TechEarl

Building the web since 2000

Field notes on shipping real systems.

Practical writing on PHP, MySQL, Linux, WordPress, security and the weird corners of the web, by one engineer who's been shipping them for over two decades.

Share this siteCopied
Latest

Fresh from the desk

A five-year-old Dr Pepper fan site built on Gatsby, why Gatsby stopped being a safe bet, and how I rebuilt it on Next.js 16 without losing the parts that worked.

The Joke Domain That Outlived Gatsby

Five years ago I bought a domain about a coworker's Dr Pepper habit. Here is what building it in Gatsby, then rebuilding it on Next.js 16, taught me about side projects that outlive their framework.

WordPress

Empower your web dreams, one block at a time

Thousands of hits to admin-ajax.php are usually WordPress Heartbeat and plugins, not an attack. How to read the action parameter and the fix that does not break your site.

admin-ajax.php High Traffic: Attack or Normal?

Thousands of hits to wp-admin/admin-ajax.php are almost always your own site: WordPress Heartbeat and plugins, not a DDoS. How to read the action parameter, when it is a real attack, and why blocking the file breaks your site.

Database

Unleash the power of your data universe

MongoDB Schema Design: Embedding vs Referencing

When to embed related data as subdocuments and when to reference it by _id in MongoDB. The 16 MB document limit, $lookup joins, access patterns, and the established schema-design patterns.

What Column Type Should a Password Be in MySQL?

The column type for a password in MySQL is VARCHAR(255). You store the encoded output of a slow password hash (bcrypt, argon2id, scrypt), never a raw MD5 or SHA-256, and you never query the table by password.

How to Store an Argon2 Password Hash in MySQL

Store an Argon2id password hash in MySQL or MariaDB the right way: VARCHAR(255), never a fixed-width column. The encoded format, why its length varies, computing it in PHP / Python / Node, OWASP parameters, and a worked users schema.

Linux

Freedom to innovate, power to perform

How to Turn Bluetooth On or Off From the macOS Command Line

Toggle Bluetooth on or off from the macOS terminal with blueutil: blueutil -p 1 / -p 0 / -p toggle, read the current state, list paired devices, and connect or disconnect by address. The reliable route now that Apple removed the old defaults hacks.

DevOps

Automate, integrate, accelerate your success

Git Aliases That Actually Save Time

A curated set of git aliases worth keeping: st, lg, last, unstage, amend, undo. How to set them with git config, where they live in ~/.gitconfig, and when you need a shell alias (the ! prefix) instead of a plain one.

JavaScript

Building tomorrow's web, today

Modern JavaScript Array Methods: at, flat, toReversed, and groupBy

The array methods worth reaching for in modern JavaScript: at() for negative indexing, flat(Infinity), the copying toReversed/toSorted/toSpliced/with that fix the mutation trap, and the corrected grouping API (Object.groupBy, not the Array.prototype.group that never shipped).

CSS

Style with purpose, design with passion

Run a JavaScript callback when a CSS transition or animation ends with transitionend and animationend, filter by propertyName, handle bubbling, and use the Web Animations API finished promise.

Run JavaScript When a CSS Animation or Transition Ends

Fire a JavaScript callback when a CSS transition or animation finishes, using the transitionend and animationend events. The propertyName filtering, the bubbling trap, the cases where the event never fires, and the modern Web Animations API promise alternative.

background-repeat: round and space (Tile Without Clipping)

Stop background-repeat clipping the last tile. round rescales tiles so a whole number fits; space keeps tile size and distributes the gaps. Plus the two-value round space syntax for separate horizontal and vertical control.

Security

Protecting digital assets, ensuring peace of mind

Crack bcrypt with hashcat -m 3200, understand why it is thousands of times slower than MD5, what the cost factor does to crack time, and the only attack that makes sense.

How to Crack a bcrypt Hash (and Why It's So Slow)

bcrypt is the hash you mostly cannot crack, and that is the point. I cover the hashcat command (-m 3200), why bcrypt is deliberately glacial, how the cost factor multiplies crack time, realistic GPU expectations, and the only attack worth running against it. Tested on hashcat 7.1.2.

How to Crack an MD5 Hash with Hashcat

MD5 is the easy case: fast, unsalted, and broken for passwords, which makes it the perfect place to learn cracking. I cover the hashcat command, salted MD5 variants, why MD5 decrypt sites are not what they claim, and why MD5 has no business storing a password. Tested on hashcat 7.1.2.

How to Crack NTLM Hashes with Hashcat

NTLM is the hash behind Windows and Active Directory passwords, and it is fast and unsalted, which is why a password audit cracks weak ones in seconds. I cover the hashcat command, where the hashes come from, realistic crack times, and the NetNTLMv2 distinction. Tested on hashcat 7.1.2.

How to Crack a WPA/WPA2 Wi-Fi Password with Hashcat

How to recover your own WPA/WPA2 Wi-Fi password: capture the handshake or PMKID, convert it to the hashcat 22000 format, and crack it with a wordlist. I cover the full toolchain, realistic expectations for this slow hash, and why WPA3 resists the whole approach. Lab use only. Tested on hashcat 7.1.2.

Hardware

Powering innovation through silicon

PHP

Building robust backends, delivering reliable solutions

Catch and Route Your Own 404s in WordPress

Intercept requests that would 404 in WordPress on template_redirect, then resolve them to real content with status_header(200), 301 to the right URL with wp_safe_redirect(), or let them fall through. A fallback router for dynamic and legacy slugs you cannot enumerate.

