0x.run

Tech tutorials, programming guides, and developer resources

Zero-Downtime Deployments: Rolling, Blue-Green, and Canary

Rolling updates are efficient, blue-green makes switching and rollback simple, and canaries limit the blast radius with real traffic. Every strategy still needs readiness checks, graceful draining, backward-compatible data changes, capacity headroom, and automated rollback signals.

How Containers Actually Work: Namespaces, cgroups, and Layers

Containers share the host kernel. Namespaces change what processes can see, cgroups limit and measure resources, capabilities and seccomp reduce privileges, and overlay filesystems assemble image layers. Images are immutable inputs; the writable container layer is disposable.

Backpressure: How Fast Systems Avoid Drowning in Work

Every queue must be bounded. When downstream work is saturated, slow producers, limit concurrency, reject excess requests, or shed low-priority work. Measure queue depth and age; scaling helps only when the true bottleneck can accept more throughput.

Secrets Management Beyond .env Files

Store secrets in a dedicated manager, authorize workloads by identity, prefer short-lived credentials, cache them only briefly, and design dual-key rotation. Encryption at rest does not fix broad access, leaked logs, or credentials that never expire.

Distributed Tracing with OpenTelemetry: Finding the Slow Service

A trace is a tree of timed spans joined by propagated context. Auto-instrument common libraries, add manual spans around domain operations, record low-cardinality attributes, and preserve trace IDs in logs and queues. Sampling controls cost but must retain errors and slow traces.

Consistent Hashing: Scaling Caches Without Remapping Every Key

Modulo hashing couples every key to the server count. Consistent hashing places keys and many virtual node tokens on a ring, so adding or removing a server moves only nearby ranges. Use replicas for availability and monitor real load because even balanced key counts can hide hot keys.

Health Checks Done Right: Liveness, Readiness, and Startup

Liveness answers whether a restart can help. Readiness answers whether this instance should receive traffic. Startup protects slow initialization. Keep liveness shallow, make readiness reflect essential local capability, secure detailed diagnostics, and test failure behavior.

B-Trees vs LSM Trees: How Databases Choose Between Reads and Writes

B-trees keep sorted pages and are strong for point reads and range scans. LSM trees buffer writes, flush immutable sorted files, and compact them later, favoring heavy write workloads. Neither is universally faster; workload, cache, compaction, and durability settings decide.

API Timeouts: Deadlines, Cancellation, and Why Defaults Fail

Set explicit connect, response-header, body, and overall deadlines. Give downstream calls less time than the caller has left, propagate cancellation, and stop work after clients disconnect. A retry must fit inside the original request budget.

Database Deadlocks: Why They Happen and How to Stop Them

Deadlocks happen when transactions acquire the same locks in different orders. The database aborts one transaction to break the cycle. Keep transactions short, lock rows in a consistent order, index updates correctly, and retry the entire aborted transaction with a limit.

Docker Networking: Bridge, Host, Ports, and Container DNS

On a user-defined bridge, containers reach each other by service name and container port. Published ports expose a container through the host. Bind databases to 127.0.0.1 when only the host needs access, avoid hardcoded container IPs, and debug from both sides of the network boundary.

Linux Signals: What SIGTERM, SIGKILL, and SIGHUP Actually Do

SIGTERM asks a process to stop and can be handled; SIGKILL stops it immediately and cannot. SIGINT comes from Ctrl-C, SIGHUP often triggers reload, and SIGCHLD reports child changes. Handle shutdown signals, forward them to children, and reserve kill -9 for stuck processes.

HTTP Compression: gzip, Brotli, and the Bytes You Shouldn't Compress

Compress HTML, CSS, JavaScript, JSON, SVG, and other text. Skip tiny responses and formats already compressed. Prefer Brotli for static assets, keep gzip as a fallback, send Vary: Accept-Encoding, and never mix secrets with attacker-controlled text in compressed responses.

File Uploads Done Right

Upload directly to object storage (S3/R2) using presigned URLs—don't route files through your server. Validate type by magic bytes, not extension. Enforce size limits at the load balancer. Process async.

How Git Actually Works Internally

Git stores everything as objects (blobs, trees, commits, tags) identified by SHA-1 hash. Branches are just files containing a commit hash. Merges combine DAG nodes. Once you see the object model, git becomes predictable.

