The Linux Junkies Glossary

953 terms — Linux jargon explained in plain English, cross-linked to the guides.

#A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

#

$XDG_RUNTIME_DIR: An environment variable that points to a user's runtime directory, typically used for temporary files, sockets, and other runtime data that should not persist across reboots.

A

A record: An A record is a DNS record that maps a domain name to its IPv4 address, enabling browsers and applications to find and connect to websites and services.
AAAA record: A DNS record that maps a domain name to an IPv6 address, the successor to the A record for IPv4.
ABI: Application Binary Interface (ABI) is a set of rules and conventions that define how software components interact at the binary level, including function calling conventions, memory layout, and system calls.
ABI break: A change to a software library's binary interface that makes previously compiled programs incompatible, requiring them to be recompiled. An ABI break occurs when function signatures, data structures, or calling conventions change in a way that breaks binary compatibility.
absolute path: A file or directory path that starts with a forward slash (/) and specifies the complete location from the root of the filesystem, independent of the current working directory.
access port: A network port on a switch that carries traffic for a single VLAN, typically used for connecting end devices like computers or printers to the network.
ACL: Access Control List (ACL) is a set of rules that defines which users or groups have permission to access a file or directory and what operations they can perform.
address space: The range of memory addresses available to a process, including code, data, heap, and stack segments. Each process has its own isolated address space, typically managed by virtual memory.
admission controller: A Kubernetes component that intercepts and validates API requests before they're persisted to the cluster, allowing or rejecting them based on configured policies.
admission webhook: A Kubernetes mechanism that intercepts and validates or modifies API requests before they are persisted, allowing cluster administrators to enforce custom policies on resource creation and modification.
AEAD: AEAD (Authenticated Encryption with Associated Data) is a cryptographic mode that simultaneously encrypts data and verifies its authenticity and integrity, protecting against tampering.
AES: AES (Advanced Encryption Standard) is a symmetric encryption algorithm that uses a single key to encrypt and decrypt data. It's the modern standard for securing sensitive information in Linux systems.
AES-GCM: AES-GCM is a modern encryption cipher that combines AES (Advanced Encryption Standard) with Galois/Counter Mode, providing both data confidentiality and authentication in a single operation.
AIDE: AIDE (Advanced Intrusion Detection Environment) is a file integrity monitoring tool that detects unauthorized changes to system files by comparing their current state against a stored database of known-good checksums and attributes.
alert fatigue: Alert fatigue is the degradation of response effectiveness that occurs when security or system administrators receive too many notifications, causing them to ignore, dismiss, or become desensitized to critical alerts.
alerting rule: A configuration in monitoring systems that specifies conditions to trigger notifications or alerts when system metrics exceed thresholds or abnormal events occur.
alias: A user-defined shortcut that maps a custom name to a command or series of commands. Aliases let you create abbreviated or alternative names for frequently used commands.
Alpine Linux: Alpine Linux is a lightweight, security-focused Linux distribution based on musl and BusyBox, designed for minimal resource usage and often used in containerized environments.
ALPN: ALPN (Application Layer Protocol Negotiation) is a TLS extension that allows the client and server to agree on which application protocol to use during the initial TLS handshake, avoiding extra round trips.
ANSI color: A standard system for adding colored and styled text to terminal output using special escape sequences. ANSI colors enable Linux applications to display text in different colors and text styles like bold or underline.
ANSI escape: A sequence of special characters that control text formatting, colors, and cursor movement in terminal output. ANSI escapes allow programs to style terminal text without changing the underlying data.
ANSI escape code: A special sequence of characters that controls text formatting, color, and cursor movement in terminal output. ANSI escape codes begin with the ESC character (ASCII 27) followed by brackets and parameters.
anti-affinity: A scheduling constraint that prevents certain processes or pods from running on the same host or node, used to distribute workloads across infrastructure for fault tolerance.
anycast: A network addressing scheme where a single IP address is assigned to multiple servers, and traffic is routed to the nearest or best-performing instance. Clients send packets to the anycast address, but only one server receives each packet.
apdex: Apdex (Application Performance Index) is a standardized metric that measures user satisfaction with application response time by categorizing responses as satisfied, tolerating, or frustrated based on predefined thresholds.
AppArmor: AppArmor is a Linux security module that restricts programs' capabilities by enforcing mandatory access control (MAC) policies on a per-application basis.
APT: APT (Advanced Package Tool) is the package manager for Debian and Ubuntu systems that downloads, installs, updates, and removes software packages from configured repositories.
apt-pinning: A mechanism in Debian/Ubuntu systems to control which package versions are installed or prioritized from different repositories, preventing unwanted upgrades or enforcing specific versions.
ARC: Adaptive Replacement Cache (ARC) is an advanced caching algorithm used by ZFS to manage memory for frequently accessed data, balancing between recently used and frequently used cache entries.
ARC seal: ARC (Authenticated Received Chain) is an email authentication method that cryptographically signs the complete chain of custody as a message passes through multiple mail servers, preserving authentication results from previous handlers.
Argon2: Argon2 is a modern password hashing algorithm designed to be resistant to GPU and ASIC attacks by consuming significant memory and CPU resources during computation.
ARP: Address Resolution Protocol (ARP) is a network protocol that maps IP addresses to physical MAC addresses on a local network, allowing devices to find each other's hardware addresses.
ARP cache: A table that maps IP addresses to MAC addresses on a local network, cached by the operating system to speed up network communication.
ARPANET: ARPANET was the earliest wide-area computer network, created by the U.S. Department of Defense's Advanced Research Projects Agency (ARPA) in 1969. It is the direct predecessor to the modern Internet.
AS number: An Autonomous System (AS) number is a unique identifier assigned to a network or group of networks that operates under a single administrative authority and uses a consistent routing policy on the internet.
atime: The access time (atime) is a file metadata timestamp that records when a file was last read or accessed. It is one of three key modification times tracked by the filesystem.
atomic operation: An operation that completes entirely without interruption, appearing to happen as a single indivisible unit from the perspective of other processes or threads.
attestation: A cryptographic proof or verification that confirms the authenticity, integrity, and trustworthiness of system components, firmware, or software at runtime or boot time.
attribute: A property or characteristic of a file or system object that controls access permissions, behavior, or metadata. In Linux, attributes commonly refer to file permissions (read, write, execute) or extended attributes that store additional metadata.
attribute-based access control: A security model that grants or denies access to resources based on attributes (properties) of users, resources, environments, and actions, rather than fixed roles or identity alone.
auditd: The Linux audit daemon that logs security-relevant events and system calls to track user actions and maintain compliance with security policies.
AUR: The Arch User Repository (AUR) is a community-driven collection of build recipes for software packages not in Arch Linux's official repositories, allowing users to compile and install software from source.
authoritative server: A DNS server that holds the actual zone file and is responsible for answering authoritative answers about a domain's DNS records.
automount unit: A systemd configuration file that automatically mounts filesystems or network resources when accessed, without requiring manual mount commands or fstab entries.
autoremove: A package manager operation that automatically removes packages that were installed as dependencies but are no longer needed by any installed package.
awk: awk is a text processing language and utility that scans files line-by-line, splits each line into fields, and performs pattern matching and transformations on the data.
awk pattern: A pattern in awk that specifies which input lines should be processed by an action; it's a condition that matches lines based on regular expressions, comparisons, or other criteria.

B

background process: A process that runs independently without occupying the terminal, allowing you to continue entering commands. Background processes execute asynchronously while you use the shell for other tasks.
backports: Backports are newer software packages or security patches adapted and repackaged to work on older, stable Linux distributions without requiring a full system upgrade.
bake then deploy: A deployment pattern where application code is compiled, tested, and packaged into a complete, immutable artifact (the "bake") before being deployed to production servers (the "deploy"). This contrasts with deploying source code and compiling on the target system.
baking AMI/image: The process of creating a custom machine image (AMI on AWS, or image on other platforms) by launching an instance, installing and configuring software, and then capturing that configured state as a reusable template for future deployments.
bash: Bash is the Bourne Again Shell, a command-line interpreter that reads and executes user commands and shell scripts on Linux and Unix systems. It's the default login shell on most Linux distributions.
BBR: BBR (Bottleneck Bandwidth and Round-trip time) is a modern TCP congestion control algorithm that optimizes network throughput by measuring available bandwidth and latency instead of relying on packet loss.
BBR2: BBR2 is the second generation of Google's Bottleneck Bandwidth and Round-trip time (BBR) congestion control algorithm for TCP, designed to improve network performance and fairness over high-speed, high-latency connections.
bcrypt: bcrypt is a cryptographic hashing algorithm specifically designed for securely hashing passwords, incorporating a built-in salt and adaptive work factor to resist brute-force attacks.
Bearer token: A security credential used in HTTP requests to authenticate API calls or web services, typically transmitted in the Authorization header without requiring a username and password.
BeyondCorp: BeyondCorp is a zero-trust security framework developed by Google that eliminates the concept of a trusted corporate network perimeter, requiring all users and devices to be authenticated and authorized regardless of location or network.
bf16: A 16-bit floating-point data type (bfloat16) that uses 1 sign bit, 8 exponent bits, and 7 mantissa bits, offering reduced precision compared to float32 while maintaining the same exponent range.
bfq: BFQ (Budget Fair Queueing) is an I/O scheduler for Linux that prioritizes fairness and responsiveness by allocating disk bandwidth fairly among processes, preventing any single process from starving others.
BGP: BGP (Border Gateway Protocol) is the routing protocol used to exchange network reachability information between autonomous systems on the internet.
BGP peer: A BGP peer is another router that runs the Border Gateway Protocol and exchanges routing information with your router through a direct TCP connection.
BGP route leak: An unintended advertisement of BGP routing information by an autonomous system to other networks, causing traffic to be misdirected through an incorrect path on the internet.
big endian: A byte order where the most significant byte (largest value) is stored first in memory. The opposite of little endian, commonly used in network protocols and some CPU architectures.
BIMI: BIMI (Brand Indicators for Message Identification) is an email authentication standard that allows organizations to display their verified logo in email clients, combining brand verification with email security protocols.
binary: An executable file containing compiled machine code that the CPU can directly run, as opposed to human-readable source code or scripts.
bind mount: A bind mount is a Linux filesystem operation that attaches an existing file or directory to another location in the filesystem hierarchy, making the same content accessible from multiple paths.
BIOS: BIOS (Basic Input/Output System) is firmware that runs before the operating system loads, initializing hardware and launching the bootloader to start the kernel.
BLAKE2: BLAKE2 is a fast cryptographic hash function that produces a fixed-size fingerprint of data, improving upon the original BLAKE algorithm with better performance and simplicity.
BLAKE3: BLAKE3 is a modern cryptographic hash function that produces a fixed-size digest from input data, offering faster performance and better security properties than older hash algorithms like MD5 and SHA-1.
blameless postmortem: A postmortem analysis of an incident or failure that focuses on understanding what happened and why, rather than assigning blame or punishment to individuals involved.
block device: A hardware device that stores data in fixed-size blocks and allows random read/write access, such as hard drives, SSDs, and USB drives. Block devices are accessed through special device files in /dev.
blue/green deploy: A deployment strategy where two identical production environments (blue and green) run in parallel, allowing you to switch traffic between them instantly to minimize downtime and enable quick rollbacks.
boot loader: A program that runs before the operating system kernel, responsible for loading the Linux kernel into memory and passing control to it during system startup.
bounce: To restart a service, application, or system by stopping and then starting it again. In networking, it can also mean to forward or relay network traffic.
Bourne shell: The Bourne shell (sh) is the original Unix shell created by Stephen Bourne in 1979, serving as the standard command interpreter and scripting language for Unix and Unix-like systems including Linux.
BPF: Berkeley Packet Filter (BPF) is a kernel technology that allows safe, in-kernel execution of sandboxed programs for monitoring, filtering, and analyzing system events without requiring kernel module compilation.
BPF map: A BPF map is a data structure that stores and shares data between BPF programs and userspace applications, or between multiple BPF programs running in the kernel.
BPF program: A BPF (Berkeley Packet Filter) program is a small, sandboxed bytecode application that runs in the Linux kernel, used for safe in-kernel computation without recompiling the kernel.
BPF verifier: A kernel component that validates eBPF programs before execution to ensure they are safe and won't crash or compromise system stability. It checks for memory access violations, infinite loops, and other dangerous operations.
bpftrace: bpftrace is a high-level tracing language and tool for Linux that allows you to dynamically instrument kernel and user-space programs using eBPF (extended Berkeley Packet Filter) without modifying or restarting code.
branch misprediction: A CPU performance issue where the processor incorrectly predicts which direction a conditional instruction will take, forcing it to discard speculative work and restart. This causes a pipeline stall and reduces execution efficiency.
broadcast: A network transmission sent to all devices on a local network segment simultaneously, rather than to a specific individual host. The broadcast address is the highest address on a subnet where all host bits are set to 1.
BTF: BPF Type Format (BTF) is a metadata format that describes the layout and type information of data structures used by eBPF programs, enabling portable and self-describing kernel instrumentation.
btrfs: Btrfs (B-tree filesystem) is a modern Linux filesystem that provides advanced features like snapshots, subvolumes, and built-in RAID support, designed to replace ext4 with better scalability and reliability.
btrfs driver: Btrfs (B-tree filesystem) is a modern Linux filesystem driver that provides advanced features like snapshots, copy-on-write, and built-in RAID support as an alternative to ext4 or XFS.
buffer: A temporary storage area in memory that holds data being transferred between processes, devices, or programs. Buffers allow data to be read in chunks rather than byte-by-byte, improving performance.
BuildKit: BuildKit is a modern, container image builder for Docker that replaces the legacy builder with improved performance, caching, and support for advanced features like multi-stage builds and secrets handling.
burn rate: The speed at which a system consumes resources (CPU, memory, disk space, or network bandwidth), typically measured over time. Often used to predict when a resource will be exhausted.
busy wait: A CPU-intensive waiting technique where a process repeatedly checks a condition in a tight loop instead of blocking or sleeping, consuming CPU cycles unnecessarily.
BusyBox: A lightweight software suite that combines many standard Unix utilities into a single small executable, commonly used in embedded Linux systems and containers where space is limited.
bytecode: Intermediate machine-independent code produced by compilers that must be interpreted or further compiled before execution. It serves as a bridge between human-readable source code and native machine instructions.

