138 terms
Free glossary
Plain-English definitions of the finance, SEO and web-performance terms you run into most. No jargon towers, just what it means and why you'd care.
Updated June 2026
Finance
- DefinitionAPRAPR (Annual Percentage Rate) is the total yearly cost of borrowing money, expressed as a percentage — including the interest rate plus most fees. It's the number you should compare between loans, not the 'interest rate'.
- DefinitionAPYAPY (Annual Percentage Yield) is the total yearly return on a savings account, CD, or investment — expressed as a percentage and including the effect of compounding. When comparing savings products, APY is the fair number.
- DefinitionCompound interestCompound interest is interest earned on both your original money AND the interest it's already earned. Over long periods, this 'interest on interest' effect is what turns modest monthly contributions into retirement-level balances.
- DefinitionAmortizationAmortization is the process of paying off a loan with equal periodic payments that are split between interest and principal. In the early months, most of your payment goes to interest; as the balance shrinks, more goes to principal.
- DefinitionROIROI (Return on Investment) is a percentage that measures profit relative to the cost of an investment. It answers 'how much did I make for every dollar I put in?'
- DefinitionFIRE (Financial Independence Retire Early)FIRE (Financial Independence Retire Early) is a movement built around aggressive saving (50-70% of income) and investment to reach financial independence — often by age 40-50, sometimes earlier.
- DefinitionLifestyle creepLifestyle creep (or 'lifestyle inflation') is when increased income leads to increased spending instead of increased savings. The reason high earners often have low net worth.
- DefinitionMortgage interestMortgage interest is the cost of borrowing money to buy a home, calculated monthly on your remaining principal balance. Because each payment retires some principal, interest paid declines over time — and that’s why early prepayment saves dramatically more than late prepayment.
- Definition15-year vs 30-year mortgageA 15-year mortgage cuts total interest by 50-65% but typically doubles the monthly payment. A 30-year keeps payment low and lets you invest the difference. Which wins depends on your investment-return assumption and cash-flow priorities.
- DefinitionHow much house can I affordUse the 28/36 rule: PITI (principal + interest + tax + insurance) should be at or below 28% of gross monthly income; total debt payments should be at or below 36%. Lender pre-approvals routinely allow 43-50% — that’s lender-comfortable, not lifestyle-comfortable.
- DefinitionLoan amortizationLoan amortization is the schedule by which a fixed-payment loan is paid off — each payment covers the month’s interest plus enough principal to retire the loan at the end of the term. The schedule front-loads interest, which is why early prepayment dramatically accelerates payoff.
- DefinitionSecured vs unsecured loansSecured loans are backed by collateral the lender can seize on default (mortgage = home, auto loan = car). Unsecured loans aren’t (credit cards, personal loans, most student loans). Secured rates run 5-10% lower because the lender’s downside is protected.
- DefinitionRule of 72The Rule of 72 is a mental-math shortcut: years to double money = 72 / annual return rate (%). At 6% return, money doubles in 12 years; at 9%, in 8; at 12%, in 6. Useful for quick comparisons; accurate for typical investment rates (6-12%).
- DefinitionNominal vs real returnsNominal return is the headline number (‘your fund returned 10% this year’). Real return is what’s left after inflation (10% nominal − 3% inflation = 7% real). For long-term planning, real returns are the only number that matters because purchasing power, not dollars, is what funds your retirement.
- DefinitionRoth vs traditional IRARoth IRA: contributions are after-tax, withdrawals are tax-free. Traditional IRA: contributions are pre-tax (deductible), withdrawals are taxed as ordinary income. Pick Roth if you expect higher tax bracket in retirement than now; pick traditional if you expect lower.
- DefinitionBackdoor Roth IRAThe backdoor Roth IRA is a workaround for high earners above Roth income limits ($146-161K single, $230-240K joint in 2024). Process: contribute to a non-deductible traditional IRA, then convert to Roth. Tax-equivalent to direct Roth contribution if you have no other traditional IRA balance.
