DEV Community: zhihu wu

UUIDs in Practice — When Auto-Increment Falls Short

zhihu wu — Fri, 29 May 2026 13:05:09 +0000

Most of us learned databases with auto-increment IDs. id INT AUTO_INCREMENT is in every tutorial. It works — until it doesn't.

The Case for Auto-Increment

Auto-increment integers are fast, small (4 bytes), and naturally ordered. For a single-database app with one writer, they're perfect. But real systems rarely stay that simple.

Where Auto-Increment Fails

Distributed writes. When you have multiple API servers writing to the same database, auto-increment creates a bottleneck. Someone has to own the counter.

Multi-tenant databases. Merging data from different shards or regions? Integer ID collisions are guaranteed. You'll spend days resolving conflicts.

Data exposure. /api/users/1, /api/users/2... users and competitors can estimate your growth, user count, and order volume in minutes.

Offline-first apps. Can't generate IDs while disconnected if you need a central sequence. UUIDs work anywhere, anytime.

UUID v4: The Distributed-Friendly Default

UUID v4 generates 122 random bits via a cryptographically secure PRNG — no coordination needed. The collision probability is astronomically low (1 in 2.7×10^18). PostgreSQL handles them natively:

CREATE TABLE users (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  email TEXT NOT NULL
);

The 16-byte storage overhead is negligible for modern systems.

The Trade-off

UUIDs aren't sortable by insertion order and can fragment B-tree indexes. For write-heavy workloads, consider UUID v7 (time-ordered) or ULID. But for 95% of projects, v4 works fine.

Quick Tip

When setting up a new project, I generate a batch of UUIDs to copy into my seed files or test fixtures. There's a dead-simple generator at codetoolbox.pro/tools/uuid-generator — no signup, no uploads, all browser-side. Just set the count and go.

What do you use for primary keys in your projects?

How Loan Amortization Actually Works (and How to Save Thousands)

zhihu wu — Sun, 24 May 2026 13:03:25 +0000

Most developers understand compound interest for investments. But with debt — mortgages, auto loans, student loans — the same math works against you.

The Formula Behind Every Loan Payment

Every fixed-rate loan uses this amortization formula:

M = P × [r(1+r)^n] / [(1+r)^n − 1]

M = monthly payment, P = principal, r = monthly rate (annual ÷ 12), n = total payments.

The intuition: this exact amount drives your balance to zero by the final payment.

The Front-Loading Trap

On a $250k mortgage at 6.5% over 30 years, your first payment is roughly 85% interest, 15% principal. By year 15 it's 50/50. In the final year, over 95% goes to principal.

This means every extra dollar toward principal early has an outsized effect. That $100 extra in month 1 saves you 359 months of interest on that $100.

Real Numbers

$250k at 6.5% / 30yr: $1,580/mo, total $568,861
Same at 15yr: $2,178/mo, total $392,069 → saves $176,792
$100/mo extra on 30yr: Saves ~$49k, pays off 4.5 years early

3 Simple Strategies

Bi-weekly payments: 26 half-payments = 13 full payments/year. Knocks ~5 years off a 30yr mortgage.
Round up: Pay $1,600 instead of $1,580. The $20 extra compounds.
Refi but keep old payment: When rates drop, keep paying the old amount. The difference is pure principal.

I built a free loan calculator with full amortization schedules and visual breakdowns. Runs in your browser, no signup.

Understanding amortization isn't just for homeowners — car loans, personal loans, any installment debt. The math is identical. The earlier you act, the more you save.

My 4-Step Regex Debugging Workflow (That Actually Saves Time)

zhihu wu — Thu, 21 May 2026 13:07:23 +0000

I've written hundreds of regular expressions over the years, and I still get them wrong on the first try. Here's the debugging workflow I've settled on that consistently gets me from "why isn't this matching" to "oh, that's why" in under a minute.

Step 1: Isolate One Pattern at a Time

The most common mistake I see (and make) is testing a monster regex all at once. If you're validating an email with a complex pattern and it's not working, break it down: test just the local part, then the domain, then combine them. This alone has saved me hours of staring at a wall of backslashes and brackets.

