All Architectures
Network communication architectures organized by category
โ๏ธ Request-Response
โก Real-time / Persistent
WebSocket
Bidirectional Real-time Communication
A full-duplex communication protocol that maintains a TCP connection after an HTTP handshake, allowing the server and client to freely exchange messages
SSE (Server-Sent Events)
ServerโClient Unidirectional Stream
A method where the server streams events unidirectionally to the client while maintaining an HTTP connection, using text/event-stream format
GraphQL Subscription
Real-time Events Based on GraphQL Schema
A pattern where clients subscribe to specific events via GraphQL subscription type, and the server automatically delivers updates when data changes
๐ Event-Driven
Webhook
HTTP Callback on Event Trigger
A reverse API call pattern that sends an HTTP POST request to a pre-registered URL when an event occurs
Publish-Subscribe
Asynchronous Communication via Message Broker
A pattern where when a Publisher publishes a message to a topic, the message is delivered to all Subscribers who have subscribed to that topic
Message Queue
Asynchronous Task Processing via Queue
A point-to-point asynchronous communication pattern where a Producer enqueues messages and a Consumer dequeues and processes them in order
๐ก Sensing / IoT
How Does Location Sensing via WiFi CSI Work?
Using Physical Layer Data of WiFi Signals Like Radar
Technology that analyzes WiFi signal CSI (Channel State Information) to detect human position, movement, breathing, and heartbeat without cameras. Extracts millimeter-level spatial information from amplitude and phase changes of each subcarrier
What Your Bluetooth Devices Reveal About You
How Life Patterns, Location, and Behavior Are Tracked Through BLE Signals Alone
Just having Bluetooth on continuously broadcasts MAC address, device name, manufacturer, BLE service UUIDs, etc. A single Raspberry Pi can reveal nearby people's commute patterns, delivery arrival times, and when homes are empty
๐งฉ Runtime / Execution
How Does WebAssembly (WASM) Work?
Run C++/Rust/Zig Code at Native Speed in the Browser
WebAssembly (WASM) compiles code written in C++, Rust, Zig, etc. into bytecode that runs at near-native speed in the browser. Enables high-performance computations impossible in JavaScript (image/video processing, 3D rendering, terminal parsers) on the web
Making WASM a First-Class Language on the Web
Component Model: Calling Web APIs Directly Without JS Glue
Since its 2017 launch, WASM has been a "second-class citizen" on the web โ unable to directly access DOM/console and other Web APIs, always requiring JS glue code. Mozilla's proposed Component Model uses WIT to declare APIs and enables direct calls without JS, elevating WASM to a first-class execution environment in the browser
WebGPU โ How Browsers Access the Local GPU Directly
Successor to WebGL โ Vulkan/Metal/DX12-level low-level GPU API arrives in the browser
WebGPU is a browser-built-in JavaScript API that lets web pages access local GPU hardware directly. It succeeds WebGL and maps to Vulkan/Metal/DirectX 12 per OS.
๐ DNS / Domain
How Does DNS Domain Configuration Propagate?
What actually happens when you configure a domain on sites like onamae.com
DNS (Domain Name System) is the internet's phone book that translates domain names (e.g., example.com) to IP addresses (e.g., 93.184.216.34). When you configure a domain on a registrar like onamae.com, it propagates hierarchically through root servers โ TLD servers โ authoritative nameservers to become accessible worldwide
Why Does Nameserver Change Take 24-72 Hours?
The real reason NS changes propagate slowly and the caching structure at each level
Unlike simple DNS record changes, nameserver changes require cache updates at the TLD (.com/.net) level. Since TLD NS records typically have a 48-hour TTL and ISP resolvers cache them, it takes 24-72 hours for changes to propagate worldwide
How Does DNS-PERSIST-01 Work?
Eliminating Repeated Validation with Let's Encrypt's Persistent DNS Auth Records
Solves the DNS-01 limitation of changing DNS TXT records for every Let's Encrypt certificate issuance. Set CA account info in _validation-persist. TXT record once, then reuse for subsequent issuance/renewal
What Does It Take to Become a DNS Provider Like onamae.com?
