Dev Blog
Articles, guides and deep dives for developers. Written by developers, for developers.
Diceware Passphrases: Why I Stopped Memorising Random Strings
A practical guide to diceware passphrases for developers. Covers the EFF Large word list, entropy math, separator and capitalisation trade-offs, real use cases (master passwords, FDE, SSH keys), common mistakes, and code examples in PHP, Python, and JavaScript.
Rich Text to Markdown: How to Convert Google Docs, Word, and Notion Cleanly
Practical guide to converting rich text and HTML to clean Markdown. What survives, what breaks, source-specific quirks, and how to clean up the output.
HTML, CSS and JavaScript Minification: Complete Guide to Benefits, Risks and Best Practices
A developer's guide to minifying HTML, CSS, and JavaScript. Covers what minifiers actually remove, real size savings, common breakage patterns, source maps, and when minification matters vs when it is a waste of time.
RSA Key Pair Generation: Fifteen Years of `genpkey` and the Decisions Tutorials Skip
A practical guide to generating RSA key pairs with OpenSSL, Web Crypto API, and language-native libraries. Covers key sizes, PEM vs JWK formats, PKCS standards, key storage, rotation strategies, and when to choose elliptic curves instead.
JSON-LD in 2026: Which Schema.org Types Actually Matter and Which Are a Waste of Time
A practical analysis of which Schema.org types trigger Google rich results and which ones you can safely ignore. Covers the full list of Google-supported types, ROI by type, the AI search exception, and a prioritisation framework.
Structured Data for Developers: JSON-LD, Schema.org, and Rich Results in Google
A developer's guide to implementing structured data with JSON-LD and Schema.org. Covers Article, FAQ, HowTo, Product, and BreadcrumbList types, with implementation examples in PHP, Next.js, and WordPress, plus testing and CI/CD validation.
CSV vs JSON for Data Exchange: When Each Format Wins
A practical comparison of CSV and JSON for APIs, data pipelines, and file exports. Covers structure, parsing, streaming, schema enforcement, size, tooling, and clear guidelines for choosing the right format.
SEO for AI Search: How to Optimise for ChatGPT, Perplexity, and Google AI Overviews
How AI-powered search engines discover, evaluate, and cite web content. Practical strategies for optimising your pages for ChatGPT Browse, Perplexity, Google AI Overviews, and other AI answer engines.
Image to Base64 Data URIs: When to Inline and When Not To
A practical guide to embedding images as Base64 data URIs. Covers the data URI format, size overhead, performance trade-offs, browser caching, Content Security Policy, and clear rules for when inlining helps vs hurts.
Open Graph Meta Tags: What They Are, Why They Matter, and How to Set Them Up
A practical guide to Open Graph meta tags covering required properties, type-specific tags, Twitter Card fallback, image specs per platform, implementation in PHP and Next.js, cache invalidation, and common mistakes.
The Developer's Meta Tag Checklist: SEO, Social Sharing, and Beyond
A practical checklist of every meta tag that matters for SEO and social sharing. Covers title, description, canonical, robots, Open Graph, Twitter Cards, structured data, hreflang, and automated auditing in CI/CD.
NanoID vs UUID vs ULID: Choosing the Right ID for Your Project
A practical comparison of NanoID, UUID, and ULID. Covers size, collision probability, alphabet customisation, URL safety, database performance, and when each format makes sense for your stack.
Markdown Syntax Reference: CommonMark, GFM, and the Gotchas
A complete Markdown reference covering CommonMark spec, GitHub Flavored Markdown extensions (tables, task lists, strikethrough, footnotes), rendering differences between platforms, escaping rules, and HTML embedding.
HEX, RGB, HSL, HSV: Colour Formats Every Developer Should Know
A technical breakdown of colour formats used in CSS, design tools, and image processing. Covers HEX encoding, RGB channels, HSL vs HSV differences, alpha channels, colour spaces (sRGB vs linear), and conversion formulas.
URL Slugs: Rules, SEO Impact, and Transliteration
What makes a good URL slug, how slugification algorithms work, Unicode transliteration for non-Latin scripts, SEO rules from Google's guidelines, and implementation patterns in PHP, JavaScript, and Python.
UUID vs GUID: Same Thing, Different Ecosystem
GUID is UUID v4 in a Microsoft costume. This article explains the structural differences, uppercase vs lowercase, brace notation, SQL Server's newsequentialid(), .NET's Guid.NewGuid(), and when the distinction actually matters.
QR Code Internals: Encoding, Error Correction, and Capacity
A technical deep-dive into QR codes for developers. Covers versions and sizes, data encoding modes, Reed-Solomon error correction levels, masking patterns, capacity tables, and code examples in PHP, Python, and JavaScript.
Diff Algorithms Explained: LCS, Myers, and How Git Tracks Changes
A technical guide to diff algorithms for developers. Covers Longest Common Subsequence, the Myers algorithm used by Git, unified diff format, word-level vs line-level diffing, JSON diff, and practical code examples.
HMAC Explained: Data Signing, JWT, and Protection Against Tampering
A technical guide to HMAC for developers. Covers how HMAC works with inner and outer padding, comparison with plain hashing, HMAC algorithms, JWT signing, API authentication signatures, timing attacks, and code examples.
