Databases
Normal forms, denormalization, and why schemas stick
A junior engineer stores the customer’s city on every order row — “it’s convenient for reports.” Two years later, the customer moves cities. Now half the historical orders show the old city and half show the new one. The same fact lives in two places and they disagree. Normalization is the discipline that prevents this.
Normal forms in plain terms
Normalization is a series of progressively stricter rules for splitting tables so no fact is stored twice.
1NF — atomic cells. Every cell must hold a single value. No comma-separated lists inside a column, no repeating groups, no arrays disguised as column names (tag1, tag2, tag3). If you can parse a cell with split(','), the table violates 1NF.
2NF — no partial key dependency. Every non-key column must depend on the whole primary key, not part of it. Only matters for composite primary keys. Example violation: a table order_items(order_id, product_id, product_name) — product_name depends on product_id alone, not on the composite key. Fix: move product_name to a products table.
3NF — no transitive dependency. Every non-key column must depend only on the primary key, not on another non-key column. Example violation: orders(order_id, customer_id, customer_city) — customer_city depends on customer_id, not on order_id. Fix: move customer_city to a customers (or addresses) table.
BCNF — every determinant is a candidate key. Stricter than 3NF; matters when a table has multiple overlapping candidate keys. Rare in production; common in academic examples. Violation example: two candidate keys share an attribute and one is not a superkey. In practice, target 3NF; go to BCNF only if you can state the specific overlapping-candidate-key scenario.
| Normal form | Rule | Violation shape | Fix |
|---|---|---|---|
| 1NF | Atomic cells, no repeating groups | Comma-separated list in one column | Separate table or typed array |
| 2NF | Full key dependency | Non-key col depends on part of composite PK | Move to the owning table |
| 3NF | No transitive dependency | Non-key col depends on another non-key col | Extract to its own table |
| BCNF | Every determinant is a candidate key | Multiple overlapping candidate keys | Decompose; rare in practice |
The point is not following rules — it is eliminating the failure mode where two rows can disagree about the same fact. If you can update Anna’s email in three tables, two will be wrong within a year.
Denormalization: when and why
Normalization optimises for write correctness. It can be expensive on the read side because answering a question requires joining many tables. Denormalization deliberately duplicates data to avoid joins on hot read paths.
Stored aggregates. An order_total_cents column on orders that caches SUM(order_items.unit_price_cents * quantity). Refreshed by a trigger or application code on each line-item write. Reporting hits a single column instead of aggregating millions of rows.
Wide read models. A user_profile table that combines name, email, current address, latest order count — fed by triggers or application code from the normalised source tables. Dashboard queries hit one row.
Materialised paths. Storing the full ancestry path of a tree node as a text column (/root/section/subsection/) to avoid recursive joins when reading hierarchies. Classic pattern for comment trees or org charts.
The discipline: denormalize on the read side, keep the authoritative facts normalised, and accept that the duplicates must be reconciled by something — a trigger, a scheduled job, application code. The failure mode is denormalize-everywhere with no reconciliation plan. Every column eventually disagrees with every other.
Why this works
Why 3NF and not 4NF, 5NF, or DKNF? Normal forms above 3NF address multi-valued dependencies and join dependencies that appear in highly academic schemas. Real production tables almost never exhibit those shapes. 3NF is the point of diminishing returns: beyond it, you split tables that do not need splitting, add joins that do not add correctness, and slow reads for schemas that had no integrity problem to begin with.
ORM traps that quietly break schema discipline
ORMs abstract away SQL but can introduce schema-level mistakes.
N+1 queries. An ORM loads a list of 100 orders, then for each order fetches the customer separately. Result: 101 queries where 1 join would do. In many ORMs this is the default unless you declare an eager-load (include, with, select_related). The schema implication: every FK relation must be annotated with the correct default loading strategy; leaving it to implicit lazy-load accumulates invisible N+1s.
