how to pick cost parameters, peppering, and migrating between algorithms.

2026-05-16·~10 min

How WCAG contrast ratios are calculated, the difference between AA and AAA, what 'large text' means, common UI failures, and APCA (the next-gen formula).

2026-05-16·~8 min

A complete Markdown reference — headings, lists, links, images, tables, code blocks, footnotes, task lists, and the GitHub Flavored Markdown extras.

2026-05-16·~7 min

Cross-Origin Resource Sharing in plain language — same-origin policy, simple vs preflight requests, the right Access-Control-* headers, credentials, and the most common debugging traps.

2026-05-16·~9 min

OAuth 2.0 in plain language — the four flows, why PKCE replaced implicit, refresh tokens, scopes, and how it relates to OpenID Connect.

2026-05-16·~10 min

Why JS Date is dangerous, why you should always store UTC, the difference between offset and IANA name, daylight saving traps, and the right way to format for users.

2026-05-16·~9 min

Percent-encoding character sets, the difference between encodeURI and encodeURIComponent, when + means space, IDN/Punycode, and the right way to build URLs.

2026-05-16·~8 min

What JSON Schema can do that TypeScript can't (and vice versa), generation strategies in both directions, runtime validation with Ajv/Zod, and the right boundary patterns.

2026-05-16·~9 min

Native crypto.subtle in browsers — digest, sign/verify, encrypt/decrypt, key import/export, and why getRandomValues replaces Math.random for security.

2026-05-16·~9 min

Modern image formats compared, when to pick JPEG vs WebP vs AVIF, responsive images with srcset, lazy loading, and how compression actually works.

2026-05-16·~8 min

Why retries cause duplicate charges, how Stripe and PayPal use idempotency keys, the server-side state machine, key generation strategies, and storage TTL.

2026-05-16·~8 min

How CSP defends against XSS, the directives you actually need, nonces vs hashes vs strict-dynamic, the report-only rollout pattern, and AdSense/GA compatibility.

2026-05-16·~9 min

max-age vs s-maxage, immutable, stale-while-revalidate, ETag vs Last-Modified, CDN vs browser cache, and the headers your static assets, HTML, and API responses each need.

2026-05-17·~9 min

Four real-time integration patterns compared on latency, cost, complexity, and failure modes. When to use webhooks, when to fall back to polling, and where SSE/WebSocket fit.

2026-05-17·~9 min

Why editor exports balloon, what SVGO removes, when to inline vs reference, sprite sheets, and the security checklist for user-uploaded SVGs.

2026-05-17·~7 min

How SameSite changed CSRF defense in 2020, the differences between Lax/Strict/None, when you need Secure, third-party cookie deprecation, and what's still required beyond SameSite.

2026-05-17·~8 min

Why rate limit, the four classic algorithms (fixed window, sliding window, token bucket, leaky bucket), how to scope by IP/user/API key, and the headers clients expect.

2026-05-17·~9 min

What every Kubernetes manifest shares (apiVersion / kind / metadata / spec), the resource kinds you'll actually use, how Services find Pods via labels, and the manifest gotchas that bite teams new to K8s.

2026-05-18·~11 min

How docker-compose.yml is structured, what each top-level key (services / networks / volumes / configs / secrets) does, depends_on vs healthcheck, named volumes vs bind mounts, and the gotchas that break dev environments.

2026-05-19·~10 min

Where the Pomodoro Technique came from (Francesco Cirillo and a tomato-shaped kitchen timer), the exact method (25-minute focus + 5-minute break, long break after four), why time-boxing fights distraction and burnout, popular variations, and the myths worth dropping.

2026-05-28·~8 min

A practical tour through QR code structure: the finder / alignment / timing patterns, four data encoding modes, Reed-Solomon error correction levels (L/M/Q/H), and the 8 mask patterns that keep scanners reliable. Backed by the ISO/IEC 18004 spec.

2026-05-22·~9 min

A guided tour through cryptographic hashes — what makes a function one-way, the Merkle-Damgård and sponge constructions behind SHA-2 and SHA-3, why MD5/SHA-1 are broken, and why fast hashes are wrong for passwords.

2026-05-22·~9 min

What sRGB, P3, RGB, HSL, OKLCH actually mean. Why HSL feels intuitive but breaks visual consistency, why OKLCH is the new default in design systems, and how to read gamut and luminance like a pro.

