The Toolsy blog

Deep-dive technical writing on the standards behind the tools — JWT, email authentication, cron expressions, and more. Written by developers, for developers.

Practical guides · May 20, 2026 · 13 min read

WCAG color contrast: the practical guide

A working guide to color contrast in 2026. What WCAG 2 actually measures, why it's flawed, what APCA does differently, CSS strategies that work, and the patterns that fail accessibility audits.

AccessibilityDesignCSS Read article →

Practical guides · May 19, 2026 · 15 min read

HTTP status codes: which one to use, with examples

A working guide to which HTTP status code to return in which situation — the 25 codes you'll actually use, when to use 401 vs 403, when to use 409 vs 422, and the error-response patterns worth following.

HTTPAPI design Read article →

Practical guides · May 18, 2026 · 14 min read

Base64, URL-encoding, and friends: when each one is right

A working tour of the eight encodings developers hit weekly. Base64 vs Base64URL, percent-encoding vs form-encoding, HTML entities vs JSON escapes, quoted-printable vs hex. Which one is right for which job — and the bugs that come from mixing them up.

EncodingWebPractical Read article →

Practical guides · May 17, 2026 · 13 min read

Regex: the parts that matter and the parts you can skip

A working guide to regex features you actually need in production. Catastrophic backtracking, ReDoS, when not to use regex (HTML, email validation, balanced parens), and the differences between regex flavors that bite you.

RegexPractical Read article →

Standards explained · May 16, 2026 · 14 min read

JWT, deeply: what every developer gets wrong about JSON Web Tokens

A complete walkthrough of how JWTs actually work, what HS256 vs RS256 means in practice, the alg=none attack, when to use a JWT vs a session cookie, and the most common mistakes in production deployments.

AuthSecurity Read article →

Practical guides · May 15, 2026 · 12 min read

How DNS resolution actually works (and why propagation takes so long)

Tracing what happens when you visit a domain, where every cache lives, why "DNS propagation" can take 48 hours, the TTL-lowering playbook for clean migrations, and how to verify changes from outside your local cache.

DNSInfrastructure Read article →

Standards explained · May 14, 2026 · 15 min read

JSON Schema in practice: what every developer should know

A working tour of JSON Schema features that solve real problems. The seven types, additionalProperties:false, formats, $defs/refs, if/then/else, composition. The 20% of the spec you'll use 80% of the time.

JSONValidationAPI design Read article →

Standards explained · May 12, 2026 · 18 min read

SPF, DKIM, DMARC: a working setup, explained line by line

Email authentication finally made clear. Why all three exist, how they interact, the 10-lookup SPF trap, how to roll out DMARC without breaking your mail, and what changed with Gmail/Yahoo's 2024 bulk-sender rules.

EmailDNSDeliverability Read article →

Standards explained · May 8, 2026 · 11 min read

Cron expressions: every edge case in one place

The day-of-month/day-of-week OR trap, time-zone behavior across Linux/AWS/GitHub Actions, what happens during DST, Quartz vs standard cron, and how to safely schedule jobs that run exactly when you mean them to.

SchedulingDevOps Read article →

Want to suggest a topic?

We pick topics where we have deep technical opinions and where a definitive reference is missing or scattered. Email hello@toolsy.website if there's a topic you'd like us to cover.