Dev Blog
Articles, guides and deep dives for developers. Written by developers, for developers.
Catastrophic Backtracking: How One Regex Can Take Your Site Down
What ReDoS actually is, why backtracking regex engines explode exponentially, how to spot vulnerable patterns before an attacker does, and the fixes that work - from pattern rewrites to linear-time engines like RE2.
Cron Job Not Running? A Field-Tested Debugging Checklist
A step-by-step checklist for diagnosing cron jobs that never fire, fail silently, or run at the wrong time. Covers logs, environment differences, the % gotcha, missing newlines, DST skips, and how to make the next failure impossible to miss.
GEO in 2026: Getting Cited by AI Answer Engines
Generative Engine Optimisation explained for developers: how to get cited by ChatGPT, Perplexity, Claude and Gemini. Covers llms.txt, AI-crawler access, content chunking, citation density, recency, and measuring share of voice across engines.
Where AI Actually Went in 2026: Agents, Context, and the Quiet Wins
Past the hype cycle: the AI trends that survived contact with production in 2026. Agents that actually ship, context engineering, MCP as a standard, multi-agent orchestration and guardian agents - with an opinionated take on what's real and what's still a demo.
What Actually Happens Inside a Password Generator
A developer's look under the hood of a secure random password generator: CSPRNG vs PRNG, building the character set, modulo bias and rejection sampling, and the surprisingly tricky problem of guaranteeing one of each character class without leaking entropy. With code in PHP, Python, and JavaScript.
AI Is Eating Search. These SEO Fundamentals Still Win.
AI answer engines are reshaping how content gets discovered, but the SEO basics - titles, descriptions, canonicals, robots, sitemaps, structured data - matter more than ever, not less. A grounded look at what changed, what didn't, and the fundamentals most developers still neglect.
The AI Releases That Actually Mattered This June
An opinionated developer's roundup of the June 2026 AI model releases - GPT-5.5, Gemini 3.5, Claude Sonnet 4.8 and the Mythos-class tier, JetBrains Mellum2, and NVIDIA Nemotron 3.5 - with a take on which ones change how you build and which are noise.
Password Generator or Passphrase? How I Choose in 2026
A practical decision guide for developers: when to use a random password generator versus a diceware passphrase, how passkeys change the picture in 2026, and a use-case matrix for every secret you handle - from master passwords to API keys.
Diceware Passphrases: Why I Stopped Memorising Random Strings
A practical guide to diceware passphrases for developers. Covers the EFF Large word list, entropy math, separator and capitalisation trade-offs, real use cases (master passwords, FDE, SSH keys), common mistakes, and code examples in PHP, Python, and JavaScript.
Rich Text to Markdown: How to Convert Google Docs, Word, and Notion Cleanly
Practical guide to converting rich text and HTML to clean Markdown. What survives, what breaks, source-specific quirks, and how to clean up the output.
HTML, CSS and JavaScript Minification: Complete Guide to Benefits, Risks and Best Practices
A developer's guide to minifying HTML, CSS, and JavaScript. Covers what minifiers actually remove, real size savings, common breakage patterns, source maps, and when minification matters vs when it is a waste of time.
RSA Key Pair Generation: Fifteen Years of `genpkey` and the Decisions Tutorials Skip
A practical guide to generating RSA key pairs with OpenSSL, Web Crypto API, and language-native libraries. Covers key sizes, PEM vs JWK formats, PKCS standards, key storage, rotation strategies, and when to choose elliptic curves instead.
JSON-LD in 2026: Which Schema.org Types Actually Matter and Which Are a Waste of Time
A practical analysis of which Schema.org types trigger Google rich results and which ones you can safely ignore. Covers the full list of Google-supported types, ROI by type, the AI search exception, and a prioritisation framework.
Structured Data for Developers: JSON-LD, Schema.org, and Rich Results in Google
A developer's guide to implementing structured data with JSON-LD and Schema.org. Covers Article, FAQ, HowTo, Product, and BreadcrumbList types, with implementation examples in PHP, Next.js, and WordPress, plus testing and CI/CD validation.
CSV vs JSON for Data Exchange: When Each Format Wins
A practical comparison of CSV and JSON for APIs, data pipelines, and file exports. Covers structure, parsing, streaming, schema enforcement, size, tooling, and clear guidelines for choosing the right format.
