Developer Glossary

ASCII (American Standard Code for Information Interchange) is a character encoding standard that assigns numbers 0-127 to characters: 0-31 are control characters, 32-127 are printable characters (letters, digits, punctuation). ASCII is the basis for UTF-8 and most modern text encodings.

An API key is a unique identifier string passed in requests to authenticate an application or user accessing an API. API keys are simpler than OAuth but provide less security — they are long-lived, not scoped per-user, and must be kept secret.

AES (Advanced Encryption Standard) is the dominant symmetric encryption algorithm, established by NIST in 2001. AES encrypts data in 128-bit blocks using 128, 192, or 256-bit keys. It is fast, hardware-accelerated on modern CPUs (AES-NI instruction set), and used in HTTPS, VPNs, and disk encryption.

Apache HTTP Server (httpd) is the world's most popular web server software, powering millions of websites. Apache's modular architecture (mod_php, mod_rewrite, mod_ssl) makes it highly configurable. .htaccess files allow per-directory configuration without server restart.

Apache Kafka is a distributed event streaming platform designed for high-throughput, fault-tolerant, ordered message processing. Kafka stores messages as an ordered, immutable log that consumers can replay. Used for event sourcing, real-time analytics pipelines, and microservice event buses.

Ansible is an open-source IT automation tool for configuration management, application deployment, and orchestration. Ansible uses YAML playbooks to define tasks and runs them over SSH without requiring agents on target machines. It is agentless, idempotent, and widely used for server configuration.

Base64 is a binary-to-text encoding scheme that represents binary data using 64 printable ASCII characters (A-Z, a-z, 0-9, +, /). It increases data size by ~33% but allows binary data to be safely transmitted over text-only channels like email and URLs.

Binary is the base-2 numeral system using only digits 0 and 1. All digital data is ultimately stored as binary. Each binary digit is a bit; 8 bits make a byte. Binary is the fundamental language of computers because electronic circuits have two stable states: on/off.

bcrypt is a password hashing function designed to be computationally expensive, making brute-force attacks slow. It automatically includes a random salt and has a configurable work factor (cost) that can be increased as hardware becomes faster. bcrypt is the recommended default for password storage.

A bearer token is an access token type where possession of the token is sufficient for authentication — "bearer" means whoever holds it can use it. Bearer tokens are used in OAuth 2.0 and are sent in the Authorization header: "Authorization: Bearer <token>". JWTs are commonly used as bearer tokens.

Cascading Style Sheets (CSS) is a stylesheet language used to describe the visual presentation of HTML documents. CSS controls layout, colors, typography, animations, and responsive design through a cascade of rules applied to HTML elements.

Cross-Origin Resource Sharing (CORS) is a browser security mechanism that controls how web pages can request resources from a different domain than the one that served the page. CORS uses HTTP headers to tell browsers whether to allow or block cross-origin requests.

Cross-Site Request Forgery (CSRF) is an attack that tricks authenticated users into submitting unwanted requests to a web application. The attacker leverages the victim's active session cookies to perform actions on their behalf without their knowledge.

Comma-Separated Values (CSV) is a plain-text file format for tabular data. Each line is a row, and values in each row are separated by commas. CSV is universally supported by spreadsheet software, databases, and data tools, making it the most portable data exchange format.

A checksum is a value computed from data used to detect errors or corruption. When you download a file, comparing its checksum with the publisher's value confirms the file arrived intact. Common checksums include MD5, SHA-256, and CRC32.

CRC32 (Cyclic Redundancy Check 32-bit) is an error-detecting code that produces a 32-bit checksum. CRC32 is extremely fast and used for detecting accidental data corruption in ZIP files, network frames (Ethernet), and disk sectors. It is not cryptographically secure.

An SSL/TLS certificate (X.509 certificate) is a digital document that binds a cryptographic public key to an identity (domain name, organization). Certificates are issued by Certificate Authorities (CAs) and enable HTTPS. Browsers trust certificates signed by recognized CAs.

An HTTP cookie is a small piece of data stored by the browser and automatically sent with requests to the same domain. Cookies are used for session management, user preferences, and tracking. Cookie attributes (HttpOnly, Secure, SameSite) control security behavior.

A CORS (Cross-Origin Resource Sharing) policy is the set of HTTP headers a server sends to control which origins can access its resources. The policy is enforced by browsers to prevent malicious sites from making unauthorized cross-origin requests on behalf of users.

A cron expression is a string of 5-6 fields defining a recurring schedule for automated tasks. Cron is the Unix job scheduler; cron expressions are also used in cloud functions, CI/CD pipelines (GitHub Actions), and backend frameworks to schedule periodic jobs.