Six Months with Claude Code: The Workflow Habits That Cut My Token Spend
How to work effectively with AI coding agents like Claude Code, Cursor, and Windsurf. Covers the agent loop, when to delegate vs direct, context management, multi-step tasks, and the habits that separate productive agent use from expensive frustration.
MongoDB ObjectID Explained: Structure, Timestamp, and When to Use It
A technical deep-dive into MongoDB ObjectID. Covers the 12-byte structure, embedded timestamp extraction, comparison with UUID, sorting behaviour, security considerations, and code examples in PHP, Python, and JavaScript.
Model Context Protocol, Honestly: What MCP Solves and Where It Still Hurts
A practical breakdown of the Model Context Protocol (MCP): what it is, how the client-server architecture works, why it exists, and what it means for AI tool integration. Includes examples, a comparison with function calling, and an honest assessment of the current state.
URL Encoding Explained: Percent-Encoding, Reserved Characters, and Common Mistakes
A technical guide to URL encoding (percent-encoding) for developers. Covers RFC 3986 rules, reserved vs unreserved characters, query string encoding, form encoding, double encoding, and code examples.
Eight Prompt Engineering Patterns I Use Daily — and Four That Did Nothing
A practical guide to prompt engineering patterns that produce consistent results: structured output, chain-of-thought, few-shot examples, role framing, and constraint-based prompting. No magic tricks - just techniques that hold up across real tasks.
Cron Expressions: A Complete Guide to Scheduling Syntax
A thorough guide to cron expressions for developers and DevOps. Covers the five-field syntax, special characters, predefined schedules, timezone pitfalls, cloud schedulers, and common mistakes to avoid.
MD5, SHA-1, SHA-256, SHA-512: Which Hashing Algorithm to Choose
A technical guide to cryptographic hash functions for developers. Covers MD5, SHA-1, SHA-2, SHA-3, collision attacks with CVEs, password hashing with bcrypt and Argon2, and practical algorithm selection.
AGENTS.md Makes Your AI Coding Agent Worse - and Now There's Research to Prove It
ETH Zurich's research on AGENTS.md files confirms what I discovered the hard way: bloated custom instructions make AI coding agents slower, more expensive, and less effective. A breakdown of the paper's findings, why context files backfire, and what actually works.
The 4.5× Token Tax of Bloated AI Custom Instructions (and How to Cut It)
A practical guide to writing effective custom instructions for ChatGPT, Claude, and Cursor. Covers what happens inside every prompt, how instructions inflate token costs, prompt caching, and a comparison of bloated vs lean instruction sets with real token counts.
JSON vs YAML: Which Format to Choose for Configs, APIs, and Data
A practical comparison of JSON and YAML for developers. Covers syntax differences, readability, strictness, performance, use cases, YAML pitfalls like the Norway problem, and when to use each format.
UUID Versions Explained: v1, v3, v4, v5, v6, and v7
A complete technical breakdown of all UUID versions. Covers time-based, name-based, and random UUIDs, with code examples in PHP, Python, and JavaScript, and a practical guide to choosing the right version.
Password Security and Entropy: Why Length Beats Complexity
A technical guide to password entropy for developers. Covers entropy calculation, character sets, passphrases vs random strings, brute force and rainbow table attacks, and secure password generation.
A Local RAG Chatbot for Your Internal Wiki: Ollama, ChromaDB, Docker, Zero API Keys
Build a local RAG document assistant that reads .txt files, indexes them with vector embeddings, and answers questions using a local LLM — all without a cloud API. Includes a FastAPI backend, a minimal browser UI, and a full Docker Compose setup.
After a £47 OpenAI Bill on a Side Project, I Moved to Local LLMs. Here's the Stack.
How to run Ollama in Docker Compose, pull a model on first start, and build a Python CLI that reads customer reviews from CSV, clusters them by theme, and generates a structured report — using Pydantic schemas and system/user message separation. No API keys, no monthly bills.
Base64 Encoding Explained: How It Works and When to Use It
A thorough guide to Base64 encoding for developers. Covers the encoding algorithm, all variants (standard, URL-safe, MIME), real use cases, common mistakes, and code examples in PHP, Python, and JavaScript.
Regular Expressions: Practical Guide with 20 Ready-to-Use Patterns
A practical regex reference for developers. Covers syntax fundamentals, flags, groups, lookaheads, and 20 real-world patterns for email, URL, IP address, date, phone, password validation and more.
Unix Timestamps: The Developer's Complete Guide
Everything developers need to know about Unix timestamps: what they are, why 1970, timezone pitfalls, milliseconds vs seconds, the Year 2038 problem, and code examples in PHP, Python, and JavaScript.
UUID vs ULID: Which Unique ID Should You Use?
A deep-dive comparison of UUID v4, ULID, and UUID v7. Covers internal structure, database index performance, security trade-offs, code examples in PHP and JavaScript, and a practical guide for choosing the right format.
JWT Deep Dive: Structure, Algorithms, and Security Pitfalls
A thorough guide to JSON Web Tokens for developers. Covers the three-part structure, signing algorithms (HS256, RS256, ES256), standard claims, and the most common security vulnerabilities to avoid.