Step 2: Check Your Quantifier Greediness

This one bites everyone. A pattern like <.*> against "<div>hello</div>" matches the entire string, not just the opening tag. The fix: add ? to make it lazy — <.*?>. I can't count how many "my regex is broken" posts on Stack Overflow boil down to this. Whenever a pattern matches too much, my first instinct is to check for greedy quantifiers.

Step 3: Toggle the Flags

Flags change everything. hello matches "hello" — but add the i flag and hello now matches "HELLO", "Hello", and "hElLo". The ^ anchor matches the start of a string by default, but with the m (multiline) flag, it matches the start of each line. I often toggle the g (global) flag off during debugging to focus on the first match, then turn it back on to check all occurrences.

Step 4: Use a Real-Time Tester

This is the game-changer. Rather than write-test-rewrite cycles in my code editor, I use a live regex tester that highlights matches as I type. Seeing matches highlighted instantly — and seeing capture groups broken out individually — makes pattern bugs obvious in seconds. I use CodeToolbox Regex Tester because it runs entirely in the browser (no data uploads) and includes presets for common patterns like email, URL, and IPv4 to use as starting points.

The complete workflow takes less than a minute once it becomes habit: isolate → check greediness → toggle flags → test live. These four steps have saved me more debugging time than any regex cheatsheet ever has.

What's your go-to regex debugging trick? I'd love to hear what works for you in the comments.

5 Markdown Tricks Every Developer Should Know (That Aren't in the Cheat Sheet)

zhihu wu — Tue, 19 May 2026 13:06:43 +0000

We all know the basics: **bold**, *italic*, # Headings. But Markdown (especially GitHub Flavored Markdown) has some lesser-known tricks that can make your READMEs, docs, and PR descriptions much more polished. Here are five I use constantly.

1. Collapsible Sections with `<details>`

Got a long README? Hide secondary content behind expandable sections:

<details>
<summary>Click to see the full changelog</summary>

- v2.1: Added dark mode
- v2.0: Complete rewrite
- v1.0: Initial release

</details>

This renders as a clickable toggle. Perfect for changelogs, setup instructions, or verbose examples you don't want cluttering the main view. GitHub, GitLab, and most static site generators support this.

2. Auto-Linking to Headings

GitHub auto-generates anchor links for every heading. You can link to any section with a simple relative link:

See the [Installation](#installation) section for setup instructions.

The rule: lowercase everything, replace spaces with hyphens, remove punctuation. So ## API Reference (v2) becomes #api-reference-v2.

Bonus: This works across files too — [See docs](docs/API.md#authentication).

3. Task Lists in PR Descriptions

GFM supports interactive checkboxes:

- [x] Add unit tests
- [x] Update documentation
- [ ] Bump version number
- [ ] Deploy to staging

These render as actual checkboxes on GitHub Issues and PRs. Use them in PR templates to create a checklist the author can tick off before merging. They also show up in project boards as trackable items.

4. Escaping Backticks Inside Inline Code

Sometimes you need to show a literal backtick character inside inline code. The trick? Use double backticks as delimiters:

To display a variable, use `` `varname` `` in your template.

Renders as: To display a variable, use `varname` in your template.

The outer double-backtick pair lets you nest single backticks inside. Add a space before/after the inner backtick for readability.

5. Mermaid Diagrams in Fenced Code Blocks

Many platforms (GitHub, GitLab, Notion) support Mermaid diagrams directly in Markdown. Just use mermaid as the language tag:

```

mermaid
graph TD
    A[User] --> B[Login Page]
    B --> C{Valid?}
    C -->|Yes| D[Dashboard]
    C -->|No| E[Error Message]


