GLOSSARY

Terms we actually use.

When a post uses a technical term, this is what we mean in plain English - short and project-focused.

entries264showing264

TRENDING TERMS16 / 264

Answer Engine Optimization (AEO)Zero-Click Search Featured Snippet People Also Ask Crawl Budget Canonical URL GA4 (Google Analytics 4)GTM (Google Tag Manager)UTM parameters Attribution model Bounce rate Server-side tracking Docker CI/CD Blue-Green Deployment Horizontal Scaling

14-day right of withdrawal (Hungarian e-commerce)Websites, web apps & online shops: EU-level B2C consumer right: a buyer can withdraw within 14 days of an online (or phone / catalogue) purchase without giving a reason. The shop must refund within 14 days. Hungarian e-commerce cannot exclude this - only restrict for custom-made, perishable, or unsealed products. Missing or non-compliant disclosure extends the withdrawal period to 12 months. Shops must have a separate withdrawal flow.
3D Secure Websites, web apps & online shops: An extra cardholder auth step (PSD2 SCA) that shifts fraud liability to the issuing bank. Required at EU checkouts; done badly it adds friction and cart abandonment. We keep that step as smooth as possible.
301 redirect (URL migration)Websites, web apps & online shops: An HTTP status code meaning 'this URL has permanently moved'. During e-commerce migrations or URL changes, every old URL must redirect to the corresponding new URL via a 301. Missing or incorrect redirects can cut Google rankings 30-70% as old URLs hit 404s. Configured at the web server (.htaccess on WordPress, nginx config), at the CDN (Cloudflare Redirects), or in Next.js redirects export. Migrations typically need 500-50000 redirects in a table. The make-or-break of a migration.
Answer Engine Optimization (AEO)Websites, web apps & online shops: We shape content so AI answer engines (ChatGPT, Perplexity, Google AI overviews) cite YOU: clear claims, structure, sources, schema. The successor discipline to classic SEO in 2026.
Attribution model Websites, web apps & online shops: The rule for assigning credit across touchpoints before a conversion (last-click, first-click, data-driven). It changes which channels look "good" - so pick it deliberately.
ACID Custom software · everything else: Atomicity, Consistency, Isolation, Durability: the guarantees that keep transactions correct, so money never half-moves. Why we default to a relational DB for anything financial.
A/B testing Websites, web apps & online shops: Splitting traffic between two versions to measure which converts better. Only trust a result with enough sample size and statistical significance - most "wins" are just noise.
AI Gateway AI solutions: A proxy layer between your app and LLM providers (OpenAI, Anthropic): routing, retries, caching, rate-limits, key management, cost tracking and failover. One place to see your whole AI bill - and no lock-in to a single vendor.
Agent Memory AI solutions: How an AI agent persists state across turns and sessions: short-term (the context window), long-term (a vector store / DB of facts), and episodic. The difference between an agent that forgets and one that learns your business.
AVDH (Hungarian free e-signature)Custom software · everything else: A free government document-authentication service: after logging in via Ügyfélkapu/DÁP you can certify a PDF that is legally accepted for many official filings. A cheap stand-in for a qualified e-signature on simpler flows.
AI Agent AI solutions: An LLM-driven piece of software that can call tools (APIs, search, DB queries), keeps memory, and solves multi-step tasks. In production every iteration runs guardrails + evals.
ASO (App Store Optimization)Mobile apps · iPhone & Android: Optimising the app's store listing (title, keywords, screenshots, description, categories). As important as web SEO · just in the App Store / Play Store context.
App Tracking Transparency (ATT)Mobile apps · iPhone & Android: Apple's mandatory opt-in prompt since 2021 for any app using 3rd-party tracking. High opt-out rate (~65%) · analytics needs a redesign around first-party events.
AML (Anti-Money Laundering)Cybersecurity: Anti-money-laundering obligations. Transaction monitoring, SAR reporting, risk scoring · framed by EU's 6MLD plus member-state additions.
ASO (App Store Optimization)Mobile apps · iPhone & Android: Store-listing optimization for organic installs · keywords, screenshots, icon, description, rating. Done well adds 30-50% to organic install volume.
ARR (Annual Recurring Revenue)Websites, web apps & online shops: Annual recurring revenue · the SaaS metric. Typically calculated as 12 × MRR. In mature B2B SaaS, net retention alongside ARR growth tells the real story.
Agentic AI AI solutions: An AI system that calls tools and executes multiple steps autonomously toward a goal. Since 2025, the largest LLM application area · after classic chatbots.
AML (anti-money-laundering) for Hungarian fintech Cybersecurity: In Hungary, MNB and NAV supervise anti-money-laundering (AML) rules. Every fintech, crypto exchange, lending platform, and certain types of e-commerce must perform KYC (customer identification) on transactions over HUF 4.5M (one-off) or HUF 1M / month cumulative. Reporting to the Hungarian FIU is mandatory for suspicious transactions. Custom AML system: €5-15k. Off-the-shelf provider (Sumsub, Onfido, Ondato): €80-500/month + per-transaction fee.
Áfa (Hungarian VAT)Custom software · everything else: Hungarian VAT. Base rate is 27% - one of Europe's highest. 18% on some food, 5% on books / press / medicines. Cross-border EU B2B commerce typically uses reverse-charge VAT: the buyer (in another EU member state) accounts for it. For e-commerce: VAT depends on customer country and status (B2C: customer-country VAT, B2B: reverse-charge if buyer has an EU VAT number).
ÁSZF (Hungarian terms and conditions)Websites, web apps & online shops: Hungarian terms and conditions, mandatory for every e-commerce site and online service. Must include: who the provider is, how to order, payment methods, delivery time, 14-day right of withdrawal (B2C), complaint handling, dispute resolution. Faulty or incomplete ÁSZF can trigger NAIH fines (€8-40k). Must be updated when the process changes (new payment method, new courier). Lawyer-reviewed ÁSZF: €200-800.
Bounce rate Websites, web apps & online shops: The share of sessions with no meaningful engagement. A blunt metric; in GA4 "engagement rate" is the better lens. High bounce isn't always bad - intent matters (a quick answer can be a win).
Blue-Green Deployment Custom software · everything else: We run two identical environments: blue is live, green is the new version. Once green is verified we flip traffic to it; on trouble we flip back instantly. Zero-downtime releases with instant rollback.
Burn Rate Websites, web apps & online shops: Burn rate · how fast a company spends cash per month (net burn = spend − revenue). It divides into runway = cash ÷ net burn - the number that decides how long you have.
Bundler tree-shaking (and when it lies)Websites, web apps & online shops: A bundler (esbuild, Rollup, Webpack, Turbopack) statically drops unused exports. It works when modules are ESM, exports are unreferenced, and side-effect annotations are correct (`sideEffects: false` in package.json). It lies when you consume CJS, use dynamic `require` / `import`, or the library leans on `import './polyfill'` patterns. Most 'I expected this bundle to be smaller' moments are this · inspect with `webpack-bundle-analyzer` or `source-map-explorer`.
Behatolásteszt (Hungarian term for penetration test)Cybersecurity: A security assessment in which experts attempt to break into your system under controlled conditions, as a real attacker would. A good penetration test doesn't just list bugs - it shows how an attacker could exploit a weakness and what damage it would cause. Often mandatory for NIS2 compliance, cyber-insurance renewal, ISO 27001 / SOC 2 audits. Realistic 2026 pricing: web app €2-6k, enterprise infrastructure €5-15k.
Booking system (Hungarian context)Websites, web apps & online shops: An appointment or accommodation booking system that can be built into a website or mobile app. In Hungary it requires SimplePay or Barion payment integration, often SZÉP-card too (hospitality). Calendar integration (Google Calendar, Outlook), automatic reminder emails, cancellation flow. Simple booker €1.5-3k, hospitality / hotel-grade €5-13k.
Billingo, Számlázz.hu (Hungarian invoicing systems)Custom software · everything else: The two largest Hungarian online invoicing services. Both automatically submit invoices to NAV Online Számla (mandatory for B2B), handle Hungarian VAT rates (27% / 18% / 5%), reverse-charge for EU B2B, and Hungarian / EU / third-country buyers correctly. E-commerce and SaaS API integration: 1-2 days of development. Typical pricing: Számlázz.hu from HUF 1490/mo, Billingo from HUF 990/mo. Often better than building a custom invoicing engine for SMBs.
Backlink (incoming link) for Hungarian SEO Websites, web apps & online shops: An incoming link from another website to yours. Strongly weighted in Google's ranking: quality backlinks = higher position. Hungarian-market quality sources: HVG, 24.hu, Origo, Index, Telex, Forbes Hungary, industry blogs (Sg.hu, Bitport.hu), trade publications, Wikipedia. An average e-commerce site needs 6-12 quality backlinks over 6 months to reach mid-tier rankings. Typical strategies: guest articles (showcase your expertise), industry data publication (unique stats from your shop that media can cite), brand partnerships. Guest article on Hungarian media: HUF 50-300k per article (paid).
Crawl Budget Websites, web apps & online shops: How many pages a search engine will crawl on your site per visit. It matters for large sites: waste it on junk URLs and your important pages get crawled late.
Canonical URL Websites, web apps & online shops: The <link rel="canonical"> that tells search engines which URL is the master when duplicates or params exist. Prevents ranking signals from being diluted across near-identical pages.
CI/CD Custom software · everything else: Continuous Integration / Delivery: every commit is automatically built, tested and (optionally) deployed. This pipeline lets us ship safely many times a day, without manual mistakes.
Chargeback Websites, web apps & online shops: A customer disputes a charge and the bank claws the money back. It costs fees, and a too-high ratio gets you flagged. We lower it with clear statement descriptors and 3D Secure.
CAP Theorem Custom software · everything else: In a distributed system under a network partition you choose Consistency or Availability, not both. The trade-off behind every "eventually consistent" database.
Conversion rate Websites, web apps & online shops: The % of visitors who take the goal action (buy, sign up, book). Often a better lever than buying more traffic: double your CVR and you halve your effective CAC.