Implicit schema generation. Many ORMs can generate the schema from the model definition. The generated schema often lacks: CHECK constraints, composite indexes, index on the FK column, named constraints. The result is a syntactically valid schema that violates the discipline of this lesson — no constraints, no format enforcement, generic index strategy. Treat ORM-generated schemas as a starting point, not the finished artifact; add constraints and indexes manually or via migration files.
Missing updated_at refresh. ORMs frequently auto-manage created_at but not updated_at. A missing updated_at makes incremental replication and auditing impossible. Enforce via a trigger (BEFORE UPDATE ... SET updated_at = now()) or ORM lifecycle hook; never trust the application to remember.
Naming conventions that pay back
These look pedantic; they pay back across every dashboard, every migration, every cross-team query.
- Plural table names (
users,orders,order_items) — singular is also defensible; pick one and enforce it everywhere. - snake_case — Postgres folds unquoted identifiers to lower case; snake_case is the production default.
idas the primary key name on every table; foreign keys named<referenced_table_singular>_id(e.g.,user_id,order_id).created_at,updated_at,deleted_atfor temporal columns.deleted_at IS NOT NULLis the soft-delete pattern.- Boolean columns prefixed
is_,has_,can_or named as a clear property (active, notflag). - CHECK constraints naming — name every constraint:
CONSTRAINT chk_orders_status CHECK (status IN (...)). Unnamed constraints produce cryptic error messages on violation.
Mature platforms CI-lint these conventions so they are enforced across teams, not remembered by individuals.
Order these schema evolution actions from cheapest to most expensive:
- 1 Add a CHECK constraint on an existing column
- 2 Add a UNIQUE index (CREATE INDEX CONCURRENTLY)
- 3 Add a FOREIGN KEY (requires validation pass over existing rows)
- 4 Change a column type (TEXT → INTEGER) — table rewrite
- 5 Split a JSONB column into typed columns — backfill migration
- 6 Split one table into two with FK — dual-write window, parity validation
- 7 Change a primary key — cascades through every FK and index; almost never done
A table stores `orders(order_id, customer_id, customer_city)`. Which normal form does it violate and why?
A reporting dashboard needs the total revenue per workspace, recalculated every 5 minutes. Pick the implementation.
An ORM-generated schema has no named CHECK constraints and no index on FK columns. What are the two concrete failure modes this causes in production?
- 01Explain in your own words why 3NF is the production-default normal form, and when teams legitimately go above (BCNF) or below (deliberate denormalization).
- 02Name three concrete ORM traps that quietly violate schema discipline and the fix for each.
- 03What is the materialised-path pattern and when does it beat recursive CTEs for tree queries?
Normal forms eliminate redundant facts: 1NF (atomic cells), 2NF (full-key dependency), 3NF (no transitive dependency), BCNF (every determinant is a candidate key). Target 3NF for production schemas. Denormalize deliberately — stored aggregates, wide read models, materialised paths — with explicit reconciliation; never denormalize without a plan for keeping the copies consistent. ORM-generated schemas skip constraints and indexes; add them. Naming conventions (snake_case, plural tables, id PK, created_at/updated_at/deleted_at, named CHECK constraints) are enforced by CI. Schema decisions are sticky; the cost of the wrong normal form is paid at migration time, not design time.
