Notes from the workbench.
Practical guides on the things developers debug every day, written alongside the tools.
SPF, DKIM, and DMARC explained: the three records that keep your email out of spam
How the three email authentication records work together, what each one proves, and the order to set them up so mail from your domain actually gets delivered.
DMARC Record GeneratorUnix timestamps and epoch time explained: seconds, milliseconds, and the 2038 problem
What a Unix timestamp actually counts, why some are ten digits and some are thirteen, how time zones fit in, and the gotchas that cause off-by-1000 and off-by-a-lifetime bugs.
Timestamp ConverterCIDR notation and subnetting explained: what /24 actually means
How to read CIDR notation, work out how many addresses a subnet holds, find the network and broadcast addresses, and stop guessing when you write a firewall or VPC rule.
IPv4 Subnet CalculatorUnderstanding chmod and Unix file permissions: what 755 and 644 actually mean
How Unix permissions are structured, how to read and write the octal numbers behind chmod, and the safe defaults for files, scripts, directories, and SSH keys.
Chmod CalculatorHow to format JSON without uploading it anywhere
Most online JSON formatters upload what you paste. Here is how to format and validate JSON locally, why it matters for secrets, and how to verify nothing leaves your browser.
JSON Formatter & ValidatorHow TOTP authenticator codes work: the math behind the 6 digits
Why the codes in Google Authenticator and Authy change every 30 seconds, how the server verifies them offline, and what the QR code you scan actually contains.
TOTP Code GeneratorURL encoding explained: why spaces become %20 and when you need it
What percent-encoding is, which characters are reserved, the difference between encodeURI and encodeURIComponent, and how to stop breaking query strings and redirects.
URL Encoder & ParserConvert YAML to JSON and back: the rules that trip people up
YAML and JSON map onto each other, mostly. The gotchas: indentation, types, the Norway problem, anchors, and multi-document files, with how each one converts.
YAML ↔ JSON ConverterHow to debug webhooks: see what Stripe, GitHub, and others actually send
Webhook integrations fail silently because you cannot see the request. Here is how to capture and inspect real webhook payloads before writing your handler.
Webhook InspectorCORS errors explained: why your API request works in curl but fails in the browser
The request works in curl and Postman but the browser says CORS error. What CORS actually is, why it exists, and how to fix it on the server.
API TesterHow to read an SSL certificate: subject, SAN, chain, and expiry
What the fields in a TLS certificate mean, how the chain of trust works, why the SAN matters more than the common name, and how to catch the problems before your users do.
SSL CheckerWhen to use SHA-256 vs HMAC vs bcrypt
Three things people reach for interchangeably and should not. What a hash, a MAC, and a password hash each guarantee, and which to use for integrity, authentication, and storing passwords.
Hash GeneratorWhat is actually inside a JWT, and why you can read it without the secret
JSON Web Tokens look like random strings but they are readable by anyone. What the three parts contain, what the signature does, and what JWTs cannot do.
JWT DecoderHow strong is your password really? Entropy explained
Password strength is not about symbols, it is about entropy. How entropy is calculated, why length beats complexity, and what crack-time estimates actually mean.
Password Strength AnalyzerGenerate TypeScript types from JSON: stop hand-writing interfaces
Why turning a real API response into TypeScript interfaces beats writing them by hand, how optional and nullable fields are inferred, and where generated types still need a human.
JSON to TypeScriptWhat every HTTP status code actually means
A practical guide to HTTP status codes by class: when to send each common one, the ones people misuse (401 vs 403, 400 vs 422), and what clients should do with them.
HTTP Status CodesHow to safely share logs and API keys in a bug ticket
Pasting logs into a ticket leaks tokens, emails, and internal hosts. How to redact sensitive values consistently before you share, and what attackers do with what leaks.
Encrypt / Decrypt TextcamelCase, snake_case, kebab-case, PascalCase: which goes where
A practical guide to the naming conventions you meet daily, why each ecosystem settled on its own, and how to convert between them without introducing bugs.
Case Converter & SlugifyReading a user-agent string: a field-by-field guide
User-agent strings look like noise but follow a pattern. How to read browser, engine, OS, and device out of one, and why they are full of legacy lies.
User-Agent ParserJSON to CSV: turn an API response into a spreadsheet
How to convert a JSON array into clean CSV for Excel or Sheets, including the escaping rules and what happens to nested objects and missing fields.
JSON ↔ CSV ConverterHow to fix "Unexpected token" JSON errors
Unexpected token errors mean your JSON breaks one of five rules. Here is how to find the exact character that breaks parsing and fix it fast.
JSON Formatter & ValidatorGenerate QR codes that never leave your browser
Most QR generators send your URL to a server and some add tracking redirects. How client-side QR generation works and why it matters for private links.
QR Code GeneratorOpen Graph tags: how to control how your links look when shared
The handful of meta tags that decide the title, description, and image when your page is shared on Slack, X, LinkedIn, and iMessage, plus the image rules that actually matter.
Open Graph Meta GeneratorMarkdown to HTML: a practical reference
The Markdown syntax that converts cleanly to HTML, the parts that vary between flavors, and how to preview the rendered output as you write.
Markdown PreviewerCron expressions explained with 12 real examples
Cron syntax in five minutes: what each field means, 12 copy paste examples from every minute to quarterly, and the day-of-week trap everyone hits.
Cron GeneratorUUID v4 vs v7: which should you use for database keys?
Random UUIDs fragment database indexes, time ordered ones do not. When v4 is fine, when v7 is better, and why auto increment integers still have a place.
UUID & Token GeneratorRegex lookahead and lookbehind, explained simply
Lookarounds let a regex check what comes before or after a match without consuming it. The four types, real examples, and when not to use them.
Regex TesterDNS records explained: A, AAAA, CNAME, MX, TXT, and NS
What each DNS record type does, how to check them, and how to debug the classic problems: propagation delays, wrong CNAMEs, and failing email.
DNS LookupWCAG color contrast: what AA and AAA actually require
The contrast ratios WCAG requires for text, what counts as large text, which elements are exempt, and how to check your colors in seconds.
Color Converter & Contrast CheckerBase64 is not encryption: what it is and when to use it
Base64 hides nothing. What encoding actually does, where Base64 shows up in web development, and the security mistakes it causes.
Base64 Encode / Decode