C

CA (certificate authority): A trusted organization that issues and signs digital certificates to verify the identity of websites, servers, and users on the internet. CAs use cryptographic keys to digitally sign certificates, making them verifiable and trusted.
CAA record: A CAA (Certification Authority Authorization) record is a DNS record type that specifies which certificate authorities are permitted to issue SSL/TLS certificates for a domain.
cache: A high-speed storage layer that temporarily holds frequently accessed data to reduce retrieval time from slower storage or computation sources.
cache hit: A cache hit occurs when requested data is found in a cache, avoiding a slower access to main memory or disk. It's the opposite of a cache miss.
cache miss: A cache miss occurs when the CPU or system requests data that is not currently stored in the cache, requiring slower access from main memory or disk. This is the opposite of a cache hit.
CAKE: CAKE (Common Applications Kept Enhanced) is a queueing discipline for Linux traffic control that provides fair bandwidth allocation and reduces latency for network congestion management.
canary deploy: A deployment strategy where new code is rolled out to a small subset of servers or users first to detect problems before full release. If the canary instance runs successfully, the deployment proceeds to the rest of the infrastructure.
capabilities: Linux capabilities are granular permissions that allow processes to perform specific privileged operations without needing full root access. They divide root's power into distinct abilities that can be independently granted or revoked.
capability: A fine-grained permission that grants a process a specific privileged action, allowing non-root users to perform tasks that normally require root access without full superuser rights.
CARP: CARP (Common Address Redundancy Protocol) is a network protocol that allows multiple hosts to share a single virtual IP address, providing automatic failover if the primary host fails.
certificate chain: A sequence of digital certificates linked together, where each certificate signs the next one, connecting a server's certificate back to a trusted root certificate authority.
CFLAGS: CFLAGS is an environment variable that passes compiler flags and options to the C compiler during software compilation, controlling how code is optimized, debugged, and compiled.
CFS: CFS (Completely Fair Scheduler) is the default Linux kernel process scheduler that allocates CPU time fairly among running processes using a red-black tree data structure to track and balance execution time.
CGNAT: Carrier-Grade Network Address Translation (CGNAT) is a technique where an Internet Service Provider performs NAT on customer traffic, translating private IP addresses to shared public IPs, allowing ISPs to reduce their public IPv4 address consumption.
cgroup: A Linux kernel feature that limits, prioritizes, and isolates resource usage (CPU, memory, I/O) for groups of processes. cgroups allow fine-grained control over system resources at the process-group level.
cgroup namespace: A Linux namespace that isolates a process's view of cgroups, allowing it to see only the cgroups within its own namespace hierarchy rather than the system-wide cgroup tree.
cgroup v1: The original implementation of Linux control groups, allowing administrators to limit and monitor resource usage (CPU, memory, I/O) for groups of processes. Largely superseded by cgroup v2 but still widely supported.
cgroup v2: cgroup v2 is the second major version of Linux control groups, a unified kernel interface for limiting and monitoring resource usage (CPU, memory, I/O, network) for process groups and containers.
cgroupfs: A virtual filesystem that exposes Linux control groups (cgroups) as a hierarchical directory structure, allowing users and processes to manage resource limits for groups of processes.
ChaCha20-Poly1305: ChaCha20-Poly1305 is an authenticated encryption algorithm combining the ChaCha20 stream cipher with the Poly1305 message authentication code for secure, fast cryptography.
change window: A period of time during which system changes, updates, or maintenance are permitted without disrupting normal operations. Often used in production environments to minimize impact on users.
character device: A device file that represents a hardware device allowing character-by-character (byte-stream) I/O, such as terminals, serial ports, or USB devices. Data is read and written sequentially without buffering.
checksum: A checksum is a small value calculated from data that allows verification the data hasn't been corrupted or altered. It's computed using a mathematical algorithm and compared against the original to detect changes.
chroot: A system call and command that changes the root directory (/) for a process and its children to a new location, isolating them in a restricted filesystem subtree.
Cilium: Cilium is an open-source networking and security project that uses eBPF (extended Berkeley Packet Filter) to provide network connectivity, load balancing, and security policies for containers and Kubernetes clusters.
ClamAV: ClamAV is a free, open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats on Linux and other Unix-like systems.
CLI: A Command Line Interface (CLI) is a text-based user interface where you interact with a computer by typing commands instead of clicking a graphical interface.
Cloudflare Tunnel: A secure, outbound-only connection that allows you to expose local services (web servers, SSH, databases) to the internet through Cloudflare's network without opening inbound ports or exposing your IP address.
cluster autoscaler: A Kubernetes component that automatically adds or removes nodes from a cluster based on resource requests and utilization, scaling the underlying infrastructure up or down as needed.
ClusterRole: A Kubernetes resource that defines a set of permissions applicable across an entire cluster, allowing users or service accounts to perform specific actions on cluster-wide resources.
CNAME: A CNAME (Canonical Name) record is a DNS resource record that maps one domain name to another domain name, creating an alias for your actual hostname.
CNAME record: A CNAME (Canonical Name) record is a DNS record type that maps an alias domain name to another domain name (the canonical name), allowing multiple domain names to resolve to the same IP address.
CNI plugin: A Container Network Interface plugin is a software component that manages network connectivity for containers in Kubernetes and other container orchestration systems. It implements the CNI specification to allocate and manage IP addresses, routes, and network interfaces.
CO-RE: CO-RE (Compile Once – Run Everywhere) is a BPF technology that allows eBPF programs to be compiled once and run on different Linux kernel versions without recompilation, by automatically adapting to kernel structure layout differences.
collector: A program or process that gathers, aggregates, and processes data from multiple sources—commonly used in monitoring systems to collect metrics, logs, or events from distributed systems.
command substitution: Command substitution is a shell feature that executes a command and replaces it with its output, allowing you to use a command's result as input to another command or variable assignment.
compaction: A memory management process that reduces fragmentation by moving allocated memory pages together, freeing up contiguous free space for large allocations.
compiler: A program that translates human-readable source code (usually in languages like C, C++, or Rust) into machine-executable binary code or intermediate code that the computer can run.
compressed swap: A memory management technique that compresses inactive data in swap space to reduce disk I/O and improve system performance on memory-constrained systems.
compression ratio: Compression ratio is the percentage or factor describing how much a file or data has been reduced in size after compression. It's calculated as the ratio of original size to compressed size, with higher ratios indicating greater compression.
condition variable: A synchronization primitive that allows threads to wait until a specific condition is met, then be awakened when another thread signals that the condition has changed.
configfs: A virtual filesystem (typically mounted at /sys/kernel/config) that allows userspace applications to create, configure, and manage kernel subsystems through a hierarchical directory structure.
ConfigMap: A Kubernetes object that stores non-sensitive configuration data as key-value pairs, allowing you to decouple configuration from container images.
conntrack: A kernel subsystem that tracks the state of network connections, maintaining a table of active TCP, UDP, and other protocol connections to enable stateful packet filtering.
container: A lightweight, isolated runtime environment that bundles an application with its dependencies, libraries, and configuration into a single package that runs consistently across different systems.
container image: A lightweight, standalone package containing an application, its dependencies, libraries, and runtime environment—everything needed to run the application consistently across different systems.
container registry: A centralized repository service that stores and distributes container images, allowing users to push, pull, and manage containerized applications.
containerd: A lightweight container runtime that manages the complete lifecycle of containers on Linux systems. It serves as the core component that pulls images, runs containers, and handles storage without requiring the full Docker daemon.
context switch: The process by which a CPU switches from executing one process to another, saving the current process's state and restoring the next process's state.
context window: The amount of text (measured in tokens) that a language model or AI system can process and reference at one time. It defines the maximum length of conversation history or input the model can consider.
control group: A kernel feature that limits and monitors resource usage (CPU, memory, I/O) for a group of processes. Control groups organize processes hierarchically and enforce resource quotas at the OS level.
control plane: The set of components and processes that make decisions about how to manage and orchestrate a system, as opposed to the data plane which handles the actual workload traffic.
controller: A hardware device or kernel subsystem that manages communication between the CPU and peripherals like storage drives, network cards, or USB devices.
COPR: COPR (Cool Other Package Repository) is a Fedora-hosted service that allows users to build and host RPM packages outside the official Fedora repositories, useful for third-party software and community projects.
copy-on-write: A memory optimization technique where multiple processes share the same physical memory pages until one attempts to modify the data, at which point a private copy is created for that process.
core dump: A core dump is a file containing the memory contents and state of a process at the moment it crashed, used for debugging to understand what caused the failure.
correlation ID: A unique identifier assigned to a request or transaction that allows you to track and correlate related log entries, messages, and events across multiple systems or services.
cosign signature: A cryptographic signature generated by Cosign, a container image signing tool that verifies the authenticity and integrity of container images using keyless signing methods or traditional keys.
counter: A variable or register that tracks the number of occurrences of an event, such as instruction executions in a CPU or network packets sent. Counters increment or decrement to measure system activity and performance.
COW snapshot: A Copy-on-Write snapshot is a space-efficient point-in-time copy of a filesystem or volume that only stores changes made after the snapshot is created, not a full duplicate of the original data.
CPU affinity: CPU affinity is the ability to bind a process or thread to run exclusively on specific CPU cores, preventing the kernel scheduler from moving it to other cores.
CPU saturation: CPU saturation occurs when the number of runnable processes exceeds the number of available CPU cores, causing processes to wait in the scheduler queue. It indicates the system cannot handle all computational demands immediately.
CPU utilization: CPU utilization is the percentage of a CPU's processing capacity actually being used to execute tasks, as opposed to idle time. It measures how busy a processor is at any given moment.
crash dump: A snapshot of a system's memory and state saved to disk when the kernel crashes or panics, used for post-mortem debugging and analysis.
CRD: CRD (Custom Resource Definition) is a Kubernetes extension mechanism that allows users to define custom objects and APIs beyond the built-in resource types, enabling declarative management of application-specific resources.
CRL: A Certificate Revocation List (CRL) is a digitally signed list of digital certificates that have been revoked before their expiration date and should no longer be trusted.
cron: A system daemon that automatically executes scheduled tasks (called cron jobs) at specified times or intervals. It runs continuously in the background and uses configuration files called crontabs to determine what commands to execute and when.
cron job: A scheduled task that runs automatically at specified intervals on a Linux system, managed by the cron daemon. Users define recurring jobs in a configuration file called a crontab.
CronJob: A scheduled task that runs automatically at specified times or intervals on a Linux system, managed by the cron daemon.
crun: A lightweight, fast container runtime written in C that runs OCI (Open Container Initiative) compliant containers. It is a minimal alternative to runc that focuses on performance and low resource consumption.
CSR: A Certificate Signing Request (CSR) is a file containing cryptographic information submitted to a Certificate Authority to obtain an SSL/TLS certificate for securing communications.
CT log: A Certificate Transparency log is a publicly auditable append-only record of SSL/TLS certificates, designed to detect and prevent the issuance of fraudulent digital certificates.
CUBIC: CUBIC is a TCP congestion control algorithm designed for high-speed networks that adjusts transmission rates based on packet loss to maximize throughput while maintaining fairness.
cuBLAS: cuBLAS is NVIDIA's GPU-accelerated library for Basic Linear Algebra Subprograms (BLAS) operations, enabling high-performance matrix and vector computations on CUDA-capable GPUs.
CUDA: CUDA is NVIDIA's parallel computing platform that allows developers to use graphics processing units (GPUs) for general-purpose computing, significantly accelerating computationally intensive applications.
cuDNN: cuDNN is NVIDIA's GPU-accelerated library for deep neural networks, providing optimized implementations of standard operations like convolution and pooling.
CUPS: CUPS (Common Unix Printing System) is the standard printing service on Linux and macOS that manages print queues, drivers, and communication between applications and printers.
current working directory: The directory in which the shell is currently operating, displayed by pwd and changed using cd. It determines where relative paths begin and where new files are created by default.
curve25519: Curve25519 is an elliptic curve cryptography standard designed for fast, secure key exchange and digital signatures, widely used in modern Linux encryption tools.
CXXFLAGS: An environment variable that specifies compiler flags passed to the C++ compiler during the build process. Common flags control optimization levels, include paths, and warning settings.

