Archive 2026

71 articles

Maybe Postgres Is Enough: Check Postgres Before Adding Another Database
Database 2026-06-29

Maybe Postgres Is Enough: Check Postgres Before Adding Another Database

Before adding another datastore for caching or search, check whether Postgres already covers it. A concise table of per-use-case alternatives based on postgresisenough.dev.

#PostgreSQL#Architecture
Reading Platform Engineering Through Systems Thinking
Business 2026-06-29

Reading Platform Engineering Through Systems Thinking

Platform engineering and systems thinking seem to share a lot of ground. This post puts that hunch into words by applying stocks, flows, delays, archetypes, and leverage points to read platform behavior and the failures that keep recurring.

#Platform Engineering#Systems Thinking
Systems Thinking Basics: Seeing the World as Stocks and Feedback
Business 2026-06-29

Systems Thinking Basics: Seeing the World as Stocks and Feedback

A plain-language tour of systems thinking based on Donella Meadows' Thinking in Systems: stocks, flows, feedback loops, archetypes, and leverage points.

#Systems Thinking
Comparing API Styles: REST, GraphQL, gRPC, Webhooks, WebSocket, and Messaging
Architecture 2026-06-27

Comparing API Styles: REST, GraphQL, gRPC, Webhooks, WebSocket, and Messaging

Six common API styles, REST, GraphQL, gRPC, Webhooks, WebSocket, and Messaging, compared side by side. This article organizes them by communication model, lays out each style's overview, design considerations, and pros and cons, and gives guidance for choosing. A map for picking a style in API design.

#API#REST#GraphQL#gRPC#WebSocket#Webhook#Messaging
Comparing Real-Time Web Communication: Polling, SSE, WebSocket, WebRTC, and WebTransport
Network 2026-06-27

Comparing Real-Time Web Communication: Polling, SSE, WebSocket, WebRTC, and WebTransport

Five common real-time web communication technologies, Polling, SSE, WebSocket, WebRTC, and WebTransport, compared side by side. This article sorts them by direction and transport, lays out each one's overview, minimal implementation, and pros and cons, and gives selection criteria. A map for choosing a real-time method.

#Polling#SSE#WebSocket#WebRTC#WebTransport#Real-time
Search
2026-06-27

Search

Search articles on bmf-tech.

Cryptography Fundamentals: Symmetric, Asymmetric, One-Way Functions, Hashing, and Digital Signatures
Application 2026-06-25

Cryptography Fundamentals: Symmetric, Asymmetric, One-Way Functions, Hashing, and Digital Signatures

From symmetric versus asymmetric encryption to the one-way and trapdoor functions behind RSA and ECC, plus hash functions and digital signatures, this article explains the building blocks of cryptography with primary sources. Part 1 of a three-part series that groups public-key uses into signing, encryption, and key exchange.

#Encryption#Public Key Cryptography#Digital Signature#Hashing#RSA#Security
Cryptography in Practice: TLS, JWT, and SSH
Application 2026-06-25

Cryptography in Practice: TLS, JWT, and SSH

How everyday protocols such as TLS, JWT/JWS, and SSH combine symmetric keys, public keys, signatures, key exchange, and PKI, viewed through the three uses of a public key and backed by RFCs. The final part of a three-part cryptography series.

#TLS#JWT#SSH#Authentication#Security
Key Exchange and PKI: Diffie-Hellman, Certificates, and Certificate Authorities
Application 2026-06-25

Key Exchange and PKI: Diffie-Hellman, Certificates, and Certificate Authorities

How Diffie-Hellman shares a symmetric key safely, how ECDHE adds forward secrecy, and how PKI binds a public key to its owner through certificates, CAs, and a chain of trust. Backed by primary sources such as RFCs. Part 2 of a three-part cryptography series.