- DefinitionRoth 5-year ruleThe Roth 5-year rule says earnings withdrawals are tax-free only if BOTH (a) age 59½ AND (b) 5 years have passed since your first Roth contribution. Contributions themselves can always be withdrawn tax-free. Most people open a Roth in their 20s-30s and don’t hit either constraint at retirement.
- Definition401(k) employer match401(k) employer match is when your employer contributes additional money to your retirement account based on what you contribute. Typical formula: 50% of your contributions up to 6% of salary. Skipping the match is leaving money on the table — typically a 50-100% instant return.
- Definition401(k) vestingVesting is the schedule by which employer-matched contributions become yours to keep. Two main types: cliff (100% at X years, 0% before) and graded (20% per year over 5 years). Your own contributions are always immediately 100% yours.
- DefinitionRequired minimum distributions (RMDs)Required Minimum Distributions are mandatory annual withdrawals from traditional IRAs and 401(k)s starting at age 73 (born 1951-1959) or 75 (born 1960+). The IRS forces you to withdraw a percentage of your balance each year, generating taxable income whether you need it or not.
- Definition4% ruleThe 4% rule says you can withdraw 4% of your starting retirement balance annually (adjusted for inflation), and your portfolio will likely last 30 years. Origin: William Bengen 1994. Modern refinements: 3.0-3.5% for longer retirements or volatile markets.
- DefinitionSequence of returns riskSequence of returns risk is the danger that bad market years early in retirement permanently impair your portfolio, even if average returns over the full retirement match expectations. Two retirees with identical ‘average’ returns can end up with wildly different balances if their bad years happen at different times.
- DefinitionSocial Security claiming strategySocial Security can be claimed between ages 62 (reduced 25-30%) and 70 (boosted 24% above Full Retirement Age). Each year of delay adds roughly 8% to the benefit. Break-even on delaying: ~age 80-83. Claim early if health concerns or financial need; delay if healthy and able to.
SEO
- DefinitionCanonical URLA canonical URL is the one 'official' URL for a piece of content, declared to search engines via a <link rel="canonical"> tag. It tells Google 'if you find this page at multiple URLs, treat this one as the main version.'
- DefinitionMeta descriptionA meta description is a 150-160 character HTML tag that summarizes a web page. Google often uses it as the search-result snippet beneath the blue title — which directly affects click-through rate.
- DefinitionJSON-LDJSON-LD (JSON for Linked Data) is the format Google prefers for structured data on web pages. It embeds Schema.org markup as a <script type="application/ld+json"> block, telling search engines exactly what kind of content a page contains.
- DefinitionSchema (Schema.org)Schema.org is a shared vocabulary of types (Article, Product, Event, FAQPage, etc.) that websites use to describe their content in a machine-readable way. Google and Bing use Schema.org to generate rich results.
- Definitionrobots.txtrobots.txt is a small text file served at /robots.txt that instructs search-engine crawlers which parts of a site they can and can't crawl. It's a suggestion, not a lock — well-behaved bots honor it.
- DefinitionXML sitemapAn XML sitemap is an XML file that lists every URL you want search engines to crawl and (usually) index. It's not a ranking factor, but it helps Google discover and re-crawl your pages faster.
- DefinitionCTRCTR (Click-Through Rate) is the percentage of people who click a search result, ad, or link after seeing it. CTR = clicks / impressions × 100%. Higher CTR usually means your title and description are working.
Web performance
- DefinitionCore Web VitalsCore Web Vitals are three Google-defined metrics that measure the real-user experience of a web page: LCP (loading), INP (interactivity), and CLS (visual stability). They're a direct ranking signal as of 2021.
- DefinitionLCPLCP (Largest Contentful Paint) is the time from when a page starts loading to when the largest visible content element finishes rendering. Google's target is 2.5 seconds or less on the 75th percentile.
- DefinitionCLSCLS (Cumulative Layout Shift) measures how much visible content jumps around unexpectedly as a page loads. Google's target is 0.1 or less. It's the metric that scores how 'janky' a page feels.
- DefinitionTTFB (Time to First Byte)TTFB (Time to First Byte) is the time from when the browser sends a request until it receives the first byte of the server's response. Measures backend + network latency, not rendering speed.
