Blog
Insights, tutorials, and updates from the Vectobox team.
Most 'Title Case' Buttons Are Wrong: What Chicago and AP Actually Require
Gone with the Wind or Gone With the Wind? Both are correct — it depends on whether you follow Chicago or AP. Most online converters uppercase every word and call it Title Case. Here is the four-style table that gets it right, and the zero-width regex that keeps XMLHttpRequest from becoming x_ml_http_request.
A Capital S in ls -l Means Your setuid Bit Is Doing Nothing
Run chmod 4655 file and ls -l prints -rwSr-xr-x — the capital S means setuid is set but dead, because the owner has no execute bit. Most online chmod calculators render it as lowercase s and never warn you. This one gets S/T right and parses symbolic syntax like u+x,go-w that almost no competitor touches.
4% to 5% Is +1 Point and +25% at the Same Time — the Percentage Trap Most Calculators Ship
An interest rate moving from 4% to 5% rose by 1 percentage point and by 25% relative — both true, measuring different things. This calculator puts pp and percent change side by side, and fixes three more errors most tools get wrong: a 50% drop needs a 100% gain to recover, 80 after 20% off comes from ÷0.8 = 100 not ×1.2 = 96, and markup 150% equals margin 60% on the same 60 of profit.
Most CVD Simulators Skip sRGB Gamma. That Makes Red Two Stops Too Dark.
Pure red (#FF0000) in sRGB has a linear-light value of 1.0, not 0.2126. Skip the IEC 61966-2-1 decode and Brettel 1997 protanopia returns #4F4F4F instead of #828282 — a relative-luminance error of about 6×. This simulator does the gamma decode through a 256-entry LUT, runs Brettel / Viénot / Machado in linear-light, and refuses to apply Viénot to tritanopia because the 1999 paper says so.
Math.random() is a PRNG. Your d100 Has Measurable Bias.
ECMA-262 §21.1.2.13 explicitly does not require Math.random to be a CSPRNG, and 2^32 mod 100 = 96, so Math.floor(Math.random() * 100) + 1 is biased toward faces 1-96 by 96 / 2^32 per roll. This roller uses crypto.getRandomValues + Lemire 2019 rejection sampling, and a live Pearson χ² histogram lets you flip the toggle off and watch the p-value collapse.
Your Subnet Calculator Says /31 Has 0 Usable Hosts. RFC 3021 Says 2.
Mainstream subnet calculators ship four documented errors: /31 reports 0 usable hosts instead of 2 (RFC 3021), /32 reports 0 or -1 instead of 1, IPv6 panels render a fictional broadcast address field (RFC 4291 §2.1: IPv6 has no broadcast), and IPv6 point-to-point guidance still recommends /31 instead of /127 (RFC 6164). This one calculates by the RFCs, not by the 1995 textbook.
Naegele's Rule Was Published in 1812. Your Due-Date Calculator Still Uses It Alone.
ACOG Committee Opinion 700 defines a 5-tier ultrasound-vs-LMP discordance table (5d / 7d / 10d / 14d / 21d) for redating an EDD. Top-ranked consumer due-date calculators apply LMP + 280 days and stop. This one computes both, picks per the threshold table, and uses Robinson-Fleming CRL with the BMUS 1.037 correction.
BMI 25 Is the Wrong Cutoff for 2.3 Billion People: The WHO Asia-Pacific Numbers Most Calculators Skip
WHO's 2004 Expert Consultation set the Asia-Pacific overweight cutoff at BMI 23 and obesity at 27.5 — not 25 / 30 — because Asian populations carry 3-5 percentage points more body fat at the same BMI. Healthline, Mayo, and CDC consumer calculators show only the global numbers. A 1.70 m / 66.5 kg adult lands at BMI 23.0: 'normal' globally, 'overweight' under the cutoff that applies to roughly half the planet.
WebAIM Says This Gray Passes WCAG; APCA Says It Doesn't. Both Cite W3C.
#767676 text on white returns a WCAG 2 ratio of 4.54:1, which clears AA-Normal by 0.04. The same pair returns APCA Lc +71.6, which fails the 16 px / 400 body-text minimum of 75 from apca-w3's font lookup table. Two W3C-blessed contrast algorithms, same hex codes, opposite verdicts at body-text size — and every mainstream consumer checker implements only one of them.
One Emoji, Seven Characters: What Word Counters Get Wrong About Length
'👨👩👧'.length is 7. Array.from is 5. Twitter says 2. A grapheme cluster says 1. A tour of the three layers of 'character' in JavaScript, and why a correct word counter has to use Intl.Segmenter.
