What file conversion actually does (and what you lose).

Conversion is decode-plus-re-encode, not translation — and four things get lost on the way: quality generations stack, format gaps truncate silently, metadata is a coin flip, and rasterization never reverses.

Read the guide

Anatomy of a URL: what every part of a link does.

Seven machines in one trench coat: the protocol choice, the mostly-scam identity slot, the address, the door number, the routing key, the parameter channel — and the fragment, which never reaches the server at all.

Read the guide

Why your JSON won't parse: a field guide.

The eight ways hand-written JSON breaks — trailing commas, wrong quotes, sneaky comments, invisible bytes — how to read the parser's error message, and the two failures that aren't errors at all.

Read the guide

Why your PDF is so much bigger than it needs to be.

Scanned pages are photographs in a trench coat, fonts sometimes ship every glyph they own, and edits leave sediment. Where PDF weight actually lives, and what compression can safely remove.

Read the guide

Sort and dedupe: why "10" comes before "9".

Sorting compares character codes, not meaning — so "10" beats "9", uppercase exiles lowercase, and identical-looking lines refuse to dedupe over a character you can't see. The traps, decoded.

Read the guide

What word count actually measures.

Three counters, three numbers — whitespace rules, reading-time WPM, CJK segmentation, and why you shouldn't paste drafts into server-side counters.

Read the guide

Shadow IT at the browser: free tools and sensitive data.

Employees paste JWTs and customer files into random converter sites. What shadow IT looks like now, what actually leaves the machine, and why self-hosted client-side tools are the boring fix.

Read the essay

ASCII explained: the 128 characters that run the web.

The 1963 teleprinter code that still underpins every URL and source file. Why the table's layout is a set of deliberate tricks — digits that carry their value, case as a single bit — and how UTF-8 made ASCII immortal.

Read the guide

Aspect ratios: the math behind 16:9 and friends.

Width against height, reduced by the gcd — that's the whole trick. The ratios you'll actually meet, the one formula for resizing without warping, crop-vs-letterbox-vs-stretch, and why "21:9" monitors are really 64:27.

Read the guide

HEX, RGB, HSL: one color, three spellings.

#F4A940, rgb(244 169 64), and hsl(35 89% 60%) are the same pixels described three ways. What each notation encodes, when HSL earns its keep, and the perceptual gotcha that none of them solve.

Read the guide

How diff works: the algorithm behind every code review.

Green lines, red lines, @@ headers — something decided which lines "changed." The longest-common-subsequence problem underneath, Myers' shortest-path search, and why moved code always shows as delete-plus-add.

Read the guide

Roman numerals: the rules everyone half-remembers.

Why 49 is XLIX and not IL: seven letters, an additive core, and exactly six legal subtractive pairs. Plus the digit-by-digit trick that makes conversion foolproof, the 3999 ceiling, and why clocks say IIII.

Read the guide

Base64 explained: why encoded files are 33% bigger.

It's not compression and it's definitely not encryption — Base64 re-spells bytes into 64 text-safe characters, 6 bits per character. How the encoding works bit by bit, where the fixed +33% comes from, and when a data URI helps or hurts.

Read the guide

URL encoding: why spaces become %20 (and sometimes +).

Percent-encoding protects a URL's grammar from its data. Which characters need encoding, why a space has two spellings, the JavaScript function most people pick wrong, and the double-encoding bug that turns %20 into %2520.

Read the guide

CRC32 vs MD5 vs SHA-256: picking the right check.

They all produce a short fingerprint, but they defend against different threats. CRC32 catches accidental corruption, SHA-256 resists deliberate forgery, and MD5 sits awkwardly in between. What each guarantees and which to use when.

Read the guide

Open Graph tags: how link previews actually work.

The card that appears when you paste a link is built from meta tags by a JavaScript-blind, cache-happy crawler. The eight lines that cover every platform, the image size that works everywhere, and why your fix isn't showing up.

Read the guide

KB vs KiB: why your 1TB drive shows 931 gigabytes.

Nobody stole your disk space — "kilobyte" has meant both 1000 and 1024 bytes for half a century, and the gap compounds to 10% at terabyte scale. Where both meanings came from, the exact math, and when to write KiB.

Read the guide

Magic numbers: how a file knows what it is.

An extension is a sticker anyone can change; a file's real type lives in its first few bytes. How signatures like %PDF and PK work, why containers share them, and where byte-sniffing stops being reliable.

Read the guide

Hex, binary, and why programmers count differently.

Every base is one idea — digits times powers. Why programmers reach for 16 and 2, how one hex digit maps to four bits, and the floating-point trap that silently corrupts large hexadecimal values.

Read the guide

Reading chmod: what 755 actually means.

It's not an incantation — it's three little sums of read (4), write (2), and execute (1). How to read any mode at a glance, what rwx means on a directory, and the setuid/setgid/sticky bits.

Read the guide

What WCAG contrast ratios actually mean.