```
```

`

This renders a flowchart directly in your README — no external tools, no image exports. Mermaid supports flowcharts, sequence diagrams, Gantt charts, class diagrams, and more.

---

## The Best Way to Learn? Preview in Real Time

The fastest way to get comfortable with Markdown is to see it render as you type. I use [CodeToolbox Markdown Preview](https://codetoolbox.pro/tools/markdown-preview.html) when drafting READMEs — it's free, runs entirely in the browser (nothing gets uploaded), and supports full GFM including tables, task lists, and syntax-highlighted code blocks.

What Markdown tricks do you use that aren't in the standard cheat sheet? Drop them in the comments 👇

How Base64 Actually Works (And Why Every Developer Should Know)

zhihu wu — Sat, 16 May 2026 13:13:13 +0000

Base64 encoding is one of those things every developer encounters but few bother to understand. You see it in JWT tokens, data URIs, email attachments — it's everywhere. But what actually happens when you encode something to Base64?

Why Base64 Exists

Computers work with binary — raw bytes. But many systems (email, JSON, HTML) are text-based and can't handle arbitrary binary data safely. Try stuffing raw image bytes into a JSON payload and you'll get corrupted data or parser errors.

Base64 solves this by converting any binary data into a string of 64 safe ASCII characters: A-Z, a-z, 0-9, +, and /. Every character represents exactly 6 bits, which means 3 bytes (24 bits) become 4 Base64 characters. If the input isn't a multiple of 3 bytes, = padding fills the gap.

Where You See It Every Day

JWT tokens: That long string after eyJ...? Base64-encoded JSON. The payload between the two dots decodes right back to readable claims.
Data URIs: data:image/png;base64,iVBORw0K... — inline images in CSS and HTML use Base64 to avoid extra HTTP requests.
HTTP Basic Auth: Authorization: Basic dXNlcjpwYXNz — that's literally username:password in Base64. (And no, it's not encryption — anyone can decode it.)
Email attachments (MIME): Every file attachment in email gets Base64-encoded for safe transport.

The Gotcha: Base64 vs Base64URL

If your Base64 string has - and _ instead of + and /, you're looking at Base64URL — a variant used in URLs and JWT tokens where + and / would cause problems. To decode Base64URL, swap - → + and _ → / first.

Base64 Is NOT Encryption

This trips up beginners constantly. Base64 provides zero security. It's encoding, not encryption — anyone can decode it in milliseconds. If you're storing passwords as Base64, you're storing them as plain text. Use bcrypt or Argon2 for that.

Try It Yourself

Understanding Base64 is one thing — being able to encode and decode it instantly is another. I built a free Base64 encoder/decoder that runs entirely in your browser. Paste text or upload a file, and it encodes to Base64 instantly. Paste a Base64 string and it decodes back. It also handles Base64URL, data URIs, and JWT payloads automatically.

No signup, no server uploads — everything stays on your machine. Give it a try next time you're debugging a JWT or embedding an icon in CSS.

6 Regex Patterns Every Developer Should Have Bookmarked

zhihu wu — Mon, 11 May 2026 13:10:46 +0000

I've lost count of how many times I've Googled "regex for email validation" at 11pm. So I finally wrote them down. Here are six patterns I use almost weekly — tested, commented, and ready to copy.

1. Extract URLs from text

/https?:\/\/[^\s"'<>]+/gi

Use this when scraping, cleaning user input, or pulling links out of a Slack dump. The [^\s"'<>]+ stops at whitespace or HTML delimiters instead of eating the rest of the line.

2. Match a valid IPv4 address

/\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b/

Ugly, yes. But it actually validates the range (0-255) instead of just matching \d+\.\d+\.\d+\.\d+ which would accept 999.999.999.999. Parse config files, extract IPs from logs — this one pays rent.

3. Strip HTML tags

/<[^>]*>/g

One-liner that removes everything between angle brackets. Not a full HTML parser (don't use it on nested malformed markup), but perfect for extracting plain text from simple HTML snippets or email bodies.

4. Match a CSS hex color

/#([a-fA-F0-9]{6}|[a-fA-F0-9]{3})\b/g

Catches both #FF5733 and #F53. I use this when auditing design tokens or writing a color-picker tool — it pulls every hex value out of a stylesheet in one pass.

5. Split a camelCase string into words

/([a-z0-9])([A-Z])/g  →  replace with $1 $2

myVariableName becomes my Variable Name. Useful for generating human-readable labels from code identifiers — I use it all the time when building admin panels from API field names.