- DefinitionLCP (Largest Contentful Paint)LCP (Largest Contentful Paint) is one of Google's three Core Web Vitals. It measures how long until the largest visible content element (usually a hero image or heading) is rendered.
- DefinitionCore Web VitalsCore Web Vitals are Google's three measurable user-experience metrics: LCP (loading speed), INP (interactivity), CLS (visual stability). Confirmed ranking factors since 2021.
AI
- DefinitionContext windowThe context window is the maximum amount of text (in tokens) an AI model can process in a single request — combining your system prompt, conversation history, and output. Past the limit, the model can't 'see' earlier content.
- DefinitionTokenA token is the basic unit of text an LLM reads and produces. Roughly 4 characters or 0.75 words on average for English; longer for code, shorter for languages with lots of subword tokens. APIs bill by token.
- DefinitionRAG (Retrieval-Augmented Generation)RAG (Retrieval Augmented Generation) augments an LLM with documents retrieved at query time — typically from a vector database. The LLM grounds its answer in the retrieved text instead of relying purely on training data.
- DefinitionEmbeddingsEmbeddings are dense numerical vectors that represent the meaning of text (or images, audio) in a way that semantic similarity = vector closeness. They're the foundation of RAG, semantic search, recommendation, and clustering.
- DefinitionPrompt cachingPrompt caching is a feature where the AI provider stores frequently reused prompt prefixes (system messages, RAG context, few-shot examples) and bills cached reads at ~10% of normal input cost.
- DefinitionFine-tuningFine-tuning is the process of further training a pretrained model on your specific data, baking in style, format, or domain knowledge that's hard to achieve with prompting alone.
- DefinitionAI agentAn AI agent is an LLM running in a loop: think → call a tool → observe the result → think again. The loop continues until the task is done or a stopping condition is hit.
- DefinitionMCP (Model Context Protocol)MCP (Model Context Protocol) is an open standard for connecting AI assistants to external tools and data sources. Think USB-C for AI integrations: write a server once, it works in Claude, ChatGPT, Cursor, Zed, Goose, etc.
- DefinitionHallucination (AI)An AI hallucination is when an LLM generates content that's confident-sounding but factually wrong — invented citations, fake quotes, made-up APIs. The model doesn't 'know' it's wrong.
- DefinitionVibe codingVibe coding is writing software by describing intent in natural language and letting AI generate, run, and debug the code — barely looking at it yourself. Coined by Andrej Karpathy in early 2025.
- DefinitionSystem promptA system prompt is the persistent instruction sent to an LLM before user messages. It defines the AI's role, style, behavior, and constraints. Cached on most providers, so investing in a good one is cheap.
- DefinitionTool use (AI)Tool use (also called function calling) is the ability of an LLM to invoke external functions — web search, calculator, code execution, API calls — instead of just generating text. Returns the result for the model to incorporate.
- DefinitionMoE (Mixture of Experts)MoE (Mixture of Experts) is an AI architecture where the model has many specialized sub-networks ('experts') and only activates a few per token. Lets the model be huge in total parameters but cheap to run.
- DefinitionQuantizationQuantization compresses AI model weights from 16-bit floats (FP16) to lower bit-widths — Q8, Q5, Q4, Q3 — letting larger models fit on smaller hardware at modest quality cost.
- DefinitionVector databaseA vector database stores high-dimensional embedding vectors and supports fast nearest-neighbor search (find vectors similar to a query). Foundation of RAG, semantic search, and recommendation systems.
- DefinitionLLM (Large Language Model)An LLM (Large Language Model) is a transformer-based neural network trained on huge text datasets to predict the next token. ChatGPT, Claude, Gemini, DeepSeek — all are LLMs.
- DefinitionTemperature (AI sampling)Temperature is a sampling parameter that controls the randomness of an LLM's output. Lower (0-0.3) = deterministic, factual, focused. Higher (0.7-1.2) = creative, varied, exploratory.
- DefinitionFew-shot promptingFew-shot prompting includes 1-5 examples of desired input-output pairs in your prompt to guide the AI's response style or format. Beats zero-shot for tasks where format matters.
