Why Base64 grows by 4/3, and how URL-safe Base64 differs
How Base64 works, the 3-byte to 4-character mapping, why output is roughly 33% larger, and the URL-safe variant that swaps `+/` for `-_`.
Blog
Notes from implementing the tools — specs we researched, pitfalls we hit, and reference material we leaned on.
37 / 37
How BMI is calculated, and why WHO and Japan use different thresholds
The BMI formula, why height is squared, the difference between WHO international thresholds and the stricter Japanese standard, and why Japan's cutoff is lower.
4 min read
snake_case, camelCase, PascalCase, kebab-case: picking the right convention
The main programming naming conventions, what each language community uses, and how to choose for APIs, file names, and URLs.
3 min read
Reading chmod numbers: what 755 and 644 actually mean
How chmod's three-digit numbers map to read/write/execute for owner/group/other, plus setuid/setgid/sticky bit explained.
4 min read
Reading CIDR notation: what /24 and /16 actually mean
Why CIDR is "address + prefix length", how it relates to subnet masks, how to count usable hosts, and rough sizes for the prefixes you see most.
4 min read
Color spaces: hex, RGB, HSL, OKLCH and when each fits
Web color formats (hex, RGB, HSL, OKLCH), how they convert, and why a perceptually uniform space matters for modern design.
Reading cron expressions without getting tripped up
The five-field structure of cron, what `*` `,` `-` `/` mean, the OR-combination trap of day-of-month and day-of-week, and the typos that cost you.
5 min read
CSV quoting rules and the spreadsheet compatibility you need to think about
The RFC 4180 quoting rules for CSV, how to encode commas, newlines, and double quotes, and the BOM/line-ending pitfalls for Excel and Google Sheets.
Euclid's algorithm: computing GCD in O(log n)
How GCD and LCM relate, why Euclid's method works, its O(log n) complexity, and clean implementations.
3 min read
How to choose between MD5, SHA-1, and SHA-256 in practice
Differences between MD5, SHA-1, and SHA-256, the state of collision attacks, and which to use for checksums vs signatures vs password storage.
4 min read
HMAC vs hash: why message authentication needs a key
How HMAC differs from a plain hash, why adding a key turns hashing into authentication, and where HMAC fits in real protocols.
3 min read
HTML entity escaping: why each context needs its own rules
HTML body, attribute values, JavaScript strings, and URLs each demand different escapes. The five core entities, double-escaping pitfalls, and the safe approach.
Picking HTTP status codes without flinching
What 2xx / 3xx / 4xx / 5xx really mean, the tricky pairs (401 vs 403, 404 vs 410, 422 vs 400), and how to decide in API design.
IPv4 vs IPv6: notation, special ranges, and the state of migration
How IPv4 and IPv6 differ in address notation, CIDR conventions, special-use ranges, and what dual-stack operation looks like in practice today.
5 min read
JSON key ordering and where deterministic serialization matters
Why JSON object keys are spec-unordered, what real-world implementations actually do, and the cases (signing, caching, diffs) where you need a stable order.
4 min read
JSON Schema basics: a standard for validating data shape
Core JSON Schema keywords, type / properties / required / pattern, $ref reuse, and where it fits in API design and config files.
3 min read
Reading a JWT: header, payload, and signature explained
Why a JWT is "three Base64URL strings joined by dots", what each section contains, and how signature verification works in practice.
4 min read
Lorem Ipsum: where it comes from and why it stuck
The origin of Lorem Ipsum in Cicero, why it has lasted 500+ years as the default placeholder text, and the modern alternatives.
3 min read
Markdown TOC and anchors: GitHub-style slug generation and the pitfalls
Why long articles need a table of contents, how Markdown anchor links (`[text](#anchor)`) are generated under GitHub Flavored Markdown, and what an auto-generator has to handle.
4 min read
Mean, median, mode: picking the right summary statistic
Definitions of mean, median, and mode, sensitivity to outliers, when each fits, and why response times need percentiles instead of averages.
4 min read
Morse code: the original variable-length encoding
How Morse code is structured, how letter length follows frequency, the origin of SOS, and where Morse still shows up.
3 min read
Inside Git diff: an introduction to the Myers algorithm
How the Myers algorithm finds the minimum edit script between two texts, the edit graph formulation, and the variants (patience, histogram) Git ships for more readable diffs.
Binary, octal, hex: why each base shows up in programming
How each base is written, why hex maps cleanly to bytes, where octal still hides, and the conversion shortcuts that make this painless.
3 min read
Password entropy, length, and character classes: speaking strength in numbers
Why password strength is determined by length and character set, the entropy formula in bits, brute-force resistance estimates, and practical targets for real-world use.
Punycode and internationalized domain names: what happens behind a Unicode URL
How a domain like 日本.jp gets translated to ASCII via Punycode, the homograph attack risk it created, and how browsers decide whether to show Unicode or Punycode.
3 min read
How QR codes work: error correction and choosing a version
The structure of a QR code, the four error-correction levels, encoding modes, version (size) selection, and minimum quality for print.
PRNG vs CSPRNG: when each is the right random
How pseudo-random and cryptographically secure random differ, why Math.random() is unsafe for security, and the bias trap of `% N`.
3 min read
Regex greedy vs lazy: avoiding the classic traps
The difference between `.*` and `.*?`, how greedy and lazy quantifiers behave, and the pitfalls you keep running into when matching HTML tags or string literals.
4 min read
Roman numerals: subtractive notation and where they still appear
The seven core symbols, additive vs subtractive notation, the 3999 ceiling, and the conversion algorithms.
3 min read
KB vs KiB: SI prefixes, binary prefixes, and why the confusion persists
How "1 KB = 1000 bytes" and "1 KB = 1024 bytes" came to coexist, IEC's KiB / MiB / GiB convention, and why storage and memory use different prefixes.
Text and bytes: ASCII, UTF-8, and the gap between characters and bytes
How characters become bytes, the 7-bit ASCII table, UTF-8's variable-length encoding, and why detecting an encoding from raw bytes is hard.
Timezones, DST, and the IANA tz database: not getting trapped by time
Why "timezone" is more than a UTC offset, what the IANA tz database does, the singular cases at DST transitions, and how to handle time correctly in API design.
4 min read
Unicode and emoji: why one emoji is often several code points
How emoji are represented in Unicode, surrogate pairs, ZWJ sequences, skin tone modifiers, and why JavaScript string length disagrees with what you see.
Unix timestamps and why the Year 2038 problem still matters
How Unix time is defined, why the epoch is January 1, 1970, the 32-bit overflow that creates the Y2038 problem, and where it still hides.
4 min read
Two flavors of URL encoding: form-urlencoded vs RFC 3986
There are actually two URL encoding specs in play — form submission and the URI spec. They differ on spaces and reserved characters, and using the wrong one breaks subtly.
UUID v4 vs v7: when to use which
How v1, v4, and v7 differ structurally, and how to choose between v4 and v7 for database index efficiency, unguessability, and sortability.
4 min read
WCAG contrast ratio 4.5:1: where the number comes from and what implementations miss
The origin of the 4.5:1 contrast ratio in WCAG, the relative-luminance formula behind it, AA vs AAA levels, and the thresholds for different text sizes.
4 min read