Compute the Holiday, Ship the Calendar: When Data Beats Code in a Date Engine
US holidays generate forever from 22 spec lines. UK needs the Anonymous Gregorian Easter algorithm. China gets a hand-built table 2020–2030. Why one date calculator uses three different strategies and ships zero npm dependencies.
The Real-Return Shortcut Most Calculators Use Is Off by 461 bps in Emerging-Market Inflation
Irving Fisher's 1930 identity says r = (1+i)/(1+π) − 1. Almost every consumer 'real return' calculator on the web ships the first-order shortcut r ≈ i − π. At G7 inflation the shortcut is fine; at 50% nominal / 30% inflation it overstates by 461.5 basis points. The cross-product term r·π is the error, and it scales linearly with the product of the two rates.
K-means Belongs in CIELAB, Not RGB: Picking Five Colors From an Image That Look Right
Run k-means on an image in RGB and the output is muddy browns. Run it in CIELAB and you get the colors a designer would pick. The reason is one paragraph; the implementation is a 256-entry lookup table and a 3×3 matrix. Here it is.
Powerball's '4 + Powerball' Tier Is 1 in 913,129 — and Most Napkin Calculations Are Off by 64×
Powerball.com's Prize Chart lists the '4 white + Powerball' tier at 1 / 913,129.18. The hypergeometric derivation is C(5,4)·C(64,1) / C(69,5) × 1/26 = 320 / 292,201,338. Drop the C(64,1) factor — the way an 'I just need 4 out of 5 plus the red ball' intuition does — and you get 1 / 58,440,267, exactly 64× too rare. The bug is a single combinatorial factor, and it shows up in every consumer lottery calculator that treats partial-match tiers as constraints rather than hypergeometric counts.
SHA-3 and Keccak Are Not the Same Hash: A Tour of One Padding Byte
SHA3-256('') and Keccak-256('') produce completely different 32-byte outputs even though they run the same permutation. The difference is one byte appended to the input during padding — 0x06 versus 0x01 — and it is the reason Ethereum's keccak256 will never agree with Node's crypto.createHash('sha3-256').
Form Mode Is Two-Way: Why So Many URL Encoders Break on a Literal `+`
WHATWG's x-www-form-urlencoded serializer maps space → '+' AND '+' → %2B in the same breath. Drop the second half and round-trip silently corrupts every input with a literal plus sign — the C++ language name, a phone country code, an arithmetic expression. Most ad-supported URL encoders ship only half of the rule.
Six Edge Cases Most CSV-to-JSON Converters Get Wrong
From RFC 4180 quote escapes to type inference corrupting IDs, here are the CSV ↔ JSON conversion pitfalls you only notice once they hit production.
Mortgage Math: Why Equal Payment Costs You More (And When It's Still the Right Choice)
The PMT formula, equal-principal alternative, and the prepayment strategies that change a 30-year mortgage by tens of thousands. With code, worked numbers, and the trade-offs banks don't print on the contract.
Strip, Don't Re-encode: How to Actually Remove EXIF Without Touching a Pixel
Re-saving a photo to remove metadata silently re-compresses every pixel. Walking the JPEG markers and PNG chunks does not. A byte-level tour of EXIF, GPS, and the right way to strip.
Cron Expression Builder Guide: 5-Field POSIX, Step by Step
Learn how to read, write, and debug 5-field POSIX cron expressions with a visual builder, plain-English explanations, and a live preview of the next runs.
JWT Decoder Guide: How to Inspect JSON Web Tokens Safely
Learn how JWTs work, how to decode them in the browser, and the common pitfalls developers hit when handling tokens client-side.
Password Generator Guide: Length, Entropy, and Passphrases in 2026
Learn how to generate strong passwords and passphrases that meet 2026 security guidance. Length-first thinking, entropy math, EFF wordlists, and the mistakes that quietly weaken your accounts.
Regex Tester Guide: Patterns, Flags, and Capture Groups
Build, debug, and learn regular expressions safely in the browser. We cover JS RegExp syntax, flags, capture groups, and the most common pitfalls.
UUID Generator Guide: v4 vs v7 vs v1 in 2026
When to use UUID v4, v7, or v1 - and why v7 is finally the right default for new database tables. Bit layouts, real-world recipes, and the pitfalls nobody warns you about.
Understanding Randomness in Web Development
Explore the difference between pseudo-random and true random numbers, and learn when to use each in your web applications.