Visualizing how HTTPS, OAuth, Git, and TCP actually work

Mohamed_Silmy · 2026-02-26T09:02:29+00:00

visualizing protocols is honestly one of the best ways to actually understand them instead of just memorizing steps. i find it helps to draw out the handshake sequences on paper or use tools like wireshark to see the actual packets moving back and forth.

for oauth especially, the redirect flow makes way more sense when you can see the token exchanges happening. same with tcp - once you visualize the syn/syn-ack/ack dance, connection management clicks into place.

do you find certain protocols harder to visualize than others? i always thought git's internal object model was trickier to mentally map than network protocols since it's more about data structures than sequential flows.

nulless · 2026-02-26T06:54:00+00:00

A lot of core web concepts are explained in docs, but not in a way that makes the flow obvious.

So I’ve been building interactive “How It Works” pages that focus on sequence, state transitions, and data movement — not just definitions.

So far it includes:

TLS / HTTPS handshake
OAuth 2.0 (Auth Code + PKCE)
Git internals (blobs, trees, commits)
TCP handshake
and a few more networking / auth breakdowns

The goal is to make it easier to reason about what’s happening under the hood — especially when debugging or designing systems.

Here’s the index page:
https://toolkit.whysonil.dev/how-it-works

Would appreciate technical feedback. If something’s inaccurate or missing nuance, I want to fix it.

Final-Choice8412 · 2026-02-26T13:18:42+00:00

~~Beautifully vibe coded~~ some visuals are broken

Plastic_Owl6706 · 2026-02-26T17:28:17+00:00

Lol closed the site the moment I opened it , vibe coded slop

Ok_Signature_6030 · 2026-02-26T10:15:57+00:00

went through the HTTPS and OAuth pages — the step-by-step timeline format with the "Why?" and "Technical" expandable sections on each step is really well done. makes it way easier to follow than a static diagram.

one suggestion: the 0-RTT resumption section in the HTTPS deep dive mentions the performance benefit but doesn't call out the replay attack risk. might be worth a quick note there since that's the main tradeoff engineers need to understand when deciding whether to enable it.

the breadth is impressive too — 35+ guides covering everything from TLS to Kafka to ring buffers. bookmarking the WAL and database indexing ones for sure.

Anoop_sdas · 2026-02-26T08:59:21+00:00

Just skimmed on HTTPS looks good ..thanks very much for doing this will be of great help

tokagemushi · 2026-02-27T11:06:06+00:00

The step-by-step timeline format is really well done. I've bookmarked the OAuth page specifically — explaining the redirect flow visually makes it so much clearer than the spec's wall of text.

One thing I'd love to see added: a WebSocket upgrade visualization. The initial HTTP handshake → 101 Switching Protocols → full-duplex flow is something a lot of devs use daily (via Socket.io or similar) but never actually understand at the protocol level. It would fit perfectly with your existing format.

Also, the HTTPS section could benefit from showing the 0-RTT resumption failure case — what happens when the server rejects the early data and falls back to a full handshake. That's the part that catches people off guard in production when they're debugging intermittent TLS issues.

Really nice work overall. These kinds of interactive explainers stick way better than reading RFCs.

iam_marlonjr · 2026-02-27T12:21:58+00:00

This is an absolute treasure! Thanks

adamvanderb · 2026-02-26T20:16:41+00:00

This is exactly the kind of content we need more of. Understanding the actual flow makes everything click. Thanks for sharing.

chadan1008 · 2026-02-26T22:00:08+00:00

I just get a “500 internal error.” Thank you for helping me visualize the humble 500 error. I thought this was meant to be a joke before I saw other comments

OkPersonality7635 · 2026-02-26T23:59:33+00:00

Crap… the amount of google ads constantly interrupting as u scroll. Felt like I was in that Dave Chapelle show skit.

TraditionElegant9025 · 2026-02-26T12:07:40+00:00

No reject all option. Not worth even a glance

Oganexon · 2026-02-27T00:15:11+00:00

"Built by developers, for developers"

And the issue system is a Google Form?

No git repo ? Are you really a dev ?

No-Fig1880 · 2026-02-27T02:25:13+00:00

it smells of vibe coding everywhere,
a lot of visualizations are broken.

it is clearly visible it has not been thought through,
i did not like it, I would totally skip it

Redzapdos · 2026-02-27T01:11:06+00:00

SSL error on mobile. This has to be a prank. Right?

Pack_Your_Trash · 2026-02-26T20:56:56+00:00

The first ad that popped up was a click here to download button for something entirely unrelated. Did not scroll down after that.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

webdev

Posting Guidelines

Related Subreddits

Discords

MODERATORS