- DefinitionChain of thought (CoT)Chain of thought (CoT) is a prompting technique that asks the AI to reason step-by-step before giving the final answer. Dramatically improves accuracy on math, logic, and multi-step reasoning tasks.
- DefinitionRLHFRLHF (Reinforcement Learning from Human Feedback) is a post-training method where humans rank model outputs and the model is fine-tuned to prefer the highest-ranked outputs. The reason ChatGPT was useful at launch.
- DefinitionTransformer (AI architecture)Transformer is the neural network architecture introduced in 2017 ('Attention Is All You Need', Vaswani et al.) that powers all modern large language models — GPT, Claude, Gemini, Llama. Built on self-attention, not recurrence.
- DefinitionAttention mechanismAttention is the operation in transformer models where each token computes a weighted relevance score to every other token in the sequence. The mechanism that lets a model 'pay attention to' the right parts of context.
- DefinitionLoRA (Low-Rank Adaptation)LoRA (Low-Rank Adaptation) is a parameter-efficient fine-tuning technique. Instead of training all model weights, you train small low-rank 'adapter' matrices applied to specific layers. Saves 90%+ of memory + cost vs full fine-tuning.
- DefinitionKnowledge distillationKnowledge distillation trains a small 'student' model to imitate a larger 'teacher' model's outputs. Used to ship cheap, fast versions of frontier models — DeepSeek-Distill-Qwen, Phi-4, Gemini Flash, etc.
- DefinitionEvals (AI evaluation)Evals are systematic tests of AI model quality — graded test sets that measure performance on specific tasks. Critical for picking models, validating fine-tunes, and not shipping regressions.
- DefinitionConstitutional AIConstitutional AI (CAI) is Anthropic's alignment technique that uses AI feedback against a written 'constitution' of principles instead of human feedback ranking. The training method behind Claude.
- DefinitionAI alignmentAI alignment is the technical field of building AI systems that pursue the goals their designers actually intended — not what the designers technically programmed. Includes both 'don't kill us all' research and practical 'don't lie / refuse to help / be useful' work.
- DefinitionRed-team (AI)Red-teaming is the practice of adversarially probing an AI system to find failure modes — jailbreaks, harmful outputs, bias, prompt injection vulnerabilities. Both internal at AI labs and external via bug bounties + research.
- DefinitionAgentic codingAgentic coding is when an AI agent autonomously plans, edits, runs, tests, and iterates on code with tool access — file edits, shell, search, builds. Different from autocomplete (single-line) or chat (one Q at a time).
- DefinitionContext engineeringContext engineering is designing everything an AI sees on a request — system prompt, retrieved documents (RAG), tool definitions, chat history, user message. The 2026 evolution beyond 'prompt engineering' (which focused on the user message alone).
- DefinitionInference (AI)Inference is the process of running a trained AI model to generate predictions or outputs — distinct from training (which builds the model) or fine-tuning (which adapts it).
- DefinitionPerplexity (AI metric)In AI/ML, perplexity is a measure of how 'surprised' a language model is by a piece of text. Computed as 2^cross-entropy. Lower = better — the model assigns higher probability to the actual text.
- DefinitionFunction callingFunction calling is the API pattern where you define functions (with JSON schemas), the AI model decides when to call them and with what arguments, your code executes them, and the result returns to the model. Same concept as 'tool use.'
- DefinitionStreaming (AI)AI streaming sends tokens to the user as they're generated, instead of waiting for the full response. The reason ChatGPT, Claude, and Gemini feel fast — text appears word-by-word.
- DefinitionAI safetyAI safety is the field focused on making advanced AI systems safe and beneficial — encompassing alignment (do they pursue intended goals?), interpretability (can we understand what they're doing?), governance (who decides their use?), and existential risk research.
- DefinitionVRAMVRAM (Video RAM) is the memory on your GPU. It determines which AI models you can run locally — the model + KV cache + activations all need to fit. The single most-relevant hardware spec for local AI.
- DefinitionJSON mode (AI)JSON mode is an API feature that forces a language model to return valid JSON output, conforming optionally to a schema. Used for structured data extraction, tool calls, and API responses where downstream code parses the result.