Writing CLI Tools in Go

Go makes great CLIs: single binary, fast startup, easy cross-compile. Use cobra or flag package for arguments, os.Exit for error codes, and goroutines for parallelism. Structure for testability from the start.

How TLS and HTTPS Actually Work

TLS authenticates the server via certificates signed by a trusted CA, then uses asymmetric crypto to establish a shared symmetric key, then encrypts all traffic with that key. The handshake takes one round trip in TLS 1.3.

SSH Tips Every Developer Should Know

SSH config files eliminate repetitive flags. Jump hosts chain connections through bastions. Port forwarding tunnels any TCP traffic. Use Ed25519 keys. Set ControlMaster for connection reuse.

TCP vs UDP: When to Actually Use Each

TCP guarantees delivery and order at the cost of latency. UDP is fast and lossy—use it when you control retries or can tolerate loss. Most apps use TCP. Games, video, DNS use UDP.

How DNS Actually Works

DNS is a distributed hierarchy of servers. Your OS checks cache, then asks a resolver, which walks the tree from root → TLD → authoritative server. TTL controls caching. Understanding this saves hours of debugging.

OAuth 2.0 Explained Without the Jargon

OAuth 2.0 lets users grant apps access to their data without sharing passwords. Use Authorization Code flow for web apps, PKCE for SPAs and mobile, Client Credentials for server-to-server. Never store tokens in localStorage.

Zero-Downtime Database Migrations

Zero-downtime migrations use backward-compatible steps. Add columns nullable first. Deploy code that handles both schemas. Backfill data in batches. Add constraints. Never rename or drop in one step—use expand and contract.

Feature Flags: Ship Code Without Breaking Things

Feature flags are runtime toggles that control what code runs. Use them for gradual rollouts, A/B tests, kill switches, and beta access. Store in Redis or database, not config files. Kill switches save production incidents.

The JavaScript Event Loop Isn't Magic

JavaScript runs on a single thread with an event loop. Synchronous code runs to completion. Async callbacks wait in queues. Microtasks (Promises) run before macrotasks (setTimeout). Blocking the call stack freezes everything.

Postgres Full-Text Search: Skip Elasticsearch for Most Apps

PostgreSQL full-text search uses tsvector and tsquery. Index with GIN indexes. Use ts_rank for relevance, websearch_to_tsquery for user input, and pg_trgm for fuzzy matching. Handles millions of records well with no extra infrastructure.

HTTP Caching Headers: Cache-Control Explained

Cache-Control headers tell browsers and CDNs how long to store responses. Use max-age for static assets, no-cache for HTML, private for user data, immutable for versioned files. ETags enable conditional requests that skip downloading unchanged content.

Webhooks: How to Build Reliable Event Delivery

Webhooks are HTTP POST requests triggered by events. Verify signatures to prevent spoofing. Return 200 immediately, process async. Retry with exponential backoff. Store delivery logs. Use queues for reliability.

ACID Transactions: What They Actually Mean in Practice

ACID guarantees that database operations are Atomic (all or nothing), Consistent (rules enforced), Isolated (concurrent transactions don't interfere), and Durable (committed data survives crashes). Without transactions, concurrent writes corrupt data.

Graceful Shutdown: Why Your App Crashes on Deploy

Graceful shutdown drains in-flight requests before stopping. Catch SIGTERM, stop accepting new connections, wait for active requests to finish, then exit. Without it, every deploy drops requests and breaks transactions.

WebSockets in Production: Handling Disconnects and Scaling

WebSockets enable real-time bidirectional communication. Handle reconnection with exponential backoff. Use heartbeats to detect dead connections. Scale with Redis pub/sub. Store connection state. Close connections properly.

Docker Multi-Stage Builds: From 1.2GB to 100MB

Multi-stage builds use multiple FROM statements. Build stage has compilers and tools. Final stage has only runtime dependencies. Result: 10x smaller images, faster deploys, fewer vulnerabilities. Copy artifacts between stages.

Debouncing vs Throttling: When to Use Each

Debouncing waits until user stops (search input). Throttling limits rate (scroll handler). Debounce = last call wins. Throttle = regular intervals. Use debounce for user input, throttle for continuous events.