#Public Key Cryptography#PKI#Certificate#TLS#Security
When to Use GraphQL: Adoption Criteria and Trade-offs
Architecture 2026-06-25

When to Use GraphQL: Adoption Criteria and Trade-offs

When should you adopt GraphQL? This guide covers its core ideas (a typed schema, a single endpoint, fetching exactly what you need), where it fits and where it does not, the trade-offs, operational concerns such as N+1, and how it compares with REST and gRPC.

#GraphQL#Architecture#API#BFF#REST
When to Use gRPC: Adoption Criteria and Trade-offs
Architecture 2026-06-25

When to Use gRPC: Adoption Criteria and Trade-offs

When should you adopt gRPC? This guide covers its core ideas (RPC, HTTP/2, Protocol Buffers), where it fits and where it does not, the trade-offs, operational concerns, and how it compares with REST and GraphQL.

#gRPC#Architecture#API#Microservices#Protocol Buffers#HTTP/2
Three Uses of a Public Key: Signing, Encryption, and Key Exchange
Application 2026-06-25

Three Uses of a Public Key: Signing, Encryption, and Key Exchange

A public key has just three uses: signing, encryption, and key exchange. This article sorts real-world applications such as SSH public-key auth, WebAuthn, mTLS, private_key_jwt, code signing, and container signing into these three, and clarifies how they differ from shared-key schemes such as HMAC, with primary sources.

#Public Key Cryptography#Digital Signature#Authentication#Security#JWT#WebAuthn#OAuth#PKI
What is sqlc? A Practical Introduction to Type-Safe SQL in Go
Database 2026-06-24

What is sqlc? A Practical Introduction to Type-Safe SQL in Go

Learn what sqlc is and how it generates type-safe Go code from SQL. A hands-on introduction using SQLite that covers the schema-to-code workflow, the benefits, and common pitfalls.

#Golang#sqlc#SQL#SQLite#Code Generation
Comparing Data Transformation Methods: Encoding, Serialization, Encryption, Hashing, Compression, Compilation, and Parsing
Application 2026-06-23

Comparing Data Transformation Methods: Encoding, Serialization, Encryption, Hashing, Compression, Compilation, and Parsing

A concise comparison of common data transformation methods — encoding, serialization, encryption, hashing, compression, compilation, and parsing — across three axes: reversibility, whether a key is required, and purpose.

#Data Transformation#Encoding#Serialization#Encryption#Hashing#Compression
What Is the TCP Three-Way Handshake?
Network 2026-06-23

What Is the TCP Three-Way Handshake?

A concise explanation of the TCP three-way handshake: the SYN, SYN/ACK, and ACK steps, the state transitions, and why TCP needs three messages instead of two.

#TCP#IP
Comparing API Versioning Strategies: Path, Query, Header, and Payload
Architecture 2026-06-22

Comparing API Versioning Strategies: Path, Query, Header, and Payload

A concise comparison of four API versioning strategies — path, query parameter, header, and message payload — covering their pros, cons, and best fit.

#API#REST#HTTP
What Is EventStorming
Architecture 2026-06-16

What Is EventStorming

Learn EventStorming, a workshop technique born from domain-driven design that uses sticky notes to rapidly map a business domain and build shared understanding between developers and domain experts.

#DDD#EventStorming
What Is AI-DLC (AI-Driven Development Life Cycle)?
Development Process 2026-06-15

What Is AI-DLC (AI-Driven Development Life Cycle)?

#AI#AI-DLC#Generative AI#SDLC
If You Want Managed Certificates for an Internal LB's HTTPS, the Domain Must Live in Public DNS
Infrastructure 2026-06-11

If You Want Managed Certificates for an Internal LB's HTTPS, the Domain Must Live in Public DNS

Why a Cloud DNS private zone cannot use managed certificates when securing internal VPC traffic with HTTPS, and the practical compromise of a public domain backed by a private IP.

#Google Cloud Platform#Certificate Manager#DNS
bmf as a Service
2026-05-23

bmf as a Service

Overview of services offered by bmf-san as an individual: consulting, mentoring, sponsorships, and speaking & writing (media inquiries). All inquiries via the contact form.