visitor@0x.run:~$ ./whoami --verbose
// independent engineering field notes
Build systems that hold up.
Clear, unglamorous explanations of the infrastructure, protocols, and design decisions behind software that has to survive production.
$ cat focus.txt
- 01 reliable systems & failure modes [ops]
- 02 databases & data integrity [data]
- 03 protocols & the web [net]
- 04 security & operations [sec]
70 field notes 0 paywalls ∞ useful details always learning
$ ls -lt ~/field-notes
# the archive
Zero-Downtime Deployments: Rolling, Blue-Green, and Canary6m
Rolling updates are efficient, blue-green makes switching and rollback simple, and canaries limit the blast radius with real traffic. Every strategy still needs readiness checks, graceful draining, backward-compatible data changes, capacity headroom, and automated rollback signals.
2026-07-02How Containers Actually Work: Namespaces, cgroups, and Layers6m
Containers share the host kernel. Namespaces change what processes can see, cgroups limit and measure resources, capabilities and seccomp reduce privileges, and overlay filesystems assemble image layers. Images are immutable inputs; the writable container layer is disposable.
2026-06-25Backpressure: How Fast Systems Avoid Drowning in Work5m
Every queue must be bounded. When downstream work is saturated, slow producers, limit concurrency, reject excess requests, or shed low-priority work. Measure queue depth and age; scaling helps only when the true bottleneck can accept more throughput.
2026-06-18Secrets Management Beyond .env Files6m
Store secrets in a dedicated manager, authorize workloads by identity, prefer short-lived credentials, cache them only briefly, and design dual-key rotation. Encryption at rest does not fix broad access, leaked logs, or credentials that never expire.
2026-06-11Distributed Tracing with OpenTelemetry: Finding the Slow Service5m
A trace is a tree of timed spans joined by propagated context. Auto-instrument common libraries, add manual spans around domain operations, record low-cardinality attributes, and preserve trace IDs in logs and queues. Sampling controls cost but must retain errors and slow traces.
2026-06-04Consistent Hashing: Scaling Caches Without Remapping Every Key6m
Modulo hashing couples every key to the server count. Consistent hashing places keys and many virtual node tokens on a ring, so adding or removing a server moves only nearby ranges. Use replicas for availability and monitor real load because even balanced key counts can hide hot keys.
2026-05-28Health Checks Done Right: Liveness, Readiness, and Startup5m
Liveness answers whether a restart can help. Readiness answers whether this instance should receive traffic. Startup protects slow initialization. Keep liveness shallow, make readiness reflect essential local capability, secure detailed diagnostics, and test failure behavior.
2026-05-21B-Trees vs LSM Trees: How Databases Choose Between Reads and Writes6m
B-trees keep sorted pages and are strong for point reads and range scans. LSM trees buffer writes, flush immutable sorted files, and compact them later, favoring heavy write workloads. Neither is universally faster; workload, cache, compaction, and durability settings decide.
2026-05-14API Timeouts: Deadlines, Cancellation, and Why Defaults Fail5m
Set explicit connect, response-header, body, and overall deadlines. Give downstream calls less time than the caller has left, propagate cancellation, and stop work after clients disconnect. A retry must fit inside the original request budget.
2026-05-07Database Deadlocks: Why They Happen and How to Stop Them6m
Deadlocks happen when transactions acquire the same locks in different orders. The database aborts one transaction to break the cycle. Keep transactions short, lock rows in a consistent order, index updates correctly, and retry the entire aborted transaction with a limit.
2026-04-30Docker Networking: Bridge, Host, Ports, and Container DNS5m
On a user-defined bridge, containers reach each other by service name and container port. Published ports expose a container through the host. Bind databases to 127.0.0.1 when only the host needs access, avoid hardcoded container IPs, and debug from both sides of the network boundary.
2026-04-23Linux Signals: What SIGTERM, SIGKILL, and SIGHUP Actually Do5m
SIGTERM asks a process to stop and can be handled; SIGKILL stops it immediately and cannot. SIGINT comes from Ctrl-C, SIGHUP often triggers reload, and SIGCHLD reports child changes. Handle shutdown signals, forward them to children, and reserve kill -9 for stuck processes.
2026-04-16HTTP Compression: gzip, Brotli, and the Bytes You Shouldn't Compress5m
Compress HTML, CSS, JavaScript, JSON, SVG, and other text. Skip tiny responses and formats already compressed. Prefer Brotli for static assets, keep gzip as a fallback, send Vary: Accept-Encoding, and never mix secrets with attacker-controlled text in compressed responses.
2026-04-09Database Connection Pooling: The Settings That Actually Matter5m
Reuse database connections instead of opening one per request. Keep pools bounded, set acquisition and query timeouts, release clients in finally blocks, and size the total across every app instance—not per process in isolation.