- DefinitionOpen weightsOpen weights means a model's trained parameters are publicly downloadable — you can run, fine-tune, and host the model yourself. Different from full 'open source' (which would also include training code + dataset).
- DefinitionEdge inferenceEdge inference means running AI models close to where data is generated — on the user's device, in a CDN/edge POP, or in a regional data center — rather than at a centralized cloud location.
- DefinitionDeepfakeDeepfake is AI-generated synthetic media — most often video or audio — that impersonates real people. The term combines 'deep learning' + 'fake.' By 2026, technology is widely accessible; detection + legal responses are evolving.
- DefinitionAI watermarkingAI watermarking embeds invisible signals in AI-generated content — text, images, audio, video — that can later be detected to identify the content as AI-generated. Used by Google (SynthID), OpenAI, Meta, and others.
Health
- DefinitionVO2 maxVO₂ max is the maximum oxygen your body can use during exercise, in ml/kg/min. The strongest single fitness correlate of all-cause mortality — going from 'poor' to 'average' is the biggest single health investment most adults can make.
- DefinitionZone 2 cardioZone 2 is sustained low-intensity cardio at roughly 60-70% of max heart rate or heart-rate reserve. Builds mitochondrial density and aerobic base. The cardio zone with the strongest longevity-research backing.
- DefinitionHRV (Heart rate variability)HRV (Heart Rate Variability) is the variation in milliseconds between consecutive heartbeats. Higher = better adapted, more parasympathetic tone, generally fitter.
- DefinitionGLP-1 receptor agonistGLP-1 receptor agonists are synthetic versions of the gut hormone GLP-1, taken weekly (or daily). They slow gastric emptying and reduce appetite signaling. Originally type-2 diabetes drugs; weight loss became the headline use.
- DefinitionRMR (Resting Metabolic Rate)RMR (Resting Metabolic Rate) is the calories your body burns at rest in 24 hours just to maintain basic functions — heart, brain, organs. Foundation for setting weight-loss or weight-gain calorie targets.
- DefinitionCreatineCreatine is a naturally-occurring compound stored in muscle. Supplementing 3-5g/day raises muscle creatine stores by 20-30%, improving short-burst performance + slightly increasing muscle gain. The most-studied sport supplement, with strong safety data.
- DefinitionCircadian rhythmCircadian rhythm is the body's roughly-24-hour internal clock that regulates sleep, hormones, alertness, body temperature, digestion, and more. Light (especially morning sunlight) is the dominant zeitgeber — the signal that sets the clock.
- DefinitionSleep debtSleep debt is the accumulated difference between sleep your body needs and actual sleep. Cognitive performance, mood, immune function, and metabolism all suffer roughly proportional to the debt.
- DefinitionMuscle protein synthesisMuscle protein synthesis (MPS) is the process by which muscle tissue is built from amino acids. Triggered most strongly by resistance training + a meal containing 25-40g of high-quality protein within 2 hours.
- DefinitionApoB (Apolipoprotein B)ApoB (Apolipoprotein B) measures the count of atherogenic particles in your blood — the particles that drive atherosclerosis. Better predictor of cardiovascular disease risk than LDL cholesterol.
- DefinitionCompound liftsCompound lifts are exercises that work multiple muscle groups across multiple joints simultaneously — squat, deadlift, bench press, overhead press, pull-up, row. The anchor of nearly every effective strength program.
- DefinitionMacros (macronutrients)Macros (macronutrients) are the three calorie-providing nutrient classes: protein (4 cal/g), carbohydrates (4 cal/g), fat (9 cal/g). Tracking macro split — not just total calories — improves body-composition outcomes.
- DefinitionmTORmTOR (mechanistic Target Of Rapamycin) is a cellular signaling pathway that regulates growth, metabolism, and protein synthesis. Activated by amino acids (especially leucine) and resistance training; inhibited by fasting and rapamycin.
- DefinitionRPE (Rate of Perceived Exertion)RPE (Rate of Perceived Exertion) is a 1-10 scale measuring how hard a set or session felt. RPE 10 = maximum effort, no reps left in reserve. Used to autoregulate training based on day-to-day readiness.