The Content-Type HTTP header indicates the media type of the resource. For request bodies, it tells the server how to parse the payload. For responses, it tells the browser how to render the content. Content-Type is one of the most important HTTP headers.

CI/CD (Continuous Integration/Continuous Delivery or Deployment) is a software development practice combining automated testing (CI) with automated release (CD). CI runs tests on every commit; CD automatically deploys passing code to staging or production. CI/CD reduces manual errors and deployment risk.

The Document Object Model (DOM) is a programming interface for HTML and XML documents. It represents the document as a tree of nodes that JavaScript can read and manipulate. When you change the DOM, the browser updates the rendered page.

Decryption is the process of converting ciphertext back to its original plaintext using a decryption key. It is the reverse of encryption. Only parties with the correct key can decrypt data — this is the fundamental security guarantee of encryption algorithms.

The Domain Name System (DNS) is the internet's distributed directory service that translates human-readable domain names (example.com) to IP addresses (93.184.216.34). DNS uses a hierarchical system of servers: root servers → TLD servers → authoritative nameservers.

A data URI (data URL) embeds file content directly in a URL using base64 encoding, allowing resources like images and fonts to be inlined in HTML, CSS, or JavaScript without a separate HTTP request. Format: data:[mediatype][;base64],<data>.

Docker is a platform for packaging applications and their dependencies into portable containers. Docker containers share the OS kernel (unlike VMs) making them lightweight and fast. Docker enables consistent environments from development through production, eliminating "works on my machine" issues.

Encryption is the process of converting plaintext data into ciphertext using an algorithm and key, making it unreadable without the correct decryption key. Unlike hashing, encryption is reversible. Symmetric encryption uses one key; asymmetric uses a public/private key pair.

Elasticsearch is a distributed search and analytics engine built on Apache Lucene. It stores data as JSON documents and provides near-real-time full-text search, aggregations, and geospatial queries at scale. Part of the Elastic Stack (ELK: Elasticsearch, Logstash, Kibana).

File Transfer Protocol (FTP) is a network protocol for transferring files between a client and server over TCP. FTP uses two connections: control (port 21) and data. Plain FTP sends credentials unencrypted; SFTP (SSH FTP) and FTPS (FTP over TLS) are secure alternatives.

GraphQL is a query language for APIs and a runtime for executing those queries. Created by Facebook (now Meta) in 2012 and open-sourced in 2015, GraphQL allows clients to request exactly the data they need in a single request, eliminating over-fetching and under-fetching.

gRPC is a high-performance, open-source remote procedure call (RPC) framework developed by Google. It uses Protocol Buffers (protobuf) for serialization and HTTP/2 for transport, enabling efficient bidirectional streaming, strong typing, and code generation across multiple languages.

Git is a distributed version control system for tracking changes in source code. Created by Linus Torvalds in 2005, Git enables multiple developers to collaborate on a codebase, maintain a full history of changes, and branch/merge code independently. GitHub, GitLab, and Bitbucket host Git repositories.

HyperText Markup Language (HTML) is the standard markup language for creating web pages. It defines the structure and semantic meaning of web content using elements represented by tags. Browsers parse HTML to render the visual structure of a page.

Hypertext Transfer Protocol (HTTP) is the foundation of data communication on the World Wide Web. It is an application-layer protocol that defines how messages are formatted and transmitted between clients (browsers) and servers. HTTP is stateless — each request is independent.

HTTPS (HTTP Secure) is the secure version of HTTP, using TLS (Transport Layer Security) to encrypt communications between browser and server. HTTPS ensures data integrity, authentication, and confidentiality. It is now required for all production websites.

Hexadecimal (hex) is a base-16 numeral system using digits 0-9 and letters A-F. Hex is widely used in programming because each hex digit represents exactly 4 bits, making it a compact representation of binary. Colors, memory addresses, and byte values are commonly written in hex.

A hash (or digest) is a fixed-length output produced by a hash function from any-length input. Hash functions are deterministic (same input → same hash), one-way (cannot reverse), and produce drastically different outputs for similar inputs (avalanche effect). Used for data integrity and passwords.

HMAC (Hash-based Message Authentication Code) is a type of message authentication code that uses a cryptographic hash function combined with a secret key. HMAC provides both data integrity and authentication — verifying the message was created by the holder of the secret key.

HTTP headers are key-value pairs sent at the start of HTTP requests and responses. They convey metadata about the request or response: content type, caching instructions, authentication tokens, encoding, and more. Headers are case-insensitive and human-readable.