D

daemon: A daemon is a background process that runs continuously without direct user interaction, typically started at boot time and managed by the system.
DaemonSet: A Kubernetes resource that ensures a pod runs on every (or selected) node in a cluster, automatically spawning new instances when nodes are added.
DARPA: DARPA is the U.S. Defense Advanced Research Projects Agency, a federal organization that funds high-risk, high-reward research. It played a foundational role in creating the technologies underlying the Internet and modern computing.
data plane: The data plane is the part of a network or system responsible for forwarding and processing actual user data traffic, as opposed to control messages.
data=journal: An ext4 filesystem mount option that writes all data and metadata to the journal before committing to the main filesystem, providing maximum data integrity at the cost of performance.
data=ordered: A journaling mode for ext3/ext4 filesystems that ensures data is written to disk before its metadata is committed to the journal, preventing data corruption and loss after crashes.
data=writeback: A journaling mode for ext3/ext4 filesystems that only logs filesystem metadata (not file data) to the journal, offering faster performance but less data safety after a crash.
datagram: A datagram is a self-contained packet of data sent over a network without establishing a connection, typically using the UDP protocol. Each datagram is independent and may arrive out of order or be lost entirely.
dbus: D-Bus is a message bus system that enables inter-process communication (IPC) between applications on a Linux system, allowing them to discover and invoke each other's services.
deadlock: A situation where two or more processes are blocked indefinitely, each waiting for a resource held by another, preventing any of them from proceeding.
Debian: Debian is a free, community-driven Linux distribution known for stability, package management via apt, and serving as the base for many other distributions like Ubuntu.
debootstrap: A tool that installs a minimal Debian or Ubuntu base system into a directory without requiring a pre-existing Linux installation. It downloads and configures essential packages needed to boot and run a Linux system.
debugfs: A filesystem-based debugging interface that exposes kernel internal data structures and allows runtime inspection and modification of kernel state through a mounted virtual filesystem.
declarative configuration: A configuration approach where you describe the desired end state of a system, and the system automatically determines how to achieve it, rather than writing step-by-step instructions.
dedup: Deduplication is a data storage technique that eliminates redundant copies of data by storing only one instance and referencing it multiple times, reducing storage space and improving efficiency.
default route: The network route used to forward packets when no more specific route matches the destination address. Typically points to a gateway that connects your system to other networks.
dependency: A software library, package, or component that another program requires to function properly. Dependencies must be installed and available on the system before or alongside the program that needs them.
Deployment: Deployment is the process of moving software from a development environment to production, making it available for end users. It includes installation, configuration, and activation of applications on target systems.
desired state: A configuration management concept where you declare what you want a system to look like, and tools automatically make it match that target state, rather than manually issuing commands to change it.
desktop environment: A desktop environment is a graphical user interface (GUI) layer that provides a complete visual and interactive experience for Linux, including a window manager, file manager, panels, menus, and themed widgets.
device file: A special file that represents a hardware device or pseudo-device, allowing programs to interact with hardware through standard file operations like read and write.
device unit: A systemd unit file that represents and manages a hardware device or virtual device on the system, controlling how the device is mounted, activated, or made available to other services.
devicemapper driver: A Linux kernel driver that provides a logical volume management layer by mapping logical block devices to physical storage, commonly used by container runtimes like Docker to manage storage for container images and data.
devicemapper storage: A Linux kernel subsystem that creates virtual block devices by mapping logical block addresses to physical storage locations, commonly used by container runtimes and LVM to manage storage flexibly.
devtmpfs: A virtual filesystem that automatically creates and manages device files in /dev at boot time, replacing the static device files of earlier Linux systems.
DHCP: Dynamic Host Configuration Protocol (DHCP) is a network protocol that automatically assigns IP addresses and other network configuration settings to devices on a network, eliminating the need for manual configuration.
directory: A container that holds files and other directories, organized in a hierarchical tree structure. Directories are special files that act as organizational units in the filesystem.
dirty page: A memory page that has been modified by a process but not yet written back to disk. The kernel tracks dirty pages and flushes them periodically or on demand.
discard: A storage optimization feature that tells SSDs and thin-provisioned storage devices which data blocks are no longer needed, allowing them to reclaim space and improve performance.
discard (TRIM): TRIM is a command that tells SSDs which data blocks are no longer in use, allowing the drive to optimize performance and lifespan by erasing unused space. It bridges the gap between the filesystem's view of deleted data and the SSD's physical memory management.
dist-upgrade: A package manager command that upgrades all installed packages to newer versions while intelligently handling dependency changes and removing packages if necessary. It's more aggressive than a standard upgrade.
distribution: A curated collection of the Linux kernel, GNU utilities, package manager, and pre-selected software packaged together for easy installation and use. Different distributions target different needs and philosophies.
distroless: A container image that contains only an application and its runtime dependencies, with no package manager, shell, or other OS utilities typically found in Linux distributions.
distroless image: A container image that contains only an application and its runtime dependencies, with no package manager, shell, or other system utilities included.
DKIM: DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that messages from a domain are legitimate and haven't been tampered with.
DKMS: DKMS (Dynamic Kernel Module Support) is a framework that automatically builds and installs kernel modules for new kernel versions, eliminating the need to manually recompile drivers after kernel updates.
DMARC: DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication standard that uses SPF and DKIM to verify that messages claiming to be from a domain actually come from that domain's authorized servers.
DNS: DNS (Domain Name System) is a distributed network service that translates human-readable domain names into IP addresses, enabling computers to locate each other on the internet.
DNS over HTTPS: DNS over HTTPS (DoH) is a protocol that encrypts DNS queries and responses by tunneling them through HTTPS, preventing ISPs and network monitors from seeing which domains a user visits.
DNS over TLS: DNS over TLS (DoT) is a protocol that encrypts DNS queries and responses using TLS encryption, preventing eavesdropping on DNS traffic and protecting user privacy.
DNSSEC: DNSSEC is a security protocol that adds cryptographic signatures to DNS records, allowing clients to verify that DNS responses are authentic and haven't been tampered with.
docker: Docker is a containerization platform that packages applications and their dependencies into isolated, portable units called containers, enabling them to run consistently across different systems.
DoH: DoH (DNS over HTTPS) is a protocol that encrypts DNS queries by sending them over HTTPS instead of plain-text UDP, preventing ISPs and network observers from seeing which domains you visit.
DoT: DNS over TLS (DoT) is a protocol that encrypts DNS queries and responses using TLS encryption, preventing eavesdropping on domain name lookups.
dotfile: A hidden configuration file in Linux whose filename begins with a dot (.), making it invisible to standard directory listings. Dotfiles store user preferences and settings for applications and shells.
dotfiles: Configuration files in a user's home directory that start with a dot (.), which are hidden by default in Linux file listings. They store personal settings for shells, editors, and applications.
dracut: Dracut is a modular initramfs generation tool that creates the initial RAM filesystem needed to boot a Linux system. It assembles kernel modules, drivers, and utilities required before the root filesystem can be mounted.
dracut module: A dracut module is a collection of scripts and configuration files that extend dracut's functionality to handle specific hardware, filesystems, or boot requirements during Linux kernel initialization and early userspace setup.
drift: Configuration drift is the unintended divergence of a system's actual state from its desired or documented configuration, typically caused by ad-hoc manual changes over time.
DRM: Digital Rights Management (DRM) is a technology that restricts how users can copy, modify, or distribute digital content by enforcing access controls at the software or hardware level.
DTrace: DTrace is a dynamic tracing framework that allows real-time observation and analysis of kernel and application behavior without stopping or recompiling the system.
dual boot: A computer configuration where two different operating systems are installed on separate partitions of the same disk, allowing the user to choose which one to boot at startup.
dynamic binary: An executable file that depends on external shared libraries at runtime, rather than having all code compiled directly into the binary. The dynamic linker resolves library dependencies when the program starts.
dynamic linker: A runtime program that loads shared libraries into memory and resolves symbol references when an executable starts. It enables programs to use code from external libraries rather than embedding everything statically.

E

eager evaluation: Eager evaluation is the immediate computation of expressions when encountered, rather than waiting until their results are actually needed. It's the default behavior in most Linux shells and programming languages.
east-west traffic: Network traffic that flows between servers within the same data center or internal network, as opposed to traffic entering or leaving the network (north-south). It refers to the horizontal movement of data between compute, storage, and other infrastructure resources.
eBPF: eBPF (extended Berkeley Packet Filter) is a lightweight virtual machine embedded in the Linux kernel that allows unprivileged user-space programs to run sandboxed code safely in kernel space.
eBPF datapath: eBPF datapath refers to the high-performance packet processing pipeline in Linux networking that uses extended Berkeley Packet Filter (eBPF) programs to handle data plane operations like forwarding, filtering, and load balancing without context-switching to kernel space.
ECDSA: ECDSA (Elliptic Curve Digital Signature Algorithm) is a cryptographic algorithm for creating and verifying digital signatures using elliptic curve mathematics, widely used in SSH keys and TLS certificates.
Ed25519: Ed25519 is a modern public-key cryptographic signature algorithm based on elliptic curve cryptography, widely used in Linux for SSH keys and secure communications.
EditorConfig: EditorConfig is a configuration format and tool that helps maintain consistent coding styles across different editors and IDEs by defining indentation, line endings, and other formatting rules in a `.editorconfig` file.
EFI: EFI (Extensible Firmware Interface) is a modern firmware standard that replaces the legacy BIOS, providing a standardized interface between the operating system and hardware during boot.
EFI System Partition: A small, FAT32-formatted partition required on UEFI systems that stores bootloader files and firmware configuration, analogous to the MBR in BIOS-based systems.
egress gateway: A network gateway that controls and manages outbound traffic leaving a network or system to external networks, often enforcing security policies and routing rules.
elementary OS: Elementary OS is a free, open-source Linux distribution based on Ubuntu that emphasizes a clean, intuitive user interface and thoughtful design principles.
ELF: ELF (Executable and Linkable Format) is the standard binary file format used by Linux and Unix systems for executables, object files, and shared libraries.
ELF section: A discrete portion of an ELF binary file that contains specific types of data, such as executable code, symbol tables, or debugging information. Each section has metadata describing its purpose, size, and location in the file.
ELF symbol: A named reference in an ELF binary that identifies a function, variable, or other object in memory. Symbols are used by the linker and loader to resolve references between code modules.
embedding: Embedding refers to including or integrating one system, application, or codebase into another as a dependent component, rather than running it standalone. In Linux contexts, it commonly means building a minimal Linux system into a device or application.
EndeavourOS: EndeavourOS is a rolling-release Linux distribution based on Arch Linux that provides an accessible entry point to Arch while maintaining its minimalist philosophy and cutting-edge software.
envelope encryption: A two-layer encryption scheme where data is encrypted with a symmetric key, and that key is itself encrypted with an asymmetric public key. This combines the speed of symmetric encryption with the key-distribution benefits of public-key cryptography.
envelope sender: The email address specified in the SMTP MAIL FROM command, used for bounce notifications and delivery reports; distinct from the visible From header that users see.
envelope-from: The sender address used in SMTP protocol communications, distinct from the visible 'From:' header in an email message. It determines where delivery failures and bounces are sent.
envelope-to: A mail header field that specifies the final delivery address for an email message, used by mail servers during the SMTP transaction to route messages correctly.
environment: A set of variables and their values that a process inherits and uses to modify its behavior, including PATH, HOME, and USER.
environment variable: A named value that the shell and programs use to configure behavior and pass information. Environment variables are inherited by child processes and persist for the duration of a session.
environment.d: A directory where systemd reads drop-in configuration files to set environment variables for services and user sessions. Files in environment.d/ are processed in lexicographic order and allow modular configuration of system-wide or user environment settings.
Envoy: Envoy is an open-source edge and service proxy designed to handle network traffic between services and external clients, commonly used in microservices architectures and as an API gateway.
epoch: The epoch is the reference point (January 1, 1970, 00:00:00 UTC) from which Unix timestamps measure elapsed seconds. All time on Unix-like systems is calculated as the number of seconds since this moment.
error budget: A defined tolerance for failures or errors in a system, often expressed as a percentage of uptime or acceptable downtime, used in Site Reliability Engineering (SRE) to balance reliability with feature velocity.
escape sequence: A special sequence of characters (usually starting with a backslash or escape character) that represents a non-printing or special character, or signals a command to interpret text in a specific way.
ESMTP: ESMTP (Extended Simple Mail Transfer Protocol) is an enhanced version of SMTP that adds modern capabilities like authentication, encryption, and larger message support to the original Simple Mail Transfer Protocol.
etcd: A distributed, strongly consistent key-value store used for shared configuration and service discovery in clusters, most commonly by Kubernetes to store all cluster state.
exemplar: An exemplar is a typical or ideal example of something that serves as a model or standard for comparison. In Linux contexts, it often refers to a reference implementation or sample code that demonstrates best practices.
exFAT: exFAT (Extended File Allocation Table) is a modern, lightweight file system designed for removable storage devices like USB drives and SD cards, offering compatibility across Linux, Windows, and macOS.
exit status: A numeric code returned by a command or process to indicate whether it succeeded or failed, with 0 meaning success and non-zero values indicating specific errors.
exporter: A small utility program that exposes metrics or data from a system component in a format that monitoring tools like Prometheus can collect and analyze.
ext2: ext2 is a classic Linux filesystem that stores files in a hierarchical structure using inodes and data blocks. It was the standard filesystem for Linux systems throughout the 1990s before being superseded by ext3 and ext4.
ext3: ext3 is a journaling filesystem for Linux that extends ext2 with a journal to prevent data corruption after unclean shutdowns or crashes.
ext4: ext4 is a modern journaling filesystem for Linux that improves upon ext3 with better performance, larger file support, and increased reliability through extent-based allocation.
extent: A contiguous block of disk space allocated to a file in a filesystem. Extents group consecutive sectors together to reduce fragmentation and improve I/O efficiency.