From ICANN Accreditation to Anycast Infrastructure โ Behind the Scenes of a Domain Registrar
Becoming a DNS provider (registrar) like onamae.com requires ICANN accreditation, Anycast DNS networks, EPP protocol implementation, WHOIS/RDAP databases, DDoS protection, and large-scale infrastructure with regulatory compliance
Domain Purchase Flow
From TLD Selection to Renewal Management โ Every Step of Buying a Domain
Domain purchase follows TLD selection, WHOIS availability check, registrar choice, registration (contact info + WHOIS Privacy), initial DNS setup, and renewal management. Comprehensive guide covering domain lifecycle, premium domain market, and domain theft prevention
How Free HTTPS Services Work
How Let's Encrypt, Cloudflare, and ACM provide free certificates
Dissecting the core principles behind free HTTPS services: ACME protocol, domain validation, CA trust chain, and TLS handshake
Notable DNS Outage Incidents
Major DNS failures that broke the internet and lessons learned
Analyzing major DNS-related incidents including Dyn DDoS, Facebook BGP outage, and Fastly failure, with practical lessons for preventing single points of failure
๐ How It Works
How Does ngrok Work?
Exposing Local Servers to the Internet via Reverse Tunnel
ngrok is a tunneling service that exposes local development servers via public URLs. The ngrok client on your PC opens an outbound connection to ngrok cloud, and external traffic is forwarded to your local server through that tunnel
How Does Slack Socket Mode Work?
Receiving Events via Outbound WebSocket Without Webhooks
A method for Slack Bots to receive events without a public URL. The Bot server opens a WebSocket connection to Slack first, then Slack pushes events through that connection. Works behind firewalls
How Does ChatGPT Streaming Work?
Real-time Token-by-Token Response Delivery via SSE
The secret behind ChatGPT displaying answers character by character. The OpenAI API streams generated tokens instantly via SSE (Server-Sent Events), and the client receives them one by one to render on screen
How Do GitHub Webhooks Work?
git push โ HTTP POST โ CI/CD Trigger
When events like code push or PR creation occur on GitHub, an HTTP POST is sent to a pre-registered URL to automatically trigger external systems (CI/CD, Slack notifications, etc.)
How Does Sidekiq Work?
Redis-based Background Job Queue System
A system for offloading heavy tasks (email sending, image processing, etc.) to the background in Rails. The web process enqueues jobs to a Redis queue, and Sidekiq worker processes dequeue and process them asynchronously
How Does WebRTC Work?
Direct Video/Audio/Data Transfer Between Browsers
Technology for video calls, screen sharing, and file transfer between browsers without a central server. After exchanging connection info via signaling server, P2P direct connection is established through NAT using STUN/TURN
How Does MCP Work?
An Open Protocol Connecting AI Models with External Tools in a Standardized Way
MCP (Model Context Protocol) is an open protocol that connects AI models (LLMs) with external tools and data sources in a standardized way. When a Host (Claude, etc.) connects to an MCP Server via a Client, the Server exposes external systems like DB, files, and APIs to the AI
MCP Transport: stdio vs Streamable HTTP
The Difference Between Local Development and Cloud SaaS Deployment
MCP supports two official transports: stdio (local) and Streamable HTTP (remote/SaaS). Streamable HTTP, introduced in March 2025, enables SaaS vendors to deploy MCP servers to the cloud with access for multiple clients
How Does tmux Work?
Session Persistence & Splitting with a Terminal Multiplexer
tmux is a terminal multiplexer that manages multiple sessions in a single terminal. With a server-client architecture, sessions persist even when SSH connections drop, and you can reattach later
How Does Vercel Subdirectory Reverse Proxy Work?
Consolidating External Server Content Under a Next.js Domain Subdirectory for SEO Authority
Reverse proxy from negabaro.com (Vercel/Next.js) routing /blog/* paths to external servers like Rails (DigitalOcean) or Jekyll (GitHub Pages). Users see a single domain while content is rendered on separate servers. SEO authority is consolidated to the main domain via canonical/robots.txt/absolute asset URLs regardless of backend tech stack
How Docker Containers Work
From Linux namespaces to macOS support and GPU โ a decade of technical evolution
Docker, launched in 2013, isolates processes without VMs using Linux namespaces. Behind the CLI lies decades of systems research, and it adopted a library VMM architecture for macOS/Windows support.