Context Engineering AI solutions: The successor to prompt engineering: deliberately curating what enters the model's context window - system prompt, retrieved docs, tools, memory. Goal is max accuracy on the fewest tokens. A model only knows what you put in front of it.
CAC (Customer Acquisition Cost)Websites, web apps & online shops: Customer acquisition cost · total sales + marketing spend ÷ new customers won. Meaningless on its own - only next to LTV. We aim for an LTV:CAC ratio of at least 3:1.
Core Web Vitals Websites, web apps & online shops: The three metrics (LCP, INP, CLS) Google uses as a ranking factor. We optimise to them on every release.
CSAT (Customer Satisfaction): A satisfaction score usually on a 1-5 or 1-10 scale. When we ship AI-backed support we measure that CSAT actually climbs after deployment.
CodePush Mobile apps · iPhone & Android: Microsoft App Center's OTA service for React Native. Deprecated after 2024 · EAS Update took over the ecosystem.
Context window AI solutions: The maximum number of tokens a model can see at once (prompt + output). In 2026 top models sit at 200k-1M; a longer window doesn't mean a better answer.
Churn (customer attrition)Websites, web apps & online shops: Monthly / annual attrition rate. Healthy B2B SaaS: <1% monthly; consumer SaaS: <5% monthly. Root-cause analysis of churn is often more valuable than new-MRR work.
CSP (Content Security Policy)Cybersecurity: Content Security Policy is an HTTP response header (or meta tag) that tells the browser which origins may serve scripts, styles, images, fonts, iframes, and which it may open connections to. A well-tuned CSP eliminates most stored-XSS and clickjacking risk, because attacker-injected inline script simply does not run. Common pitfalls: leaving 'unsafe-inline' or 'unsafe-eval' on for a CMS or legacy React, which effectively disables the protection (use nonces or hashes instead); shipping with no report-uri or report-to endpoint, so you have no idea what broke in production; adding third-party domains (Stripe, Sentry, Hotjar) and never pruning them; and misreading how Strict-Dynamic propagates trust. On a new project, ship in report-only mode first and only enforce once the report stream is quiet.
CRDT (Conflict-free Replicated Data Type)Custom software · everything else: Conflict-free Replicated Data Type. A data structure (counter, set, map, ordered text) that mathematically guarantees that if many peers edit it offline and sync in any order, the result is the same everywhere with no manual conflict resolution. Classic demo: the synced multiplayer cursor, where colleagues type in the same Figma or Notion document at the same time, characters do not overwrite each other, and cursors move live. Problem solved: last-write-wins and manual merge are weak primitives for collaborative editing, offline-first apps, and replicas running at the edge. Two schools: state-based (CvRDT, states can be merged) and operation-based (CmRDT, operations are commutative). In production: Yjs, Automerge, the Loro Rust library, plus Liveblocks and PartyKit as a service. The price: bigger payloads (operation logs) and you need garbage collection.
Chaos engineering Custom software · everything else: Planned, controlled fault injection into production or near-production to learn how the system actually behaves under stress. Not sabotage · there is a hypothesis, a blast-radius cap, an abort criterion, and a learning. Tools: Gremlin, Chaos Mesh, AWS Fault Injection Simulator. Only worth doing once you have observability (SLOs, alerts, runbooks); without it you are just breaking things in the dark.
Circuit breaker (resilience pattern)Custom software · everything else: A client-side guard around an outbound call. When the upstream errors above a threshold (say 50% of the last 30 seconds), the breaker flips 'open' and fails calls fast instead of queueing. After a window it goes 'half-open', tries a few probes, and closes if they succeed. Protects your own latency and stops you from squeezing an already-failing upstream. Libraries: Resilience4j (JVM), polly (.NET), opossum (Node).
CQRS (Command Query Responsibility Segregation)Custom software · everything else: Separate the write model (commands) from the read model (queries) · often separate schemas, stores, and code paths. Worth it when reads and writes differ wildly in volume, shape, or consistency need. Frequently paired with event sourcing (commands emit events, read models are projections). The cost is eventual consistency between the two sides · the buyer needs to be told.
CDN edge vs. origin Websites, web apps & online shops: The origin is your server, where the app runs and the data lives. The edge is a CDN-provider node near the user that serves from cache or runs edge functions. Round-trip to the edge is 5-30ms; to origin easily 80-200ms. Serve cacheable things at the edge; serve personalised things at the edge too if the cache key includes identity and the privacy story holds. 'Edge is always faster' is a myth · data locality wins, and the edge function is slow if its DB is far away.
Canary deploy Custom software · everything else: A new version is rolled out to a small slice of traffic (1%, 5%, 25%) before going to 100%. SLIs (error rate, latency, business metrics) are watched; on regression, automatic rollback. Different from blue-green where two environments swap at once · canary is gradual. Without proper telemetry it is not a canary, just a 'slightly slower deploy'. Tools: Argo Rollouts, Flagger, LaunchDarkly progressive delivery.
Cégkapu (Hungarian government business gateway)Custom software · everything else: Hungary's electronic communication gateway for businesses. Mandatory for all business entities since 2018. Used for tax-authority communication (NAV), chamber-of-commerce filings, court documents, and many other official procedures. Cégkapu signature is required for NAV Online Számla registration and technical-user creation. Software interfacing Hungarian companies with government often requires Cégkapu integration.
Cron scheduling (timed background tasks)Custom software · everything else: Running timed background tasks on a server - e.g. nightly backup at 23:00, weekly NAV report generation, hourly stock sync. Almost always needed for a Hungarian e-commerce or SaaS. Modern options: Vercel Cron Jobs (simple, expensive at scale), Cloudflare Cron Triggers (cheap), Upstash Queue (reliable), node-cron (self-hosted), Linux crontab (old-school but stable). Common Hungarian use cases: NAV invoice submission, Mailchimp list sync, GLS / Foxpost package status polling, KSH reporting.
CDN and hosting for Hungarian e-commerce Websites, web apps & online shops: Hosting is critical for Hungarian website speed. Local Hungarian hosts (Tárhely.eu, Magyar Hosting, RackForest) are often slow with no CDN. Modern alternatives: Vercel (US + EU edge, more expensive but fast), Cloudflare Pages (EU edge in Frankfurt, free tier), Hetzner (Germany, own servers + CDN). All keep data in the EU for GDPR. From Budapest, Frankfurt-edge latency is ~30ms, often faster than Hungarian local hosts. Monthly cost: HUF 5-50k (SMB), HUF 50-300k (enterprise).
Cookieless tracking Websites, web apps & online shops: Traffic analytics and conversion tracking without cookies - increasingly important for 2026. Chrome will fully disable third-party cookies by mid-2025, and Hungarian NAIH is tightening cookie banner rules. Cookieless options: Plausible (EU-hosted, cleaner GDPR), Fathom (US, EU regions), Simple Analytics (EU), self-hosted server-side GA4, first-party cookie + IP anonymisation. For Hungarian e-commerce: even cookie-banner rejecters are measurable, no cookie handling needed. Setup HUF 200-500k, ongoing HUF 5-30k/mo.
Chunking AI solutions: Splitting your documents into small, overlapping passages before they go into a vector store. Chunk size decides whether retrieval returns a precise answer or a vague paragraph - the quiet make-or-break of a RAG pipeline.
CVE Cybersecurity: Common Vulnerabilities and Exposures - the public catalogue that gives every known security flaw a unique ID (e.g. CVE-2023-27350). We check your dependencies against it on every audit so a years-old bug isn't still live in your stack.
CSRF (cross-site request forgery)Websites, web apps & online shops: An attack that makes a logged-in user's browser fire an unwanted action - a transfer, a settings change - without their knowledge. We block it with anti-CSRF tokens and SameSite cookies on every state-changing request.
Docker Custom software · everything else: We package an app with its dependencies into an image, which runs as a container - identical on your laptop and in production. "Works on my machine" stops being an excuse.
Distributed Tracing Custom software · everything else: We follow one request across every service using a trace ID (e.g. OpenTelemetry). In a microservices system this is how we pinpoint which service slowed down or failed - no guessing.
Database Sharding Custom software · everything else: Splitting one big table/DB across many machines by a shard key so it scales past one server. Powerful but adds real complexity - we avoid it until we must.
DÁP (Hungarian digital citizenship eID)Custom software · everything else: The government's mobile-based eID app that replaces the classic Ügyfélkapu from 2025: signing, authentication and login from your phone. When we build identity flows for Hungarian users, this and Ügyfélkapu+ both need support.
DevSecOps Cybersecurity: Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
Deep link Mobile apps · iPhone & Android: A URL that opens a specific screen inside a mobile app. Universal Links (iOS) + App Links (Android) + custom scheme · all three needed for full coverage.
Distillation AI solutions: Transferring a large model's knowledge into a smaller one that's faster and cheaper to run. Common pattern: GPT-4 teacher distilled into a home-run 7B student.
DORA (Digital Operational Resilience Act)Cybersecurity: EU regulation (in force since 2025) on financial entities' ICT resilience · risk management, incident reporting, third-party ICT vendor oversight, resilience testing.
DAST vs SAST Cybersecurity: SAST (Static Application Security Testing) reads source code without running it: data-flow analysis hunts for SQL injection, XSS, hardcoded secrets, weak crypto, deserialization patterns. Fast and early in CI. Weakness: it cannot see past authentication and emits a lot of false positives (Semgrep, SonarQube). DAST (Dynamic Application Security Testing) attacks the running app from outside, as a pentester would: logs in, sends payloads, watches responses. SQL error leaked? Reflected XSS? Open redirect? Those do not always show up in SAST (OWASP ZAP, Burp). Common false-positive patterns: SAST flags SQL injection on a parameterized query because the query builder looks like string concat; DAST labels a 401 as a 500 because the status header is wrong; SAST mistakes a test fixture for a hardcoded secret. A serious stack runs both, plus IAST plus SCA (dependency scan), and gates CI only on high-confidence findings.