RegEx

Master patterns, unlock possibilities

The top 5 online regex testers for 2026: Regex101, RegExr, RegexPlanet, Debuggex, and Rubular, compared by regex flavor support, real-time matching, debugging features, and who each one is best for.

Top 5 Online Regex Testers for 2026

The five online regex testers I actually use, ranked: Regex101, RegExr, RegexPlanet, Debuggex, and Rubular. What each is good at, where each falls short, and which flavor each one supports.

How to Use Regex in Nginx (location and rewrite)

Use regex in Nginx with location blocks and the rewrite directive: how location modifiers and matching priority work, why return beats rewrite for redirects, and copy-paste config for HTTPS, www, trailing slashes, 301s, clean URLs, and access blocking.

How to Use Regex in .htaccess (Apache mod_rewrite)

Use regex in .htaccess with Apache mod_rewrite: how RewriteRule and RewriteCond patterns work, the per-directory quirk that breaks everyone, and copy-paste rules for HTTPS, www, trailing slashes, 301s, clean URLs, and access blocking.

Humor

Take a break, laugh out loud: Your ultimate web joke collection!

Experiences

Real stories, real insights: Where tech meets life

AI

Tools that think, write, and ship code with you

The Agentic Browsing audit is live in PageSpeed Insights. Paste your URL to get a score, then pass the accessibility tree, CLS, and llms.txt checks. Full rule-by-rule guide.

How to Pass the PageSpeed Agentic Browsing Audit

The Agentic Browsing audit is now live in Google PageSpeed Insights, no Chrome Canary needed. Paste your URL, read the fractional score, and pass every check that says whether AI agents can read and act on your site.

AI for WordPress Agency Operations: The Playbook

The agency-ops playbook for AI: proposals, SOWs, onboarding documents, SOP creation, meeting summaries, status reports, internal documentation. Where the per-hour gain is highest, and the rules that keep client trust intact.

AI for WordPress Content Teams: The Playbook

The content-role playbook for AI on WordPress sites: outlines and briefs, article refreshes, title generation, format conversion, fact-check passes, content QA at scale. Plus the strict rules on what stays human-written end to end.

AI for WordPress Developers: The Playbook

The developer-role playbook for AI on WordPress projects: ACF scaffolding, plugin/theme debugging, WP-CLI orchestration, code review, migration scripts, Figma-to-component, and the senior-review discipline that keeps quality high.

Network

DNS, packets, and the wires between

Run sudo iftop -i eth0 to see bandwidth per connection in real time. The interface flag, -n and -P for readable output, the 2s/10s/40s rate columns, BPF filter syntax, and how iftop differs from nload.

iftop: See Bandwidth by Connection in Real Time

sudo iftop -i eth0 shows a live, per-connection bandwidth table: which host pairs are moving traffic and at what rate. The interface flag people forget, the -n and -P switches that make the output readable, the 2s/10s/40s columns, the filter syntax, and when nload or iftop is the right tool.

nload: Watch Live Network Bandwidth in the Terminal

The nload command draws a live graph of incoming and outgoing bandwidth per interface, right in the terminal. Install it, run nload, switch interfaces with the arrow keys, and read the In/Out, Avg, and Max numbers. The -m multi-interface view, the -u/-U unit flags, the refresh interval, and where iftop and nmap fit instead.

Nmap Command Examples: Scan Hosts, Ports, and Services

Practical nmap command examples I reach for: host discovery, the default port scan, service and version detection, OS fingerprinting, scoped scans with timing control, and the scripting engine, with notes on when each one needs root.

Speed Up a Linux Server With TCP BBR

Switch to TCP BBR congestion control with two sysctl lines and a reboot-safe config file. The throughput it buys you on lossy long-haul links, the fq qdisc it needs, the kernel version that ships it, and when CUBIC is still the right default.

Cheat Sheets

Single-page references for the tools I reach for

ffmpeg cheat sheet: -c copy stream copy, -ss/-to/-t trim, scale and crop filters, -vn audio extract, palettegen/paletteuse for high-quality GIFs, libx264/libx265/libsvtav1 with -crf and -preset, setpts and atempo speed, concat demuxer, subtitles, and common-error fixes.

The ffmpeg Command Cheat Sheet

A scannable ffmpeg reference: convert containers, stream-copy without re-encoding, trim and cut, resize and crop, extract or replace audio, high-quality GIFs with palettegen, x264/x265/AV1 quality with -crf and -preset, change speed, concat, subtitles, and the fixes for the errors you actually hit.

Docker Cheat Sheet

The Docker commands I actually use, grouped by job: images, container lifecycle, run flags, exec and logs, build, networks, volumes, Compose, registry, and the prune/inspect commands for keeping a host clean.

AWS S3 cp and sync Cheat Sheet: Copy, Move, and Sync Files with the CLI

A scannable AWS S3 CLI reference: aws s3 cp, sync, mv, rm, ls; recursive uploads and downloads; --exclude / --include filters; storage classes (STANDARD_IA, GLACIER, INTELLIGENT_TIERING); SSE encryption (AES256, aws:kms); --dryrun safety; the trailing-slash gotcha; concurrency tuning via max_concurrent_requests and multipart_chunksize; cross-account profiles.