F

F2FS: F2FS (Flash-Friendly File System) is a Linux file system optimized for NAND flash storage devices like SSDs and USB drives, designed to reduce write amplification and extend device lifespan.
failback: The process of restoring service to the original server or resource after it has been recovered, following a failover event. Failback reverses the failover by moving traffic and operations back from the backup system to the primary system.
failover: Automatic switching from a failed system or service to a backup or redundant one, ensuring continuous availability without manual intervention.
fd-find: fd-find is a modern, user-friendly alternative to the find command that searches for files and directories using a simpler syntax and faster performance.
fdatasync: A system call that flushes a file's data to disk without waiting for metadata updates, making it faster than fsync() when only data consistency matters.
feature flag: A configuration mechanism that allows developers to enable or disable specific features in software at runtime without redeploying code, commonly used for gradual rollouts and A/B testing.
FHS: The Filesystem Hierarchy Standard (FHS) is a specification that defines the directory structure and organization of files in Linux and Unix systems, ensuring consistency across distributions.
FIDO2: FIDO2 is an open authentication standard that enables passwordless login and two-factor authentication using security keys or biometric devices, verified by the FIDO Alliance.
file descriptor: A non-negative integer that represents an open file or I/O resource in a process. It acts as a reference handle that the kernel uses to track and manage access to files, sockets, pipes, and devices.
filesystem: A filesystem is the method and data structure that an operating system uses to organize, store, and retrieve files on storage devices. It defines how data is named, accessed, and managed on disk or other media.
fine-tuning: The process of adjusting system parameters, configuration settings, or resource allocations to optimize performance, stability, or behavior for specific workloads or environments.
firewall: A firewall is a system or software tool that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.
firmware: Low-level software that runs on hardware devices before the operating system loads, controlling the device's basic functions and hardware initialization.
firstboot: A startup script or service that runs only once when a system boots for the first time, typically used to perform initial configuration, user setup, or system customization.
fish shell: Fish (Friendly Interactive Shell) is a modern command-line shell for Linux and Unix systems designed to be user-friendly with smart autocompletion, syntax highlighting, and helpful defaults out of the box.
flame graph: A visualization technique that displays CPU time spent in functions as a stacked area chart, where the width of each block represents the amount of time spent in that function and its callees.
flamegraph: A visualization technique that displays CPU usage across a program's call stack as a hierarchical, stacked bar chart where wider bars represent functions consuming more CPU time.
Flatpak: Flatpak is a containerized application packaging format for Linux that bundles an app with its dependencies, allowing it to run consistently across different Linux distributions without requiring system-wide installations.
flatpak remote: A remote repository server that hosts Flatpak applications, configured locally so users can browse, install, and update applications from that source.
fork: A system call that creates a new process by duplicating the current process. The child process is an identical copy of the parent, but runs independently with its own process ID.
four golden signals: Four key metrics—latency, traffic, errors, and saturation—used to monitor and measure the health and performance of systems and services in production environments.
fp16: A 16-bit floating-point data type that uses half the memory of standard 32-bit floats, commonly used in machine learning and GPU computing for faster computation with acceptable precision loss.
fp8: FP8 is an 8-bit floating-point data type used in machine learning to reduce memory usage and improve computational speed compared to 32-bit or 64-bit precision.
fq_codel: fq_codel is a network packet scheduling algorithm that combines fair queuing with CoDel (Controlled Delay) to reduce latency and buffer bloat in network transmission.
frame: A fixed-size block of data transmitted over a network, consisting of a header, payload, and trailer. In the kernel, a frame also refers to a fixed block of memory in virtual address space.
free software: Software that users can freely run, study, modify, and distribute, typically governed by licenses like the GPL that guarantee these freedoms.
fstab: The /etc/fstab file is a configuration file that defines how disk partitions, block devices, and remote filesystems are mounted automatically when Linux boots.
fsync: A system call that forces the kernel to write all pending file data and metadata to disk immediately, ensuring data persistence even if the system crashes.
ftrace: ftrace is a kernel tracer that dynamically instruments Linux kernel functions to capture real-time execution traces for performance analysis and debugging without recompiling the kernel.
FUSE: FUSE (Filesystem in Userspace) is a mechanism that allows non-root users to create and manage custom filesystems without modifying kernel code.
fuser: A command-line utility that identifies which processes are using specific files, sockets, or directories on a Linux system.
futex: A futex (fast userspace mutex) is a kernel-assisted synchronization primitive that allows processes or threads to efficiently coordinate access to shared resources with minimal system calls.
fzf finder: fzf is a fast, interactive command-line fuzzy finder that searches through lists of items (files, command history, processes) and lets you select matches using keyboard navigation and pattern matching.

G

garbage collection: Garbage collection is an automatic memory management process that identifies and frees memory that is no longer being used by a program, preventing memory leaks.
Gatekeeper: A security mechanism or system that controls and monitors access to a network, system, or resource by evaluating incoming requests against defined policies before allowing them through.
gauge: Gauge is not a standard Linux term. You may be thinking of 'gauges' in monitoring tools, or possibly 'gauge' as a metric type in Prometheus-based monitoring systems that represents a single numerical value that can go up or down.
GCC: GNU Compiler Collection, a free, widely-used compiler system that translates source code (C, C++, Fortran, and others) into executable machine code for Linux and other platforms.
GENEVE: GENEVE (Generic Network Virtualization Encapsulation) is a tunnel encapsulation protocol that wraps network packets to transport them across networks, commonly used in software-defined networking and cloud environments.
Gentoo: Gentoo is a lightweight, source-based Linux distribution designed for advanced users who want maximum control and optimization. It compiles all software from source code rather than using pre-built binaries.
GFS2: GFS2 (Global File System 2) is a shared-disk cluster file system that allows multiple nodes to access and modify the same file system simultaneously over a network, with built-in locking and consistency mechanisms.
GGML: GGML is a C library for machine learning that enables efficient inference of large language models on consumer hardware with minimal memory and computational requirements.
GGUF: GGUF is a binary file format designed for efficiently storing and loading large language models, prioritizing portability and inference speed across different hardware.
GID: GID (Group ID) is a numeric identifier that uniquely represents a user group in Linux. Every group on a system has a unique GID, used for access control and permission management.
GitOps: GitOps is an operational framework that uses Git as the single source of truth for declaring infrastructure and application configurations, automatically synchronizing the actual state with what's defined in version control.
glibc: glibc (GNU C Library) is the standard C library for Linux systems, providing essential functions for program execution including memory management, input/output, string handling, and system calls.
globbing: Globbing is filename pattern matching that expands wildcard characters like * and ? into matching filenames directly in the shell before executing a command.
glue record: A DNS record that provides the IP address of a nameserver listed in a parent zone's NS records, breaking a circular dependency when a nameserver is within the delegated subdomain.
GNOME: GNOME is a free, open-source desktop environment that provides a graphical user interface, windows manager, and applications for Linux systems. It emphasizes simplicity and accessibility.
GNU: GNU is a free software project and recursive acronym for 'GNU's Not Unix' that created Unix-like operating system tools and utilities. It forms the core userland of Linux systems.
GNU Stow: GNU Stow is a symlink farm manager that helps organize and deploy software packages into a central directory tree by creating symbolic links to files in separate package directories.
golden image: A pre-configured, fully installed, and tested system snapshot used as a template to rapidly deploy identical systems or containers across an infrastructure.
GOT: The Global Offset Table (GOT) is a section in executable files that holds addresses of global variables and functions, allowing position-independent code to dynamically resolve symbols at runtime.
GPL: The GNU General Public License (GPL) is a free software license that guarantees users the freedom to use, modify, and distribute software, with the requirement that derivative works remain under the same license.
GPT: GPT is a partitioning scheme for hard drives and SSDs that uses a GUID Partition Table to organize disk space into partitions, supporting larger drives and more partitions than the older MBR standard.
Grafana: Grafana is an open-source visualization and monitoring platform that creates interactive dashboards to display time-series metrics and data from various sources like Prometheus, InfluxDB, and Elasticsearch.
GRE: Generic Routing Encapsulation (GRE) is a tunneling protocol that encapsulates packets from one protocol inside another for transmission across networks, commonly used to create virtual point-to-point links.
GRE tunnel: A GRE (Generic Routing Encapsulation) tunnel is a networking protocol that encapsulates packets from one network inside another, creating a virtual point-to-point connection between remote networks or hosts.
greylisting: Greylisting is an anti-spam technique that temporarily rejects incoming emails from unknown senders, allowing legitimate mail servers to retry while filtering out spam.
group: A collection of user accounts that share common permissions and access rights to files and resources. Groups simplify management by allowing multiple users to be granted the same privileges at once.
GRUB: GRUB (GRand Unified Bootloader) is the boot loader that loads the Linux kernel into memory when your computer starts up, allowing you to select which operating system or kernel version to boot.
GUI: A graphical user interface (GUI) is a visual way to interact with a computer using windows, icons, menus, and a pointer instead of typing commands. Most Linux desktop environments like GNOME and KDE provide GUIs.