Dead-letter queue (DLQ)Custom software · everything else: A separate queue for messages a consumer cannot process after N retries. Prevents a poison-pill from starving or draining the main pipeline. A DLQ must be monitored · stays empty and you are dropping flaky messages, fills up and there is a real bug or data corruption behind it. Supported by SQS, RabbitMQ, Kafka, only the setup differs.
DORA metrics (DevOps)Custom software · everything else: The four delivery metrics from the DORA research (note · the research, not the EU DORA regulation): deployment frequency, lead time for changes, change-failure rate, and MTTR (mean time to restore). Together they predict whether a team is elite, high, medium, or low performer. The trick: do not optimise them in isolation · push deploy frequency alone and CFR spikes. Keep all four healthy at once.
DPA and TIA (data processing and transfer impact assessment)Cybersecurity: Two mandatory GDPR documents for any business handling personal data. DPA (Data Processing Agreement): signed with every third-party vendor receiving your customers' data (Mailchimp, Stripe, SimplePay, Mailgun, GLS). TIA (Transfer Impact Assessment): mandatory if you use a non-EU (US) provider - Google Analytics, Mailchimp, many US SaaS tools. NAIH audits ask for both. Missing them = data transfer without legal basis, can trigger an immediate stop order.
Data breach notification (Hungarian NAIH 72 hours)Cybersecurity: Under GDPR, every business must report personal-data breaches (unauthorised disclosure, destruction, alteration) to NAIH within 72 hours - through Hungary's adatvedelem.hu portal. Reporting is mandatory if the risk to data subjects is high. Must include: what happened, when, which data was affected, what damage could result. Late notification = separate fine. Under NIS2, certain businesses must report cybersecurity incidents within 24 hours to NBSZ NKI. Building a custom incident-notification flow: €1.5-4k.
DPIA (Data Protection Impact Assessment)Cybersecurity: A GDPR document required for any business doing 'high-risk' data processing. Includes: AI-driven CV screening (AI Act from August 2026), biometric identification, location tracking, processing children's data, large-scale sensitive data. The DPIA covers: what you collect, why, how you protect, what risks, how you mitigate. Missing it = NAIH fine €8-40k for SMBs. A Hungarian data-protection consultant produces one for €500-1.3k, or 1-2 weeks of internal work.
ETL vs ELT Custom software · everything else: ETL transforms data before loading; ELT loads raw then transforms in the warehouse. With cheap cloud warehouses, ELT is now the common default.
E-E-A-T Websites, web apps & online shops: Google's Experience, Expertise, Authoritativeness and Trust signals. Real author bylines, credentials and citations help your content rank and get quoted by AI search.
eÁFA (NAV electronic VAT return)Custom software · everything else: NAV's platform that drafts your VAT return from Online Invoice data - via a web UI or machine-to-machine (M2M) connection. This is where integrating your invoicing and accounting systems turns into a real advantage.
Embedding AI solutions: A vector representation of text (e.g. 1536 floats). If two embeddings are close, the meanings are close. In RAG we use this to pick relevant chunks.
Eval (LLM evaluation)AI solutions: An automated test suite that runs ~50-200 'golden' questions against the model before every release and checks that quality metrics (accuracy, factuality, latency) clear the threshold.
EVM (Ethereum Virtual Machine)Blockchain & smart contracts: The shared execution environment across Ethereum and compatible chains (Arbitrum, Base, Polygon, Optimism). Writing a contract here means it runs on all of them.
Edge rendering Websites, web apps & online shops: Code runs at the CDN edge closest to the user (Cloudflare Workers, Vercel Edge). Dynamic responses with ~10-50 ms TTFB.
Expo Mobile apps · iPhone & Android: Managed React Native platform · EAS Build, OTA updates, preconfigured modules. In 2026 the default for new mobile projects, except cases needing exotic native SDKs.
EAS Build Mobile apps · iPhone & Android: Expo's cloud build service for iOS and Android binaries. No local Xcode / Android Studio required · saves 2-3 hours a day on a typical new project.
EU AI Act AI solutions: EU regulation on artificial intelligence · fully in force 2026. Risk tiers (prohibited / high / limited / minimal), mandatory documentation, audit trail.
EAS Submit Mobile apps · iPhone & Android: Expo's automated store upload via App Store Connect + Play Store Console APIs. A single `eas submit` CLI call replaces the manual upload dance.
EIP-712 (typed data signing)Blockchain & smart contracts: Ethereum standard for signing structured data · MetaMask renders it human-readably (not a hex string). Foundation of gasless meta-transactions.
ERC-4337 (account abstraction)Blockchain & smart contracts: Ethereum standard for smart-contract wallets without a consensus-layer change. UserOp mempool, bundlers, paymasters · gasless + social recovery + batched tx natively.
EDR (Endpoint Detection & Response)Cybersecurity: Endpoint protection on laptops/servers with real-time telemetry · more than antivirus. CrowdStrike, SentinelOne, Microsoft Defender lead the market.
Error budget Websites, web apps & online shops: The allowable failure budget derived from an SLO · 99.9% SLO = ~43 minutes of monthly downtime allowed. It surfaces the feature-speed vs stability trade-off.
Edge function Websites, web apps & online shops: Serverless code running on a provider's global edge network (Cloudflare Workers, Vercel Edge, Deno Deploy). Low latency, constrained runtime · ideal for auth middleware, A/B tests, redirects.
Eval harness AI solutions: An eval harness is the runnable infrastructure that, on every model bump, every prompt change, and every release, automatically runs a fixed test set, computes metrics (accuracy, factuality, refusal rate, latency, cost), stores results as a time series, and blocks release if any threshold drops. Saying we tested it usually means a developer played a few prompts through once by hand. An eval harness is the CI-wired, regression-catching, version-comparing version of that. Without one, every model bump is flying blind. A serious LLM stack today is a dataset, a runner (Promptfoo, Inspect, in-house), a scoring layer (LLM-as-judge plus deterministic asserts), and a dashboard where yesterday's run sits next to the new one.
Eventual consistency Websites, web apps & online shops: Eventual consistency means that if no new writes hit a distributed system, readers will, given enough time, all see the same value, but enough time is not the same as immediately. The CAP theorem says under a partition you must pick between strict consistency and availability, and many modern data layers (S3, DynamoDB read replicas, Redis replicas, read models behind an event bus) optimise for the latter. Practical implications for a dashboard: the user clicks save, the POST returns 200, but the next GET still shows the old value because the read replica has not replicated yet. What to do: 1) read-your-writes pattern (the client passes a version or ETag for the just-written resource, and optimistically updates local state). 2) Soft-loading state plus skeleton plus retry. 3) A single source of truth (TanStack Query, SWR) that handles stale-while-revalidate. Never build UI that assumes a backend response is instantly visible globally.
Event sourcing Custom software · everything else: State is stored as an append-only stream of events; the current model is rebuilt by replaying the stream or applying a snapshot. Audit, time-travel and debuggability come for free. The cost: read models become separate projections (often paired with CQRS), schema evolution is hard, and the 'what does this event mean' contract is expensive to change. Worth it when audit / replay is a business requirement, not a fashion.
EKÁER (Hungarian Electronic Road Cargo Tracking System)Custom software · everything else: Hungary's road cargo tracking system, operated by the tax authority (NAV). All cross-border road transport above 2.5 tonnes must be pre-registered - waybill number, goods, sender, receiver, vehicle. Unregistered shipments incur heavy fines (40% of cargo value). Should be a built-in feature of logistics and TMS software.
EU Digital Identity Wallet (eIDAS 2.0) and Hungarian e-Ügyfélkapu Custom software · everything else: The EU is rolling out the Digital Identity Wallet (EUDI Wallet) from 2026 - every EU citizen gets one for free. Official documents (ID card, driving licence, diploma) are stored digitally. On the Hungarian side, e-Ügyfélkapu (RKSZP) is the integration point. Integration is not mandatory for e-commerce, but if you offer financial services or age verification, it's faster and cheaper than SMS-based identity checks. Integration cost: €2.5-8k.
EU Digital Product Passport (DPP)Blockchain & smart contracts: From 2026-2027, the EU requires Digital Product Passports for certain product categories: batteries (first), textiles, electronics, construction materials, furniture. Each product instance has a unique identifier (QR code or NFC) linking to online data: material composition, manufacturing location, carbon footprint, repair manual, recycling info. For Hungarian SMBs: if you manufacture or import into the EU, you're in scope. Implementation via blockchain (most secure) or centralised DB. Enterprise product implementation: €8-22k.
E-mail marketing for Hungarian market Websites, web apps & online shops: Newsletter and automation systems. Hungarian market: Mailchimp most popular (from HUF 1990/mo), Brevo (formerly Sendinblue, EU-hosted - cleaner GDPR), ActiveCampaign for enterprise. For Hungarian e-commerce: double opt-in (NAIH expects it), Hungarian-language unsubscribe link, EU-hosted subscriber list. US-hosted (Mailchimp) requires a Transfer Impact Assessment in the privacy notice. Typical: well-configured email drives 10-20% of e-commerce traffic.
ERC-20 Blockchain & smart contracts: The Ethereum standard every fungible token follows - the shared interface that lets wallets, exchanges and contracts handle any token the same way. If you're launching a coin, points or a currency, ERC-20 is the baseline.
ERC-721 Blockchain & smart contracts: The Ethereum standard for non-fungible tokens - each one unique and individually owned, unlike ERC-20's interchangeable units. It's what tickets, certificates, collectibles and proof-of-ownership NFTs are built on.