SEO for AI Search: How to Optimise for ChatGPT, Perplexity, and Google AI Overviews
How AI-powered search engines discover, evaluate, and cite web content. Practical strategies for optimising your pages for ChatGPT Browse, Perplexity, Google AI Overviews, and other AI answer engines.
Image to Base64 Data URIs: When to Inline and When Not To
A practical guide to embedding images as Base64 data URIs. Covers the data URI format, size overhead, performance trade-offs, browser caching, Content Security Policy, and clear rules for when inlining helps vs hurts.
Open Graph Meta Tags: What They Are, Why They Matter, and How to Set Them Up
A practical guide to Open Graph meta tags covering required properties, type-specific tags, Twitter Card fallback, image specs per platform, implementation in PHP and Next.js, cache invalidation, and common mistakes.
The Developer's Meta Tag Checklist: SEO, Social Sharing, and Beyond
A practical checklist of every meta tag that matters for SEO and social sharing. Covers title, description, canonical, robots, Open Graph, Twitter Cards, structured data, hreflang, and automated auditing in CI/CD.
NanoID vs UUID vs ULID: Choosing the Right ID for Your Project
A practical comparison of NanoID, UUID, and ULID. Covers size, collision probability, alphabet customisation, URL safety, database performance, and when each format makes sense for your stack.
Markdown Syntax Reference: CommonMark, GFM, and the Gotchas
A complete Markdown reference covering CommonMark spec, GitHub Flavored Markdown extensions (tables, task lists, strikethrough, footnotes), rendering differences between platforms, escaping rules, and HTML embedding.
HEX, RGB, HSL, HSV: Colour Formats Every Developer Should Know
A technical breakdown of colour formats used in CSS, design tools, and image processing. Covers HEX encoding, RGB channels, HSL vs HSV differences, alpha channels, colour spaces (sRGB vs linear), and conversion formulas.
URL Slugs: Rules, SEO Impact, and Transliteration
What makes a good URL slug, how slugification algorithms work, Unicode transliteration for non-Latin scripts, SEO rules from Google's guidelines, and implementation patterns in PHP, JavaScript, and Python.
UUID vs GUID: Same Thing, Different Ecosystem
GUID is UUID v4 in a Microsoft costume. This article explains the structural differences, uppercase vs lowercase, brace notation, SQL Server's newsequentialid(), .NET's Guid.NewGuid(), and when the distinction actually matters.
QR Code Internals: Encoding, Error Correction, and Capacity
A technical deep-dive into QR codes for developers. Covers versions and sizes, data encoding modes, Reed-Solomon error correction levels, masking patterns, capacity tables, and code examples in PHP, Python, and JavaScript.
Diff Algorithms Explained: LCS, Myers, and How Git Tracks Changes
A technical guide to diff algorithms for developers. Covers Longest Common Subsequence, the Myers algorithm used by Git, unified diff format, word-level vs line-level diffing, JSON diff, and practical code examples.
HMAC Explained: Data Signing, JWT, and Protection Against Tampering
A technical guide to HMAC for developers. Covers how HMAC works with inner and outer padding, comparison with plain hashing, HMAC algorithms, JWT signing, API authentication signatures, timing attacks, and code examples.
Six Months with Claude Code: The Workflow Habits That Cut My Token Spend
How to work effectively with AI coding agents like Claude Code, Cursor, and Windsurf. Covers the agent loop, when to delegate vs direct, context management, multi-step tasks, and the habits that separate productive agent use from expensive frustration.
MongoDB ObjectID Explained: Structure, Timestamp, and When to Use It
A technical deep-dive into MongoDB ObjectID. Covers the 12-byte structure, embedded timestamp extraction, comparison with UUID, sorting behaviour, security considerations, and code examples in PHP, Python, and JavaScript.
Model Context Protocol, Honestly: What MCP Solves and Where It Still Hurts
A practical breakdown of the Model Context Protocol (MCP): what it is, how the client-server architecture works, why it exists, and what it means for AI tool integration. Includes examples, a comparison with function calling, and an honest assessment of the current state.