2026-05-22·~9 min

From LCS to Myers' O(ND) algorithm — how Git, GitHub PRs, and your IDE compute the smallest set of changes between two texts, why moves look like delete+insert, and the unified vs context patch formats.

2026-05-22·~9 min

Why a Korean character takes 3 bytes, what a Unicode codepoint is, how UTF-8's variable-length scheme stays ASCII-compatible, the BOM, surrogate pairs, and the bugs that come from byte-vs-character confusion.

2026-05-22·~9 min

Inside the JSON parser — lexer states, why JSON forbids trailing commas, why large integers lose precision (IEEE 754), how streaming JSON works, and the parser quirks that surprise senior engineers.

2026-05-22·~9 min

What's inside a JPEG, why PNG is lossless, how WebP and AVIF squeeze further without visible loss. Discrete cosine transform, Huffman coding, palette indexing, and the trade-offs each format makes.

2026-05-22·~9 min

Inside the SQL pipeline — lexer, parser, AST, query planner, executor. Why concatenated SQL is dangerous, how prepared statements actually neutralize injection, and the parser quirks that distinguish PostgreSQL, MySQL, SQLite.

2026-05-22·~9 min

A short history of the most-lied-to HTTP header — why Chrome pretends to be Netscape, why Safari pretends to be Chrome, and where User-Agent is heading next (Client Hints / Sec-CH-UA / privacy budgets).

2026-05-22·~8 min

Five config formats compared head-to-head — YAML's seven booleans, TOML's typed datetimes, JSON's lack of comments, XML's namespace power, INI's anything-goes. Pick the right format for the job.

2026-05-22·~9 min

Why developers see hex everywhere, how two's complement makes addition and subtraction the same circuit, why 0.1 + 0.2 ≠ 0.3, and the bit patterns hiding inside every integer and float.

2026-05-22·~8 min

The HTML5 parser is famously forgiving — it recovers from missing tags, lets <br/> and <br> coexist, and never throws on malformed input. Here's the state machine behind that magic, why void elements exist, and how XML strictness compares.

2026-05-22·~8 min

Why 1970, why Unix time isn't actually monotonic, the Y2038 problem on 32-bit systems, the leap-second mess, monotonic vs wall clocks, and why "now()" can go backwards.

2026-05-22·~8 min

CSV looks like the simplest format alive — commas and rows. In practice, quotes inside fields, embedded newlines, BOM bytes, Excel's encoding choices, and dialect drift turn it into the most-broken format in production.

2026-05-22·~8 min

Open the wire — request line, headers, body, and the conversation patterns that hide behind GET and POST. Content negotiation, conditional requests, cookies, preflight, and the underrated headers everyone forgets.

2026-05-22·~9 min

Why an IP address is just a 32-bit number, what /24 means, the private ranges every backend touches, NAT, and why IPv6 came along — explained as bit patterns, not networking jargon.

2026-05-22·~8 min

From source bytes to V8 hidden classes — lexer, parser, AST, hoisting, the event loop, ASI gotchas, and the optimizations that make JavaScript fast despite being a dynamic language.

2026-05-22·~9 min

What happens between ClientHello and the first encrypted byte — certificates, cipher suites, key exchange, SNI, and why TLS 1.3 dropped the handshake from two round trips to one.

2026-05-23·~9 min

Walk through a DNS query — root server, TLD, authoritative resolver, recursive resolver, TTL caching, the A/AAAA/CNAME/MX record zoo, and why DNS-over-HTTPS exists.

2026-05-23·~9 min

How operating systems and browsers identify file types from their first few bytes — PNG, JPG, PDF, ZIP signatures, the gotchas of trusting filename extensions, and why content-sniffing is both useful and dangerous.

2026-05-23·~8 min

What makes a good URL slug — search-friendly characters, the Romanization vs Punycode question for Korean, hyphen vs underscore, slug stability, and the 301 redirect rules every site eventually needs.

2026-05-23·~7 min

Inside .git — four object types (blob, tree, commit, tag), how refs point at commits, why every commit gets a SHA-1, pack files, garbage collection, and what merge vs rebase actually moves around.

2026-05-23·~9 min

Regex engines that backtrack can take exponential time on innocent-looking patterns like (a+)+. Learn the NFA/backtracking model, the ReDoS attack vector, and the linear-time engines (RE2) that prevent it.