Featured Snippet Websites, web apps & online shops: The boxed answer Google lifts to the top ("position zero"). Win it with a crisp, directly-phrased answer placed right under a question heading.
Fine-tuning AI solutions: Further training an existing LLM on your own data (e.g. LoRA). Rarely the first move · RAG + prompt engineering usually gives more for less cost.
Fuzz test Blockchain & smart contracts: Running millions of pseudo-random inputs through a function to find a combination that breaks it. Echidna or Foundry fuzz campaigns.
Foundry Blockchain & smart contracts: A Rust-based Solidity toolchain (`forge`, `cast`, `anvil`). Faster with better invariant-test support than Hardhat. We run it on every DField audit project.
Fine-tuning AI solutions: Further training of a pre-trained model on a smaller, domain-specific dataset. In 2026 RAG wins most cases · fine-tuning is only worth it for style, format, or latency gains.
Feature flag Websites, web apps & online shops: A runtime switch on a code path. Gradual rollout, kill-switch, A/B tests, percent releases · all built on the same primitive. LaunchDarkly / GrowthBook are the typical providers.
Firmware Custom software · everything else: Low-level software that controls a hardware device · microcontroller, router, IoT sensor. Typical languages are C, Rust, MicroPython; OTA-updateability and signing are the critical parts.
Foxpost, MPL, GLS (Hungarian couriers)Websites, web apps & online shops: The three largest courier partners for Hungarian e-commerce. MPL (Hungarian Post Logistic): nationwide coverage, post-office pickup. GLS: most popular for home delivery, fast. Foxpost: parcel-locker network, Hungarian-market optimised, cheaper. DPD is also active but with smaller market share. A web shop must integrate at least 2 couriers - customers expect choice. API integration is custom per courier, not an EU-standard.
Forditott ÁFA (Hungarian reverse-charge VAT)Custom software · everything else: EU intra-community B2B VAT rule. The seller does NOT charge VAT - the buyer (a B2B customer in another EU member state) self-accounts for it in their own country. Works for e-commerce when the buyer provides a valid EU VAT number (verified in VIES). Mandatory invoice text: 'Reverse charge'. If the shop doesn't verify the VAT number, the buyer can demand a refund of the 27% VAT - risky. Typical invoicing systems (Számlázz.hu, Billingo, NAV-compatible) handle this automatically.
Few-shot prompting AI solutions: Showing an LLM a handful of worked examples inside the prompt so it copies the pattern - no fine-tuning needed. The cheapest way to lift output quality, and usually the first thing we try before reaching for a trained model.
GA4 (Google Analytics 4)Websites, web apps & online shops: The event-based analytics that replaced Universal Analytics. New model (events, not pageviews); needs consent mode in the EU. We wire it up via GTM so tracking and consent live in one place.
GTM (Google Tag Manager)Websites, web apps & online shops: A container that lets you deploy and version analytics and marketing tags without code changes. It's where we centralize tracking and consent gating, so dev work never becomes the bottleneck.
Graph RAG AI solutions: A RAG variant that retrieves over a knowledge graph (entities + relationships) instead of flat text chunks. Lets the model answer multi-hop questions ("how is X connected to Y?") that pure vector search misses.
GraphQL vs REST Custom software · everything else: We reach for GraphQL when many clients need the same data in different shapes and over-fetching hurts. We pick REST when we want a simple, cacheable API - which covers most cases just fine.
gRPC Custom software · everything else: High-performance RPC over HTTP/2 with protobuf. It's our default for internal service-to-service calls and streaming. It's awkward from the browser (needs grpc-web), so we keep REST or GraphQL at the client edge.
Guardrail AI solutions: An input- or output-layer that filters the model's prompt/response (PII scrubbers, prompt-injection detectors, JSON-schema validation, topic blocks). Not before/after the model · around it.
Google Business Profile (Hungarian local SEO)Websites, web apps & online shops: Google's free service that lists a Hungarian business on Google Maps, in local searches (Local Pack), and in the Knowledge Panel. Business name, address, hours, photos, reviews, services - all edited here. On the Hungarian market, this is the foundation of local search ('hotel [Budapest]', 'restaurant [Debrecen]'). Even pure e-commerce should register (Google uses the data for the Knowledge Panel). Setup 1-2 hours, verification (Google sends a postcard with a code) 2 weeks.
Google Ads and Meta Ads for the Hungarian market Websites, web apps & online shops: The two main paid ad platforms for Hungarian e-commerce and SaaS. Google Ads: search ads ('webshop fejlesztés Budapest'), display, YouTube, Performance Max. Hungarian keywords typically cost HUF 50-300 / click, 5-10x cheaper than Western markets. Meta Ads: Facebook + Instagram. Hungarian targeting: 25-55, Hungarian language, city-based geo. Hungarian conversion rate: 1-3% e-commerce, 0.5-2% SaaS. Typical Hungarian ad budget: HUF 200-800k / month for SMB.
Google Search Console (GSC)Websites, web apps & online shops: Google's free tool that lets a Hungarian e-commerce owner see exactly: which keywords showed how often in Google search, in what position, how many clicks they got. Sitemap submission, indexing errors, mobile usability, Core Web Vitals reports. Setup 30 minutes (DNS record or HTML file). The #1 SEO tool for a Hungarian shop - mandatory weekly check. Hungarian Google uses this data for ranking, and the feedback shapes the strategy.
Gas Blockchain & smart contracts: The fee a blockchain charges to run a transaction or contract call, paid in the chain's native token. Sloppy contract code burns gas on every call; we optimise storage layout and loops so your users pay less for the same action.
Horizontal Scaling Custom software · everything else: We add more machines/instances (scale out) instead of one bigger box (vertical, scale up). For stateless services this wins: cheaper, more elastic, no ceiling. State goes to a separate store.
HIPA (Hungarian local business tax)Custom software · everything else: A local tax paid to the municipality, capped at 2% of the net revenue base. Small businesses can opt for a simplified flat-rate band (a fixed amount by revenue tier). Every Hungarian company must budget for it - it belongs in your e-commerce margin maths too.
Hydration (React)Websites, web apps & online shops: Attaching client-side JS logic to already-rendered HTML. Can be expensive; we reduce it via RSC by hydrating only interactive islands.
Hydration Websites, web apps & online shops: The process where client JS takes over server-rendered HTML + makes it interactive. In Next.js 15/16 with RSC, only strictly interactive parts hydrate · significant INP win.
HSM (Hardware Security Module)Custom software · everything else: Specialised key-storage hardware · the private key never leaves the HSM, every cryptographic operation runs inside it. Foundation of banking and fintech integrations.
Headless commerce Websites, web apps & online shops: In headless commerce, cart, catalog, checkout, pricing, inventory, and order orchestration run on a commerce backend (Shopify, commercetools, Saleor, Medusa, BigCommerce) and you talk to it only through APIs. The frontend (Next.js, mobile app, kiosk, voice) can be anything and is no longer married to the webshop's template engine. What is headless: the storefront is decoupled from the backend. What is not headless: a Shopify Liquid theme store, even with a new design. It pays off when you need multiple channels (web plus mobile plus marketplace plus POS), when marketing wants to ship A/B landing pages daily without engineering (paired with a CMS), or when speed is the value prop (Core Web Vitals, Edge SSR). For a simple 200-SKU D2C webshop, classic Shopify is cheaper, faster, and converts no worse.
Hreflang (multilingual SEO tag)Websites, web apps & online shops: An HTML tag that tells Google 'this is the Hungarian version, that is the English version' of the same page. Both versions can rank, but Google serves the right one to the right visitor. Mandatory for Hungarian e-commerce sites with English content - without it Google sees duplicate content and demotes both. Configured via `<link rel="alternate" hreflang="hu" href="...">` tags in `<head>` or in the XML sitemap. Misconfiguration can cut Google traffic 30-70%.
Hungarian e-commerce platforms · Shoprenter, UNAS, ProShop Websites, web apps & online shops: The three largest Hungarian-market e-commerce platforms. Shoprenter: market leader, HUF 5-50k/mo, NAV integration built in. UNAS: Hungarian developer, HUF 5-30k/mo, good for B2C. ProShop: enterprise scale, HUF 30-150k/mo. All three are Shopify-style turnkey platforms with fast launch. Downsides: Hungary-locked (need to migrate for international growth), limited customisation, vendor lock-in. Good for fast launch, but worth migrating to custom at HUF 50M+ annual revenue.
Hungarian-language prompt engineering AI solutions: Instructing AI models (ChatGPT, Claude, Gemini, Mistral) in Hungarian is different from English. Hungarian linguistic specifics affect output: longer sentences, more suffixes, Hungarian terminology, local context. When building Hungarian AI systems: prompts must be tested in Hungarian on a Hungarian test set. Common errors: model returns English instead of Hungarian if not flagged, Hungarian quotation marks (»...«, „...”) get mixed, Hungarian data formats (date, phone) sometimes wrong. A 50-200 Hungarian Q&A test set is mandatory - we build them for HUF 200-500k.
Hallucination (AI)AI solutions: When an LLM states something false with full confidence - a citation that doesn't exist, a fact it invented. We cut it with retrieval grounding, citations, and refuse-to-answer guardrails; ~95% is avoidable.
Invariant test Blockchain & smart contracts: A test that verifies a universal rule ('sum of user balances always equals total supply'). Feeds the contract random transaction sequences; the rule must hold in every state.
ISO 27001 Cybersecurity: International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.
ISR (Incremental Static Regeneration)Websites, web apps & online shops: SSG + timed regeneration: the HTML is static but regenerates on a schedule. Ideal for blog content · freshness with CDN speed.
IoT OTA update Custom software · everything else: Over-The-Air firmware update for IoT devices · signed image, staged rollout, rollback switch, telemetry. Lets you update a deployed fleet without physical access.
