Tiny explainers grouped by topic. Spend less time Googling, more time building.
A battle‑tested checklist and patterns: allowlists, size limits, magic‑byte checks, streaming to object storage, virus scanning, image/PDF sanitization, signed URLs, and safe download headers.
Practical, modern defaults for CSP, HSTS, Referrer-Policy, Permissions-Policy, COOP/COEP/CORP, X-Content-Type-Options, X-Frame-Options vs frame-ancestors, cookies, and cache controls—with NGINX/Apache/Express snippets.
Freshness, validators, and directives: Cache-Control, ETag/Last-Modified, Vary, s-maxage, stale-while-revalidate, immutable. Patterns for APIs, HTML, and assets—plus CDN tips.
A practical mental model of tasks vs microtasks, when the browser renders, and patterns to keep 60fps: rAF, chunking, debouncing, and avoiding microtask traps.
Low‑effort, high‑impact a11y fixes: alt text, semantic HTML & landmarks, color contrast (and non‑color cues), keyboard navigation & focus, and form labels/errors—with copy‑paste examples.
DNS changes feel slow because of caching everywhere: resolvers, browsers, OSes, CDNs, and parent zones. Here’s the mental model, typical timelines, and how to plan zero‑drama cutovers.
A concise, modern walkthrough of the path from address bar to pixels: DNS lookup, HTTP/3 & TLS 1.3 handshakes, CDNs & caching, request/response, and the rendering pipeline.
Event‑driven Nginx vs process/thread‑based Apache: performance, memory, config models, .htaccess, reverse proxying, PHP, HTTP/2/3, and how to switch without breaking prod.
A simple guide to character encoding: what ASCII is, how UTF‑8 works, why bytes ≠ characters, and the real-world gotchas (mojibake, emojis, normalization, MySQL utf8mb4).
Demystify the TLS handshake—ClientHello, ServerHello, certificates, ECDHE key exchange, session keys—and why HTTPS protects confidentiality, integrity, and authenticity.
A fast primer on Cross-Origin Resource Sharing—what “origin” means, how simple vs. preflighted requests work, when to send credentials, and the exact headers that fix the dreaded CORS error.
Stateless tokens are convenient, but server sessions are still the default for many apps.
QUIC (HTTP/3) reduces head-of-line blocking; most CDNs support it — flip it on.