2026-05-23·~8 min

Bidirectional WebSocket vs one-way Server-Sent Events — handshake details, frame formats, reconnection, heartbeats, and which one to pick for chat, notifications, or live dashboards.

2026-05-23·~8 min

Why one rule wins over another — selector matching, the (a-b-c) specificity calculation, the cascade order, :where() with zero specificity, !important escape hatches, and how @layer brings order back.

2026-05-23·~8 min

Containers aren't lightweight VMs — they're Linux processes with namespaces and cgroups around them. Walk through namespaces, cgroups, the overlay filesystem, image layers, and what Docker the daemon actually does.

2026-05-23·~9 min

What bundlers do beyond "glue files together" — module resolution, dependency graphs, tree shaking, code splitting, source maps, HMR, and why Vite is 100× faster than Webpack in dev.

2026-05-23·~9 min

What GraphQL does that REST doesn't — schema-first design, resolver trees, the N+1 problem and how DataLoader solves it, mutations, subscriptions, federation, and when GraphQL is overkill.

2026-05-23·~9 min

Session cookies vs JWT vs OAuth flows vs passkey — what each model actually stores, where the trust lives, why refresh tokens exist, and how passkeys replace passwords entirely with WebAuthn.

2026-05-23·~9 min

B-tree, hash indexes, covering indexes, why LIKE '%foo' can't use the index, why composite-index column order matters, and how EXPLAIN reveals when the planner is actually using your index.

2026-05-23·~9 min

ACID, isolation levels, dirty/phantom reads, write skew, MVCC vs locking, SERIALIZABLE, deadlocks, and the retry-on-serialization-failure pattern explained.

2026-06-02·~9 min

Pages, the buffer pool, WAL and fsync, B-tree vs LSM-tree engines, compaction, and the write/read/space amplification trade-offs that decide which engine fits.

2026-06-02·~10 min

Why opening a DB connection is expensive, what a pool is, pool exhaustion, sizing math, PgBouncer session vs transaction mode, and serverless connection storms.

2026-06-02·~8 min

How a SQL planner turns a query into an execution plan: cost model, statistics, cardinality estimation, scan and join choices, and reading EXPLAIN ANALYZE.

2026-06-02·~10 min

LCP, CLS, and INP explained — what each Core Web Vitals metric measures, field vs lab data, what hurts each, and how to measure and fix them.

2026-06-02·~9 min

Debounce vs throttle for taming high-frequency events like scroll, resize, and input — leading vs trailing edge, real JS code, React pitfalls, and INP gains.

2026-06-02·~8 min

Why web fonts load late, FOIT vs FOUT vs FOFT, every font-display value, the CLS swap problem, size-adjust fallback metrics, preload, WOFF2, variable fonts.

2026-06-02·~9 min

Resource hints explained: preload, preconnect, dns-prefetch, prefetch, modulepreload, fetchpriority, 103 Early Hints, and Speculation Rules — when to use each.

2026-06-02·~8 min

From HTML bytes to pixels — parsing, DOM/CSSOM, render tree, layout, paint, composite. Why reflow is expensive, what triggers GPU layers, and how to stay inside the 16.67ms frame budget.

2026-05-23·~8 min

Pub-sub, partitions, log vs queue, at-least-once vs exactly-once, consumer groups, and which message system fits which job — Kafka, RabbitMQ, or SQS.

2026-05-23·~8 min

Structural typing, narrowing, discriminated unions, generics, conditional / mapped types — what TypeScript actually checks at compile time, why runtime values can still surprise you, and the patterns that make the type system pull its weight.

2026-05-23·~9 min

Stack vs heap, malloc/free under the hood, why fragmentation matters, RAII vs GC, and the actual machinery behind 'new Object()' in any language — explained with the cost model your code is actually paying.

2026-05-24·~9 min

Mark-and-sweep, reference counting, generational hypothesis, why 99% of objects die young, the stop-the-world pause, G1 vs ZGC vs Shenandoah, and why GC tuning is really just allocation pattern tuning.

2026-05-24·~9 min

Sockets, TCP vs UDP, the C10K problem and why epoll/kqueue/IOCP were invented, blocking vs non-blocking vs async, the file-descriptor abstraction, and why Node.js is single-threaded yet can serve 10,000 connections.

2026-05-24·~10 min

Mutex, semaphore, condvar, atomic CAS, lock-free vs wait-free, why volatile isn't a lock, memory ordering and the happens-before relation, and the actor model as a different way out — explained at the level of what the CPU actually does.

