About this site
These are casual notes to help you get the gist of my online tools. Not a formal spec—just takeaways and tips I’ve collected and rewritten in plain language. Read with a light touch.
An easy-to-understand explanation of SAML, its communication flow, the role of IdP and SP, and how SAMLRequest and SAMLResponse work in SSO scenarios.
A quick overview of how SAML 2.0 is specified, covering versions, assertions, protocol, bindings, and metadata in plain language.
Understand how different SAML binding methods like HTTP-POST, HTTP-Redirect, and Artifact work. Learn their characteristics, use cases, and tradeoffs.
How SAML Response signatures work, what to verify, and how to operate certificates safely (rotation, revocation).
Covers how IdP/SP certificates are used (signing/encryption) and how to operate them safely.
Common SAML attributes, IdP naming differences, and mapping tips on the SP side for smoother operations.
Role of NameID and differences between formats, with tips on choosing and configuring them.
Practical SLO guide covering flow design, triggers, session handling, and failure handling.
Encrypted Assertions and metadata essentials, plus key management tips for secure SAML implementations.
Operational guide for importing and rotating SAML metadata safely.
A checklist for common SAML errors and how to verify them quickly.
Learn the basics of Unix Time (Epoch / POSIX time): how it counts seconds from 1970-01-01 UTC, its relation to time zones, the Year 2038 problem, leap seconds, differences between seconds, milliseconds, and nanoseconds, and conversion examples in various languages and SQL.
A focused guide on handling Unix time with time zones: UTC vs local time, storage/display/logging policies, common pitfalls (DST, container TZ, string parsing), and testing tips.
A compact list of common IANA time zones with UTC offsets, DST notes, and tips on avoiding ambiguous abbreviations. Includes guidance for APIs/logging and handling DST safely.
Understand how hashing works, the differences between common algorithms, and best practices like salting.
Collision risk intuition, checksum vs cryptographic hash, HMAC vs signatures, password hashing with KDFs, encoding/normalization pitfalls, streaming hashes, and content-addressable use cases.
A quick guide to data size units: the difference between bits and bytes, decimal vs binary prefixes (kB vs KiB), and how to read bps in network specs without getting tripped up.
A compact guide to when to use CSV/TSV, JSON/JSONL, or columnar binaries like Parquet/Arrow for exchange, storage, and analytics.
Covers differences between UTF-8 and UTF-16, what BOM does, common causes of mojibake, and how to handle CSV encodings.
Practical guidance on hashes (SHA-256), checksums (CRC), and digital signatures, plus how to verify downloads or transfers safely.
Practical notes on gzip, brotli, and zstd, how Accept-Encoding/Content-Encoding work, and rough compression efficiency guidance.
An easy guide to QR codes: matrix structure, versions and capacity, encoding modes, error correction levels, generation methods, and operational considerations (security and best practices).
A practical guide to QR code use cases: URLs, app deep links, Wi-Fi setup, payments, tickets, icon embedding, design considerations, analytics, and multilingual routing.
Examples of QR code use in manufacturing, logistics, emergency medicine, local government, museums, retail, events, and product packaging.
A plain-language summary of QR Code trademark notice, DENSO WAVE ownership, royalty-free compliant generation and reading, and when to check official guidelines.
How to read Mbps and MB/s, why real throughput is lower than the theoretical line rate, and how long 100MB, 1GB, or 10GB transfers take in practice.
Quickly explains recursive/caching resolvers, authoritative servers, the query flow, and how DNSSEC signatures are validated.
An IP address does not directly contain your home address. This explains how ISP allocation, WHOIS/RIR data, ASNs, GeoIP databases, and network observations are used to estimate location.
A beginner-friendly explanation of how VPNs change the IP address and location websites see, what a VPN exit IP is, and why cookies, logins, GPS, and browser signals still matter.
Explains what changes when you use a VPN: what your ISP can see, what the VPN provider can see, and what websites or game servers see, including exit IPs, DNS leaks, accounts, latency, and restrictions.
A plain-language guide to VPN settings: full tunnel, split tunneling, DNS settings, DNS leaks, WebRTC leaks, kill switch, and protocols such as WireGuard, OpenVPN, and IPsec.
A plain-language comparison of SSL VPN, IPsec VPN, WireGuard, OpenVPN, L2TP/IPsec, and related VPN types, with benefits, drawbacks, and common use cases.
A practical explanation of SSH port forwarding, local forwarding, remote forwarding, dynamic SOCKS forwarding, how it differs from VPNs, and security points to watch.
VPNs can reduce sniffing risk on public Wi-Fi and protect the path to a VPN server, but they do not stop phishing, cookie tracking, or malware by themselves. This explains logs, DNS leaks, WebRTC leaks, split tunneling, and free VPN risks.
DNS root servers sit at the top of the hierarchy, serving the root zone. There are 13 identifiers (A–M), each anycasted to many physical sites worldwide. This covers their role, the “13” misconception, and practical notes.
Covers the difference between the Internet and the Web, how URLs are structured, how HTTP works, why HTTPS is now the default, and handy troubleshooting tips.
“www” is just a subdomain. Here’s why it became a convention to mark web servers, the DNS/CDN reasons, cookie scoping, pros/cons, and how people choose today.
Quick tour of W3C and IETF for standards, ICANN/IANA and regional registries for names and numbers, and how browsers, cloud/CDN providers, and security groups keep the Web running.
Explains why UA strings pile up tokens like Mozilla/KHTML/Gecko/Chrome, the historical compatibility reasons, and today’s move to UA reduction and User-Agent Client Hints.
Explains why shared specs for HTML, CSS, DOM, and ECMAScript matter, how WHATWG/W3C/TC39/IETF shape them, and where vendor-specific browser behavior tends to appear.
Covers the joke status 418 I'm a teapot from RFC2324 (HTCPCP), where it shows up, and why it should stay out of production.
HTTP was designed from the start as a generic request/response transport. Today it routinely carries JSON APIs, binaries, streaming, and more. Here’s a relaxed tour of the history and best practices.
A quick reference for HTTP methods in RFC 9110 (GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS/TRACE): safety, idempotency, typical use, and design tips.
RFC 9110-aligned pairings of GET/POST/PUT/PATCH/DELETE with common status codes (200/201/204/304/400/401/403/404/409/412/415/422/429/500/503).
RFC 9110 guide to conditional requests with ETag (If-Match, If-None-Match, If-Modified-Since, etc.) and how to return 304/412/428.
RFC 9110-aligned overview of how GET/HEAD/POST interact with caches. Covers Cache-Control, ETag, Vary, and when POST responses can be cached.
When browsers send CORS preflight, what headers they include, and how to respond with Access-Control-Allow-* correctly. Aligned with RFC 9110 and the Fetch Standard.
Common misuses of HTTP methods that conflict with RFC 9110 or cause operational issues: state-changing GET, POST-everything, non-idempotent DELETE, and more.
A concise look at how HTTP evolved from 0.9 to 1.1, then HTTP/2 (from SPDY) and HTTP/3 (QUIC), and what changed at each step.