Idempotency key Websites, web apps & online shops: An idempotency key is a client-generated unique identifier (usually a UUID) sent in a request header (Idempotency-Key) on every state-changing POST, PUT, or DELETE. Payment APIs (Stripe, Adyen, SimplePay, PayPal) use it to guarantee that if the same key arrives twice (because the network dropped, the client retried, the load balancer retried), the operation runs exactly once and the second response is the cached first response. Without it, a client retrying after a 30-second timeout charges the customer 100 thousand forints twice. Retry logic must not exist without an idempotency key on the payment, order placement, email send, and webhook delivery layers. Worth doing on your own API too: put a Postgres unique index on the key, and de-duplicate either at the call boundary or on the event queue.
INP (Interaction to Next Paint)Websites, web apps & online shops: The Core Web Vitals responsiveness metric. Measures the 75th-percentile latency of all user interactions on a page (click, tap, key) from input to the next paint. Replaced FID in March 2024. Goal: under 200ms at p75. Killers: long main-thread tasks, oversized event handlers, hydration battles, non-yielding React renders. Track via PerformanceObserver on `event` entries or the web-vitals lib in RUM; lab tools (Lighthouse) only approximate.
Jailbreak (in AI context)Cybersecurity: Bypassing an LLM's safety guardrails via role-play, multi-step manipulation, or low-resource languages. Public lists now carry 2000+ known patterns.
JIT auth (just-in-time provisioning)Cybersecurity: Just-in-time provisioning means a user's account inside your app is created the first time they sign in via SSO (Okta, Entra, Google Workspace), not pre-synced. Based on attributes the identity provider includes in the SAML or OIDC token (email, name, group, role), the backend creates or updates a user row on the fly. Simple, fast to ship, fine for small and mid-size teams. SCIM (System for Cross-domain Identity Management) is the opposite: the IdP pushes every create, update, and delete to a SCIM endpoint on your side, so deprovisioning is instant too. With JIT alone, a leaver's account stays in your app until something cleans it up, which is an audit and compliance risk. Rule of thumb: a B2B SaaS chasing SOC 2 or ISO 27001, above 50 seats, needs SCIM. Below that, JIT plus a weekly revoke job is often enough.
JWT (JSON Web Token)Websites, web apps & online shops: A signed, self-contained token that carries a user's identity between browser and server without a database lookup on every request. Fast - but only safe if it's short-lived and verified properly, which is where most builds slip.
Keyword cannibalization Websites, web apps & online shops: Two of your own pages competing for the same query, splitting signal so neither ranks well. Fix it by consolidating the pages or differentiating their intent.
KIVA (Hungarian small-business tax)Custom software · everything else: An optional 10% tax regime replacing the social contribution tax and corporate tax. It pays off when payroll is high relative to profit - for wage-heavy companies (like a software studio) it's often a meaningful saving.
KYC (Know Your Customer)Cybersecurity: Customer-identification flow: document + selfie + liveness + sanctions screen. Mandatory for every EU fintech; in Hungary it's audited by MNB.
Kubernetes (K8s)Websites, web apps & online shops: Container orchestrator · manages pods, services, ingress across a cluster. Default at scale-up size, usually overkill at startup · in 2026 Fly.io / Railway / Vercel ship faster.
KRÉTA, e-Napló, e-Ügyfélkapu (Hungarian government systems)Custom software · everything else: Three key Hungarian government systems often requiring integration. KRÉTA: the school information system (grades, attendance, curriculum). e-Napló: the electronic class-register service for schools. e-Ügyfélkapu: the citizen authentication platform used for government services. All three require custom integration - there is no published REST API.
KKV (Hungarian SMB definition)Custom software · everything else: Hungarian SMB classification. A company qualifies as KKV if it has fewer than 250 employees AND either annual revenue under €50M or total assets under €43M. This category determines eligibility for state aid, EU grants, and reduced tax rates. The Hungarian development market mostly serves KKVs - versus multinationals which run their own in-house IT teams.
KSH (Hungarian Central Statistical Office)Custom software · everything else: Hungary's central statistical office. Companies above defined sizes must report monthly / quarterly / annually (employment, revenue, investment, energy use). Many ERP and HR systems need built-in KSH reporting because manual filing is time-consuming. Reports are deadline-based with fines for missing them. Industry codes (TEÁOR) are also issued by KSH.
KATA (Hungarian flat-tax for small businesses)Custom software · everything else: Hungarian simplified flat-tax for individual entrepreneurs. Tightened since 2022: HUF 50k / month, capped at HUF 18M annual revenue, AND can only invoice individuals (not companies). If you invoice companies, you need standard taxation. Many web-shop owners / developers / designers have switched to the átalányadó (flat-rate) form or to Kft. (Ltd). When building e-commerce, KATA status must be reflected in invoicing logic - a KATA entrepreneur cannot issue a B2B invoice.
Load Balancer Custom software · everything else: Distributes incoming traffic across multiple instances - the front door that gives you redundancy and smooth scaling. Health checks remove dead instances, so one failure stays invisible to users.
LTV (Customer Lifetime Value)Websites, web apps & online shops: Customer lifetime value · the gross profit you expect from a customer over their lifetime. It sets how much you can afford to acquire one - always read it next to CAC.
LLM (Large Language Model)AI solutions: A neural model with billions of parameters (GPT-4, Claude, Mistral) that generates text. In production we never use one bare · always wrapped in retrieval and guardrails.
L2 (Layer 2)Blockchain & smart contracts: A secondary network (Arbitrum, Base, Optimism, zkSync) settling on Ethereum (L1) but much faster and cheaper. Rollups bring 10-100× lower gas.
LCP (Largest Contentful Paint)Websites, web apps & online shops: Time until the largest visible element paints. Google Core Web Vitals passes under 2.5s · we usually land marketing pages under 1s.
LoRA (Low-Rank Adaptation)AI solutions: Efficient fine-tuning technique · model weights stay mostly untouched, only small rank-adapter matrices are trained. 10-100× less memory, 2-5× faster training.
Lock-free queue Custom software · everything else: A concurrent queue that coordinates via atomic operations (CAS, fetch-and-add) instead of locks. Guarantees system progress · at least one thread always moves forward, even if others stall. Common implementations: Michael-Scott queue, MPMC ring buffer (LMAX Disruptor, crossbeam, moodycamel). Not always 'faster' · CAS loops also suffer under contention. Worth it for low-latency, predictable-tail systems where kernel-thread parking is unacceptable.
LCP, CLS, INP - Core Web Vitals explained Websites, web apps & online shops: Google's three main performance metrics weighted heavily in Search ranking. LCP (Largest Contentful Paint): time for the largest image / text block to render - target under 2.5s on mobile. CLS (Cumulative Layout Shift): how much content moves during load - target under 0.1. INP (Interaction to Next Paint): from click to visible response - target under 200ms. Hungarian e-commerce ranking depends on these post-2024. Measured by PageSpeed Insights, Lighthouse, Chrome User Experience Report (CrUX). 90+ on all three.
Lighthouse (Chrome performance audit)Websites, web apps & online shops: Google's free tool that scores a website's performance, accessibility, SEO, and Progressive Web App readiness from 0-100. Built into Chrome DevTools (F12 → Lighthouse tab), CLI, or PageSpeed Insights. For Hungarian e-commerce: 90+ mobile performance score is required for Google ranking. Lighthouse uses Lab data (synthetic), not real users. Google ranks using CrUX (Chrome User Experience Report) Field data - Lighthouse is guidance.
Load testing (terhelés-teszt)Cybersecurity: Measuring how a web shop or SaaS system behaves under simulated heavy load. Critical before Black Friday or Christmas for e-commerce, before summer peak for hospitality, before school start for education platforms. Tools: k6 (modern, free), Apache JMeter (legacy but powerful), Artillery, Locust. Measures: max concurrent users, response time under load, when errors start. Typical Hungarian e-commerce load test: HUF 200-600k, 1-2 weeks. Catches many problems before launch.
Model Routing AI solutions: Send each request to the cheapest model that can handle it: a small model for easy queries, a frontier model for hard ones - often decided by a classifier. Cuts inference cost dramatically, frequently 5-10× on real traffic.
Monorepo Custom software · everything else: One repo holding many packages/apps with shared tooling. It helps when you want shared types and atomic cross-cutting changes. It hurts once CI doesn't scale. We use Turborepo or Nx to keep it sane.
Microservices vs Monolith Custom software · everything else: A monolith is simpler, faster to ship, and fine for most teams. Microservices give independent scaling and deploys but carry heavy ops cost. We start with a monolith and split only when a real boundary or scale forces it.
Message Queue Custom software · everything else: An async broker (e.g. SQS, RabbitMQ, Redis streams) that decouples producers from consumers. It smooths traffic spikes and enables retries and backpressure. For us it's the backbone of reliable background work.
MRR (Monthly Recurring Revenue)Websites, web apps & online shops: Monthly recurring revenue · the heartbeat of a subscription business; ARR = 12 × MRR. Track new, expansion and churned MRR separately to see what is really moving the number.
MEV (Maximal Extractable Value)Blockchain & smart contracts: The value a block-producer can extract by inserting, reordering, or excluding transactions. We factor MEV-resistance into every contract we design.
MFA (Multi-factor auth)Cybersecurity: Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today · enterprise procurement disqualifies you without it.
Multi-tenant SaaS Websites, web apps & online shops: One deployment, many customers (tenants). Data isolation is either row-level (Postgres RLS) or schema-per-tenant. RLS scales to 10k+ tenants; above that, schema.
MNB (Hungarian National Bank)Cybersecurity: Hungarian financial supervisor. Every Hungary-based fintech needs MNB authorisation and ongoing supervision · they audit KYC, AML, and operational risk.
MCP (Model Context Protocol)AI solutions: Anthropic-proposed open standard for how context is passed to AI agents. As of 2025, effectively every LLM ecosystem uses it for tool connectivity.