- DefinitionBMI limitationsBMI was designed by Adolphe Quetelet in 1832 as a population statistic, not individual diagnosis. It mis-classifies muscular athletes as overweight (muscle weighs more than fat) and uses the same thresholds globally despite ethnic-group differences in body composition.
- DefinitionWaist-to-height ratioWaist-to-height ratio (WHtR) measures abdominal fat distribution: keep your waist under half your height. WHtR ≤ 0.5 is healthy; 0.5-0.6 is concerning; over 0.6 is high-risk. Better predictor of metabolic disease than BMI in nearly every study.
- DefinitionBody fat percentageBody fat percentage measures the proportion of your weight that’s fat. Healthy ranges: men 10-20%, women 18-28%. Athletes can drop to 6-13% (men) / 14-20% (women) but going lower long-term harms health. Best measured via DEXA scan, with bioelectrical impedance scales as a cheaper but less accurate alternative.
Lifestyle
- DefinitionDeep workDeep work is professional activity performed in a state of distraction-free concentration that pushes your cognitive abilities to their limit. Cal Newport's term, popularized in his 2016 book 'Deep Work.'
- DefinitionSecond brainA 'second brain' is a digital system for capturing, organizing, and resurfacing what you read, think, and learn. Tiago Forte's term, popularized in his 2022 book + course.
- DefinitionStoicismStoicism is the ancient philosophy founded by Zeno (~300 BC), focused on virtue, controlling your responses to events (rather than the events themselves), and acceptance of what's outside your control.
- DefinitionMinimalism (lifestyle)Minimalism is the practice of intentionally owning less — fewer possessions, fewer commitments, fewer subscriptions — to make room for what matters most. Not about white walls + empty rooms; about removing what doesn't earn its place.
- DefinitionUS tipping normsStandard US tipping in 2025: 18-22% at sit-down restaurants, $1-2/drink at bars, 15-20% for taxis/rideshare, $1-2/bag for hotel porters, $2-5/night for housekeeping, 15-20% for delivery (never under $5). The historical 15% standard has crept up to 20%+ over the past decade.
- DefinitionService charge vs tipA service charge is a mandatory fee added to the bill (typically 15-20%) that goes to the restaurant or business. A tip is voluntary and intended for the server. They’re NOT the same; service-charged restaurants may or may not pass any of it to staff.
- DefinitionTipping around the worldTipping norms vary dramatically: US is the highest-tipping country (18-22% standard); Japan, Korea, China consider tipping unnecessary or even insulting; most of Europe runs 5-10% if service charge isn’t already included. International travelers should research before going.
Developer
- DefinitionSSR (Server-Side Rendering)SSR (Server-Side Rendering) is a pattern where web pages are rendered to HTML on the server (per-request) and sent fully-formed to the browser. Improves initial-load + SEO vs purely client-rendered apps.
- DefinitionHTTPSHTTPS is HTTP wrapped in a TLS-encrypted tunnel. Everything between your browser and the server — URLs, form data, cookies, response bodies — is encrypted in transit so a network observer (cafe Wi-Fi, ISP, anyone in between) can't read it or change it.
- DefinitionTLSTLS (Transport Layer Security) is the encryption protocol that wraps any TCP connection in an authenticated, encrypted tunnel. It's what makes HTTPS, secure SMTP, and most modern internet traffic private.
- DefinitionSSLSSL (Secure Sockets Layer) is the obsolete encryption protocol that became TLS in 1999. The term stuck culturally — 'SSL certificate' actually means a TLS certificate today — but every secure connection on the modern web is TLS, not SSL.
- DefinitionDNSDNS (Domain Name System) is the internet's distributed phonebook — it translates human-readable domain names like 'freetoolarena.com' into the IP addresses servers actually use. Every browser request starts with a DNS lookup.
- DefinitionCDNA CDN (Content Delivery Network) is a globally distributed network of edge servers that cache your site's static content (HTML, CSS, JS, images, fonts) close to users so each request hits a nearby PoP instead of your origin server.
