The average person reacts to a visual stimulus in about 250 ms. Where your score really sits, why the same person tests 50 ms slower on a laptop, sound vs. sight, the age curve, and what actually improves it.
Email lets any server claim to be any sender, so mailbox providers demand proof. What each of the three DNS records actually checks, how they interlock, and the misconfigurations behind most deliverability pain.
Most RAG failures are retrieval failures, and most retrieval failures start at chunking. Fixed-size vs. structure-aware vs. semantic chunking, sensible size and overlap defaults, and how to evaluate.
A QR code is just a 2D barcode holding text, usually a URL, with heavy error correction. How the modules encode data, why a torn or logo'd code still scans, and the real risk: quishing.
"Unexpected token" tells you something broke, not what. The handful of mistakes behind almost every JSON parse error — trailing commas, single quotes, BOMs, big integers — with the one-line fix for each.
Picking the wrong image format bloats pages and drags down Core Web Vitals. A practical decision guide: lossy vs lossless, transparency, when WebP and AVIF win, and how much compression actually saves.
#7c3aed, rgb(124 58 237) and hsl(258 83% 58%) can all be the same colour. What each CSS format encodes, why HSL is the one you can tweak by hand, where alpha fits, and the newer perceptual oklch.
Embeddings turn text into vectors so machines can compare meaning. Why cosine similarity is the metric of choice, and how it powers semantic search and RAG.
Tokens aren't words, and you're billed per token. Why code and emoji cost more, how history compounds your bill, and how to estimate cost before you ship.
A TLS certificate is just signed metadata binding a public key to a name. How to read the fields that matter — subject, SAN, issuer, validity, key usage — and spot the red flags (expired, wrong host, self-signed, SHA-1).
The 6-digit code is never sent to you. How TOTP works: a shared secret, an HMAC of the current time, why codes rotate every 30 seconds, and how it compares to SMS and passkeys.
Slacking or emailing a password leaves it in logs forever. Share one safely without a vault: the two-channel rule, encrypt-then-send, and what never to do.
A plain hash of a request body proves nothing. Why webhook verification needs HMAC (a keyed hash), the end-to-end flow, and the constant-time comparison that keeps it safe.
A JWT is signed, not encrypted, so anyone can read the payload. How the three parts work, why alg:none gives only the illusion of security, the classic attacks, when cookies beat JWTs for sessions, and how to validate safely.
UUIDv4 is random; UUIDv7 is time-ordered. Why random UUIDs fragment a B-tree index, how v7 fixes it, and a decision table for v4 vs v7 vs auto-increment.
The real math behind password strength: entropy in bits, realistic guess rates, why a memorable passphrase beats symbol-soup, and a table of crack times.
The building blocks that cover 90% of regex, the greedy-vs-lazy gotcha, capture and named groups, copy-paste recipes (email, URL, date, slug), and the ReDoS pitfall.
Seconds since 1970 UTC. The seconds-vs-milliseconds trap, why you store UTC and format on display, the Year 2038 overflow, and how to get epoch time in any language.
Base64 is reversible encoding with no key, so it hides nothing. How the 3-bytes-to-4-chars trick works, why it exists, the 33% size cost, and what to use for secrecy.
A practical guide to IBM DataPower Gateway's REST management API: its structure, key resources, and curl examples for creating, reading and updating configuration.