appears again in140
- Why GraphQL gets N+1junior
- DataLoader mechanics: tick-boundary batchingmiddle
- Batch function contracts: ordering, shapes, errorsmiddle
- Federation and lookahead: batching beyond DataLoadermiddle
- Query complexity defences: depth, cost, persisted queriesmiddle
- Senior GraphQL API: scheduling contract, tenant isolation, observabilitysenior
- Why idempotency: making retries safejunior
- Server-side state machine: four states of an idempotency keymiddle
- Outbox and inbox: effectively-once across the dual-write boundarymiddle
- Concurrency and cache architecture for idempotency at scalesenior
- Observability, production failures, and global-scale designsenior
- The event loop: one thread, three queuesjunior
- Tasks, microtasks, and scheduler.yield()middle
- Microtask starvation, Long Tasks, and LoAFsenior
- Node.js event loop: phases, nextTick, and loop lagsenior
- React, Vue, and INP observability in productionsenior
- The render pipeline: six stages from bytes to pixelsjunior
- Stage costs and the renderer process modelmiddle
- Invalidation, dirty bits, and containmiddle
- Compositor layers: promotion, overlap, and GPU memorymiddle
- DevTools flame strip and the frame lifecyclemiddle
- Layout thrash: forced synchronous layoutsenior
- BeginMainFrame, compositor-driven animations, and GPU memorysenior
- Production observability: LoAF, INP, and the full attack surfacesenior
- What V8 is and why performance varies 100×junior
- V8''''s four-tier JIT pipeline and profile-guided tieringmiddle
- Hidden classes, transition trees, and memory layoutmiddle
- Inline caches, IC states, and deoptimizationmiddle
- Orinoco GC: parallel scavenger, concurrent marking, and write barriersmiddle
- TurboFan''''s speculative engine and the deopt-loop trapsenior
- V8 in production: isolates, pointer compression, and real failuressenior
- Service worker lifecycle and cache strategiesmiddle
- Service worker edge cases: version skew, durability, and navigation trapssenior
- What the reconciler does: render vs commitjunior
- The fiber object and the double-buffer treemiddle
- Render phase purity and commit phase sub-stepsmiddle
- Reconciliation: diffing heuristics and the key trapmiddle
- Priority lanes, time-slicing, and useTransitionmiddle
- Bailout, memoisation, and tearingsenior
- React Profiler, the Compiler, and production observabilitysenior
- Rendering strategies: SSG, SSR, ISR, streaming, and hydrationjunior
- SSG, SSR, ISR, streaming, and RSC — how each worksmiddle
- Hydration cost: selective, progressive, islands, resumabilitymiddle
- Hydration mismatch: causes, detection, and the determinism rulesenior
- RSC, per-route strategy, and production observabilitysenior
- Core Web Vitals: what LCP, INP, and CLS measurejunior
- CLS: why layout shifts happen and how to stop themmiddle
- Metric tradeoffs, RUM attribution, and the CI+field loopsenior
- The full picture: URL to LCP to INP as a relay racejunior
- Eight layers traced: from the service worker to the second navigationmiddle
- Five canonical breaks: where production reliably diessenior
- The three-track method: reading traces and building a monitored systemsenior
- What is a cache stampede and why it makes things worsejunior
- Lock and single-flight: bounding concurrent rebuildsmiddle
- XFetch: coordination-free probabilistic early expirationmiddle
- Stale-while-revalidate and CDN request coalescingmiddle
- Detecting stampedes and designing TTL for productionmiddle
- Metastable failure, fencing tokens, and production postmortemssenior
- Raft roles, terms, and why majority quorums prevent split brainjunior
- How Raft replicates a log entry and decides it is safe to commitmiddle
- Raft leader election: timeouts, voting rules, and the four safety propertiesmiddle
- Raft in the real world: partitions, slow disks, and client routingmiddle
- Raft extensions: pre-vote, learners, snapshots, and linearizable readssenior
- Raft in production: membership changes, Multi-Raft, and observabilitysenior
- Where data fetching happens — and why it decides LCPjunior
- Fetch waterfalls — diagnosis and the Promise.all curemiddle
- React Server Components and Suspense streamingmiddle
- Client-side cache: TanStack Query, SWR, and stale-while-revalidatemiddle