- DefinitionOAuthOAuth is the open-standard protocol that lets a user grant a third-party app limited, scoped access to their account at another service — without sharing their password. 'Sign in with Google', GitHub OAuth apps, Slack-to-Notion integrations all run on OAuth 2.0.
- DefinitionJWTA JWT (JSON Web Token, pronounced 'jot') is a compact JSON token signed by an issuer. Three base64url-encoded parts joined with dots: header.payload.signature. Used for stateless auth, OIDC ID tokens, and signed messages between services.
- DefinitionAPIAn API (Application Programming Interface) is a contract that lets one program request something from another — typically over HTTP, in JSON. 'Web APIs', 'REST APIs', 'GraphQL APIs' are all flavors of the same idea: a defined surface for programmatic access.
- DefinitionDockerDocker packages an app plus its OS-level dependencies into a portable container — a lightweight, isolated process that runs the same way on every host. The image is the recipe; the container is a running instance.
- DefinitionKubernetesKubernetes (k8s) orchestrates many containers across many machines. You declare the desired state — 'run 3 replicas of this image, expose this port, restart on crash' — and the control plane keeps reality matching it.
- DefinitionCI/CDCI/CD is the automation that turns 'I pushed code' into 'it's tested, built, and deployed'. CI (continuous integration) runs tests + builds on every commit; CD (continuous delivery / deployment) ships the result to staging or production automatically.
- DefinitionCORSCORS (Cross-Origin Resource Sharing) is a browser mechanism that lets a server explicitly opt in to cross-origin requests. The same-origin policy blocks fetches across origins by default; CORS headers (Access-Control-Allow-Origin, etc.) tell the browser to make exceptions.
- DefinitionXSSXSS (Cross-Site Scripting) is a vulnerability where attacker-controlled JavaScript runs in another user's browser, in the context of your site — same domain, same cookies, same localStorage. Result: session theft, data exfiltration, or arbitrary actions taken as the user.
- DefinitionCSRFCSRF (Cross-Site Request Forgery) tricks a logged-in user's browser into making an authenticated request your server can't distinguish from a real one. The attacker doesn't need to read responses — they just need the request to fire and have side effects.
- DefinitionSSHSSH (Secure Shell) is the encrypted protocol every developer uses to log into remote servers, copy files (scp / rsync), and forward ports. Modern setups use key-pair authentication; passwords are deprecated for production.
- DefinitionRegexRegex (regular expressions) is a notation for describing patterns in text — used for searching, matching, replacing, splitting, and validating. Every language has a regex engine; the syntax mostly overlaps but has gotchas.
- DefinitionCronCron is a Unix utility (and its 5-field syntax) for scheduling recurring jobs. The syntax — `* * * * *` for minute, hour, day-of-month, month, day-of-week — has spread far beyond Linux: GitHub Actions, Vercel, Cloudflare Workers, Kubernetes CronJobs all use it.
- DefinitionWebhookA webhook is an HTTP POST your service receives whenever a specific event happens at another service. Stripe sends one when a payment succeeds; GitHub sends one when a PR opens; Slack sends one when a slash command runs. Push, not pull.
- DefinitionWebSocketA WebSocket is a persistent, bi-directional connection between a browser and a server. Unlike HTTP (request → response → close), a WebSocket stays open and either side can send messages anytime. Used for chat, collaborative editing, live dashboards, gaming, multiplayer.
- DefinitionGraphQLGraphQL is a typed query language for APIs. Clients send a query describing exactly which fields they want from related resources, the server resolves it, and the response shape matches the query. One endpoint, no over- or under-fetching.
- DefinitionRESTREST is an architectural style for HTTP APIs: each URL is a resource, HTTP verbs (GET, POST, PUT, PATCH, DELETE) operate on resources, responses are typically JSON. 'REST' colloquially means 'JSON HTTP API'; strict REST has more constraints most APIs ignore.
- DefinitionPWAA PWA (Progressive Web App) is a website that meets a small set of criteria — HTTPS, service worker, web app manifest — so browsers offer 'install this site' as an app. Once installed, it runs full-screen, gets a home-screen icon, and can work offline.