2026-05-24·~11 min

Inodes, blocks, VFS, the open() file descriptor lifecycle, journaling vs copy-on-write, ext4 vs btrfs vs ZFS, why 'rm' is fast but secure delete is slow, and what 'fsync' actually does — the layer between your code and the disk.

2026-05-24·~10 min

L1 vs L2 vs L3, cache lines (64 bytes), why row-major iteration is 10× faster than column-major, false sharing in multi-threaded code, the prefetcher, NUMA, and why the same algorithm has wildly different real performance.

2026-05-24·~9 min

Lexing, parsing, AST, IR (LLVM, Go SSA), optimization passes that actually run, codegen and register allocation, why -O2 makes your code 3× faster but harder to debug, and how Rust, Go, and Swift compilers differ.

2026-05-24·~10 min

Static vs dynamic linking, ELF symbol tables, what 'undefined reference to foo' really means, GOT/PLT and how libc.so resolves at runtime, ld.so the program that runs before your main(), and why DLL hell happens.

2026-05-24·~10 min

User mode vs kernel mode, the syscall instruction (x86 syscall, ARM svc), what strace shows, why syscalls cost 100 ns minimum, vDSO (clock_gettime without a syscall), and io_uring as the future of syscall amortization.

2026-05-24·~9 min

Paxos vs Raft, leader election, quorum (N/2+1), split-brain, the FLP impossibility result, why Raft beat Paxos in practice, and how etcd / Consul / ZooKeeper actually decide what's true.

2026-05-24·~10 min

Sync vs async, leader-follower vs multi-leader vs leaderless, replication lag, read-your-writes consistency, the surprising failure modes when you scale reads, and why eventual consistency is rarely what you actually want.

2026-05-24·~10 min

Hash-based vs range-based partitioning, consistent hashing (why 1995's invention is still ubiquitous), hot shards, rebalancing without downtime, why cross-shard joins are the dragon, and how DynamoDB / Cassandra / Vitess actually split data.

2026-05-24·~10 min

What Brewer actually proved (and what marketing pretends he proved), partition tolerance is non-negotiable, the CP vs AP false dichotomy, PACELC as the more honest framework, and which trade-off each real database (DynamoDB / Cassandra / Spanner / etcd) actually picks.

2026-05-24·~9 min

Event log as source of truth, projections, snapshots, CQRS, replay for time-travel debugging, why outbox is necessary, the schema-evolution dragon, and when event sourcing is the right answer (and when it's accidental complexity).

2026-05-24·~10 min

The three pillars (logs, metrics, traces), what each is good at, cardinality as the cost ceiling, why you can't just 'log everything', and how observability differs from monitoring.

2026-05-25·~9 min

Spans, parent-child, trace context propagation (W3C Trace Context), OpenTelemetry, head vs tail sampling, why 1% sampling can still miss your slowest request, and Jaeger / Tempo / Honeycomb / Lightstep trade-offs.

2026-05-25·~10 min

Counter / gauge / histogram / summary — what each measures, why histograms beat averages, Prometheus pull vs StatsD push, exemplars, cardinality explosions, and the difference between p50 / p99 / max.

2026-05-25·~9 min

Why JSON logs beat printf, levels (DEBUG / INFO / WARN / ERROR / FATAL), correlation IDs that connect a request across services, log aggregation (Loki / Elasticsearch / CloudWatch), and sampling without losing the bugs.

2026-05-25·~9 min

What an SLI actually measures, how to write SLOs that mean something, error budgets as a feature-velocity contract, multi-window multi-burn-rate alerts that don't page you at 3 AM for noise, and why availability % is harder than it looks.

2026-05-25·~10 min

Reflected vs stored vs DOM-based XSS, why innerHTML is the dragon, why escaping the wrong context fails (HTML attribute vs URL vs JS), DOMPurify, Trusted Types, and the actual CSP rules that block the most attacks.

2026-05-25·~10 min

Classic UNION-based vs blind vs time-based injection, why string concatenation always loses, how prepared statements actually work at the wire level, why ORMs don't fully save you, and second-order injection through stored data.

2026-05-25·~9 min

Why .env in git is the #1 leak source, Vault / KMS / cloud Secrets Manager, envelope encryption, rotation without downtime, short-lived dynamic credentials, and secret scanning (gitleaks, truffleHog) — the patterns that actually scale.