An Internet Protocol (IP) address is a unique numerical label assigned to each device on a network. IP addresses enable routing of data packets across the internet. IPv4 uses 32-bit addresses (e.g., 192.168.1.1); IPv6 uses 128-bit addresses (e.g., 2001:db8::1).

IPv4 (Internet Protocol version 4) uses 32-bit addresses allowing ~4.3 billion unique addresses. Originally deemed sufficient, address exhaustion led to NAT (Network Address Translation) and ultimately IPv6. IPv4 remains dominant despite IPv6 adoption growing steadily.

IPv6 (Internet Protocol version 6) uses 128-bit addresses allowing 3.4×10^38 unique addresses — effectively unlimited. IPv6 was designed to solve IPv4 exhaustion and also includes built-in IPsec, better multicast, stateless address autoconfiguration (SLAAC), and eliminates NAT.

Internet Message Access Protocol (IMAP) is a protocol for retrieving email from a mail server. Unlike POP3, IMAP keeps emails on the server and syncs state across devices. IMAP supports folders, flags, search, and partial message fetch, making it ideal for multi-device email access.

ISO 8601 is the international standard for representing dates and times. The standard format is YYYY-MM-DDTHH:MM:SSZ (e.g., 2025-04-06T15:30:00Z). ISO 8601 ensures unambiguous date representation that sorts lexicographically and avoids MM/DD vs DD/MM confusion.

JavaScript is a high-level, interpreted programming language that enables dynamic, interactive content on web pages. It runs in the browser via the JavaScript engine (V8, SpiderMonkey) and on the server via Node.js. It is the only scripting language natively supported by all browsers.

JavaScript Object Notation (JSON) is a lightweight data-interchange format that is easy for humans to read and write, and easy for machines to parse and generate. JSON is the dominant format for REST APIs, configuration files, and data storage.

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are self-contained tokens composed of three Base64URL-encoded parts: header, payload, and signature. Widely used for authentication and API authorization.

Kubernetes (K8s) is an open-source container orchestration platform for automating deployment, scaling, and management of containerized applications. Originally developed by Google, Kubernetes manages clusters of container hosts and handles load balancing, self-healing, rolling updates, and scaling.

A load balancer distributes incoming network traffic across multiple servers to ensure no single server is overwhelmed, improving availability and scalability. Load balancers detect failed servers and stop routing traffic to them (health checks). Examples: AWS ALB, Nginx, HAProxy, Cloudflare.

Markdown is a lightweight markup language with plain-text formatting syntax. Created by John Gruber in 2004, it converts to HTML and is used for documentation (README files), static site generators, wikis, and writing tools. GitHub Flavored Markdown (GFM) is the most popular variant.

MD5 (Message Digest 5) is a cryptographic hash function that produces a 128-bit (32-character hex) digest. While MD5 is fast and widely used for checksums and file verification, it is cryptographically broken and should not be used for password hashing or digital signatures.

MQTT (Message Queuing Telemetry Transport) is a lightweight publish-subscribe messaging protocol designed for constrained devices and low-bandwidth networks. MQTT is the de facto standard for IoT (Internet of Things) communication, used by AWS IoT, Azure IoT Hub, and millions of connected devices.

A MIME type (Multipurpose Internet Mail Extensions) is a two-part identifier for file and data formats on the internet. Format: type/subtype (e.g., text/html, application/json, image/png). MIME types tell browsers and servers how to handle content.

MongoDB is a document-oriented NoSQL database that stores data as BSON (Binary JSON) documents. It provides flexible schemas, horizontal scaling via sharding, and a rich query language. MongoDB is popular for applications with rapidly evolving data models or hierarchical data.

Nginx (pronounced "engine-x") is a high-performance web server, reverse proxy, and load balancer. Nginx uses an event-driven architecture that handles thousands of concurrent connections efficiently. It is commonly used as a reverse proxy in front of Node.js, Python, and PHP application servers.

Octal is a base-8 numeral system using digits 0-7. Each octal digit represents exactly 3 bits. Octal is primarily used for Unix/Linux file permission notation (e.g., chmod 755) where each digit represents a triplet of read, write, execute bits.

OAuth 2.0 is an authorization framework that allows applications to obtain limited access to user accounts on HTTP services. OAuth enables "Login with Google/GitHub" flows where a third-party app is granted access to specific user data without receiving the user's password.

A Progressive Web App (PWA) is a web application that uses modern web technologies to deliver app-like experiences. PWAs are installable, work offline via Service Workers, and can access device features. They bridge the gap between web and native apps without app store distribution.