- LCP, prefetch, and race conditions in interactive fetchingmiddle
- Senior internals: RSC payload, caching layers, and production failure modessenior
- The three-way handshakejunior
- Sequence numbers and connection statemiddle
- DNS: what it does and why it existsjunior
- The resolver walk: referrals, record types, and gluemiddle
- TTL, caching, and DNS propagationmiddle
- The 1-RTT handshake: key shares and ECDHEmiddle
- Session resumption and 0-RTTmiddle
- WebSocket: the HTTP upgrade handshakejunior
- WebSocket frame format: opcodes, masking, fragmentationmiddle
- WebSocket backpressure: when clients can''''t keep upmiddle
- Reconnection: jittered backoff, thundering herd, message resumptionsenior
- WebSocket at scale: HTTP/2 multiplexing, permessage-deflate, C10Msenior
- WebSocket in production: proxies, security, and distributed architecturesenior
- What reverse proxies dojunior
- Health checks, connection draining, and slow startmiddle
- Session affinity, consistent hashing, and the right fixmiddle
- Retry storms, circuit breakers, and load sheddingsenior
- Resilient LB architecture: anycast, zone-aware routing, and observabilitysenior
- Why QUIC and not TCP+TLSjunior
- Connection IDs and network migrationmiddle
- 0-RTT resumption and packet encryptionsenior
- DDoS: what it is and why it worksjunior
- Amplification attacks and state exhaustionmiddle
- Rate limiting: algorithms and architecturemiddle
- WAFs, firewalls, mTLS, and HSTSmiddle
- DNS cache poisoning and BGP hijackingsenior
- Defense-in-depth architecture and attack economicssenior
- DNS, TCP, TLS in sequence: where the milliseconds gomiddle
- Proxy intercepts and security gates: rate limiters, WAF, mTLSmiddle
- Alternate paths: QUIC 0-RTT, WebSocket upgrade, connection migrationmiddle
- Observability: distributed traces, USE/RED, and samplingsenior
- Resilience: cascading retries, circuit breakers, and error budgetssenior
- What the three signals are: logs, metrics, and tracesjunior
- Why structured logs exist: the diary vs the spreadsheetjunior
- The production log schema: fields every line must carrymiddle
- PII redaction and log injectionsenior
- OTel Logs Data Model and audit logs as a subsystemsenior
- SLI, SLO, and the error budget: reliability by the numbersjunior
- Error budget policy, latency SLOs, and composite journeysmiddle
- Production SLO failures, self-observability, security, and the big picturesenior
- The incident loop: from pager to postmortem to preventionmiddle
- Cache lines, struct layout, and false sharingmiddle
- SIMD, SoA vs AoS, and memory bandwidthmiddle
- Cache-oblivious algorithms, PGO, and production failuressenior
- GC in production: observability, security, edge cases, and fleet governancesenior
- Batching: amortize fixed cost per operationjunior
- The batching window: size and wait timemiddle
- Batching in Kafka and Postgresmiddle
- io_uring and observability of batchingmiddle
- From Nagle to io_uring: evolution of batchingmiddle
- Backpressure, failure isolation, and batch security in productionsenior
- CI enforcement and RUM: making budgets stickmiddle
- V8 JIT pipeline, HTTP priorities, and bundle securitysenior
- The performance loop: discipline, not a projectjunior
- Classify and fix: matching bottleneck families to remediesmiddle
- Observability stack and CI gates: catching regressions before they shipmiddle
- Incident to enforcement: SLO burn to verified fix in 35 minutesmiddle
- Culture, economics, and org-scale performancesenior
- At-most-once, at-least-once, exactly-once: the three delivery contractsjunior
- The three failure legs — where duplicates and losses actually happenmiddle
- Consumer-side dedup: the cheapest path to exactly-once processingmiddle
- Kafka exactly-once semantics: idempotent producer and transactionsmiddle
- SQS visibility timeout, DLQ, and the outbox patternmiddle
- Exactly-once in production: impossibility proof, hybrid patterns, and real incidentssenior
- What OAuth is and why passwords are not the answerjunior
- Authorization code flow with PKCEmiddle
- ID token validation and JWKS cache managementmiddle
- Refresh token rotation and scope-based least privilegemiddle
- Sender-constrained tokens: DPoP and mTLSsenior
- OAuth in production: audience attacks, observability, and real failuressenior