H

hard link: A hard link is a directory entry that points directly to the same inode as another file, making both names refer to identical file data on disk.
hard lockup: A hard lockup occurs when the Linux kernel becomes completely unresponsive and stops servicing interrupts, typically requiring a hardware reset or power cycle to recover.
hardirq: A hardware interrupt (hardirq) is an asynchronous signal from a hardware device to the CPU that forces it to stop executing the current code and immediately handle the interrupt. Hardirqs are the fastest and most critical type of interrupt in the Linux kernel.
hash: A mathematical function that converts input data of any size into a fixed-length string of characters, used to verify data integrity and create secure checksums. In Linux, hashes are commonly used to verify file authenticity and store password hashes.
helm chart: A Helm chart is a package of pre-configured Kubernetes resources that defines how to deploy an application. It bundles templates, values, and metadata to simplify installing and managing applications on Kubernetes.
helm release: A Helm release is a named instance of a Kubernetes application deployed using Helm, the package manager for Kubernetes. It represents a specific installation of a chart with a particular configuration.
helo: The SMTP command used by a mail client to identify itself to a mail server when initiating a connection; modern systems use EHLO instead.
helper function: A smaller, reusable function that performs a specific task and is called by other functions to reduce code duplication and improve maintainability.
heredoc: A heredoc (here document) is a shell syntax that allows you to pass a multi-line string to a command without using quotes or escape characters. It begins with << followed by a delimiter and ends when that delimiter appears alone on a new line.
HIP: HIP (Host Identity Protocol) is a network protocol that separates a host's identity from its network location, allowing secure communication that persists even when IP addresses change.
histogram: A graphical representation of data distribution displayed as a series of bars, where each bar's height represents the frequency or count of values within a specific range or category.
HMAC: HMAC (Hash-based Message Authentication Code) is a cryptographic technique that combines a secret key with a hash function to verify both the authenticity and integrity of a message.
hostname: The unique name assigned to a computer on a network, used to identify the machine and enable communication with other systems.
hot swap: Hot swap is the ability to remove and replace hardware components while the system is running without shutting down or interrupting service.
HOTP: HOTP (HMAC-based One-Time Password) is a time-independent algorithm that generates single-use authentication codes based on a shared secret and a counter value, commonly used in two-factor authentication systems.
HPA: HPA (Host Protected Area) is a reserved section of a hard drive that is hidden from the operating system and ordinary disk tools, typically used by manufacturers for recovery partitions or firmware storage.
HPACK: HPACK is a header compression algorithm used in HTTP/2 that reduces the size of HTTP headers by maintaining a dynamic table of previously sent header fields and using Huffman encoding.
HPKP: HPKP (HTTP Public Key Pinning) is a security mechanism that allows websites to instruct browsers to associate them with specific public key certificates, preventing man-in-the-middle attacks using fraudulent certificates.
HSM: A Hardware Security Module (HSM) is a dedicated physical device that generates, stores, and manages cryptographic keys while performing encryption and decryption operations to keep sensitive material isolated from the main system.
HSTS: HTTP Strict-Transport-Security (HSTS) is a security mechanism that forces web browsers to communicate with a server exclusively over encrypted HTTPS connections, preventing downgrade attacks.
HTB: HTB (Hierarchical Token Bucket) is a Linux kernel queueing discipline that shapes network traffic by organizing classes into a hierarchy and allocating bandwidth fairly among them.
HTTP/2: HTTP/2 is a binary protocol and major revision of the HTTP web protocol that improves performance through multiplexing, server push, and header compression.
HTTP/3: HTTP/3 is the third major version of the Hypertext Transfer Protocol that uses QUIC as its transport layer instead of TCP, enabling faster and more reliable web communication with improved connection establishment and multiplexing.
hypervisor: A hypervisor is software that creates and manages virtual machines, allowing multiple operating systems to run simultaneously on a single physical computer by abstracting hardware resources.

I

I/O: Input/Output (I/O) refers to the transfer of data between a computer and external devices, including reading from and writing to files, disks, networks, and peripherals.
I/O scheduler: A kernel component that decides the order in which read/write requests to block devices (disks) are processed. It optimizes throughput, latency, and fairness by reordering I/O operations.
IaC: Infrastructure as Code (IaC) is the practice of defining and managing computing infrastructure through machine-readable code files instead of manual configuration, enabling version control, automation, and reproducibility.
ICMP echo: A network diagnostic message that tests connectivity by sending a request packet and waiting for an echo reply from a remote host, commonly used by the ping command.
idempotency: A property of operations that produce the same result whether executed once or multiple times, ensuring safety and predictability in repeated executions.
iftop: iftop is a command-line network monitoring tool that displays real-time bandwidth usage by host and connection, similar to top but for network traffic.
image layer: A read-only snapshot of filesystem changes in a container or virtual machine, stacked to form a complete filesystem. Layers are combined using a union filesystem to create the final runtime environment.
image manifest: A metadata file that describes the contents, layers, and configuration of a container image, typically in JSON format. It ensures image integrity and enables proper distribution and deployment across systems.
image registry: A centralized repository that stores and distributes container images, allowing users to push, pull, and manage containerized applications.
image signing: Image signing is the process of cryptographically signing container or disk images to verify their authenticity and ensure they haven't been tampered with. It uses digital signatures to prove that an image comes from a trusted source.
image tag vs digest: A tag is a human-readable label for a container image (like 'latest' or 'v1.0'), while a digest is an immutable content-based identifier (a SHA256 hash) that uniquely identifies a specific image layer composition.
IMAP: IMAP (Internet Message Access Protocol) is a standard protocol for retrieving and managing email messages from a remote mail server, allowing clients to access messages while keeping them stored on the server.
immutable infrastructure: Infrastructure deployed as unchangeable, read-only systems that are never modified after creation; instead of updating, you replace entire instances with newly built versions.
imperative configuration: A configuration approach where you explicitly run commands and scripts to set up system state, rather than declaring the desired state. The system administrator actively performs each step needed to reach the target configuration.
in-toto attestation: A cryptographically signed record that documents what happened during a step of a software supply chain, proving who performed an action and what the inputs and outputs were.
incident commander: The person designated to lead and coordinate the response to a critical system incident or outage, making decisions and communicating status across teams.
inference: Inference in Linux typically refers to the process of a machine learning model making predictions on new data, or more broadly, the execution of a trained AI/ML model to generate outputs from inputs without further training.
Ingress: Network traffic flowing into a system or interface from external sources. The opposite of egress, which is traffic leaving the system.
ingress controller: A Kubernetes component that manages inbound network traffic to services running in a cluster, routing external requests based on hostnames, paths, and other rules.
ingress gateway: An ingress gateway is a network entry point that manages incoming traffic into a Kubernetes cluster or service mesh, routing external requests to appropriate internal services.
init: The first process (PID 1) that the Linux kernel starts after booting, responsible for launching all other processes and managing the system's startup sequence and shutdown.
init container: A specialized container in a Kubernetes pod that runs to completion before application containers start, used to perform initialization tasks like downloading files or configuring the environment.
init system: The first user-space process (PID 1) that the kernel starts, responsible for launching and managing all other processes on the system.
initramfs: A compressed archive containing a minimal root filesystem and kernel modules loaded into RAM during boot, before the real root filesystem is mounted. It enables the kernel to access storage devices and prepare the system for startup.
inode: An inode is a data structure that stores metadata about a file or directory on the filesystem, such as permissions, ownership, timestamps, and pointers to the actual file data—but not the filename itself.
interactive shell: A shell session where the user types commands at a prompt and receives immediate feedback, typically used for manual command execution and real-time interaction with the system.
involuntary context switch: A context switch forced by the kernel scheduler when a process's time slice expires or a higher-priority process becomes runnable, regardless of whether the current process is willing to yield control.
io_uring: io_uring is a Linux kernel interface for asynchronous I/O operations that allows applications to submit and retrieve I/O requests efficiently without system call overhead.
IOPS: IOPS (Input/Output Operations Per Second) is a measurement of how many read and write operations a storage device can perform in one second, indicating its speed and performance capacity.
IOPS budget: IOPS budget is the maximum number of input/output operations per second that a storage device or cloud instance is allocated or guaranteed to perform. It's a rate limit that prevents excessive disk I/O from consuming shared resources.
iostat: A system monitoring tool that reports CPU usage and input/output statistics for block devices and partitions, helping identify storage performance issues.
iotop: A Linux system monitoring tool that displays I/O (input/output) usage by process, showing which processes are reading from or writing to disk in real time.
IP address: A unique numerical label assigned to each device on a network that identifies it and enables communication with other devices using the Internet Protocol.
IP header: The IP header is the metadata section at the beginning of an IP packet that contains addressing and routing information, including source IP, destination IP, TTL, and protocol type.
IPC: Inter-Process Communication (IPC) is a set of mechanisms that allow processes running on a system to exchange data and synchronize their actions. Common IPC methods include pipes, sockets, message queues, and shared memory.
IPC namespace: An IPC namespace isolates inter-process communication resources (message queues, semaphores, shared memory) so that processes in different namespaces cannot access each other's IPC objects.
IPsec: IPsec is a suite of protocols that encrypts and authenticates IP packets, providing secure communication at the network layer for end-to-end protection of data traveling across IP networks.
iptables: A command-line utility for configuring Linux kernel firewall rules that filter and route network packets based on protocols, ports, IP addresses, and other criteria.
IRQ affinity: IRQ affinity is the binding of interrupt requests (IRQs) to specific CPU cores, controlling which processors handle particular hardware interrupts.
iSCSI: iSCSI (Internet SCSI) is a network protocol that allows computers to send SCSI storage commands over standard IP networks, enabling remote block-level storage access as if the storage were locally attached.
Istio: Istio is an open-source service mesh that manages communication between microservices in Kubernetes clusters, providing traffic management, security, and observability without requiring application code changes.
IV: IV (Initialization Vector) is a random value used in cryptographic algorithms to ensure that identical plaintext encrypted with the same key produces different ciphertexts.

J

jailbreak: A technique to escape or bypass security restrictions imposed by a container, virtual machine, or sandboxed environment to gain unauthorized access to the host system.
jiffies: Jiffies are the smallest unit of kernel time in Linux, representing the time between timer interrupts. The kernel uses jiffies to track elapsed time and schedule processes.
Job: A job is a process or group of processes that are managed as a single unit by the shell, typically running in the foreground or background of your terminal session.
journal: A log of filesystem changes written sequentially before they are committed to disk, allowing recovery from crashes without data corruption. The most common implementation is ext4's journaling feature.
journald: journald is the systemd journal daemon that collects and manages system logs from kernel, services, and applications in a structured binary format.
journaling filesystem: A filesystem that maintains a journal (log) of changes before committing them to disk, allowing rapid recovery from unexpected shutdowns or crashes without lengthy disk checks.
jq filter: A jq filter is a pattern or expression that selects, transforms, or processes JSON data in the jq command-line tool. Filters can extract specific fields, perform calculations, or restructure JSON output.
jumbo frame: A network frame larger than the standard 1500-byte Ethernet maximum transmission unit (MTU), typically 9000 bytes, used to improve throughput on high-speed local networks.
JWT: JWT (JSON Web Token) is a compact, self-contained token format used to securely transmit information between parties, commonly used for authentication and authorization in web applications and APIs.

