Toolkit.
38 guides · How it works

Understand
the machine.

Illustrated walkthroughs of the systems that carry the web. Each one pairs with a simulator where you can push on the parts yourself.

The wire.

How packets actually travel.

8 guides
12 min

The TLS handshake

How two machines come to agree upon a secret.

9 min

DNS, how names resolve

From your resolver all the way out to the root.

8 min

The TCP handshake

SYN, SYN-ACK, ACK — and what each bit is for.

7 min

WebSockets

Full-duplex over HTTP — upgrade, frames, keepalive.

9 min

K8s networking

Pod network, Services, CNI, Ingress — the layers explained.

9 min

VPC networking

Subnets, route tables, NAT gateways, transit.

7 min

NAT traversal

Why peer-to-peer is hard and how STUN/TURN help.

10 min

BGP, the glue

Internet routing between autonomous systems — in plain prose.

Storage & state.

Persistence, in order.

7 guides
11 min

Database indexing

B-tree, hash, and covering indexes — picked apart.

9 min

Write-ahead logging

Why every durable store writes the log first.

10 min

ACID transactions

The four letters, the four isolation levels, and the anomalies each permits.

8 min

Hash tables

Open addressing vs chaining, resize, load factor.

6 min

Ring buffers

Wait-free queues for one producer and one consumer.

11 min

Kafka, as a river

Topics, partitions, and why offsets — not timestamps — are the truth.

10 min

Redis internals

Single-threaded, in-memory, durable when it has to be.

Concurrency & runtimes.

How work gets scheduled.

5 guides
8 min

Garbage collection

Mark-and-sweep, generational, concurrent — without the fog.

9 min

Memory allocation

Stacks, heaps, arenas, and why fragmentation matters.

7 min

Event loops

Single-threaded concurrency — queues, microtasks, I/O.

8 min

Thread pools

Work-stealing, bounded queues, backpressure.

9 min

Go channels

Buffered, unbuffered, select — CSP in practice.

At scale.

When one box is not enough.

9 guides
9 min

HTTP caching

Where each layer — browser, CDN, app, database — earns its keep.

7 min

CDN anatomy

PoPs, anycast, cache keys, origin shielding.

8 min

Message queues

Push, pull, fan-out, dead-letter. A practical taxonomy.

9 min

Realtime communication

Polling, SSE, WebSockets, WebRTC — when each fits.

8 min

API gateways

Routing, auth, rate limits, and where they belong.

7 min

Reverse proxies

Nginx, Envoy, HAProxy — what they actually do.

9 min

Load balancing

Layer 4 vs 7, algorithms, health checks, session affinity.

8 min

Autoscaling

Horizontal, vertical, cluster — and the metrics that drive each.

7 min

Service discovery

DNS, registries, meshes — how services find services.

Identity & trust.

Who you are, and how we know.

2 guides
10 min

OAuth 2, the flows

Authorization code, PKCE, client credentials — when each one fits.

8 min

OpenID Connect

Identity on top of OAuth — the ID token, claims, discovery.

Platform & operators.

The plumbing under the apps.

3 guides
10 min

Containers

Namespaces, cgroups, OCI — what a container really is.

10 min

Kubernetes pod creation

From kubectl apply to a running container, with every hop named.

10 min

Git, from the inside

Blobs, trees, commits — the DAG that powers everything.

Theory & algorithms.

The underlying moves.

4 guides
7 min

Distributed IDs

UUID, ULID, Snowflake, Sonyflake — which for which.

8 min

Max-flow

Ford–Fulkerson, augmenting paths, min-cut.

8 min

Graph routing

Dijkstra, A*, Bellman–Ford — when each is right.

7 phases

The Internet, a journey

The seven phases that carry a packet from browser to origin.
Next
After the mechanics, the decisions.
The Handbook covers the judgement calls — caching strategies, scaling patterns, design exercises. Guides teach the machine; the Handbook teaches when to use it.
Open the Handbook →