A public key is one half of an asymmetric cryptographic key pair. It can be freely shared and is used to encrypt data (only the private key can decrypt) or to verify digital signatures (made with the private key). Public keys are the foundation of PKI, HTTPS, and code signing.

A private key is the secret half of an asymmetric cryptographic key pair. It must never be shared. The private key is used to decrypt data encrypted with the corresponding public key, and to create digital signatures that anyone with the public key can verify.

A network port is a 16-bit number (0-65535) that identifies a specific process or service on a host. Together with an IP address, a port forms a socket that uniquely identifies a network endpoint. Well-known ports (0-1023) are assigned to standard services.

PostgreSQL (Postgres) is a powerful, open-source relational database system with over 35 years of development. It supports advanced data types (arrays, JSONB, UUID, geometric), full-text search, ACID transactions, row-level security, and extensions (PostGIS, pg_vector). It is the most advanced open-source RDBMS.

A query string is the part of a URL after the ? character, containing key-value pairs separated by & (e.g., ?page=2&sort=date). Query strings pass parameters to web servers and are commonly used for search filters, pagination, tracking, and API parameters.

Representational State Transfer (REST) API is an architectural style for building web services. REST APIs use HTTP methods (GET, POST, PUT, DELETE) and standard URLs to expose resources. They are stateless, cacheable, and the dominant pattern for web service design.

Responsive web design is an approach to building websites that adapt their layout and content to fit different screen sizes and devices. It uses CSS media queries, flexible grids, and fluid images to create a single codebase that works well on phones, tablets, and desktops.

RSA (Rivest–Shamir–Adleman) is the most widely used asymmetric cryptographic algorithm. RSA security is based on the computational difficulty of factoring large integers. It is used for TLS key exchange, digital signatures, and SSH keys. Key sizes of 2048-bit+ are recommended.

A regular expression (regex) is a sequence of characters defining a search pattern. Regex is used for string matching, validation, extraction, and substitution in virtually all programming languages. Despite complex syntax, regex is an essential tool for text processing.

Redis (Remote Dictionary Server) is an open-source in-memory data structure store used as a database, cache, and message broker. Redis supports strings, hashes, lists, sets, sorted sets, and more. Its in-memory nature makes it extremely fast (microsecond latency) but requires careful memory management.

RabbitMQ is an open-source message broker implementing the AMQP protocol. It decouples application components by queuing messages between producers and consumers. RabbitMQ supports complex routing with exchanges and bindings, making it ideal for task queues, event-driven architectures, and microservice communication.

SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function from the SHA-2 family that produces a 256-bit (64-character hex) digest. It is the current standard for data integrity, digital signatures, and certificate fingerprints. Bitcoin uses SHA-256 for proof-of-work.

SHA-512 is a cryptographic hash function in the SHA-2 family producing a 512-bit (128-character hex) digest. It is faster than SHA-256 on 64-bit processors due to 64-bit word operations. SHA-512 is used in high-security applications where maximum hash strength is required.

A salt is random data added to a password before hashing. Salting ensures that identical passwords produce different hashes, preventing rainbow table attacks and revealing that two users have the same password. Modern password hashing algorithms (bcrypt, argon2) include salt automatically.

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide encrypted communication over the internet. TLS is used in HTTPS, email (SMTP/IMAP), VPNs, and any application requiring secure data transmission. SSL is deprecated; TLS 1.3 is current.

A web session is a server-side storage mechanism that associates user data with a unique session ID. The session ID is sent to the client (usually as a cookie) and included in subsequent requests. Sessions enable stateful interactions (login state) over stateless HTTP.

A network socket is a software endpoint for sending and receiving data across a network, identified by an IP address and port number pair. Sockets are the low-level API for network programming; HTTP, WebSocket, and all network protocols are built on top of sockets.

Secure Shell (SSH) is a cryptographic network protocol for secure remote login, command execution, file transfer (SFTP/SCP), and port forwarding. SSH replaced insecure protocols like Telnet and FTP. It uses public-key authentication and encrypts all communication.

Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending email. SMTP servers relay email from sender to recipient's mail server on port 25 (server-to-server), 587 (submission with auth), or 465 (SMTPS). Receiving email uses IMAP or POP3.

Scalable Vector Graphics (SVG) is an XML-based format for 2D vector graphics. SVGs scale without quality loss at any resolution, making them ideal for icons, logos, and illustrations. SVGs can be styled with CSS, animated, and manipulated with JavaScript.