2026-04-03File Uploads Done Right6m
Upload directly to object storage (S3/R2) using presigned URLs—don't route files through your server. Validate type by magic bytes, not extension. Enforce size limits at the load balancer. Process async.
2026-04-01How Git Actually Works Internally6m
Git stores everything as objects (blobs, trees, commits, tags) identified by SHA-1 hash. Branches are just files containing a commit hash. Merges combine DAG nodes. Once you see the object model, git becomes predictable.
2026-03-30Writing CLI Tools in Go6m
Go makes great CLIs: single binary, fast startup, easy cross-compile. Use cobra or flag package for arguments, os.Exit for error codes, and goroutines for parallelism. Structure for testability from the start.
2026-03-25How TLS and HTTPS Actually Work6m
TLS authenticates the server via certificates signed by a trusted CA, then uses asymmetric crypto to establish a shared symmetric key, then encrypts all traffic with that key. The handshake takes one round trip in TLS 1.3.
2026-03-20SSH Tips Every Developer Should Know5m
SSH config files eliminate repetitive flags. Jump hosts chain connections through bastions. Port forwarding tunnels any TCP traffic. Use Ed25519 keys. Set ControlMaster for connection reuse.
2026-03-15Bloom Filters: Fast Membership Testing With Zero False Negatives5m
A bloom filter uses multiple hash functions and a bit array to test set membership. False positives are possible; false negatives are not. Use them when you need fast 'definitely not in set' checks at massive scale.
2026-03-10TCP vs UDP: When to Actually Use Each5m
TCP guarantees delivery and order at the cost of latency. UDP is fast and lossy—use it when you control retries or can tolerate loss. Most apps use TCP. Games, video, DNS use UDP.
2026-03-05How DNS Actually Works5m
DNS is a distributed hierarchy of servers. Your OS checks cache, then asks a resolver, which walks the tree from root → TLD → authoritative server. TTL controls caching. Understanding this saves hours of debugging.
2026-02-22OAuth 2.0 Explained Without the Jargon6m
OAuth 2.0 lets users grant apps access to their data without sharing passwords. Use Authorization Code flow for web apps, PKCE for SPAs and mobile, Client Credentials for server-to-server. Never store tokens in localStorage.
2026-02-21Zero-Downtime Database Migrations6m
Zero-downtime migrations use backward-compatible steps. Add columns nullable first. Deploy code that handles both schemas. Backfill data in batches. Add constraints. Never rename or drop in one step—use expand and contract.
2026-02-20Feature Flags: Ship Code Without Breaking Things6m
Feature flags are runtime toggles that control what code runs. Use them for gradual rollouts, A/B tests, kill switches, and beta access. Store in Redis or database, not config files. Kill switches save production incidents.
2026-02-19The JavaScript Event Loop Isn't Magic6m
JavaScript runs on a single thread with an event loop. Synchronous code runs to completion. Async callbacks wait in queues. Microtasks (Promises) run before macrotasks (setTimeout). Blocking the call stack freezes everything.
2026-02-18Postgres Full-Text Search: Skip Elasticsearch for Most Apps5m
PostgreSQL full-text search uses tsvector and tsquery. Index with GIN indexes. Use ts_rank for relevance, websearch_to_tsquery for user input, and pg_trgm for fuzzy matching. Handles millions of records well with no extra infrastructure.
2026-02-17HTTP Caching Headers: Cache-Control Explained5m
Cache-Control headers tell browsers and CDNs how long to store responses. Use max-age for static assets, no-cache for HTML, private for user data, immutable for versioned files. ETags enable conditional requests that skip downloading unchanged content.
2026-02-16Webhooks: How to Build Reliable Event Delivery5m
Webhooks are HTTP POST requests triggered by events. Verify signatures to prevent spoofing. Return 200 immediately, process async. Retry with exponential backoff. Store delivery logs. Use queues for reliability.
2026-02-15ACID Transactions: What They Actually Mean in Practice7m
ACID guarantees that database operations are Atomic (all or nothing), Consistent (rules enforced), Isolated (concurrent transactions don't interfere), and Durable (committed data survives crashes). Without transactions, concurrent writes corrupt data.
2026-02-14Graceful Shutdown: Why Your App Crashes on Deploy6m
Graceful shutdown drains in-flight requests before stopping. Catch SIGTERM, stop accepting new connections, wait for active requests to finish, then exit. Without it, every deploy drops requests and breaks transactions.
2026-02-13WebSockets in Production: Handling Disconnects and Scaling10m
WebSockets enable real-time bidirectional communication. Handle reconnection with exponential backoff. Use heartbeats to detect dead connections. Scale with Redis pub/sub. Store connection state. Close connections properly.
