About this site
These are casual notes to help you get the gist of my online tools. Not a formal spec—just takeaways and tips I’ve collected and rewritten in plain language. Read with a light touch.
An easy-to-understand explanation of SAML, its communication flow, the role of IdP and SP, and how SAMLRequest and SAMLResponse work in SSO scenarios.
A quick overview of how SAML 2.0 is specified, covering versions, assertions, protocol, bindings, and metadata in plain language.
Understand how different SAML binding methods like HTTP-POST, HTTP-Redirect, and Artifact work. Learn their characteristics, use cases, and tradeoffs.
How SAML Response signatures work, what to verify, and how to operate certificates safely (rotation, revocation).
Covers how IdP/SP certificates are used (signing/encryption) and how to operate them safely.
Common SAML attributes, IdP naming differences, and mapping tips on the SP side for smoother operations.
Role of NameID and differences between formats, with tips on choosing and configuring them.
Practical SLO guide covering flow design, triggers, session handling, and failure handling.
Encrypted Assertions and metadata essentials, plus key management tips for secure SAML implementations.
Operational guide for importing and rotating SAML metadata safely.
A checklist for common SAML errors and how to verify them quickly.
Learn the basics of Unix Time (Epoch / POSIX time): how it counts seconds from 1970-01-01 UTC, its relation to time zones, the Year 2038 problem, leap seconds, differences between seconds, milliseconds, and nanoseconds, and conversion examples in various languages and SQL.
A focused guide on handling Unix time with time zones: UTC vs local time, storage/display/logging policies, common pitfalls (DST, container TZ, string parsing), and testing tips.
A compact list of common IANA time zones with UTC offsets, DST notes, and tips on avoiding ambiguous abbreviations. Includes guidance for APIs/logging and handling DST safely.
Understand how hashing works, the differences between common algorithms, and best practices like salting.
Collision risk intuition, checksum vs cryptographic hash, HMAC vs signatures, password hashing with KDFs, encoding/normalization pitfalls, streaming hashes, and content-addressable use cases.
A quick guide to data size units: the difference between bits and bytes, decimal vs binary prefixes (kB vs KiB), and how to read bps in network specs without getting tripped up.
A compact guide to when to use CSV/TSV, JSON/JSONL, or columnar binaries like Parquet/Arrow for exchange, storage, and analytics.
Covers differences between UTF-8 and UTF-16, what BOM does, common causes of mojibake, and how to handle CSV encodings.
Practical guidance on hashes (SHA-256), checksums (CRC), and digital signatures, plus how to verify downloads or transfers safely.
Practical notes on gzip, brotli, and zstd, how Accept-Encoding/Content-Encoding work, and rough compression efficiency guidance.
An easy guide to QR codes: matrix structure, versions and capacity, encoding modes, error correction levels, generation methods, and operational considerations (security and best practices).
Covers the difference between the Internet and the Web, how URLs are structured, how HTTP works, why HTTPS is now the default, and handy troubleshooting tips.
“www” is just a subdomain. Here’s why it became a convention to mark web servers, the DNS/CDN reasons, cookie scoping, pros/cons, and how people choose today.
Quick tour of W3C and IETF for standards, ICANN/IANA and regional registries for names and numbers, and how browsers, cloud/CDN providers, and security groups keep the Web running.
Quickly explains recursive/caching resolvers, authoritative servers, the query flow, and how DNSSEC signatures are validated.
DNS root servers sit at the top of the hierarchy, serving the root zone. There are 13 identifiers (A–M), each anycasted to many physical sites worldwide. This covers their role, the “13” misconception, and practical notes.
Explains why UA strings pile up tokens like Mozilla/KHTML/Gecko/Chrome, the historical compatibility reasons, and today’s move to UA reduction and User-Agent Client Hints.
Covers the joke status 418 I'm a teapot from RFC2324 (HTCPCP), where it shows up, and why it should stay out of production.
HTTP was designed from the start as a generic request/response transport. Today it routinely carries JSON APIs, binaries, streaming, and more. Here’s a relaxed tour of the history and best practices.
A quick reference for HTTP methods in RFC 9110 (GET/POST/PUT/PATCH/DELETE/HEAD/OPTIONS/TRACE): safety, idempotency, typical use, and design tips.
RFC 9110-aligned pairings of GET/POST/PUT/PATCH/DELETE with common status codes (200/201/204/304/400/401/403/404/409/412/415/422/429/500/503).
RFC 9110 guide to conditional requests with ETag (If-Match, If-None-Match, If-Modified-Since, etc.) and how to return 304/412/428.
RFC 9110-aligned overview of how GET/HEAD/POST interact with caches. Covers Cache-Control, ETag, Vary, and when POST responses can be cached.
When browsers send CORS preflight, what headers they include, and how to respond with Access-Control-Allow-* correctly. Aligned with RFC 9110 and the Fetch Standard.
Common misuses of HTTP methods that conflict with RFC 9110 or cause operational issues: state-changing GET, POST-everything, non-idempotent DELETE, and more.
A concise look at how HTTP evolved from 0.9 to 1.1, then HTTP/2 (from SPDY) and HTTP/3 (QUIC), and what changed at each step.