MVP (Minimum Viable Product)Websites, web apps & online shops: The smallest version of a product someone pays to use. The term has lost meaning · usually over-scoped, ships two months late. A real MVP ships in 4 weeks.
Modbus Custom software · everything else: One of the oldest industrial protocols (since 1979) · PLCs, sensors, power meters communicate over it. TCP and RTU (serial) variants exist.
MiCA (EU Markets in Crypto-Assets Regulation)Blockchain & smart contracts: The EU's crypto-asset regulation, adopted 2024 and fully effective 2025-2026. Supervised by MNB in Hungary. Covers: crypto exchanges, wallets, stablecoin issuers, certain NFT platforms, crypto payment providers. Requires authorisation or notification; mandatory KYC, financial supervision, consumer protection. For Hungarian SMBs: if you accept crypto payments or offer a crypto product to the Hungarian market, you're in scope.
Multimodal AI AI solutions: A model that handles more than text - images, audio, PDFs, screenshots - in the same prompt. It's what lets an AI read a scanned invoice, describe a photo, or pull data out of a chart instead of needing everything typed.
N+1 Query Custom software · everything else: The classic performance bug: 1 query for a list + N more (one per row). Fix with eager loading / a join. The first thing we look for in a slow endpoint.
NIS2 directive Cybersecurity: EU cybersecurity directive (in force 2024-10-17) imposing concrete obligations on 'important' and 'essential' organisations · 24-hour incident reporting, supply-chain risk, MFA.
NIS2 directive Cybersecurity: EU cybersecurity directive · in force since 2024. Mandatory risk management, incident reporting, and director liability for mid + large enterprises. Transposed in Hungary via the Kibertan Act.
NAV Online Számla (Hungarian e-invoice system)Custom software · everything else: The Hungarian tax authority's (NAV) electronic invoicing system. Every B2B invoice issued in Hungary must be submitted within 4 days in XML format (v3 schema). Integration is mandatory for e-commerce, ERP and invoicing systems - the 'track in Excel' approach has not been compliant since 2024. Simple integration €2-4k, enterprise €8-15k.
NAIH (Hungarian Data Protection Authority)Cybersecurity: The Hungarian data protection authority, enforcing GDPR and Hungarian data law. Increasingly strict e-commerce audits since 2024. Typical first fine: €8-40k, repeat violations up to 4% of annual revenue. Most common findings: deficient cookie banner (only 'Accept' button), English-only privacy policy, Google Analytics without proper data-transfer agreement.
Open Banking Websites, web apps & online shops: Bank APIs (PSD2 in the EU) that let apps initiate payments or read accounts with user consent. Account-to-account payments that skip card fees. We wire it into your checkout.
OLTP vs OLAP Custom software · everything else: OLTP = many small transactions (your app DB); OLAP = big analytical scans (reporting/BI). Mixing them on one DB kills performance; separate them.
Online / software cash register (NAV)Custom software · everything else: A cash register that reports to the Hungarian tax authority (NAV) in real time. From 2025 a software-based e-cash-register rolls out, runnable from a mobile app or POS system - plan for it when wiring a webshop to a physical till.
OWASP Top 10 Cybersecurity: The list of the 10 most critical security risks for web apps, updated yearly. Every DField web pentest starts with this list.
Offline-first Mobile apps · iPhone & Android: A design philosophy: the app's core functions work without a network and sync when online. Conflict resolution is mandatory, not optional.
OTA update (Over-The-Air)Mobile apps · iPhone & Android: Live JavaScript-bundle update without an App Store / Play Store review. Good for bug fixes, copy changes, feature flags · not for native changes.
Observability Websites, web apps & online shops: Three pillars: logs, metrics, traces. Monitoring tells you something broke; observability tells you why. OpenTelemetry in 2026 is the vendor-neutral default.
OPC-UA Custom software · everything else: Industrial communication protocol (IEC 62541) between PLCs, SCADA systems, and higher-level IT. The 2026 standard for manufacturing IT/OT integration.
Observability vs monitoring Websites, web apps & online shops: Monitoring answers pre-defined questions: is the server alive, is CPU above 80, is checkout p95 latency under 500 ms. It alerts when a known metric leaves its band. Observability is the inverse: it collects rich data layers (three pillars · metrics, logs, traces, plus events and profiles) that let you answer questions you had not thought to ask, after the fact, without redeploying. So: monitoring tells you something is wrong, observability tells you why this specific checkout failure had 7 hops in its trace and stalled at this downstream service. Translation in practice: Prometheus plus Grafana is monitoring, OpenTelemetry plus Tempo plus Loki plus Jaeger is observability. In 2026 OTel is the vendor-neutral default; commercial backends (Datadog, Honeycomb, New Relic) sit on top of it.
OAuth Websites, web apps & online shops: The standard that lets a user grant an app limited access to their account elsewhere - "Sign in with Google" - without handing over a password. We wire it correctly: short-lived tokens, scoped permissions, no secret in the browser.
Oracle (blockchain)Blockchain & smart contracts: A service that feeds real-world data - a price, a match result, the weather - into a smart contract, which otherwise can't see outside its own chain. A bad oracle is a classic exploit vector, so we treat its trust model as part of the audit.
People Also Ask Websites, web apps & online shops: Google's expanding box of related questions. Each one is a content opportunity: answer them explicitly to capture the box and the long-tail traffic.
PCI DSS Websites, web apps & online shops: The card-data security standard. For most merchants the cheapest path is to never touch raw card data: let Stripe / hosted fields handle it, so you stay in the lightest SAQ scope. That's how we build it.
Payment Tokenization Websites, web apps & online shops: We replace the card number with a meaningless token, so you can charge again (subscriptions) without storing the real PAN. It keeps you out of PCI scope while we handle the tokens.
Payback Period Websites, web apps & online shops: Payback period · the months it takes a customer's gross profit to repay their CAC. Under 12 months is healthy for SaaS; long payback means you fund growth out of pocket.
Penetration test (pentest)Cybersecurity: Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
Push notification Mobile apps · iPhone & Android: APNs (iOS) / FCM (Android) message to a mobile app even when closed. One API via Expo Notifications · 30 lines of code per platform.
PSD2 (Revised Payment Services Directive)Cybersecurity: EU payment services directive. Forces banks to expose open APIs and requires strong customer authentication (SCA) on every payment. The backbone of open banking.
Prompt injection Cybersecurity: Attack where user input overrides the LLM system prompt. Five categories: direct, indirect, RAG-poisoning, tool-abuse, exfiltration. OWASP LLM Top-1.
Paymaster Blockchain & smart contracts: ERC-4337 contract that pays gas for UserOps. The foundation of gasless UX · the paymaster collects the fee from the user in ERC-20 or off-chain.
PWA (Progressive Web App)Websites, web apps & online shops: A web app that's installable, works offline, and receives push notifications · Service Worker + Web App Manifest. Store-less distribution.
PLG (Product-Led Growth)Websites, web apps & online shops: Growth strategy where the product sells itself (free tier / trial / viral loop). Works if the product delivers value in 10 minutes alone. Dominant B2B SaaS model by 2026.
Prompt caching AI solutions: Major model providers (Anthropic, OpenAI, Google) let you mark the rarely-changing front of the prompt (system prompt, document context, tool definitions) as cacheable on their side. A follow-up call within roughly 5 minutes that reuses the same prefix can cut input-token cost by up to 90 percent and roughly halve time-to-first-token. It pays off when the prefix is at least a few thousand tokens and many calls share it, for example a support bot, a RAG pipeline, or a code-review agent. It does not pay off when the prompt is unique per call (user-level personalisation injected into the middle of the prefix) or when context is only a few hundred tokens. Architect the prompt so the stable bulk is at the front and the volatile user turn at the back.
POS-integration with Hungarian compliant cash register Custom software · everything else: In Hungary, cash registers (online POS) report every sale to NAV. Mandatory for retail and hospitality. Web shops don't need a cash register - they use NAV Online Számla instead. But if you have both a physical shop and an e-commerce site, the two systems must connect so web orders aren't double-reported. POS software integration (RBR Cassa, NewWave, Pencil): separate work, €500-1.3k. Hospitality usually combines POS + e-commerce + booking system.
Phishing Cybersecurity: An attack that tricks a person into handing over a password or clicking a malicious link, usually through a fake but convincing email. Still the #1 way breaches start - which is why we run staged phishing simulations, not just lectures.
Quantization AI solutions: Reducing the bit-width of model weights (e.g. from 16 to 4). 4-8× smaller memory footprint, 2-3× faster inference, ~1-2% quality loss.
Recurring Billing Websites, web apps & online shops: Automated subscription charging: proration, retries (dunning), failed-card recovery. The unglamorous logic that decides how much revenue you actually keep. We build exactly that.
RAG (Retrieval-Augmented Generation)AI solutions: An AI architecture where the model retrieves relevant documents from your own data before answering, and only reasons over that context. Kills ~80% of hallucinations.
RSC (React Server Components)Websites, web apps & online shops: React components that run exclusively on the server and never ship to the browser. Result: less client-side JS and faster hydration.
RLS (Row-Level Security)Websites, web apps & online shops: A Postgres feature that filters rows based on the query context. For multi-tenant SaaS: every SELECT automatically gets a tenant filter appended.
React Native Mobile apps · iPhone & Android: Meta's framework for building native iOS + Android apps from React-like code, one codebase. Mature since 2020, though ~15-25% is still platform-specific code.
React Native Fabric Mobile apps · iPhone & Android: React Native's new renderer architecture (since 2023). Synchronous JS↔UI communication · scroll and animation feel much steadier than the legacy bridge.