2026-05-25·~9 min

npm typosquatting, dependency confusion, SolarWinds and Log4Shell as the modern playbook, the xz-utils backdoor, lockfile vs unpinned versions, SBOM (Software Bill of Materials), and the actual defenses (sigstore, npm provenance, dependabot).

2026-05-25·~10 min

Symmetric (AES) vs asymmetric (RSA / ECC), why you never see RSA encrypting a file (hybrid encryption), block cipher modes (ECB pitfall vs GCM), key derivation (PBKDF2 / Argon2), at-rest vs in-transit, and the never-roll-your-own-crypto rule.

2026-05-25·~10 min

Unit / integration / E2E — why 70/20/10 isn't a law but a starting point, the ice cream cone anti-pattern, the testing trophy as a modern alternative, and how to pick the right shape for your codebase.

2026-05-25·~9 min

Stub vs mock vs spy vs fake (Gerard Meszaros's four), why over-mocking gives you 100% coverage of nothing real, when to fake the network vs the DB, and how test doubles become coupling to internal implementation.

2026-05-25·~9 min

Example-based vs property-based, generators + shrinkers (why the failing input becomes [] not [42, 17, 88]), QuickCheck / Hypothesis / fast-check, and the kinds of bugs only property tests find.

2026-05-25·~9 min

Why microservice integration tests don't scale, consumer-driven contracts (Pact), provider verification, contract as a Git-versioned spec, and how it replaces the 'spin up 20 services for one test' nightmare.

2026-05-25·~9 min

The 5 root causes (race conditions, order dependency, time, network, shared state), why retrying a flaky test is the wrong fix, the cost to CI signal-to-noise ratio, and the systematic ways to find and kill them.

2026-05-25·~9 min

The two hard problems (invalidation + naming), cache hierarchy (CPU → browser → CDN → Redis → DB), cache-aside vs write-through vs write-behind, stampede / thundering herd, and why TTL alone won't save you.

2026-05-25·~9 min

Edge POPs and BGP anycast, the actual flow on a cache miss, Cache-Control headers that matter (s-maxage / stale-while-revalidate), origin shield, purge by tag vs URL, and why your CDN is also your DDoS defense.

2026-05-25·~9 min

Code splitting (route-based + dynamic import), the IntersectionObserver API for images, prefetch vs preload vs lazy, why over-splitting hurts (TCP round-trips), and the patterns React Suspense / Next dynamic actually use.

2026-05-25·~9 min

The lazy-loading trap that produces 101 SQL queries from one user list, eager loading (JOIN, IN), DataLoader (Facebook's batching pattern), the GraphQL N+1 explosion, and why ORMs make this hidden by default.

2026-05-25·~9 min

Call stack + task queue + microtask queue, why setTimeout(fn, 0) isn't actually 0, microtask starvation, libuv's thread pool in Node, the difference between browser and Node event loops, and how 'async' is just a sugar for the queue.

2026-05-25·~9 min

Server vs client component boundary, the 'use client' directive, RSC payload (not HTML, not JSON), streaming render, why props serialize but functions don't, and the bundle reduction RSC actually delivers.

2026-05-26·~10 min

Local vs global state, why Context API isn't a Redux replacement (re-render performance), Zustand vs Jotai vs Redux differences, server state vs client state (TanStack Query / SWR), and when 'no library' is the right answer.

2026-05-26·~9 min

React attaching event handlers onto SSR HTML, the hydration mismatch error and what really triggers it, progressive / selective / partial hydration, island architecture (Astro / Qwik resumability), and why hydration is the cost of SSR's win.

2026-05-26·~9 min

Where the HTML is built (server / build / client), TTFB vs LCP vs interactivity trade-offs, the bundle size each model ships, when to pick what, and why 'Next.js App Router' is hybrid not pure RSC.

2026-05-26·~10 min

VDOM as a snapshot, reconciliation diff (O(n) not O(n³)), React Fiber's interruptible scheduler, why the key prop matters, Vue's tracked-dep patch, and Svelte / Solid's no-VDOM signal approach.

2026-05-26·~9 min

Extract-Transform-Load (the legacy) vs Extract-Load-Transform (the modern default), why cloud warehouses (BigQuery / Snowflake / Redshift) flipped the order, the cost shift from compute to storage, schema-on-write vs schema-on-read, and when ETL still wins.