K

Kali Linux: Kali Linux is a Debian-based Linux distribution designed specifically for penetration testing, ethical hacking, and cybersecurity research, pre-loaded with hundreds of security tools.
kallsyms: A kernel subsystem that maintains a symbol table mapping kernel memory addresses to function and variable names, used for debugging and generating readable stack traces.
KASAN: KASAN (Kernel Address Sanitizer) is a dynamic memory error detector built into the Linux kernel that finds use-after-free, out-of-bounds access, and other memory safety bugs in kernel code.
KDF: A Key Derivation Function (KDF) is a cryptographic algorithm that derives one or more secure encryption keys from a password or master key by applying mathematical transformations and adding computational cost.
kdump: A Linux kernel crash dumping mechanism that captures the state of a crashed kernel to a file for later analysis and debugging.
KEM: KEM (Key Encapsulation Mechanism) is a cryptographic algorithm that securely generates and encapsulates symmetric encryption keys for transmission to another party. It's a core component of public-key cryptography used in modern secure communication.
kernel: The core component of Linux that manages hardware resources, schedules processes, and handles system calls from user applications.
Kernel ABI: The Kernel ABI (Application Binary Interface) defines the stable binary contract between the Linux kernel and user-space programs, ensuring applications work across kernel versions without recompilation.
kernel lockdown: A Linux kernel security feature that restricts privileged operations and access to kernel internals, even when running as root, to prevent malicious code from modifying the running kernel.
kernel module: A piece of code that can be loaded into or removed from the Linux kernel at runtime without requiring a reboot. Kernel modules extend kernel functionality for hardware drivers, filesystems, and other features.
kernel panic: A kernel panic is a critical error in the Linux kernel that causes the system to halt and display an error message, unable to recover automatically. It typically indicates a serious hardware failure, memory corruption, or fatal software bug.
kernel preemption: Kernel preemption is a Linux kernel feature that allows the scheduler to interrupt and pause long-running kernel code, enabling lower-latency task switching and more responsive system behavior.
kernel space: The protected memory region where the Linux kernel executes with unrestricted hardware access, separate from user space where applications run with limited privileges.
kernel taint: A kernel taint is a flag set by the Linux kernel to indicate that it has loaded untrusted code, encountered errors, or is running in an unsupported state, which may affect stability and support.
kexec: A Linux kernel mechanism that allows a running kernel to directly boot into another kernel without going through the BIOS/firmware, skipping the full hardware initialization process.
key rotation: Key rotation is the practice of periodically replacing cryptographic keys with new ones to limit exposure if a key is compromised. It's a security best practice that reduces the window of vulnerability for any single key.
key wrapping: Key wrapping is a cryptographic technique that encrypts an encryption key (called a key encryption key or KEK) using another key, protecting the key from disclosure while allowing secure storage and transmission.
kfunc: A kernel function that can be called directly from eBPF programs running in the Linux kernel, introduced in Linux 5.10 to allow safer and more flexible kernel introspection without requiring unstable kernel APIs.
kill signal: A signal sent to a process to request or force its termination. The most common is SIGKILL (signal 9), which forcefully stops a process, while SIGTERM (signal 15) allows graceful shutdown.
kmod: A utility for managing kernel modules in Linux, allowing you to load, unload, and inspect kernel extensions at runtime without rebooting.
KMS: KMS (Kernel Mode Setting) is a Linux kernel feature that allows the kernel to directly manage video display modes, eliminating the need for a separate X server graphics driver to set resolution and refresh rates.
koji: Koji is the Red Hat build system used to compile, package, and manage RPM builds for Fedora, Red Hat Enterprise Linux (RHEL), and other RPM-based distributions.
kprobe: A dynamic kernel debugging mechanism that allows you to insert instrumentation points into running kernel code without recompiling or reloading modules. Kprobes capture function arguments, return values, and execution flow for performance analysis and troubleshooting.
KSM: KSM (Kernel Samepage Merging) is a Linux kernel feature that reduces memory usage by identifying and merging identical memory pages across different processes into a single shared page.
kthread: A kernel thread is a lightweight execution context that runs entirely in kernel space, used by the kernel to perform background tasks without requiring a user-space process.
kube-apiserver: The primary control-plane component of Kubernetes that exposes the Kubernetes API and processes all REST requests, serving as the central hub for cluster communication and state management.
kube-proxy: A Kubernetes network proxy that runs on each node to maintain network rules, enabling communication between pods and external traffic routing. It acts as the networking layer for the cluster.
kube-scheduler: The Kubernetes component responsible for assigning pods to nodes in a cluster based on resource requirements, constraints, and scheduling policies.
kubelet: Kubelet is the primary node agent in Kubernetes that runs on each worker node to manage containers and ensure pods are running as specified.
kustomization: A Kustomize configuration file (kustomization.yaml) that defines how to customize Kubernetes manifests through declarative patches, overlays, and resource composition without requiring templating.
KVM: KVM (Kernel-based Virtual Machine) is a Linux kernel module that enables hardware virtualization, allowing a single physical machine to run multiple isolated virtual machines efficiently.
kyber: Kyber is a Linux I/O scheduler for block devices that prioritizes low latency and fairness by using adaptive batching and machine-learning-inspired techniques to manage disk request queues.
Kyverno: Kyverno is a Kubernetes-native policy engine that validates, mutates, and generates resources using policies defined as Kubernetes Custom Resources. It enforces security, compliance, and operational standards without requiring knowledge of a new policy language.

L

L2ARC: L2ARC is a ZFS feature that uses fast storage (like SSDs) as a second-level cache between main memory and slower disks to improve read performance.
latency: The time delay between when a request is made and when a response is received or an action completes. Lower latency indicates faster responsiveness.
latency budget: The maximum acceptable delay or response time allocated for a specific operation or system component within a larger application or workflow. It represents a time constraint that must not be exceeded to maintain performance requirements.
lazy evaluation: A computation strategy where values are calculated only when actually needed, rather than in advance. Common in functional programming and shell scripting to improve performance and handle infinite sequences.
ld.so: The dynamic linker and loader in Linux that resolves library dependencies and loads shared libraries into memory at program startup. It prepares executable files to run by linking them with their required dynamic libraries.
LDAP: LDAP (Lightweight Directory Access Protocol) is a protocol for querying and modifying centralized directory services, commonly used for user authentication and organizational information lookups in enterprise Linux environments.
LDFLAGS: An environment variable that specifies linker flags passed to the linker (ld) during compilation, controlling how object files are linked into executables or libraries.
leader election: A distributed computing process where multiple nodes or processes automatically select one among themselves to coordinate shared tasks or resources. The elected leader then handles decisions or state management for the group until it fails or relinquishes the role.
libc: The C standard library (libc) is a core system library providing essential functions for C programs, including I/O, memory management, string handling, and system calls. It acts as the primary interface between user programs and the Linux kernel.
library: A reusable collection of precompiled functions and code that programs link against to perform common tasks, avoiding code duplication across applications.
libtool: A GNU utility that simplifies the creation and use of shared libraries across different platforms by abstracting away platform-specific compilation details.
link: A reference to a file or directory that allows access to it from another location in the filesystem. Links can be either hard links (direct references to the same inode) or symbolic links (shortcuts containing a path).
Linkerd: Linkerd is a lightweight service mesh that adds observability, reliability, and security capabilities to Kubernetes applications without requiring code changes.
Linux: Linux is a free and open-source operating system kernel created by Linus Torvalds in 1991 that manages hardware resources and enables software to run on computers. It forms the core of Linux distributions like Ubuntu, Fedora, and Debian.
load average: Load average is a measure of how many processes are waiting to run on the CPU, averaged over specific time periods (1, 5, and 15 minutes). It indicates system busyness and potential CPU contention.
loadable module: A piece of kernel code that can be dynamically loaded into or unloaded from a running Linux kernel without recompiling or rebooting the system.
localhost: A hostname that refers to the local computer itself, typically mapped to the IP address 127.0.0.1 (IPv4) or ::1 (IPv6). It allows a system to communicate with services running on the same machine.
lockdep: A Linux kernel debugging tool that detects potential deadlocks by tracking lock dependencies and validating locking rules at runtime.
lockless: A programming technique where multiple processes or threads access shared data without using locks or mutual exclusion mechanisms, relying instead on atomic operations or careful data structure design to prevent conflicts.
log aggregation: Log aggregation is the process of collecting log files from multiple sources (servers, applications, containers) into a centralized location for analysis, monitoring, and troubleshooting.
log level: A classification system that assigns severity to log messages, ranging from debug (lowest) to emergency (highest), allowing you to filter and prioritize which events get recorded.
log line: A single line of text written to a log file, typically containing a timestamp, source identifier, and a message describing an event or action in a system or application.
log rotation: Log rotation is the automatic or manual process of archiving old log files and starting fresh ones to prevent logs from consuming excessive disk space. Rotated logs are typically compressed and kept for a set period before deletion.
login shell: A shell that is invoked when you log in to a Linux system, which reads initialization files to set up your environment. It is responsible for executing login-specific configuration and spawning your interactive session.
logind: A systemd service that manages user login sessions, device access, and power state transitions on Linux systems.
loopback: A virtual network interface that allows a computer to communicate with itself, typically assigned the IP address 127.0.0.1 on IPv4. It's used for testing network software without requiring physical network hardware.
LoRA: LoRA (Low-Rank Adaptation) is a machine learning technique that efficiently fine-tunes large pre-trained models by updating only a small number of additional parameters rather than retraining the entire model.
lsof: lsof (list open files) is a command-line utility that displays all open files and network connections associated with running processes on a system.
ltrace: ltrace is a debugging tool that traces library function calls made by a program, showing which shared library functions are invoked and their arguments and return values.
LTS: LTS stands for Long Term Support, a software release that receives maintenance and security updates for an extended period, typically 5-10 years.
LV (logical volume): A logical volume (LV) is a virtual block device created from one or more physical volumes managed by the Linux Logical Volume Manager (LVM). It acts like a traditional hard drive partition but offers flexibility in sizing and management.
LVM: Logical Volume Manager (LVM) is a storage abstraction layer that allows you to create flexible virtual disk partitions called logical volumes from physical storage devices, enabling dynamic resizing and management without rebooting.
Lynis: Lynis is an open-source security auditing tool that scans Linux and Unix systems to identify vulnerabilities, misconfigurations, and security gaps, providing detailed reports and recommendations for hardening.

M

MAC address: A MAC address (Media Access Control address) is a unique 48-bit identifier assigned to a network interface card (NIC) that identifies devices on a local network. It is used for communication within the same physical network segment.
magic SysRq: A kernel feature that allows direct communication with the Linux kernel via keyboard shortcuts, even when the system is unresponsive, enabling emergency debugging and system recovery.
maildir: A maildir is a filesystem-based mail storage format that stores individual email messages as separate files in a directory structure, rather than concatenating them into a single file.
mainline kernel: The mainline kernel is the official Linux kernel source code maintained by Linus Torvalds and the core kernel developers, representing the primary development line from which all stable and long-term support releases are derived.
maintenance window: A scheduled period when a system is taken offline or services are interrupted for updates, patches, or repairs. During this time, users typically cannot access the system or services.
major page fault: A page fault that occurs when a program accesses virtual memory that is not currently loaded in physical RAM and must be fetched from disk, typically causing a noticeable delay. This is in contrast to a minor page fault, where the page is already in RAM but needs to be mapped into the process's address space.
man page: A manual page is built-in documentation for Linux commands, libraries, and system calls, accessible via the 'man' command. It provides syntax, options, examples, and usage information.
Manjaro: Manjaro is a user-friendly Linux distribution based on Arch Linux that provides an accessible entry point to Arch's rolling-release model with pre-configured defaults and graphical installers.
MASQUE: MASQUE is a QUIC extension that enables tunneling of arbitrary network traffic through QUIC connections, allowing proxying of TCP/UDP traffic and IP packets over encrypted QUIC streams.
mbox: A mailbox file format that stores multiple email messages in a single plain-text file, with each message separated by a line starting with 'From ' (with a space).
MBR: The Master Boot Record is the first 512 bytes of a hard disk that contains the bootloader code and partition table, allowing the system to boot and identify disk partitions.
MDA: A Mail Delivery Agent (MDA) is a program that receives emails from a Mail Transfer Agent and stores them in a user's mailbox or applies filtering rules before delivery.
mDNS: mDNS (Multicast DNS) is a protocol that allows computers on a local network to discover and communicate with each other by hostname without needing a central DNS server.
measured boot: A security process that records cryptographic measurements of firmware, bootloader, and kernel components in a Trusted Platform Module (TPM) before they execute, allowing verification that a system hasn't been tampered with during startup.
memoization: A programming optimization technique that caches the results of expensive function calls and returns the cached result when the same inputs occur again, avoiding redundant computation.
memory barrier: A CPU instruction that enforces ordering of memory operations, preventing the processor from reordering reads and writes across the barrier point. Essential for correct synchronization in multi-threaded and multi-processor systems.
memory pressure: Memory pressure occurs when the system's available RAM is scarce relative to demand, forcing the kernel to free up memory through swapping, page eviction, or killing processes.
metapackage: A metapackage is a lightweight package that contains no files of its own but instead depends on other packages, used to simplify installation of related software groups.
metric: A quantifiable measurement or value used to evaluate system performance, network quality, or routing decisions. In Linux, metrics track various aspects like CPU usage, memory consumption, or network path costs.
metric type: In monitoring systems, a metric type is the classification of a monitored value (counter, gauge, histogram, or summary) that determines how the data is collected, stored, and aggregated over time.
minor page fault: A page fault that is resolved by retrieving a page from RAM (such as from the filesystem cache) rather than from disk, resulting in minimal performance impact.
mirror: An exact copy of software, files, or data maintained on a separate server or location to distribute load and provide redundancy. In Linux contexts, it typically refers to a repository mirror that hosts copies of packages or distributions.
mirror vdev: A mirror vdev is a RAID-1 storage pool device in ZFS where data is simultaneously written to two or more physical devices, providing redundancy and fault tolerance.
mkinitcpio: A tool that generates an initial ramdisk image (initramfs) required to boot a Linux system, containing essential modules, binaries, and scripts needed before the main root filesystem is mounted.
mkinitcpio hook: A script or plugin that runs during the mkinitcpio build process to customize or extend the initial ramdisk (initramfs) with additional modules, binaries, or configuration.
mkpkg: mkpkg is not a standard Linux command. You may be thinking of tools like makepkg (Arch Linux package builder), dpkg-buildpackage (Debian), or rpmbuild (RPM-based systems) that create binary packages from source.
mock: A tool that builds RPM packages in an isolated chroot environment to ensure clean, reproducible builds without affecting the host system.
modprobe.d: A directory containing configuration files that control how the modprobe command loads kernel modules, allowing you to set module parameters and blacklist specific drivers.
modules-load: A systemd configuration mechanism that automatically loads kernel modules at boot time by reading directives from files in /etc/modules-load.d/ and /usr/lib/modules-load.d/.
modules.dep: A kernel configuration file that maps module dependencies, telling modprobe which kernel modules must be loaded before others. It's automatically generated by depmod and read by the module loader.
mount namespace: A Linux namespace that isolates the filesystem mount points visible to a process and its children, allowing different processes to have different views of the filesystem hierarchy.
mount point: A directory in the filesystem where a storage device, partition, or filesystem is attached and made accessible. Once mounted, the contents of that device become available under that directory path.
mount unit: A systemd unit file that defines how and where a filesystem or block device is mounted at boot time or on demand. Mount units have a .mount extension and replace traditional /etc/fstab entries.
MPLS: Multiprotocol Label Switching (MPLS) is a forwarding mechanism that uses labels instead of traditional IP routing to direct data packets through a network, enabling faster packet processing and traffic engineering.
MPLS label: A short, fixed-length identifier prepended to network packets in MPLS (Multiprotocol Label Switching) that directs packet forwarding along predetermined paths instead of using traditional IP routing.
mpstat: A Linux command-line tool that displays per-CPU statistics, showing processor utilization, context switches, and interrupts in real-time or at intervals.
mq-deadline: mq-deadline is an I/O scheduler for the Linux kernel's multi-queue block layer that prioritizes requests by deadline, ensuring older requests don't starve while maintaining good throughput for modern storage devices.
MTA: MTA (Mail Transfer Agent) is a server program that sends, receives, and routes email messages between servers using SMTP protocol.
MTA-STS: MTA-STS (Mail Transfer Agent Strict Transport Security) is a security protocol that forces mail servers to use encrypted TLS connections when sending emails, preventing downgrade attacks and eavesdropping.
mtab: A system file at /etc/mtab that records currently mounted filesystems and their mount options. It provides a dynamic view of what is actually mounted on the system.
MTBF: Mean Time Between Failures (MTBF) is a statistical measure of how long, on average, a hardware component or system operates before experiencing a failure. It's expressed in hours and used to estimate reliability and plan maintenance.
mtime: mtime (modification time) is the timestamp recording when a file's contents were last changed. It differs from access time (atime) and change time (ctime), which track when the file was read and when its metadata changed, respectively.
mTLS: Mutual TLS (mTLS) is a security protocol where both the client and server authenticate each other using digital certificates, rather than just the server authenticating to the client.
mTLS client cert: A client certificate used in mutual TLS (mTLS) authentication, where the client proves its identity to a server by presenting a digitally signed certificate in addition to verifying the server's certificate.
mTLS in mesh: Mutual TLS (mTLS) in a service mesh is a security protocol where both client and server services authenticate each other using digital certificates before establishing encrypted communication. In mesh architectures like Istio, mTLS is automatically enforced between all services without requiring application code changes.
MTTD: Mean Time To Detect (MTTD) is the average duration between when a security incident or system failure occurs and when it is first identified or discovered.
MTTR: MTTR (Mean Time To Repair) is the average time required to detect, diagnose, and fix a system failure or incident back to operational status.
MUA: MUA (Mail User Agent) is a client application that enables users to compose, send, and read email messages. It provides the interface between the user and the mail system.
multi-stage build: A Docker/container technique that uses multiple FROM statements in a single Dockerfile to create intermediate build stages, with only the final stage included in the resulting image, reducing image size and improving security.
multipath: A Linux kernel feature and software stack that manages multiple physical paths to the same storage device, automatically routing I/O traffic and providing failover when a path fails.
multiuser: A system property that allows multiple users to access and use the same computer simultaneously, each with their own login session, files, and processes.
musl: musl is a lightweight, standards-compliant C standard library alternative to glibc, designed for simplicity, correctness, and embedded/embedded Linux systems.
mutable infrastructure: Infrastructure that is modified in-place by applying updates, patches, and configuration changes directly to running systems rather than being replaced entirely.
mutating webhook: A Kubernetes extension that automatically modifies or transforms API requests before they are persisted, such as injecting environment variables, adding labels, or modifying pod specifications.
mutex: A mutex (mutual exclusion lock) is a synchronization primitive that ensures only one thread can access a shared resource at a time, preventing race conditions and data corruption.
MX record: A DNS record that specifies the mail server responsible for receiving email messages for a domain.

