JR
james_r
Apr 20 · 8 min read
Understanding QUIC: why UDP is the future of web transport
TCP has served us well for decades, but its head-of-line blocking and slow handshake overhead are real costs at scale. QUIC sidesteps these entirely with a radical rethink built on UDP — and the performance gains on high-latency links are hard to argue with.
# Round trips to first byte of data
TCP + TLS 1.3 → SYN → SYN-ACK → ACK → ClientHello → ... = 2 RTT
QUIC → Initial + 0-RTT data immediately = 0-1 RTT
# Connection migration (e.g. wifi → LTE) — no reconnect needed
quic.connection_id → stable across network changes
tcp.{src_ip:port} → breaks on every network switch
networking
performance
protocol
♥ 248
◎ 31 comments
8 min read
JR
james_r
Apr 14 · 6 min read
TLS certificates demystified: from CA roots to leaf certs
Every HTTPS connection relies on a chain of trust you almost never think about. Here's how that chain actually works — from the root CA baked into your OS all the way down to the cert sitting on your server, and why Let's Encrypt changed everything.
# Inspect a live certificate chain
openssl s_client -connect example.com:443 -showcerts 2>/dev/null
# Check expiry date
openssl x509 -in /etc/letsencrypt/live/domain/fullchain.pem \
-noout -dates
# notBefore=Apr 20 00:00:00 2026 GMT
# notAfter=Jul 19 00:00:00 2026 GMT
# Auto-renewal via certbot (runs as systemd timer)
systemctl status certbot.timer
security
tls
devops
♥ 183
◎ 22 comments
6 min read
JR
james_r
Apr 8 · 5 min read
BBR congestion control: how Google's algorithm changed the internet
Traditional congestion control reacts to packet loss as a proxy for congestion. BBR instead builds a model of the network itself — bottleneck bandwidth and round-trip propagation time — and the throughput improvements on long-haul, high-latency links are dramatic.
# Enable BBR on Linux (Ubuntu 20.04+)
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
# Verify it's active
sysctl net.ipv4.tcp_congestion_control
# net.ipv4.tcp_congestion_control = bbr
lsmod | grep bbr
# tcp_bbr 20480 8
linux
networking
kernel
♥ 312
◎ 44 comments
5 min read
JR
james_r
Mar 31 · 7 min read
Nginx as a reverse proxy: the mental model you actually need
Most tutorials show you the config. Few explain the model. Once you understand how Nginx thinks about upstream servers, worker processes, and connection handling, the config stops looking like magic and starts looking obvious.
# Basic reverse proxy block
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
nginx
devops
linux
♥ 197
◎ 18 comments
7 min read