Regular Expressions: The 10 Patterns You Actually Use

Learn 10 regex patterns: email, URL, phone, credit card, password strength, whitespace, special chars, numbers, dates, and file extensions. Test on regex101.com. Use named groups. Avoid catastrophic backtracking.

Date and Time: Common Pitfalls and How to Fix Them

Always store dates in UTC. Display in user's timezone. Never use new Date() for parsing. Avoid date math with native Date. Use date-fns or Luxon. ISO 8601 for serialization. Timezones are hard - libraries handle them.

Building a Simple In-Memory Cache with TTL

Cache = store expensive results in memory. Add TTL to expire old data. Use LRU to limit memory. Check cache before expensive operations. 10x-100x speed improvement for repeated data.

Message Queues: RabbitMQ vs Redis vs SQS

Use RabbitMQ for complex routing and guaranteed delivery. Use Redis for simple, fast queues. Use SQS for managed, scalable queues on AWS. All handle async tasks - choose based on complexity, scale, and infrastructure.

Load Testing: Finding Your Breaking Point Before Users Do

Load test before launch. Use k6 or Artillery to simulate traffic. Test realistic scenarios, not just homepage. Find your breaking point. Monitor CPU, memory, database connections. Fix bottlenecks before users find them.

XSS Attacks Explained: How to Prevent Cross-Site Scripting

XSS happens when user input is rendered as HTML/JavaScript. Escape all output. Use textContent not innerHTML. Sanitize HTML with DOMPurify. Enable Content Security Policy. React/Vue escape by default - don't use dangerouslySetInnerHTML.

SQL Injection: How It Happens and How to Prevent It

SQL injection happens when user input goes directly into SQL queries. Never concatenate user input into SQL. Use parameterized queries, prepared statements, or ORMs. Validate input. Escape output. Test with SQLMap.

The N+1 Query Problem: How to Detect and Fix It

N+1 queries happen when you fetch records in a loop - 1 query becomes 1000. Detect with query logging and APM tools. Fix with eager loading, joins, or batching. 100x performance improvement is common.

Logging in Production: What to Log, What to Skip

Use structured logging with levels. Log requests, errors, and key events - not sensitive data or debug spam. JSON format for aggregation. Keep performance impact under 5%. Fix log leaks before they become breaches.

REST API Error Handling: The Right Way

Use proper HTTP status codes. Return consistent error format with code, message, and details. Log errors server-side. Never expose stack traces to clients.

API Versioning: URL vs Header vs Query Parameter

URL versioning (/v1/users) is simplest and most discoverable. Header versioning is cleaner but harder to use. Start with URL versioning, only use headers if you have a strong reason.

Background Jobs and Queues: Stop Blocking Your API

Never block API responses with slow operations. Use job queues for emails, image processing, reports. Bull with Redis is simple and reliable. Process jobs in workers, not request handlers.

Rate Limiting Algorithms Explained with Code

Rate limiting prevents API abuse. Token bucket is most flexible, fixed window is simplest, sliding window is most accurate. Implement in-memory for single servers, Redis for distributed systems.

Database Indexes Explained: The Only Guide You Need

Indexes make queries fast by avoiding full table scans. But too many indexes slow down writes. Use EXPLAIN to identify slow queries, add indexes on WHERE/JOIN columns, and avoid indexing everything.

Your Startup Doesn't Need Microservices

Microservices add operational complexity that small teams can't afford. Monoliths are faster to build, easier to debug, and simpler to deploy. Split services when you have a reason, not because it's trendy.

Why I Write SQL Instead of Using ORMs

ORMs hide complexity that eventually bites you. Raw SQL is explicit, performant, and easier to debug. Use ORMs for CRUD, write SQL for anything complex.

UUID v7: The New UUID That Actually Makes Sense

UUID v7 puts timestamps at the beginning, making database indexes happy. I saw 3x better insert performance and 50% smaller indexes after migrating. Here's how and when to switch.

CORS Errors: Every Fix That Actually Works

CORS errors are never quite the same. Here's every fix I've used in production, why each error happens, and actual code you can copy-paste for your specific situation.

Why I Stopped Using Frameworks for Everything

Frameworks solve real problems but add complexity. Use them when they solve problems you actually have, not because they're trendy. Sometimes vanilla code is faster to write and maintain.