Keploy โ How eBPF Intercepts Traffic to Auto-Generate API Tests
The transparent proxy pattern where eBPF silently rewrites connect() destinations at kernel level
Wrap your app with keploy record, and eBPF redirects all outbound connection destinations to a local proxy at kernel level. The app is unaware. The proxy parses traffic per protocol and extracts test cases + mocks as YAML.
๐๏ธ System Design
Good System Design โ The Best Design Is Invisible
State management, DB design, caching, events, and failure recovery โ the power of proven simplicity
Good system design doesn't look complex. When people say "that part just works" and nothing breaks for a long time, that's success. Minimizing stateful components and using proven simple structures is what matters.
Collaboration Is Bullshit โ The Few Build, the Many Meet
Brooks's Law, the Ringelmann Effect, and how collaboration tools mask diffusion of responsibility
Most real output in organizations comes from a minority. Tech prescribed "collaboration" as the fix, but what actually grew was coordination overhead, not output. What's really needed isn't collaboration infrastructure โ it's individual ownership and accountability.
When Test Code Becomes the New Moat
In the AI era, the real asset is the test suite, not the code
We're in an era where AI can ship a competing product in a week by training on docs and tests alone, without ever reading the code. Code isn't a moat anymore. The real asset is a test suite that covers tens of thousands of edge cases.
๐ฌ FFmpeg
FFmpeg โ The Swiss Army Knife That Has Powered Media for 25 Years
Architecture, codec abstraction, filter graphs, hardware acceleration โ dissecting FFmpeg internals
FFmpeg is an open-source multimedia framework capable of decoding, encoding, transcoding, and streaming virtually every media format. Started by Fabrice Bellard in 2000, it's been under active development for over 25 years. YouTube, Netflix, Meta, VLC, OBS โ FFmpeg runs wherever media is processed.
Meta's FFmpeg at Scale โ Tens of Billions of Executions Per Day
Ditching the internal fork, multi-lane parallel encoding, real-time quality metrics, and custom ASICs
Meta runs FFmpeg tens of billions of times daily. After years on an internal fork, they collaborated with the FFmpeg community to upstream multi-lane parallel encoding and real-time quality metrics, fully retiring their fork. Their custom ASIC (MSVP) integrates through FFmpeg's standard hardware API.
FFmpeg Version History โ What Changed from 6.0 to 8.1
Multithreading refactoring, Vulkan codecs, expanded hardware acceleration, and 8.1 "Hoare"
A rundown of major changes from FFmpeg 6.0 through 8.1. Meta-driven multithreading refactoring (6.0-8.0), Vulkan hardware codecs, in-loop decoding, and the latest 8.1 "Hoare" with xHE-AAC, D3D12, and Rockchip encoding.
๐ฑ Cross-Platform
Sparkling โ TikTok's Cross-Platform Infrastructure
Production framework for running real apps on the Lynx engine
TikTok open-sourced the infrastructure layer they built to run the Lynx engine at production scale in their own apps. Just as React Native needs Expo, running real apps on Lynx requires build pipelines, native bridges, and navigation. Sparkling fills that gap.
Lynx โ TikTok's Cross-Platform UI Engine
Write like React, render natively
Lynx is a cross-platform UI rendering engine released by TikTok. Write code using web technologies (React-like syntax) and it renders native Android/iOS screens. Similar position to React Native, but differentiated by having its own rendering pipeline battle-tested in TikTok production.
๐ค Agentic AI
Agentic AI โ Anatomy of Autonomous Agents
How LLMs use tools, make decisions, and iterate
Agentic AI goes beyond LLMs simply generating text โ it's a system where LLMs plan, call tools, and iteratively execute toward goals. The difference between a "chatbot" and an "agent" is autonomy. Chatbots answer questions; agents take actions toward goals on their own.
Agent Loop โ Anatomy of the Execution Loop
A single while loop is all an agent is
The essence of an agent is "running an LLM in a loop." Not a single call, but a cycle: get tool results, pass back to LLM, LLM decides next action. How you design this loop determines agent quality.