N

namespace: A Linux kernel feature that isolates system resources (like process IDs, network interfaces, or filesystems) so that groups of processes see different views of the system. Namespaces are fundamental to containerization.
NAT: Network Address Translation (NAT) is a networking technique that translates IP addresses in packet headers as they pass through a router, allowing multiple devices on a private network to share a single public IP address.
NAT hairpinning: NAT hairpinning is the ability of a device behind a NAT to connect to another device on the same private network using that device's external (public) IP address and port, with the NAT router reflexively translating the traffic back through itself.
neighbour table: A kernel data structure that maps IP addresses to hardware (MAC) addresses on a local network segment, primarily managed through the ARP protocol for IPv4 and NDP for IPv6.
netfilter: Netfilter is a Linux kernel subsystem that provides packet filtering, network address translation (NAT), and connection tracking capabilities. It allows administrators to control, modify, and filter network traffic.
nethogs: A network monitoring tool that displays bandwidth usage per process, showing which running applications are consuming network traffic in real time.
netmask: A netmask is a 32-bit number that defines which portion of an IP address identifies the network and which portion identifies the host on that network.
network namespace: A network namespace is an isolated network environment within a single Linux kernel that allows processes to have separate network interfaces, IP addresses, routing tables, and firewall rules. Multiple namespaces can coexist on one system, each with its own independent network stack.
networkd: systemd-networkd is a system service that manages network configuration and connectivity on Linux systems, handling IP address assignment, routing, and DNS resolution automatically.
NFS: Network File System (NFS) is a distributed file system protocol that allows a computer to access files and directories over a network as if they were mounted locally.
nftables: nftables is a modern Linux firewall and packet filtering framework that replaces iptables, offering a unified syntax for managing network rules across different network protocol families.
nice value: A numeric priority level (-20 to 19) that controls how much CPU time a process receives relative to others; lower values get higher priority.
NixOS: A Linux distribution built on the Nix package manager, where the entire system configuration is declared in a single reproducible configuration file, enabling atomic upgrades and rollbacks.
NMI watchdog: A kernel mechanism that detects and responds to system hangs by monitoring CPU activity through non-maskable interrupts (NMIs), triggering a panic or reboot when a CPU stops responding.
noatime: A mount option that prevents the filesystem from updating the access time (atime) of files when they are read, improving performance by reducing disk writes.
node affinity: Node affinity is a Kubernetes scheduling constraint that guides pod placement to specific nodes based on labels and rules. It allows workloads to prefer or require running on nodes with particular attributes.
node selector: A Kubernetes feature that constrains a pod to only run on nodes matching specified labels. It's a simple way to control pod placement across a cluster.
non-login shell: A shell session that does not read login configuration files like .bash_profile or .bashrc during startup. It's typically created when you open a new terminal tab or run a subshell.
nonce: A nonce (number used once) is a random or unique value generated for a single use in cryptographic operations to prevent replay attacks and ensure security.
noop: A scheduling elevator algorithm that performs no optimization, processing I/O requests in the exact order they arrive without reordering or merging.
north-south traffic: Network traffic that flows between a data center and external networks or the internet, moving vertically across network layers. Contrasts with east-west traffic, which moves between servers within the same data center.
NS record: A DNS record type that specifies authoritative nameservers for a domain, telling clients which servers hold the DNS information for that domain.
NTFS: NTFS (New Technology File System) is a file system developed by Microsoft, commonly used on Windows drives but readable and writable on Linux with appropriate drivers or tools.
NUMA: NUMA (Non-Uniform Memory Access) is a computer architecture where multiple processors have memory banks attached locally, with faster access to their own memory and slower access to remote memory banks on other processors.
NUMA node: A NUMA node is a distinct memory and CPU grouping in a Non-Uniform Memory Access system, where each node has its own local memory with faster access than memory on remote nodes.
NVMe: NVMe (Non-Volatile Memory Express) is a high-speed protocol and interface standard for connecting solid-state storage devices directly to a computer's PCIe bus, offering much faster data transfer than older standards like SATA.
NVMe-oF: NVMe over Fabrics (NVMe-oF) is a protocol that enables NVMe storage devices to be accessed over a network rather than directly attached to a local PCIe bus, allowing remote storage connectivity.

O

O_DIRECT: O_DIRECT is a file open flag that instructs the kernel to bypass the page cache and perform I/O operations directly between user-space buffers and disk, reducing memory overhead and latency for certain workloads.
O_SYNC: A file opening flag that forces all writes to be synchronously committed to disk immediately, ensuring data is physically written before the write call returns.
OAuth2: OAuth2 is an open authorization protocol that allows users to grant third-party applications access to their resources without sharing passwords. It uses tokens instead of credentials for secure, delegated access.
OCI: OCI (Open Container Initiative) is an open standard for defining container image format and runtime specifications, ensuring portability across different container platforms.
OCI artifact: An OCI artifact is any standardized binary object packaged and distributed using the Open Container Initiative specification, extending beyond just container images to include Helm charts, software bill of materials (SBOMs), and other configuration bundles.
OCI image: An OCI image is a standardized, containerized application package that follows the Open Container Initiative specification, defining how container images are built, distributed, and run across different container runtimes.
OCI runtime: A low-level container runtime that implements the Open Container Initiative specification, responsible for creating and managing the actual container processes and their isolation on the host system.
OCSP: Online Certificate Status Protocol (OCSP) is a method for checking whether an X.509 digital certificate has been revoked without downloading the entire Certificate Revocation List (CRL).
oh-my-zsh: Oh My Zsh is a popular open-source framework for managing Zsh shell configuration, providing themes, plugins, and shortcuts to enhance productivity and customize the shell experience.
OIDC: OpenID Connect (OIDC) is an authentication protocol built on top of OAuth 2.0 that enables users to log in to applications using credentials from an identity provider, with the identity provider returning verified identity information.
OOM killer: A kernel mechanism that forcibly terminates processes when the system runs critically low on memory to prevent a complete system crash.
OOM killer event: The Linux kernel's automatic process termination mechanism that frees memory by killing non-essential processes when the system runs critically low on available RAM.
OOM score: A numerical value assigned by the Linux kernel that determines the priority of a process to be killed when the system runs out of memory (OOM Kill).
oops: An "oops" is a kernel error message indicating that the Linux kernel detected a serious problem but managed to recover without crashing the entire system, typically printed to the kernel log when a driver or kernel module violates memory safety or encounters an illegal operation.
OPA: OPA (OpenFabrics Alliance Performance Analysis) is a high-speed interconnect technology and software stack used in high-performance computing clusters for low-latency, high-bandwidth communication between compute nodes.
open relay: An email server that accepts and forwards messages from any sender to any recipient without authentication or restrictions, allowing spammers to use it to send unsolicited mail.
open source: Software whose source code is freely available for anyone to view, modify, and distribute under a license that permits these freedoms. Linux itself is open source.
openSUSE: openSUSE is a free, open-source Linux distribution sponsored by SUSE that emphasizes ease of use, stability, and community-driven development.
OpenTelemetry: OpenTelemetry is an open-source framework for collecting, processing, and exporting observability data (metrics, logs, and traces) from applications and infrastructure. It provides standardized APIs and instrumentation libraries to help developers monitor system behavior and diagnose performance issues.
operating system: An operating system (OS) is the core software that manages a computer's hardware resources and provides essential services for applications and users. Linux is a free, open-source operating system kernel that powers everything from servers to smartphones.
operator: A symbol or keyword used in shell commands and programming to perform operations on variables, strings, or values, such as arithmetic, comparison, or logical operations.
orphan process: A process whose parent process has terminated before it does. The orphan is automatically adopted by the init process (PID 1), which becomes responsible for reaping it when it exits.
OSCAL: OSCAL (Open Security Controls Assessment Language) is an XML-based standard for expressing security control catalogs, profiles, and assessment results in a machine-readable format. It enables automated security compliance documentation and control validation across systems.
OSI model: A seven-layer conceptual framework that standardizes how computer networks communicate, with each layer handling specific functions from physical transmission to application-level interaction.
OSPF: OSPF (Open Shortest Path First) is a dynamic routing protocol that allows routers to automatically discover and communicate network topology, calculating the shortest path to reach destinations.
OSPF area: A logical subdivision of an OSPF network that reduces routing overhead by limiting the scope of link-state flooding. Areas are connected through a backbone area (Area 0) and communicate via Area Border Routers (ABRs).
ostree: OSTree is a versioning system for operating system binaries that functions like Git for entire filesystem trees, enabling atomic updates and rollbacks of the entire OS without a package manager.
OTLP: OTLP (OpenTelemetry Protocol) is a vendor-neutral standard protocol for transmitting telemetry data (traces, metrics, and logs) from applications to observability backends.
overlay driver: A Docker storage driver that layers a read-only base image with a thin read-write layer, using kernel union filesystem technology to efficiently stack multiple filesystem views into one.
overlay filesystem: A filesystem that layers multiple directory trees on top of each other, combining them into a single unified view where upper layers can shadow or modify lower layers without changing the originals.
overlay network: A virtual network layer built on top of an existing physical network infrastructure that allows containers or virtual machines to communicate across hosts as if they were on the same local network.
overlayfs: A union filesystem that layers a read-write filesystem over one or more read-only filesystems, combining them into a single view where writes go to the top layer.
overprovisioning: Allocating more resources (CPU, memory, storage, or network bandwidth) to virtual machines or containers than physically available, relying on the assumption that not all will be used simultaneously.

