Dev Blog
Articles, guides and deep dives for developers. Written by developers, for developers.
HMAC Explained: Data Signing, JWT, and Protection Against Tampering
A technical guide to HMAC for developers. Covers how HMAC works with inner and outer padding, comparison with plain hashing, HMAC algorithms, JWT signing, API authentication signatures, timing attacks, and code examples.
AI Coding Agents: A Practical Workflow Guide for Real Projects
How to work effectively with AI coding agents like Claude Code, Cursor, and Windsurf. Covers the agent loop, when to delegate vs direct, context management, multi-step tasks, and the habits that separate productive agent use from expensive frustration.
MongoDB ObjectID Explained: Structure, Timestamp, and When to Use It
A technical deep-dive into MongoDB ObjectID. Covers the 12-byte structure, embedded timestamp extraction, comparison with UUID, sorting behaviour, security considerations, and code examples in PHP, Python, and JavaScript.
MCP (Model Context Protocol) Explained: How AI Agents Connect to the Real World
A practical breakdown of the Model Context Protocol (MCP): what it is, how the client-server architecture works, why it exists, and what it means for AI tool integration. Includes examples, a comparison with function calling, and an honest assessment of the current state.
URL Encoding Explained: Percent-Encoding, Reserved Characters, and Common Mistakes
A technical guide to URL encoding (percent-encoding) for developers. Covers RFC 3986 rules, reserved vs unreserved characters, query string encoding, form encoding, double encoding, and code examples.
Prompt Engineering Patterns That Actually Work - Beyond the Hype
A practical guide to prompt engineering patterns that produce consistent results: structured output, chain-of-thought, few-shot examples, role framing, and constraint-based prompting. No magic tricks - just techniques that hold up across real tasks.
Cron Expressions: A Complete Guide to Scheduling Syntax
A thorough guide to cron expressions for developers and DevOps. Covers the five-field syntax, special characters, predefined schedules, timezone pitfalls, cloud schedulers, and common mistakes to avoid.
MD5, SHA-1, SHA-256, SHA-512: Which Hashing Algorithm to Choose
A technical guide to cryptographic hash functions for developers. Covers MD5, SHA-1, SHA-2, SHA-3, collision attacks with CVEs, password hashing with bcrypt and Argon2, and practical algorithm selection.
AGENTS.md Makes Your AI Coding Agent Worse - and Now There's Research to Prove It
ETH Zurich's research on AGENTS.md files confirms what I discovered the hard way: bloated custom instructions make AI coding agents slower, more expensive, and less effective. A breakdown of the paper's findings, why context files backfire, and what actually works.
Custom Instructions for AI Assistants: How to Write Them Without Wasting Money
A practical guide to writing effective custom instructions for ChatGPT, Claude, and Cursor. Covers what happens inside every prompt, how instructions inflate token costs, prompt caching, and a comparison of bloated vs lean instruction sets with real token counts.
JSON vs YAML: Which Format to Choose for Configs, APIs, and Data
A practical comparison of JSON and YAML for developers. Covers syntax differences, readability, strictness, performance, use cases, YAML pitfalls like the Norway problem, and when to use each format.
UUID Versions Explained: v1, v3, v4, v5, v6, and v7
A complete technical breakdown of all UUID versions. Covers time-based, name-based, and random UUIDs, with code examples in PHP, Python, and JavaScript, and a practical guide to choosing the right version.
Password Security and Entropy: Why Length Beats Complexity
A technical guide to password entropy for developers. Covers entropy calculation, character sets, passphrases vs random strings, brute force and rainbow table attacks, and secure password generation.
RAG Document Assistant: Answer Questions from Your Own Docs with Ollama, ChromaDB and Docker
Build a local RAG document assistant that reads .txt files, indexes them with vector embeddings, and answers questions using a local LLM — all without a cloud API. Includes a FastAPI backend, a minimal browser UI, and a full Docker Compose setup.
Free Local LLM in Docker: Build a Customer Feedback Analyser with Ollama and Pydantic
How to run Ollama in Docker Compose, pull a model on first start, and build a Python CLI that reads customer reviews from CSV, clusters them by theme, and generates a structured report — using Pydantic schemas and system/user message separation. No API keys, no monthly bills.
Base64 Encoding Explained: How It Works and When to Use It
A thorough guide to Base64 encoding for developers. Covers the encoding algorithm, all variants (standard, URL-safe, MIME), real use cases, common mistakes, and code examples in PHP, Python, and JavaScript.
Regular Expressions: Practical Guide with 20 Ready-to-Use Patterns
A practical regex reference for developers. Covers syntax fundamentals, flags, groups, lookaheads, and 20 real-world patterns for email, URL, IP address, date, phone, password validation and more.
Unix Timestamps: The Developer's Complete Guide
Everything developers need to know about Unix timestamps: what they are, why 1970, timezone pitfalls, milliseconds vs seconds, the Year 2038 problem, and code examples in PHP, Python, and JavaScript.
UUID vs ULID: Which Unique ID Should You Use?
A deep-dive comparison of UUID v4, ULID, and UUID v7. Covers internal structure, database index performance, security trade-offs, code examples in PHP and JavaScript, and a practical guide for choosing the right format.
JWT Deep Dive: Structure, Algorithms, and Security Pitfalls
A thorough guide to JSON Web Tokens for developers. Covers the three-part structure, signing algorithms (HS256, RS256, ES256), standard claims, and the most common security vulnerabilities to avoid.