Archive 2026
71 articles
Maybe Postgres Is Enough: Check Postgres Before Adding Another Database
Before adding another datastore for caching or search, check whether Postgres already covers it. A concise table of per-use-case alternatives based on postgresisenough.dev.
Reading Platform Engineering Through Systems Thinking
Platform engineering and systems thinking seem to share a lot of ground. This post puts that hunch into words by applying stocks, flows, delays, archetypes, and leverage points to read platform behavior and the failures that keep recurring.
Systems Thinking Basics: Seeing the World as Stocks and Feedback
A plain-language tour of systems thinking based on Donella Meadows' Thinking in Systems: stocks, flows, feedback loops, archetypes, and leverage points.
Comparing API Styles: REST, GraphQL, gRPC, Webhooks, WebSocket, and Messaging
Six common API styles, REST, GraphQL, gRPC, Webhooks, WebSocket, and Messaging, compared side by side. This article organizes them by communication model, lays out each style's overview, design considerations, and pros and cons, and gives guidance for choosing. A map for picking a style in API design.
Comparing Real-Time Web Communication: Polling, SSE, WebSocket, WebRTC, and WebTransport
Five common real-time web communication technologies, Polling, SSE, WebSocket, WebRTC, and WebTransport, compared side by side. This article sorts them by direction and transport, lays out each one's overview, minimal implementation, and pros and cons, and gives selection criteria. A map for choosing a real-time method.
Search
Search articles on bmf-tech.
Cryptography Fundamentals: Symmetric, Asymmetric, One-Way Functions, Hashing, and Digital Signatures
From symmetric versus asymmetric encryption to the one-way and trapdoor functions behind RSA and ECC, plus hash functions and digital signatures, this article explains the building blocks of cryptography with primary sources. Part 1 of a three-part series that groups public-key uses into signing, encryption, and key exchange.
Cryptography in Practice: TLS, JWT, and SSH
How everyday protocols such as TLS, JWT/JWS, and SSH combine symmetric keys, public keys, signatures, key exchange, and PKI, viewed through the three uses of a public key and backed by RFCs. The final part of a three-part cryptography series.
Key Exchange and PKI: Diffie-Hellman, Certificates, and Certificate Authorities
How Diffie-Hellman shares a symmetric key safely, how ECDHE adds forward secrecy, and how PKI binds a public key to its owner through certificates, CAs, and a chain of trust. Backed by primary sources such as RFCs. Part 2 of a three-part cryptography series.
When to Use GraphQL: Adoption Criteria and Trade-offs
When should you adopt GraphQL? This guide covers its core ideas (a typed schema, a single endpoint, fetching exactly what you need), where it fits and where it does not, the trade-offs, operational concerns such as N+1, and how it compares with REST and gRPC.
When to Use gRPC: Adoption Criteria and Trade-offs
When should you adopt gRPC? This guide covers its core ideas (RPC, HTTP/2, Protocol Buffers), where it fits and where it does not, the trade-offs, operational concerns, and how it compares with REST and GraphQL.
Three Uses of a Public Key: Signing, Encryption, and Key Exchange
A public key has just three uses: signing, encryption, and key exchange. This article sorts real-world applications such as SSH public-key auth, WebAuthn, mTLS, private_key_jwt, code signing, and container signing into these three, and clarifies how they differ from shared-key schemes such as HMAC, with primary sources.
What is sqlc? A Practical Introduction to Type-Safe SQL in Go
Learn what sqlc is and how it generates type-safe Go code from SQL. A hands-on introduction using SQLite that covers the schema-to-code workflow, the benefits, and common pitfalls.
Comparing Data Transformation Methods: Encoding, Serialization, Encryption, Hashing, Compression, Compilation, and Parsing
A concise comparison of common data transformation methods — encoding, serialization, encryption, hashing, compression, compilation, and parsing — across three axes: reversibility, whether a key is required, and purpose.
What Is the TCP Three-Way Handshake?
A concise explanation of the TCP three-way handshake: the SYN, SYN/ACK, and ACK steps, the state transitions, and why TCP needs three messages instead of two.
Comparing API Versioning Strategies: Path, Query, Header, and Payload
A concise comparison of four API versioning strategies — path, query parameter, header, and message payload — covering their pros, cons, and best fit.
What Is EventStorming
Learn EventStorming, a workshop technique born from domain-driven design that uses sticky notes to rapidly map a business domain and build shared understanding between developers and domain experts.
What Is AI-DLC (AI-Driven Development Life Cycle)?
If You Want Managed Certificates for an Internal LB's HTTPS, the Domain Must Live in Public DNS
Why a Cloud DNS private zone cannot use managed certificates when securing internal VPC traffic with HTTPS, and the practical compromise of a public domain backed by a private IP.
bmf as a Service
Overview of services offered by bmf-san as an individual: consulting, mentoring, sponsorships, and speaking & writing (media inquiries). All inquiries via the contact form.