2026-02-12Docker Multi-Stage Builds: From 1.2GB to 100MB9m
Multi-stage builds use multiple FROM statements. Build stage has compilers and tools. Final stage has only runtime dependencies. Result: 10x smaller images, faster deploys, fewer vulnerabilities. Copy artifacts between stages.
2026-02-11Debouncing vs Throttling: When to Use Each9m
Debouncing waits until user stops (search input). Throttling limits rate (scroll handler). Debounce = last call wins. Throttle = regular intervals. Use debounce for user input, throttle for continuous events.
2026-02-10Regular Expressions: The 10 Patterns You Actually Use9m
Learn 10 regex patterns: email, URL, phone, credit card, password strength, whitespace, special chars, numbers, dates, and file extensions. Test on regex101.com. Use named groups. Avoid catastrophic backtracking.
2026-02-09Date and Time: Common Pitfalls and How to Fix Them9m
Always store dates in UTC. Display in user's timezone. Never use new Date() for parsing. Avoid date math with native Date. Use date-fns or Luxon. ISO 8601 for serialization. Timezones are hard - libraries handle them.
2026-02-08Retrying Failed Requests: Exponential Backoff Explained11m
Retry failed requests with increasing delays: 1s, 2s, 4s, 8s. Add jitter to prevent thundering herd. Stop after max retries. Exponential backoff handles transient failures and rate limits gracefully.
2026-02-07Building a Simple In-Memory Cache with TTL11m
Cache = store expensive results in memory. Add TTL to expire old data. Use LRU to limit memory. Check cache before expensive operations. 10x-100x speed improvement for repeated data.
2026-02-06Message Queues: RabbitMQ vs Redis vs SQS13m
Use RabbitMQ for complex routing and guaranteed delivery. Use Redis for simple, fast queues. Use SQS for managed, scalable queues on AWS. All handle async tasks - choose based on complexity, scale, and infrastructure.
2026-02-05Load Testing: Finding Your Breaking Point Before Users Do11m
Load test before launch. Use k6 or Artillery to simulate traffic. Test realistic scenarios, not just homepage. Find your breaking point. Monitor CPU, memory, database connections. Fix bottlenecks before users find them.
2026-02-04XSS Attacks Explained: How to Prevent Cross-Site Scripting12m
XSS happens when user input is rendered as HTML/JavaScript. Escape all output. Use textContent not innerHTML. Sanitize HTML with DOMPurify. Enable Content Security Policy. React/Vue escape by default - don't use dangerouslySetInnerHTML.
2026-02-03SQL Injection: How It Happens and How to Prevent It13m
SQL injection happens when user input goes directly into SQL queries. Never concatenate user input into SQL. Use parameterized queries, prepared statements, or ORMs. Validate input. Escape output. Test with SQLMap.
2026-02-02Image Optimization: CDN, Lazy Loading, and Modern Formats12m
Use WebP/AVIF for 30-50% smaller files. Lazy load images below the fold. Serve responsive images with srcset. Use a CDN for fast delivery. Compress before upload. Modern formats + lazy loading = 70% faster loads.
2026-02-01The N+1 Query Problem: How to Detect and Fix It14m
N+1 queries happen when you fetch records in a loop - 1 query becomes 1000. Detect with query logging and APM tools. Fix with eager loading, joins, or batching. 100x performance improvement is common.
2026-01-31Logging in Production: What to Log, What to Skip12m
Use structured logging with levels. Log requests, errors, and key events - not sensitive data or debug spam. JSON format for aggregation. Keep performance impact under 5%. Fix log leaks before they become breaches.
2026-01-30Environment Variables: Stop Hardcoding Configuration10m
Never commit secrets to Git. Use .env files locally, environment variables in production. Validate config on startup. Use dotenv for Node.js, never hardcode credentials.
2026-01-29REST API Error Handling: The Right Way13m
Use proper HTTP status codes. Return consistent error format with code, message, and details. Log errors server-side. Never expose stack traces to clients.
2026-01-28API Versioning: URL vs Header vs Query Parameter12m
URL versioning (/v1/users) is simplest and most discoverable. Header versioning is cleaner but harder to use. Start with URL versioning, only use headers if you have a strong reason.
2026-01-27Pagination: Offset vs Cursor Explained with Benchmarks13m
Offset pagination is simple but slow on large datasets. Cursor pagination is fast and consistent. Use offset for small datasets, cursor for anything over 100k rows.
2026-01-26JWT vs Sessions: When to Use Each for Authentication13m
Sessions are simpler and more secure for traditional web apps. JWTs work better for APIs and microservices. Sessions require server state, JWTs don't. Pick based on your architecture, not hype.
