Understand
the machine.
Illustrated walkthroughs of the systems that carry the web: packets, storage, schedulers, scale, and trust. Each one comes with a simulator where you can try the parts yourself.
Start here.
DNS, how names resolve
From your resolver all the way out to the root.
The TLS handshake
How two machines come to agree upon a secret.
OAuth 2, the flows
Authorization code, PKCE, client credentials — when each one fits.
Kafka, as a river
Topics, partitions, and why offsets — not timestamps — are the truth.
The wire.
How packets actually travel.
The TLS handshake
How two machines come to agree upon a secret.
SNI, the name in the clear
How one IP serves a thousand certificates — and what ECH does about the hostname everyone can read.
HTTP, the shape of it
Request, response, and every version that tried to make it faster.
DNS, how names resolve
From your resolver all the way out to the root.
The TCP handshake
SYN, SYN-ACK, ACK — and what each bit is for.
WebSockets
Full-duplex over HTTP — upgrade, frames, keepalive.
K8s networking
Pod network, Services, CNI, Ingress — the layers explained.
VPC networking
Subnets, route tables, NAT gateways, transit.
NAT traversal
Why peer-to-peer is hard and how STUN/TURN help.
BGP, the glue
Internet routing between autonomous systems — in plain prose.
Storage & state.
Persistence, in order.
Database indexing
B-tree, hash, and covering indexes — picked apart.
Write-ahead logging
Why every durable store writes the log first.
ACID transactions
The four letters, the four isolation levels, and the anomalies each permits.
Hash tables
Open addressing vs chaining, resize, load factor.
Ring buffers
Wait-free queues for one producer and one consumer.
Kafka, as a river
Topics, partitions, and why offsets — not timestamps — are the truth.
Redis internals
Single-threaded, in-memory, durable when it has to be.
Concurrency & runtimes.
How work gets scheduled.
Garbage collection
Mark-and-sweep, generational, concurrent — without the fog.
Memory allocation
Stacks, heaps, arenas, and why fragmentation matters.
Event loops
Single-threaded concurrency — queues, microtasks, I/O.
Thread pools
Work-stealing, bounded queues, backpressure.
Go channels
Buffered, unbuffered, select — CSP in practice.
At scale.
When one box is not enough.
HTTP caching
Where each layer — browser, CDN, app, database — earns its keep.
CDN anatomy
PoPs, anycast, cache keys, origin shielding.
Message queues
Push, pull, fan-out, dead-letter. A practical taxonomy.
Realtime communication
Polling, SSE, WebSockets, WebRTC — when each fits.
API gateways
Routing, auth, rate limits, and where they belong.
Reverse proxies
Nginx, Envoy, HAProxy — what they actually do.
Load balancing
Layer 4 vs 7, algorithms, health checks, session affinity.
Autoscaling
Horizontal, vertical, cluster — and the metrics that drive each.
Service discovery
DNS, registries, meshes — how services find services.
Identity & trust.
Who you are, and how we know.
Platform & operators.
The plumbing under the apps.
Theory & algorithms.
The underlying moves.
Distributed IDs
UUID, ULID, Snowflake, Sonyflake — which for which.
Max-flow
Ford–Fulkerson, augmenting paths, min-cut.
Graph routing
Dijkstra, A*, Bellman–Ford — when each is right.
The Internet, a journey
The seven phases that carry a packet from browser to origin.
Reading progressions
Three paths through the guides, ordered by concept dependency. Follow one end-to-end, or jump in wherever the gap is.
Start at the transport layer and climb to the application. Each guide builds on the one before it.
Storage, consensus, and the reliability patterns that production systems rely on.
How modern auth systems are built on top of HTTPS, tokens, and open standards.
Decisions
come next.
Guides teach how the machine works. The Handbook teaches which piece to pick, covering caching strategies, scaling patterns, and design exercises.
Open the handbook →