Guides
Clear, practical explanations of the concepts behind our tools — subnetting, JWTs, password hashing, encoding and more. 32 guides and counting.
Network & IP
- What Is a Subnet? CIDR Notation Explained Subnets and CIDR notation explained in plain English — what /24 really means, how masks work, and how to divide a network without the headache. 7 min read
- IPv4 vs IPv6: What's the Difference? Why the internet is slowly moving from IPv4 to IPv6 — the address exhaustion problem, what actually changed, and how the two run side by side. 7 min read
- What Is an IP Address? What an IP address is and how it routes your traffic — public vs private, static vs dynamic, and why your phone and your router don't share the same one. 6 min read
- Subnetting Cheat Sheet: CIDR, Masks & Host Counts A no-fluff subnetting reference: the CIDR-to-mask-to-hosts table, the powers-of-two shortcut, and the boundaries people always get wrong. 5 min read
Crypto & Encoding
- What Is a JWT and How Does It Work? How JSON Web Tokens really work — the header, payload and signature, what signing proves, and the security mistakes that bite teams. 8 min read
- What Is Base64 Encoding? (And Why It's Not Encryption) Base64 turns binary data into safe text — but it is not encryption. Here's how it works, why it grows your data by a third, and when to reach for it. 6 min read
- HMAC Explained: How Webhook Signatures Work How HMAC proves a message came from who you think it did — the mechanism behind Stripe and GitHub webhook signatures, and how to verify them safely. 6 min read
- MD5 vs SHA-1 vs SHA-256: Which Hash Should You Use? MD5 and SHA-1 are broken — but not for the reason most people think. Here's what each hash is for, why collisions matter, and which to actually use. 6 min read
- URL Encoding Explained (Percent-Encoding) Why spaces become %20 and ampersands become %26 — percent-encoding explained, plus the encodeURI vs encodeURIComponent decision that causes so many bugs. 6 min read
- Hexadecimal Explained: Why Programmers Use Hex Why 0xFF beats 11111111: how hexadecimal works, its clean mapping to bytes, and where you'll meet it — colors, addresses, hashes and more. 6 min read
- What Is a Hash Function? What a hash function actually does, the properties that make it useful, and the difference between a cryptographic hash and a hash for storing passwords. 6 min read
- Encoding vs Encryption vs Hashing: What's the Difference? Three words that get mixed up constantly — and confusing them causes real security bugs. Here's the clear distinction, with examples of each. 6 min read
- JWT vs Session Cookies: Which Auth Should You Use? Stateless tokens or server-side sessions? The real trade-offs between JWTs and session cookies — scalability, revocation, and the security gotchas of each. 7 min read
- HMAC vs Digital Signatures: What's the Difference? Both prove a message wasn't tampered with — but only one proves who sent it to a third party. The difference between HMAC and digital signatures. 6 min read
Passwords & Secrets
- Bcrypt vs SHA-256: Why You Don't Hash Passwords with SHA SHA-256 is fast — which is exactly why it's the wrong way to store passwords. Here's why bcrypt (or Argon2) wins, and how salting and cost factors work. 7 min read
- How to Create a Strong Password (and Why Length Wins) Forget swapping letters for symbols. Here's what really makes a password strong — entropy, length, uniqueness — and the simple system that beats memorising rules. 6 min read
- What Is a UUID? v4 vs v7 Explained What a UUID actually guarantees, why collisions are a non-issue, and why v7 is quietly replacing v4 for database keys. 6 min read
- What Is HTTP Basic Authentication? The simplest way to password-protect a page — and its big caveat. How Basic Auth works, why HTTPS is mandatory, and where it fits. 6 min read
- What Is an API Key? (And How to Keep It Secret) What an API key actually is, how it differs from a password or token, and the handful of habits that keep one from leaking into a breach headline. 6 min read
- What Is Two-Factor Authentication (2FA)? Why a password alone isn't enough — how 2FA works, the difference between SMS codes, authenticator apps and hardware keys, and which to choose. 6 min read
- What Is a Salt in Password Hashing? Why two people with the same password should never have the same hash — what a salt is, how it stops rainbow tables, and how it differs from a pepper. 5 min read
Compliance & Risk
- What Is GDPR? Fines and Compliance Basics GDPR in plain English: who it covers, the rights it grants, the two fine tiers (up to 4% of turnover), and where to start. Educational, not legal advice. 7 min read
- What Is Ransomware? How Attacks Work and What They Cost How ransomware actually works, why the ransom is often the smallest cost, and the handful of defenses that make the biggest difference. 7 min read
- What Is a Data Breach? Causes, Costs and Response What counts as a data breach, the causes behind most of them, why the true cost dwarfs the headline fine, and how to prepare before one happens. 7 min read
- Security ROI: How to Justify a Security Budget How to turn 'we should invest in security' into a number leadership respects — the ROSI model, with the inputs and pitfalls explained. 6 min read
DevOps Utilities
- Unix Timestamps Explained: Epoch, Seconds vs Milliseconds Epoch time, demystified: what the number really means, the seconds-vs-milliseconds bug that bites everyone, and why timestamps have no timezone. 6 min read
- 301 vs 302 Redirects: Which to Use (and Why It Matters for SEO) 301 or 302? The wrong choice can quietly tank your SEO. Here's what each redirect means, when to use it, and the chain mistakes to avoid. 6 min read
- Cron Syntax Cheat Sheet: How to Read Cron Expressions Stop guessing what a cron line does. A quick, practical reference to the five fields, the special characters, and the schedules you'll actually write. 6 min read
- JSON vs YAML: When to Use Each JSON and YAML describe the same data in very different styles. Here's how they compare, the YAML traps to watch for, and which to reach for when. 6 min read
- Regex Basics: A Beginner's Guide to Regular Expressions Regular expressions look like line noise until you learn the handful of building blocks. Here's the beginner's path, with examples you can test as you go. 8 min read
- What Is the CSV Format? Delimiters, Quoting & Pitfalls CSV looks trivial until a comma appears inside a value. Here's how the format really works — delimiters, quoting rules, and the gotchas that corrupt data. 6 min read
- How Binary Works: Binary Numbers Explained Why computers count in 1s and 0s, how to read a binary number, and how to convert to and from decimal — the foundation under bits, bytes and hex. 6 min read