It's not the difference between two colors — it's a ratio of relative luminance, weighted toward green, from 1:1 to 21:1. What the formula computes, why a passing pair can still look wrong, and what AA and AAA really require.

Read the guide

How strong is your password, really?

Password strength is entropy, measured in bits — not how many symbols you sprinkle in. What entropy means, why length beats complexity, what the bits mean in real cracking time, and how many you actually need.

Read the guide

Lorem ipsum: where it comes from.

It's garbled Cicero, and its meaninglessness is the point. Where the text actually comes from, why fake copy helps you judge a layout, and the moment you should rip it out for real words.

Read the guide

UUIDv4 vs UUIDv7: why ordered IDs matter.

Random v4 keys fragment your database index and slow inserts at scale. v7 prefixes a timestamp so IDs sort by creation time. The bit layout byte by byte, the trade-offs, and when each version wins.

Read the guide

Why your regex can hang the server.

Catastrophic backtracking, in 1500 words: how a 12-character regex can DoS a service, the three patterns to recognize, and the four ways to actually defend.

Read the guide

What CSS color-scheme actually controls.

The one-line meta tag that fixes white scrollbars on dark pages. What it changes, what it doesn't, and how it differs from prefers-color-scheme.

Read the guide

Why your SVGs are 3× larger than they need to be.

Most SVGs from Figma, Illustrator, or Inkscape carry 50-80% bloat. Where the bloat comes from, which parts are safe to strip, and which parts will quietly break things.

Read the guide

What "client-side" actually means.

Five different meanings of "client-side," three ways it still leaks your data, and how to verify any tool's claim for yourself in 90 seconds with DevTools.

Read the essay

JSON vs YAML vs TOML: when to use what.

Three formats for roughly the same job, three completely different philosophies. How to pick one without ending up in yet another pull request comment thread nobody wins.

Read the guide

A practical Markdown reference.

Compact walkthrough of GFM: what every construct renders to, the traps (hard breaks, tight vs loose lists, underscores-in-words, smart punctuation), and the bits different editors disagree on — footnotes, math blocks, callouts, frontmatter.

Read the reference

What's actually in a favicon.ico file, byte by byte.

A binary format from 1995, kept alive on the web by browser habit. An ICO file is a multi-resolution container — BMP and PNG blobs with a small directory at the top. The height-doubling trap, the AND mask, and the eight gotchas worth knowing.

Read the deep dive

HTTP status codes: the fifteen that actually matter.

Sixty-plus status codes exist. Fifteen are worth memorizing for REST API design. The ranking, the mistakes I see most often in real-world APIs (401 vs 403, 400-for-everything, missing Retry-After), and what to do about the other forty-eight.

Read the guide

Color palettes from photographs: three algorithms, three trade-offs.

Sampling, k-means, median cut. The same photo gives three different palettes — all correct. Which one to pick depends entirely on what question you're trying to answer.

Read the guide

Cron expressions: a practical guide for the patterns you'll actually use.

Five fields plus a small vocabulary. The patterns that cover 90% of real-world cron, the four mistakes that quietly cause outages, and where cron isn't the right tool.

Read the guide

The LLM JSON problem: why your model's output won't parse.

You asked GPT or Claude or Gemini to return JSON. It returned something that looks like JSON. Your JSON.parse() threw. The four categories of fix that almost always work, in the right order.

Read the guide

JWT decoded: what's actually inside your auth token.

Three Base64 chunks separated by dots. Most developers can identify a JWT on sight; fewer can name what's in each part. A walk through every claim, why the signature matters, and the four mistakes worth knowing about.

Read the guide

ISO 8601 vs Unix epoch vs human-readable: when to use which.

Three ways to represent a date, three contexts where each one wins — and the five time-handling mistakes I see in production code often enough that I stopped being surprised.

Read the guide

A practical regex cheatsheet for forgetful minds.

The tokens, character classes, and patterns you actually reach for — in the order you reach for them, with notes on the ones that trip people up.

Read the cheatsheet

Every favicon size, explained.

Why modern sites need six favicon sizes plus a multi-res .ico and an SVG. What each file does, where to put it, and the HTML snippet that ties them together.

Read the guide

QR codes aren't dead — here's what they're good for.

After years of mockery, QR codes quietly became useful again. Here are the six cases they actually solve — and the ones where they're still a cop-out.

Read the essay

Why most "free" online tools aren't actually free.

The five hidden costs of "free" tools — data harvesting, attention arbitrage, upsell funnels, watermarks, account lock-in — and how to spot each before you upload anything sensitive.

Read the essay

The complete guide to image compression in 2026.

A practical, no-nonsense reference for web developers, designers, and bloggers. JPG vs PNG vs WebP vs AVIF, quality settings explained, batch workflows, and the 15-minute checklist that cuts your image weight by 60–80%.

Read the guide

The iPhone HEIC problem — and how to fix it forever.

If you've ever sent an iPhone photo to a Windows user and gotten "I can't open this," you've met HEIC. Here's what it is, why it exists, and three ways to stop caring about it.

Read the guide