6. Validate a reasonable email address

/^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/i

No, it doesn't implement RFC 5322. But it catches typos, missing @ signs, and empty domains — which is 99% of what you need on a signup form. For actual email verification, send a confirmation link.

I test all my patterns in this free Regex Tester before committing them — it highlights matches, shows capture groups, and has common presets. Saves me from alt-tabbing to a Node REPL every five minutes.

What's the one regex you keep copy-pasting? Drop it in the comments.

URL Encoding: The Developer's Swiss Army Knife You're Probably Using Wrong

zhihu wu — Sun, 10 May 2026 13:52:00 +0000

If you've built anything that touches the web, you've dealt with URL encoding. And if you're honest, you've probably Googled "encodeURI vs encodeURIComponent" at least five times this year. I know I have.

Here's the mental model that finally made it stick for me:

The TL;DR

encodeURI() = "I'm encoding a complete URL" → keeps structural chars like / ? & #
encodeURIComponent() = "I'm encoding ONE piece of data" → encodes EVERYTHING except A-Z a-z 0-9 - _ . ! ~ * ' ( )

When Things Go Wrong

Last week I spent an hour debugging a 500 error from a payment gateway. The culprit? I used encodeURI() on a query parameter that contained a # character. The browser interpreted everything after # as a fragment identifier and never sent it to the server. encodeURIComponent() would have caught it.

The 3 Rules I Now Live By

Query string values → ALWAYS encodeURIComponent(). No exceptions.
Full URLs → encodeURI(), but only if you're sure no component contains special chars.
When in doubt → encodeURIComponent(). Worst case: you encode too much. Best case: you avoid a bug.

Try It Yourself

Sometimes I just want to paste a gnarly URL and see what happens — especially when it's 200 characters long and I don't want to open DevTools. I built a free URL encoder/decoder that runs entirely in the browser. No uploads, no ads, no signup:

🔗 Free URL Encoder/Decoder

What URL encoding footgun have you stepped on? I'd love to hear your war stories in the comments.

URL Encoding: The Developer's Swiss Army Knife You're Probably Using Wrong

zhihu wu — Sat, 09 May 2026 14:51:15 +0000

URL Encoding: The Developer's Swiss Army Knife You're Probably Using Wrong

Here's the mental model that finally made it stick for me:

The TL;DR

encodeURI() = "I'm encoding a complete URL" → keeps structural chars like / ? & #
encodeURIComponent() = "I'm encoding ONE piece of data" → encodes EVERYTHING except A-Z a-z 0-9 - _ . ! ~ * ' ( )

When Things Go Wrong

The 3 Rules I Now Live By

Query string values → ALWAYS encodeURIComponent(). No exceptions.
Full URLs → encodeURI(), but only if you're sure no component contains special chars.
When in doubt → encodeURIComponent(). Worst case: you encode too much. Best case: you avoid a bug.

A Free Tool for When You're Lazy

What URL encoding footgun have you stepped on? I'd love to hear your war stories in the comments.

DEV Community: zhihu wu

UUIDs in Practice — When Auto-Increment Falls Short

The Case for Auto-Increment

Where Auto-Increment Fails

UUID v4: The Distributed-Friendly Default

The Trade-off

Quick Tip

How Loan Amortization Actually Works (and How to Save Thousands)

The Formula Behind Every Loan Payment

The Front-Loading Trap

Real Numbers

3 Simple Strategies

My 4-Step Regex Debugging Workflow (That Actually Saves Time)

Step 1: Isolate One Pattern at a Time

Step 2: Check Your Quantifier Greediness

Step 3: Toggle the Flags

Step 4: Use a Real-Time Tester

5 Markdown Tricks Every Developer Should Know (That Aren't in the Cheat Sheet)

1. Collapsible Sections with <details>

2. Auto-Linking to Headings

3. Task Lists in PR Descriptions

4. Escaping Backticks Inside Inline Code

5. Mermaid Diagrams in Fenced Code Blocks

How Base64 Actually Works (And Why Every Developer Should Know)

Why Base64 Exists

Where You See It Every Day

The Gotcha: Base64 vs Base64URL

Base64 Is NOT Encryption

Try It Yourself

6 Regex Patterns Every Developer Should Have Bookmarked

1. Extract URLs from text

2. Match a valid IPv4 address

3. Strip HTML tags

4. Match a CSS hex color

5. Split a camelCase string into words

6. Validate a reasonable email address

URL Encoding: The Developer's Swiss Army Knife You're Probably Using Wrong

The TL;DR

When Things Go Wrong

The 3 Rules I Now Live By

Try It Yourself

URL Encoding: The Developer's Swiss Army Knife You're Probably Using Wrong

The TL;DR

When Things Go Wrong

The 3 Rules I Now Live By

A Free Tool for When You're Lazy

1. Collapsible Sections with `<details>`