URL Encoding Explained: Percent-Encoding, Reserved Characters, and Common Mistakes
A technical guide to URL encoding (percent-encoding) for developers. Covers RFC 3986 rules, reserved vs unreserved characters, query string encoding, form encoding, double encoding, and code examples.
Eight Prompt Engineering Patterns I Use Daily — and Four That Did Nothing
A practical guide to prompt engineering patterns that produce consistent results: structured output, chain-of-thought, few-shot examples, role framing, and constraint-based prompting. No magic tricks - just techniques that hold up across real tasks.
Cron Expressions: A Complete Guide to Scheduling Syntax
A thorough guide to cron expressions for developers and DevOps. Covers the five-field syntax, special characters, predefined schedules, timezone pitfalls, cloud schedulers, and common mistakes to avoid.
MD5, SHA-1, SHA-256, SHA-512: Which Hashing Algorithm to Choose
A technical guide to cryptographic hash functions for developers. Covers MD5, SHA-1, SHA-2, SHA-3, collision attacks with CVEs, password hashing with bcrypt and Argon2, and practical algorithm selection.
AGENTS.md Makes Your AI Coding Agent Worse - and Now There's Research to Prove It
ETH Zurich's research on AGENTS.md files confirms what I discovered the hard way: bloated custom instructions make AI coding agents slower, more expensive, and less effective. A breakdown of the paper's findings, why context files backfire, and what actually works.
The 4.5× Token Tax of Bloated AI Custom Instructions (and How to Cut It)
A practical guide to writing effective custom instructions for ChatGPT, Claude, and Cursor. Covers what happens inside every prompt, how instructions inflate token costs, prompt caching, and a comparison of bloated vs lean instruction sets with real token counts.
JSON vs YAML: Which Format to Choose for Configs, APIs, and Data
A practical comparison of JSON and YAML for developers. Covers syntax differences, readability, strictness, performance, use cases, YAML pitfalls like the Norway problem, and when to use each format.
UUID Versions Explained: v1, v3, v4, v5, v6, and v7
A complete technical breakdown of all UUID versions. Covers time-based, name-based, and random UUIDs, with code examples in PHP, Python, and JavaScript, and a practical guide to choosing the right version.
Password Security and Entropy: Why Length Beats Complexity
A technical guide to password entropy for developers. Covers entropy calculation, character sets, passphrases vs random strings, brute force and rainbow table attacks, and secure password generation.
A Local RAG Chatbot for Your Internal Wiki: Ollama, ChromaDB, Docker, Zero API Keys
Build a local RAG document assistant that reads .txt files, indexes them with vector embeddings, and answers questions using a local LLM — all without a cloud API. Includes a FastAPI backend, a minimal browser UI, and a full Docker Compose setup.
After a £47 OpenAI Bill on a Side Project, I Moved to Local LLMs. Here's the Stack.
How to run Ollama in Docker Compose, pull a model on first start, and build a Python CLI that reads customer reviews from CSV, clusters them by theme, and generates a structured report — using Pydantic schemas and system/user message separation. No API keys, no monthly bills.
Base64 Encoding Explained: How It Works and When to Use It
A thorough guide to Base64 encoding for developers. Covers the encoding algorithm, all variants (standard, URL-safe, MIME), real use cases, common mistakes, and code examples in PHP, Python, and JavaScript.
Regular Expressions: Practical Guide with 20 Ready-to-Use Patterns
A practical regex reference for developers. Covers syntax fundamentals, flags, groups, lookaheads, and 20 real-world patterns for email, URL, IP address, date, phone, password validation and more.
Unix Timestamps: The Developer's Complete Guide
Everything developers need to know about Unix timestamps: what they are, why 1970, timezone pitfalls, milliseconds vs seconds, the Year 2038 problem, and code examples in PHP, Python, and JavaScript.
UUID vs ULID: Which Unique ID Should You Use?
A deep-dive comparison of UUID v4, ULID, and UUID v7. Covers internal structure, database index performance, security trade-offs, code examples in PHP and JavaScript, and a practical guide for choosing the right format.
JWT Deep Dive: Structure, Algorithms, and Security Pitfalls
A thorough guide to JSON Web Tokens for developers. Covers the three-part structure, signing algorithms (HS256, RS256, ES256), standard claims, and the most common security vulnerabilities to avoid.