- DefinitionSPAA SPA (Single-Page Application) loads one HTML page and one JS bundle, then uses JavaScript to swap content as the user navigates — no full-page reload between routes. React, Vue, Svelte, Angular all enable SPAs by default. The pattern dominated 2014-2020.
- DefinitionSSGSSG (Static Site Generation) renders pages to plain HTML at build time. The output is a folder of static files servable from any web server or CDN. No database queries at request time, no server cost, no SSR latency.
- DefinitionJSON vs JSON5JSON (RFC 8259) is the strict standard: keys must use double quotes, no comments, no trailing commas. JSON5 is a developer-friendly superset: allows unquoted keys, single quotes, comments, and trailing commas. Use JSON for APIs and data interchange; JSON5 for config files where humans edit.
- DefinitionJSON SchemaJSON Schema is a vocabulary for describing the structure of valid JSON: required fields, types, allowed values, nested-object shape. Use it for API request validation, OpenAPI docs, and structured data validation. Modern alternatives: TypeScript types (for compile time), Zod / Yup / Valibot (for runtime validation in JS).
- DefinitionJSON syntax rulesJSON syntax: 6 value types (string, number, true, false, null, object, array). Strings use double quotes ONLY. Object keys must be quoted strings. No trailing commas, no comments, no single quotes. Common errors: missing commas, unquoted keys, trailing commas after last item.
- DefinitionRegex cheat sheetQuick regex reference. Character classes: <code>\d</code> digit, <code>\w</code> word, <code>\s</code> whitespace. Quantifiers: <code>*</code> 0+, <code>+</code> 1+, <code>?</code> 0-1, <code>{n,m}</code> range. Anchors: <code>^</code> start, <code>$</code> end, <code>\b</code> word-boundary. Groups: <code>(...)</code> capture, <code>(?:...)</code> non-capture, <code>(?<name>...)</code> named.
- DefinitionRegex flavors comparisonRegex isn’t one universal language — each engine has its own features. JavaScript ECMAScript (browser/Node): standard. Python re: similar + named groups. PCRE (PHP, Perl, Java): adds recursion + possessive quantifiers. Go RE2: linear-time guaranteed but no lookbehind / backreferences.
- DefinitionReDoS attacksReDoS (Regular Expression Denial of Service) is an attack where adversarial input causes a regex to take exponential time to evaluate, freezing the server. Caused by patterns with nested quantifiers like <code>(a+)+</code>. Defense: use linear-time engines (Go RE2), avoid nested quantifiers, or set timeouts.
- DefinitionPassword entropyPassword entropy measures randomness in bits. Formula: <code>log2(pool_size) × length</code>. 80 bits is the modern minimum for unfeasible brute-forcing; 128+ bits is best practice. Length wins over complexity: 20 lowercase letters (94 bits) beats 10-char symbol soup (66 bits).
- DefinitionPassphrase vs passwordPassphrases (4-7 random words) optimize for memorability. Random-character passwords optimize for entropy density. For master passwords or anything you must memorize: passphrase. For everything else: random characters in a password manager.
- DefinitionPassword managersA password manager generates and stores unique strong passwords for every account, encrypted with one master password you memorize. Top picks: Bitwarden (free + open-source), 1Password (paid, polished), Apple Keychain (free for Apple users). All use zero-knowledge encryption.
- DefinitionBase64 vs Base64URLStandard Base64 (RFC 4648) uses A-Z, a-z, 0-9, +, /, and = padding. Base64URL replaces + with - and / with _ for URL/filename safety. Same encoding, different alphabets. JWTs, OAuth tokens, and URL parameters use Base64URL; everything else typically uses standard.
- DefinitionData URI imagesData URIs encode binary files (images, icons) as base64 strings inside URLs: <code>data:image/png;base64,...</code>. Saves an HTTP request but inflates file size 33% and loses browser caching. Best for tiny critical-path icons (under 5KB); avoid for larger images.
- DefinitionJWT token structureA JWT is three Base64URL-encoded JSON objects separated by dots: header.payload.signature. Header declares signing algorithm; payload contains claims; signature verifies authenticity. JWTs are NOT encrypted by default — anyone can decode the payload to read it. Use JWE for encryption.