2026-05-27·~9 min

Batch vs streaming, Kafka / Kinesis / Pub-Sub, windowing (tumbling / sliding / session), watermarks for late events, exactly-once semantics — why it's hard, and the stream-table duality at the heart of Flink / Kafka Streams.

2026-05-27·~10 min

Log-based (MySQL binlog, Postgres WAL) vs trigger-based vs polling, Debezium as the de-facto open-source CDC, why CDC beats dual writes (consistency), the outbox pattern relationship, and downstream patterns (search index sync, cache invalidate, analytics).

2026-05-27·~9 min

Data warehouse vs data lake vs lakehouse, S3 / GCS + Parquet columnar format, open table formats (Iceberg / Delta / Hudi) that bring ACID to a lake, schema-on-read flexibility and its swamp risk, and how Trino / Spark / DuckDB query it.

2026-05-27·~10 min

Kimball star schema, fact vs dimension tables, grain (the most important decision), slowly changing dimensions (SCD types 1-6), snowflake vs star, and why dbt + ELT made dimensional modeling popular again in 2020+.

2026-05-27·~9 min

Data ingestion → feature engineering → train → evaluate → register → deploy, why notebooks don't scale to production, MLflow / Kubeflow / SageMaker / Vertex AI, reproducibility (seeds, deterministic ops), the experiment-tracking problem.

2026-05-27·~10 min

Online (low-latency) vs offline (batch) feature serving, point-in-time correctness (the time-travel problem at training time), Feast / Tecton / Databricks Feature Store, training-serving skew, and why feature stores are infrastructure, not a library.

2026-05-27·~9 min

TF Serving / TorchServe / Triton / vLLM, dynamic batching for throughput, GPU vs CPU trade-offs, quantization (FP16 / INT8) and what it costs in accuracy, blue-green / canary / shadow deploys, and why LLM serving is its own beast.

2026-05-27·~10 min

Randomization (the magic), why 'peeking' invalidates p-values, sample size planning, sequential testing for early stopping, multi-armed bandits as the explore/exploit alternative, and the network effect / cross-experiment contamination traps.

2026-05-27·~10 min

Embeddings + vector DB (Pinecone / Weaviate / pgvector), chunking strategies and why naive splits fail, hybrid search (BM25 + vector), re-ranking, evaluation (the eval problem), and why RAG beats fine-tuning for most knowledge tasks.

2026-05-27·~11 min

L4 vs L7 load balancing, the real differences between round-robin / least-connections / IP hash / weighted, health checks, sticky sessions (session affinity), and how the load balancer itself stays highly available with active-passive and anycast.

2026-05-28·~10 min

Why you need them (the race condition), Redis Redlock, ZooKeeper / etcd locks via leases and ephemeral nodes, fencing tokens, and the traps that break every naive implementation: clock skew, GC pauses, and network partitions.

2026-05-28·~10 min

Offset/limit vs cursor (keyset) pagination, why deep offsets get catastrophically slow, the consistency problems of shifting and duplicate rows, and how to design a clean API with opaque cursors.

2026-05-28·~10 min

Active-passive vs active-active, synchronous vs asynchronous replication and write conflicts, geographic latency, failover with DNS and health checks, split-brain, and data residency — the real trade-offs of running across regions.

2026-05-28·~10 min

Flag types (release, ops/kill-switch, experiment, permission), gradual rollout (percentage and rings), how flags wire into A/B tests, flag debt and cleanup, and server- vs client-side evaluation with its consistency traps.

2026-05-28·~10 min

Roy Fielding's actual REST — resources, representations, statelessness, the uniform interface, Richardson Maturity levels 0-3, HATEOAS, and why most APIs called 'REST' are really just JSON over HTTP.

2026-05-31·~9 min

gRPC under the hood — HTTP/2 multiplexing, protobuf wire format, the four RPC modes (unary, server / client / bidirectional streaming), code generation, why it beats REST for internal services, and why browsers still need gRPC-Web.

2026-05-31·~9 min

The text/event-stream protocol, the EventSource API, automatic reconnection with Last-Event-ID, when SSE beats WebSocket, and the real-world limits (one-way only, browser connection caps, proxy buffering).

2026-05-31·~9 min

Where to put the version (URL / header / Accept media type / query), SemVer and compatibility policy, deprecation procedure with the Sunset header, how to avoid breaking changes, and how Stripe / GitHub / AWS actually run versioning in production.

2026-05-31·~10 min