Rate limiting (token bucket / leaky bucket)Custom software · everything else: Caps how many calls a client / key / IP can make in a time window. Two main algorithms: token bucket refills at a fixed rate and each request spends a token · allows bursts up to capacity. Leaky bucket releases at a fixed rate and drops or queues overflow · smoother, less burst-friendly. In production you implement it on Redis (`INCR` + `EXPIRE` or Lua) or at the edge (Cloudflare, Vercel). Always include a `Retry-After` header on a 429.
Reranker AI solutions: A second model that re-scores the documents a vector search returned, pushing the truly relevant ones to the top. Cheap to add, and often the single biggest quality jump in a RAG pipeline.
Reentrancy Blockchain & smart contracts: A smart-contract bug where an external call lets an attacker re-enter your function before its state updates - the flaw behind the 2016 DAO hack. We catch it with checks-effects-interactions and reentrancy guards on every audit.
Red team Cybersecurity: The offensive side of a security test - engineers who attack your system the way a real adversary would. Pair it with a blue team (defenders) and you get a purple-team audit: attack and fix in one engagement, which is how we run it.
RLHF AI solutions: Reinforcement Learning from Human Feedback - the training step that taught raw LLMs to be helpful and follow instructions, by having humans rank competing answers. It's why a modern chat model feels aligned, not just fluent.
Server-side tracking Websites, web apps & online shops: Sending analytics events from your server (not just the browser): more accuracy, resilience to ad-blockers and tighter EU privacy control. More setup up front, but cleaner data in return.
Sales funnel Websites, web apps & online shops: The stages from awareness → consideration → decision → purchase. You optimize the leakiest stage, not your favourite one - that's where you lose the most buyers.
SERP Websites, web apps & online shops: The search engine results page. In 2026 it's not ten blue links: AI overviews, featured snippets and "people also ask" eat clicks, so structured, quotable content wins.
Synthetic Data AI solutions: Model-generated training and eval data for when real data is scarce, sensitive (GDPR), or imbalanced. Useful, but you must check quality and diversity - otherwise you bake the model's own blind spots into your system.
Saga Pattern Custom software · everything else: Managing a transaction across multiple services without a distributed lock: a sequence of local steps, each with a compensating undo. It's how we keep data consistent across microservices when something fails halfway.
Smart contract Blockchain & smart contracts: Code running on a blockchain (Solidity, Rust) that auto-executes an agreement. A single bug can cost nine figures · why we audit, fuzz, and threat-model before deploy.
Solidity Blockchain & smart contracts: The primary language for EVM-compatible blockchains (Ethereum, Arbitrum, Base). Pascal-like syntax, low-level memory handling, TS-compatible toolchain (Foundry, Hardhat).
SOC 2 Cybersecurity: A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6-12 months of observation) is the standard enterprise baseline.
SSR (Server-Side Rendering)Websites, web apps & online shops: HTML rendered by the server per-request, fresh for every user. Ideal for dynamic content (dashboards), but slower than SSG.
SSG (Static Site Generation)Websites, web apps & online shops: Pages are produced at build time as HTML and served from a CDN. Near-zero TTFB. DField's own site runs this way across 111+ pages.
SimplePay (OTP)Websites, web apps & online shops: The dominant card-acquiring gateway in Hungary, owned by OTP Bank. HUF-first with BankKártya support · default choice for any Hungarian webshop.
SCA (Strong Customer Authentication)Cybersecurity: PSD2 requirement: two-of-three factors (something you know / have / are) on every online payment. 3DS 2.x is the standard implementation.
STRIDE (threat model)Cybersecurity: Microsoft threat taxonomy: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. The spine of any threat model.
SLO (Service Level Objective)Websites, web apps & online shops: A concrete performance target · e.g. 99.9% successful requests per month. Foundation for SLI (indicator) and error budget · without one, reliability conversations are vibes.
Service Worker Websites, web apps & online shops: JavaScript running in the browser background that handles network requests, cache, and offline behaviour. The foundation of PWAs. Has no DOM access, only events.
Speculation Rules API Websites, web apps & online shops: Chromium API that lets the browser prerender or prefetch navigation targets · a single JSON block in the HTML. 200-400ms INP win on internal navigation.
Schema.org / JSON-LD Websites, web apps & online shops: Structured data vocabulary that sites use to explicitly describe themselves to Google / Bing · Organization, Article, Product, FAQPage, etc. The backbone of SEO rich results.
Soft delete vs hard delete Websites, web apps & online shops: Soft delete: the row stays in the table, only a deleted_at timestamp or is_deleted flag is set, and every query filters by it. Hard delete: DELETE FROM truly removes the row and the associated audit trail or backup is the only memory of the past. Soft delete is convenient: reversible, undo-able, easy to audit. On the GDPR side it is a trap. An erasure request under Article 17 (right to erasure) means a soft-deleted row that still holds personal data is not erased, and if your background jobs, analytics, ML feature store, or backups keep reading it, you have not honoured the request. Fix: two-stage deletion. A user-facing delete sets soft delete (30-day undo window), and a scheduled job after 30 days hard deletes the PII (or anonymises it and keeps the numeric columns for statistics).
Service mesh Websites, web apps & online shops: A service mesh is an infrastructure layer (Istio, Linkerd, Cilium Service Mesh, Consul) that intercepts every network call between microservices: service-to-service mTLS, retry, timeout, circuit breaker, traffic split (canary, blue-green), observability, and policy enforcement. The logic moves out of your application into a sidecar proxy (Envoy) or an eBPF layer, so it is language-agnostic. It sounds compelling, and vendors love selling it. In reality: if you have fewer than 8 services, if everything is one language (say gRPC), and Kubernetes is a single familiar cluster, then 80 percent of what a mesh would do can be solved with a good library (gRPC retry, OpenTelemetry, cert-manager) plus Kubernetes NetworkPolicy. You actually need a mesh when many languages plus many teams plus strict zero-trust (PCI, fed) plus multi-cluster topology combine. Otherwise the operational cost (control plane, sidecar memory, debugging) eats the benefit.
Shadow IT Cybersecurity: Shadow IT is any software, SaaS subscription, AI tool, browser extension, browser script, or automation that staff brought into the company without IT or security knowing, to make their own work easier. It is not malicious, just fast: marketing puts the launch doc in Notion, sales uses Apollo instead of the CRM, an engineer pastes source code into ChatGPT for debugging, customer success schedules with Calendly. Concrete SaaS-sprawl risks: 1) regulated data (PII, customer financials, source code) ends up on a third-party server with no DPA and no DPIA. 2) When an employee leaves, their SSO account is revoked, but the shadow tool they signed up for with their personal Gmail stays. 3) A SOC 2 or NIS2 audit cannot close with an unknown SaaS list. Fix: SaaS discovery (Torii, Productiv, or Workspace and Entra logs) plus a fast, simple approval flow (slow approval gets bypassed) plus a catalogue of pre-approved alternatives.
SLO vs. SLA Custom software · everything else: An SLO (Service Level Objective) is an internal target · 'p99 `/checkout` success 99.9% over 30 days'. An SLA (Service Level Agreement) is a contractual promise to the customer, usually with penalties · 'fall below 99.5% and we credit you'. The SLA is always looser than the SLO so you have headroom. The SLI is the underlying metric the SLO is built on (latency, error rate, freshness). Mixing the three gets you double trouble: either an overly strict contract, or no internal alerting signal.
SimplePay and Barion (Hungarian payment gateways)Websites, web apps & online shops: The two largest Hungarian online payment gateways. Card, Apple Pay, Google Pay, instant bank transfer. Often essential for Hungarian e-commerce - many local buyers won't pay through foreign processors. Typical rate 1.5-2.5% + transaction fee. PSD2-compliant with strong customer authentication. Best paired with Stripe / PayPal as a backup.
SZÉP card (Hungarian benefit card)Websites, web apps & online shops: Hungarian tax-free employer benefit card, used for accommodation, hospitality and leisure spending. Issued by K&H, OTP and MKB banks. Acceptance is essentially mandatory for Hungarian hotels, restaurants and hospitality venues - gateway integration is separate work on top of standard Stripe / SimplePay. Should also be built into hospitality e-commerce flows.
SZJA and Szocho (Hungarian payroll taxes)Custom software · everything else: Hungary's two main payroll taxes. SZJA: personal income tax, flat 15%. Szocho: social contribution tax, 13% (employer-side). Must be a built-in feature of payroll and HR software. Reductions for under-25s and under-30 mothers are codified - must be handled automatically. Monthly NAV report (form 08) is mandatory. Special cases: KATA (small-business tax), EVA, dual citizenship.
Sütibanner (Hungarian cookie consent banner)Websites, web apps & online shops: The pop-up that asks for consent to place cookies on a website. Hungary's NAIH and the EU TTDSG standard are strict: 'Accept' and 'Reject' buttons must be equal in size and weight, no analytics or marketing cookies before the banner is answered, and consent logs must be recorded (timestamp, IP, browser fingerprint, categories). The most common NAIH violation: a banner with only 'Accept' or with a hidden 'Reject'. Typical first fine €8-13k.
SaaS pricing for the Hungarian market Websites, web apps & online shops: The Hungarian SaaS market has a specific challenge: willingness to pay is 30-50% lower than Western Europe. Common models: flat monthly (HUF 1.99k / 4.99k / 9.99k tier), usage-based (per-seat or per-transaction), enterprise custom pricing. SimplePay or Barion is often essential for Hungarian payments - Stripe and Paddle work, but Hungarian B2C customers convert slower with foreign processors. Pricing psychology: HUF 9990 converts better than HUF 10000 (same as 9.99 in the West). VAT: 27% B2C, reverse-charge EU B2B.