2026-01-25Background Jobs and Queues: Stop Blocking Your API11m
Never block API responses with slow operations. Use job queues for emails, image processing, reports. Bull with Redis is simple and reliable. Process jobs in workers, not request handlers.
2026-01-24Caching Strategies: When to Use Redis, CDN, or In-Memory12m
Caching makes apps fast. Use in-memory for single servers, Redis for distributed systems, CDN for static assets. Implement cache-aside for most use cases, write-through for consistency.
2026-01-23Rate Limiting Algorithms Explained with Code14m
Rate limiting prevents API abuse. Token bucket is most flexible, fixed window is simplest, sliding window is most accurate. Implement in-memory for single servers, Redis for distributed systems.
2026-01-22Git Worktree: Work on Multiple Branches Simultaneously10m
Git worktree creates multiple working directories from one repository. Check out different branches side-by-side without stashing. Faster than multiple clones, cleaner than branch switching.
2026-01-21Database Indexes Explained: The Only Guide You Need14m
Indexes make queries fast by avoiding full table scans. But too many indexes slow down writes. Use EXPLAIN to identify slow queries, add indexes on WHERE/JOIN columns, and avoid indexing everything.
2026-01-20SQLite for Production: Not Just a Development Database11m
SQLite can handle 100k+ requests/second and terabytes of data. For read-heavy apps, single-server deployments, and edge computing, it's simpler and faster than Postgres. Know when to use it.
2026-01-19What Goes Around Comes Around: Why Database History Keeps Repeating8m
Every few years, a new database paradigm claims it will kill SQL and relational databases. But they always end up adding SQL interfaces and relational features. History keeps repeating itself.
2026-01-18Server-Sent Events: The WebSocket Alternative Nobody Uses10m
SSE is simpler than WebSockets for one-way server-to-client updates. Built into browsers, works over HTTP, automatic reconnection. Use WebSockets only when you need bidirectional communication.
2026-01-17Your Startup Doesn't Need Microservices10m
Microservices add operational complexity that small teams can't afford. Monoliths are faster to build, easier to debug, and simpler to deploy. Split services when you have a reason, not because it's trendy.
2026-01-16Why I Write SQL Instead of Using ORMs10m
ORMs hide complexity that eventually bites you. Raw SQL is explicit, performant, and easier to debug. Use ORMs for CRUD, write SQL for anything complex.
2025-10-03Building a Tiny URL Shortener in 30 Lines of Go6m
Build a complete URL shortener in 30 lines of Go using only stdlib. Generates short codes, handles redirects, stores in memory - perfect learning project.
2025-10-01Why Minimalist Tools Win: Lessons from Unix Philosophy5m
Unix philosophy teaches us that simple, focused tools that do one thing well often outlast complex alternatives. Modern examples like grep, git, and curl prove this approach still works.
2025-09-29UUID v7: The New UUID That Actually Makes Sense7m
UUID v7 puts timestamps at the beginning, making database indexes happy. I saw 3x better insert performance and 50% smaller indexes after migrating. Here's how and when to switch.
2025-09-27CORS Errors: Every Fix That Actually Works8m
CORS errors are never quite the same. Here's every fix I've used in production, why each error happens, and actual code you can copy-paste for your specific situation.
2025-09-25Why I Stopped Using Frameworks for Everything8m
Frameworks solve real problems but add complexity. Use them when they solve problems you actually have, not because they're trendy. Sometimes vanilla code is faster to write and maintain.
2025-09-23From JSON to MsgPack: Why Binary Formats Matter6m
Binary formats like MsgPack are 20-50% smaller than JSON and much faster to parse. Use for high-performance APIs, mobile apps, and data storage.
2025-09-21Why Rust Is Eating the World (and Where It Won't)7m
Rust excels in systems programming, WebAssembly, and infrastructure tools, but struggles with rapid prototyping, data science, and mobile development.
2025-09-19WebAssembly in 2025: How to Run Code Directly in the Browser6m
WebAssembly lets you run compiled languages like C, Rust, and Go in browsers at near-native speed. Perfect for performance-critical apps, games, and computational tasks.
2025-09-1715 Essential Linux One-Liners for Developers6m
Master these 15 Linux command combinations to handle logs, find files, process data, and monitor systems like a pro. Copy-paste ready with explanations.
2025-09-15What Does "0x" Mean in Programming, Crypto, and Everyday Tech?4m
0x is the universal prefix for hexadecimal numbers — a compact, human-friendly way to represent binary values used in code, memory addresses, crypto wallets, and even CSS color codes.
Nothing indexed for that query
Try a broader term like database, http, or docker.