TypeScript is a strongly typed programming language built on top of JavaScript. Developed by Microsoft, it adds optional static typing, interfaces, generics, and decorators to JavaScript. TypeScript compiles to plain JavaScript and runs anywhere JavaScript runs.

Tab-Separated Values (TSV) is a plain-text file format for tabular data where values are separated by tab characters instead of commas. TSV is useful when data contains commas and is the default copy format for spreadsheet applications.

Two-Factor Authentication (2FA) requires users to prove identity using two different authentication factors: something they know (password), something they have (phone/hardware key), or something they are (biometric). 2FA dramatically reduces account takeover risk even if passwords are compromised.

Transmission Control Protocol (TCP) is a connection-oriented, reliable transport-layer protocol. TCP guarantees ordered delivery of packets, retransmits lost packets, and provides flow control and congestion control. It is used for HTTP, HTTPS, SSH, SMTP, and most reliable internet communications.

Terraform is an open-source Infrastructure as Code (IaC) tool by HashiCorp. It enables developers to define cloud infrastructure (servers, databases, networking) in declarative HCL configuration files, which Terraform plans and applies to provision resources across AWS, GCP, Azure, and other providers.

URL encoding (percent-encoding) converts characters that are not allowed in URLs into a safe format by replacing them with a % followed by two hexadecimal digits. Spaces become %20 or +, special characters like & and = are encoded when used in query parameters.

UTF-8 is a variable-length character encoding for Unicode. It represents each character using 1 to 4 bytes and is the dominant encoding on the web (used by ~98% of websites). UTF-8 is backward compatible with ASCII — the first 128 characters use one byte each.

Unicode is a universal character set standard that assigns a unique code point (number) to every character in every writing system, including emoji and symbols. The Unicode Standard covers over 149,000 characters across 161 scripts. UTF-8, UTF-16, and UTF-32 are encodings of Unicode.

User Datagram Protocol (UDP) is a connectionless, best-effort transport-layer protocol. UDP sends packets without establishing a connection or guaranteeing delivery, order, or duplicate protection. This makes UDP faster than TCP and suitable for real-time applications.

A UUID (Universally Unique Identifier) is a 128-bit identifier formatted as 32 hex digits in 5 groups (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). UUIDs are designed to be unique across all systems without central coordination. UUID v4 is random; UUID v7 is time-sortable.

ULID (Universally Unique Lexicographically Sortable Identifier) is a 128-bit identifier that combines a 48-bit timestamp with 80 bits of randomness. ULIDs are URL-safe, case-insensitive, and lexicographically sortable — solving UUID v4's random ordering problem for database indexes.

A Unix timestamp is the number of seconds that have elapsed since January 1, 1970 00:00:00 UTC (the Unix Epoch). Unix timestamps are timezone-independent, easy to compare and sort, and the standard for representing time in Unix/Linux systems and APIs.

The User-Agent HTTP request header identifies the application, operating system, vendor, and version making the request. Browsers send a User-Agent string so servers can tailor responses. User-Agent strings are also used for analytics, bot detection, and feature detection.

A URL (Uniform Resource Locator) has a defined structure: scheme://userinfo@host:port/path?query#fragment. Each component serves a specific purpose in locating and accessing internet resources. Understanding URL structure is fundamental to web development and REST API design.

The viewport is the visible area of a web page in the browser window. On mobile devices, the viewport can differ from the device screen size. The meta viewport tag controls how the browser scales pages on different device widths, critical for responsive design.

WebSocket is a communication protocol providing full-duplex communication channels over a single TCP connection. Unlike HTTP's request-response model, WebSocket enables persistent connections where both client and server can send messages at any time. Essential for real-time applications.

A webhook is an HTTP callback — a way for one application to notify another of events in real time by sending an HTTP POST request. Webhooks enable event-driven integrations without polling. Used by Stripe, GitHub, Twilio, and most SaaS platforms for event notifications.

WebP is a modern image format developed by Google that provides superior compression for both lossy and lossless images. WebP files are typically 25-35% smaller than comparable JPEG/PNG files while maintaining the same visual quality. WebP supports transparency and animation.

Extensible Markup Language (XML) is a flexible markup language designed to store and transport data. Unlike HTML, XML allows custom tags defined by the developer. XML is verbose compared to JSON but supports validation via DTD and XML Schema, and namespaces for interoperability.

Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. XSS can steal session cookies, redirect users, deface sites, or execute actions on behalf of victims.

YAML Ain't Markup Language (YAML) is a human-friendly data serialization standard commonly used for configuration files. YAML uses indentation to represent structure rather than brackets or tags, making it highly readable. It is a superset of JSON.