Tool Use Pattern โ Giving LLMs Hands and Feet
How LLMs interact with the outside world through function calls
LLMs can only generate text. To read files, call APIs, or query databases, they need "tools." Tool Use tells the LLM what functions are available and lets it call them when needed.
Ralph Wiggum Loop โ When Agents Repeat the Same Mistake
"I'm in danger" โ causes and fixes for agents stuck in loops
When an agent repeats the same fix for the same error, burning tokens with zero progress. Named after the Simpsons meme where Ralph Wiggum sits blankly saying "I'm in danger." The most common and costly anti-pattern in AI agent development.
Human-in-the-Loop โ When Humans Should Intervene
Full autonomy vs appropriate intervention โ finding the balance
Full automation is convenient, but irreversible actions (data deletion, production deploy, payments) need human confirmation. Human-in-the-Loop is the pattern for designing "when to ask a human."
๐ง Harness Engineering
What is a Harness?
From test runners to AI agents โ the system that wraps and controls a target
Harness is not an AI-specific concept. It originally comes from Test Harness in software engineering โ the entire execution environment that wraps and controls a target. Whether it's an AI harness or a test harness, the principle is the same: the system wrapping the target matters more than the target itself.
Harness Engineering vs Prompt Engineering
Writing good prompts and building good execution environments are different things
Prompt Engineering is about telling the model "what to do" well. Harness Engineering is about designing "the environment the model runs in." Same prompt, different harness โ completely different results.
Guardrails Design โ Stopping Models Before They Go Wrong
Building safe harnesses with input filters, output validation, and action limits
Models output probabilistically. Right 9 out of 10 times, wrong once. Guardrails prevent that one time from exploding in production. Guardrails go at input, execution, and output stages.
Eval Pipeline โ How to Measure Harness Quality
Gut feeling loses โ automated evaluation systems are essential
Changing the harness is meaningless if you don't know whether it improved or degraded. An eval pipeline quantitatively measures the effect of harness changes. Benchmarks like SWE-bench and HumanEval are just types of eval pipelines.
Context Window Management โ Strategy for Finite Memory
Even with 1M tokens, how you fill it matters
The context window is the model's "working memory." Even as it grows, it's not infinite โ performance varies by what goes in and in what order. One of the harness's core roles is efficiently managing this limited space.
Orchestration Patterns โ How to Compose Model Calls
When one call isn't enough, how do you chain multiple calls?
Complex tasks don't finish with one model call. Orchestration is deciding in what order and under what conditions to execute multiple model calls. Agent loops in Agentic AI, RAG, code generation pipelines โ all orchestration patterns.
gstack Anatomy โ Harness Engineering in Practice
The structure that let Garry Tan ship 600K lines with Claude Code in 60 days
gstack is a Claude Code skill pack released by Y Combinator CEO Garry Tan. 23 slash commands split one model into a team of role-based specialists. Same Claude, different harness. That's the power of harness engineering.
๐ Git
How Does Git Work Internally?
Blob, Tree, Commit โ The Three Git Objects
Git is a content-addressable filesystem. Every file, directory, and commit is stored as an object identified by a SHA-1 hash. Three object types โ blob (file), tree (directory), commit (snapshot) โ explain most of how Git works.
rebase vs merge: When to Use Which
The Trade-off Between Preserving and Linearizing History
merge combines two branches with a merge commit. rebase replays commits on top of a different base. merge preserves history as-is; rebase linearizes it. Rule of thumb: merge on shared branches, rebase on personal ones.
reset vs revert: Which One, When
Rewriting History vs Adding an Inverse Commit
reset moves the branch pointer back to a past commit. revert adds a new commit that undoes the target. Use reset on local-only work; use revert on commits you have already pushed.
Using git stash Properly
When You Need to Switch Branches Mid-Work
stash pushes uncommitted changes onto a temporary stack and cleans your working tree. Used for switching branches, cherry-picking, or responding to urgent bugfixes. Using stash instead of `checkout -- .` or `reset --hard` prevents accidentally losing changes.
Checking Out Multiple Branches Simultaneously with worktree
No Need to Clone the Repo Multiple Times
git worktree lets you check out the same repository into multiple directories on different branches. No need to clone multiple times, and since the .git directory is shared, disk usage stays low. It shines when you want to keep working on another branch while a long build runs.