SZÉP-card processing for hospitality and accommodation Websites, web apps & online shops: Hungarian SZÉP-card acceptance requires hotels, restaurants, and leisure providers to sign a separate contract with each card issuer (K&H, OTP, MKB Bank). Technical integration differs from standard card gateways: separate endpoint, separate format, separate reconciliation flow. The card has separate pockets (accommodation, hospitality, leisure) - the e-commerce platform must know which goes into which. NAV invoicing still applies. Custom SZÉP-card integration: €1.5-4k per issuer.
SEO audit Websites, web apps & online shops: A detailed audit of an existing website or e-commerce site from a search-engine optimisation perspective. Covers: technical SEO (speed, mobile, indexability, hreflang, structured data), content SEO (titles, descriptions, keyword coverage, Hungarian-language content), backlink profile, competitor rankings on key terms, technical errors (404s, slow pages, duplicate content). Result: prioritised recommendation list. Hungarian-market SEO audit pricing 2026: €500-1.3k, 1-2 weeks.
Sitemap for Hungarian e-commerce Websites, web apps & online shops: An XML file telling Google 'these are my site's pages'. A Hungarian e-commerce site lists every product, category, blog, contact and sub-page. Submitted in Google Search Console, new content gets indexed faster. With Hungarian + English versions, use separate sitemap groups with hreflang links. Last-modified timestamps on every URL. A typical e-commerce sitemap has 5-50k URLs - Google indexes them within 1-3 days if the sitemap is correct. A broken sitemap means slow indexing (weeks).
Structured data (Schema.org) for Hungarian e-commerce Websites, web apps & online shops: JSON-LD or microdata code that tells Google: 'this is the product's price, stock, rating'. For Hungarian e-commerce: Product (product data), Organization (company), BreadcrumbList, FAQPage, Review, Recipe / Article / Event when relevant. Google uses this for SERP rich results - star ratings, price, stock, 'Yesterday' badges. Typical CTR boost: +20-30% with correct structured data. Implementation 1-3 days of work, fee €250-800.
Semantic search AI solutions: Search that matches meaning, not keywords - "how do I cancel" finds the refund policy even with no shared words. It runs on embeddings and a vector store, and it's the retrieval half of every RAG system we build.
System prompt AI solutions: The fixed instruction that frames every conversation with an LLM - its role, tone, rules, and what it must refuse. Get it wrong and the model drifts; we treat it as versioned, tested code, not a text box.
SBOM Cybersecurity: Software Bill of Materials - a full inventory of every library and dependency inside your software. When the next big vulnerability drops, an SBOM answers "are we affected?" in minutes instead of a frantic week.
TCO (Total Cost of Ownership)Websites, web apps & online shops: Total cost of ownership · not just build cost: hosting, maintenance, support, security, and the cost of it breaking. A cheap SaaS subscription can outcost custom over 3-5 years - and sometimes the reverse.
Threat model Cybersecurity: A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project · before any code.
TTFB (Time To First Byte)Websites, web apps & online shops: The time until the server's first byte reaches the browser. With edge + CDN we can get this under 50 ms globally.
Tool use (function calling)AI solutions: When an LLM calls defined APIs (search, calculator, DB). The foundation of every modern agent · the security trick is to make the tool wrappers authorization-aware.
TestFlight Mobile apps · iPhone & Android: Apple's beta-testing platform for iOS. Up to 10k testers, 90-day build validity. Public test links give fast beta rollout to an external cohort.
Terraform Websites, web apps & online shops: Infrastructure-as-code · declaratively describe your cloud resources (VPC, DB, CDN), Terraform reconciles. State-file handling is the critical ops call · remote backend + lock is non-negotiable.
TTL (cache time-to-live)Websites, web apps & online shops: How long a cache entry stays fresh. Too short: backend burns. Too long: users see stale data. Pitfalls: cache stampede (a thousand clients race for a refresh on expiry · guard with single-flight or stale-while-revalidate), clock skew across nodes, and synchronised expiries that all fire at once. Never rely on a fixed TTL alone for security-sensitive caches · use explicit invalidation, not a timer.
Two-factor authentication (2FA) for Hungarian e-commerce and SaaS Cybersecurity: On login, the user provides a second proof on top of the password - SMS code, email code, authenticator app (Google Authenticator, Authy), biometric (fingerprint, face), or hardware key (YubiKey). Mandatory under PSD2 for Hungarian card payments above €250. Not legally required for e-commerce or SaaS, but NAIH and enterprise customers expect it. Integration via WebAuthn or passkey: €500-1.3k.
TEÁOR (Hungarian activity classification code)Custom software · everything else: The official Hungarian classification system for business activities, issued by KSH. Every company or sole entrepreneur has main and secondary activities coded by TEÁOR. The codes determine what regulations apply (e.g. 6201 = software development, 4791 = mail-order retail). E-commerce: 4791 (parcel sales), 5829 (other software publishing). SaaS: 6201 (software development), 6311 (data processing). Wrong TEÁOR codes can trigger NAV fines or chamber-of-commerce errors.
Token (LLM)AI solutions: The unit an LLM actually reads and writes - a word, part of a word, or a punctuation mark, roughly 0.75 words each. It's also the billing unit: API pricing, context limits and cost dashboards are all counted in tokens.
Temperature (LLM)AI solutions: The dial that controls how random an LLM's output is. Low (near 0) gives repeatable, conservative answers - what you want for extraction or classification; high gives varied, creative ones. We set it per task, not globally.
UTM parameters Websites, web apps & online shops: Tags appended to a URL (utm_source, utm_medium, utm_campaign) so analytics can attribute a visit to a specific campaign. They're the backbone of knowing which marketing actually works.
Vector database AI solutions: A database specialised for fast approximate-nearest-neighbour search over embedding vectors (pgvector, Qdrant, Weaviate). The engineering base of RAG retrieval.
WebAssembly (WASM)Websites, web apps & online shops: Binary format running in the browser · Rust, C, C++, Go run at near-native speed. In 2026 the default choice for crypto, image processing, and ML inference on the web.
WebFinger Websites, web apps & online shops: RFC 7033 protocol · discovers an identity's profile from an acct:<user>@<domain> handle. Mastodon, ActivityPub, IndieAuth clients use it for verification.
WCAG 2.2 Websites, web apps & online shops: Web Content Accessibility Guidelines 2.2 (W3C, October 2023) adds 9 new success criteria over 2.1 and obsoletes one (4.1.1 Parsing). The key additions: 2.4.11 and 2.4.12 Focus Not Obscured (sticky headers and cookie banners must not hide the focused element), 2.4.13 Focus Appearance (contrast and size rules for the focus ring), 2.5.7 Dragging Movements (every drag needs a single-pointer alternative), 2.5.8 Target Size minimum 24x24 CSS pixels, 3.2.6 Consistent Help, 3.3.7 Redundant Entry (do not ask for the same data twice), 3.3.8 and 3.3.9 Accessible Authentication (no cognitive-test logins like puzzles). After 28 June 2025 the European Accessibility Act makes WCAG-level accessibility mandatory for B2C digital products, in practice WCAG 2.2 AA.
WebAuthn / passkeys Cybersecurity: WebAuthn is a W3C standard; passkey is its user-friendly brand name (jointly used by Apple, Google, Microsoft). At registration, the user's device (phone, laptop, Yubikey) locally generates an asymmetric keypair: the private key stays on the device (or in the platform secure enclave, or in a cloud-synced keychain) and never leaves. Only the public key plus an attestation goes to the server. At login, the server sends a challenge, the device unlocks the private key via biometrics or PIN, signs the challenge, and sends the signature back. Only the public key and the signature cross the network, no password. Phishing-resistant (the domain is bound into the credential id), no shared secret to leak, and it replaces SMS OTP. Production-ready since iOS 17 and Android 14.
WASM at the edge Custom software · everything else: Running WebAssembly modules on CDN edge nodes (Cloudflare Workers, Fastly Compute, Fermyon, wasmCloud). Stronger sandboxing, faster cold start than Node, and polyglot execution (Rust, Go, AssemblyScript, Python via Pyodide). WASI 0.2 plus the component model means modules port across runtimes. Worth it when low latency, locality and strong sandboxing all matter together. Avoid for heavy file I/O or long-lived processes.
Webhook (real-time event delivery)Custom software · everything else: A URL that an external service calls when something happens on your end. Common Hungarian e-commerce examples: SimplePay webhook (payment success / fail), Stripe webhook (subscription change), GLS webhook (parcel status update), NAV webhook (invoice status, submission success / fail), Mailchimp webhook (subscription event). Advantage: real-time (no hourly polling). Downside: needs signature verification (otherwise an attacker can forge it), needs error handling (if your endpoint is down, data can be lost). Webhook receiver per provider: HUF 100-300k, 2-5 days.
WebSocket Websites, web apps & online shops: A persistent two-way connection between browser and server - once open, either side can push a message instantly. It's what makes live chat, presence, collaborative editing and real-time dashboards feel instant instead of polled.
XDR (Extended Detection & Response)Cybersecurity: EDR + network + email + cloud telemetry on one platform. Correlates threats across sources · the 2024-26 enterprise cyber meta.
XSS (cross-site scripting)Websites, web apps & online shops: An attack where a hacker slips malicious JavaScript into a page so it runs in another user's browser - stealing sessions or data. An OWASP perennial; we block it with output escaping and a strict Content-Security-Policy.
Zero-Click Search Websites, web apps & online shops: Searches resolved right on the results page (AI overview, snippet) with no click to any site. Rising fast: you win by being the cited source, not just by ranking.
Zero-trust Cybersecurity: A security model where every request is suspect (even from inside the network), and every action needs a separate authorisation check. The opposite of the classic perimeter model.

(07) READY WHEN YOU ARE

Tell us what you'd build · we reply within 24 hours.

One sentence is enough. EN or HU.

Send an email Book a call · 30 min

Connectdezso@dfieldsolutions.com

Book a callGoogle Meet · 30 min

BudapestBudapest
1011 Budapest

keep scrollingto learn more

BLOG