P

p99: The 99th percentile latency—the response time below which 99% of requests complete, used to measure system performance and tail latency.
p999: p999 is not a standard Linux term or command. You may be thinking of a specific tool, library, or metric used in a particular context (like percentile measurement in performance testing).
package manager: A software tool that automates the installation, upgrade, removal, and management of application packages on a Linux system. It handles dependencies, file placement, and system integration automatically.
packet: A packet is a small unit of data transmitted over a network, containing the actual information plus header information like source and destination addresses.
pacstrap: A command-line utility that installs packages into a target directory, typically used during Arch Linux installation to bootstrap a new system with essential packages.
page cache: The page cache is the Linux kernel's in-memory cache of file data from disk, automatically managed to speed up repeated file access without additional system calls.
page fault: A page fault occurs when a program tries to access memory that is not currently loaded in physical RAM, forcing the kernel to fetch it from disk or allocate it. It's a normal performance mechanism, not necessarily an error.
PAM: PAM (Pluggable Authentication Modules) is a flexible framework that allows Linux administrators to configure how users are authenticated, authorized, and managed across the system without modifying individual applications.
pam_env: A PAM (Pluggable Authentication Modules) module that sets environment variables during user authentication, allowing administrators to define per-user or global environment configurations at login time.
Parrot OS: Parrot OS is a Debian-based Linux distribution designed for penetration testing, digital forensics, and cybersecurity work, featuring a curated collection of hacking and security tools.
partition: A partition is a logical division of a physical hard drive or storage device into separate sections, each functioning as an independent storage unit with its own filesystem.
partition table: A data structure on a disk that describes how the disk's storage space is divided into logical sections (partitions). It tells the system where each partition starts, ends, and what type of data it contains.
PATH: PATH is an environment variable that lists directories where the shell searches for executable programs when you type a command. It determines which version of a program runs when multiple copies exist on your system.
path unit: A systemd unit type that monitors a file or directory and triggers an associated service when the path changes. Path units enable event-driven automation by watching for file modifications, creation, or deletion.
PBKDF2: PBKDF2 (Password-Based Key Derivation Function 2) is a cryptographic algorithm that derives a secure encryption key from a password by applying a hash function repeatedly many times, making brute-force attacks computationally expensive.
PCR: PCR (Platform Configuration Register) is a memory location in a Trusted Platform Module (TPM) that stores cryptographic measurements of system components, used to verify that a system hasn't been tampered with during boot.
PeerDNS: PeerDNS is a DNS configuration option in NetworkManager that allows the system to use DNS servers provided by VPN, DHCP, or other network connections, rather than only using manually configured servers.
percentile latency: Percentile latency measures the maximum response time experienced by a certain percentage of requests in a system. For example, 95th percentile latency means 95% of requests completed within that time, while 5% took longer.
perf: perf is a Linux performance analysis tool that allows you to measure CPU cycles, cache misses, branch predictions, and other hardware events to profile and debug application performance.
perf event: A perf event is a countable hardware or software occurrence in the system that can be monitored and analyzed using the perf tool to profile application and kernel performance.
permissions: Permissions are rules that control who can read, write, or execute a file or directory on a Linux system. They are enforced at the filesystem level and assigned to the owner, group, and others.
persistent volume: A persistent volume is a storage resource that retains data beyond the lifetime of a container or pod, commonly used in Kubernetes to decouple storage from application lifecycle.
persistent volume claim: A request for persistent storage in Kubernetes that a pod can use to store data beyond its lifetime. It abstracts the underlying storage details and allows applications to claim disk space dynamically.
PFS (perfect forward secrecy): Perfect Forward Secrecy is a cryptographic property ensuring that even if a server's long-term private key is compromised, previously encrypted session communications remain secure because each session uses unique, temporary encryption keys.
PID: PID (Process ID) is a unique numerical identifier assigned by the kernel to every running process on a Linux system, used to manage, track, and control processes.
PID namespace: A Linux kernel feature that isolates process ID numbering, allowing different groups of processes to have their own independent PID sequences. Processes in different namespaces can have the same PID without conflict.
pidstat: A system monitoring command that displays per-process CPU, memory, I/O, and other resource statistics, updating in real-time at specified intervals.
pipe: A pipe is a mechanism that connects the standard output of one command directly to the standard input of another, allowing data to flow between processes. It is represented by the | character.
PKCS#11: PKCS#11 is a cryptographic standard that defines how applications interact with hardware security modules and smart cards to perform cryptographic operations and manage digital certificates.
PKCS#12: PKCS#12 is a standard binary format for storing private keys, certificates, and certificate chains in a single encrypted file, commonly used for securing private keys and their associated credentials.
PKGBUILD: A shell script file used by Arch Linux and related distributions to define how to download, compile, and package software from source. It automates the entire build process into a binary package.
plan vs apply: A two-step operational pattern where a system shows you what changes it will make (plan) before actually making them (apply), allowing review and approval first.
PLT: The Procedure Linkage Table (PLT) is a section in executable files that enables dynamic linking by storing jump instructions to resolve function calls at runtime.
Pod: A Pod is the smallest deployable unit in Kubernetes, typically containing one or more tightly-coupled containers that share networking and storage resources.
pod affinity: A Kubernetes scheduling constraint that attracts pods to run on the same nodes as other pods, based on label selectors. Pod affinity ensures related workloads are colocated for performance or operational reasons.
Pod Security Standards: Pod Security Standards (PSS) are Kubernetes policies that enforce security best practices by restricting what capabilities, privileges, and system access a pod can have. They replace the deprecated Pod Security Policies with a simpler, built-in admission control mechanism.
PodDisruptionBudget: A Kubernetes resource that defines the minimum number or percentage of pod replicas that must remain available during voluntary disruptions like node maintenance or cluster updates.
podman: Podman is a container engine that runs containers without requiring a daemon process, making it a daemonless alternative to Docker for building, running, and managing Linux containers.
policy as code: Policy as code is the practice of defining infrastructure, security, and operational rules as machine-readable code rather than documentation, enabling automated enforcement and version control.
policy routing: A networking feature that directs packets to different routes based on rules other than just the destination IP address, such as source IP, protocol, or port.
Pop_OS: Pop!_OS is a free, open-source Linux distribution developed by System76 that is based on Ubuntu and optimized for productivity, with a focus on user experience and hardware compatibility.
POP3: POP3 (Post Office Protocol version 3) is an application-layer protocol used by email clients to retrieve messages from a mail server, typically downloading them to the local machine.
POSIX: POSIX is a set of international standards that define how Unix-like operating systems should behave, ensuring portability and compatibility of software across different Unix and Linux implementations.
postmortem: A postmortem is an analysis performed after a system failure, outage, or incident to understand what went wrong and identify lessons learned. It examines logs, events, and decisions to prevent future occurrences.
PPA: A Personal Package Archive (PPA) is a software repository hosted on Launchpad that allows Ubuntu users to install and update packages beyond those in the official repositories.
PREEMPT_RT: PREEMPT_RT is a Linux kernel patch set that enables hard real-time capabilities by making the kernel fully preemptible, allowing time-critical tasks to interrupt almost any kernel operation with minimal latency.
preemption: The ability of the operating system to interrupt a running process and switch to another task, ensuring fair processor time distribution and responsiveness. In Linux, preemption allows the kernel itself to be interrupted, not just user processes.
PreemptionPolicy: A kernel configuration that determines how the Linux scheduler handles task switching and responsiveness by controlling when process preemption can occur.
preferences.d: A directory convention where configuration files for a specific application or service are stored, typically in /etc/preferences.d/ or ~/.config/app/preferences.d/, allowing modular preference management.
priority inheritance: A synchronization mechanism that temporarily boosts a low-priority task's priority to prevent a higher-priority task from being blocked waiting for a resource held by the lower-priority task.
PriorityClass: PriorityClass is a systemd concept that groups processes into predefined priority tiers (e.g., realtime, high, normal, low, idle) to control CPU scheduling and I/O access without manually managing nice values.
privilege escalation: The act of gaining higher-level permissions or access rights on a system than originally granted, typically from a regular user to root/administrator level.
process: A process is a running instance of a program in memory with its own memory space, file descriptors, and process ID (PID). Each process is an independent execution context managed by the kernel.
process group: A collection of related processes that share the same process group ID (PGID), allowing them to be managed together as a unit for job control and signal delivery.
procfs: A virtual filesystem (/proc) that provides a window into kernel data structures and running processes, allowing users and programs to read process information and kernel statistics as if they were regular files.
Prometheus: Prometheus is an open-source systems monitoring and alerting toolkit that collects metrics from targets at specified intervals, stores them in a time-series database, and evaluates alert rules to trigger notifications.
PRR: PRR (Proportional Rate Reduction) is a TCP congestion control algorithm that improves recovery from packet loss by reducing the sending rate proportionally rather than using aggressive window reduction.
pseudo-terminal: A software abstraction that emulates a physical terminal, consisting of a master side (controlled by a terminal emulator or SSH daemon) and a slave side (used by a shell or application). It allows text-based communication between programs and users.
PSI: PSI (Pressure Stall Information) is a Linux kernel metric that measures resource contention by tracking time processes spend waiting for CPU, memory, or I/O resources to become available.
PSS: PSS (Proportional Set Size) is a memory metric that fairly distributes shared memory among processes by dividing each shared page's size proportionally among all processes that use it.
PTR record: A DNS Pointer record that maps an IP address back to a hostname, enabling reverse DNS lookups. It's the opposite of an A record.
pull-based deploy: A deployment model where target servers actively fetch and deploy application code from a central repository, rather than having code pushed to them.
push-based deploy: A deployment method where a central server actively sends code and configuration to target machines, rather than waiting for them to request updates. Common in automation tools like Ansible, Puppet, and Chef.
PV (physical volume): A physical volume (PV) is a raw storage device or partition that has been initialized for use with Logical Volume Manager (LVM), allowing it to be combined with other PVs into volume groups for flexible storage management.
pwd: pwd (print working directory) is a command that displays the full path of the current directory in the filesystem.

Q

qdisc: A qdisc (queueing discipline) is a kernel subsystem that manages how network packets are queued and transmitted on a network interface. It determines the order, timing, and rate at which packets leave the system.
quantization: Quantization is the process of converting continuous or high-precision numerical values into a limited set of discrete levels, commonly used in audio/video compression and machine learning model optimization.
queue depth: Queue depth is the maximum number of I/O operations (read/write requests) that can be pending simultaneously on a storage device or network interface. It determines how many commands a device can accept before the system must wait for some to complete.
QUIC: QUIC is a modern transport protocol that runs over UDP instead of TCP, designed to improve connection speed, reliability, and security for web traffic and other applications.
quorum: A minimum number of nodes or processes required to be active and in agreement for a distributed system to operate and make valid decisions. Without quorum, the system halts to prevent split-brain scenarios.
quota: A system limit that controls the maximum amount of disk space or number of files a user or group can use on a filesystem.

R

race condition: A race condition occurs when the outcome of concurrent operations depends on their unpredictable timing or order, causing inconsistent or incorrect results.
RAG: RAG (Retrieval-Augmented Generation) is an AI/ML technique that combines document retrieval with language model generation to provide answers grounded in external knowledge sources rather than just the model's training data.
RAID: RAID (Redundant Array of Independent Disks) is a technique for combining multiple physical hard drives into a single logical unit to improve performance, reliability, or both through data redundancy and/or striping.
raidz1: A RAID-Z variant in ZFS that provides single-disk fault tolerance by distributing data and parity across multiple drives, allowing the pool to survive the failure of any one disk.
raidz2: A RAID level used in ZFS that provides data redundancy with two-disk fault tolerance, allowing the pool to survive simultaneous failure of any two drives without data loss.
raidz3: A RAID variant in ZFS that uses three-way parity, allowing a storage pool to survive the simultaneous failure of any three drives without data loss.
RAM: RAM (Random Access Memory) is the computer's fast, temporary memory used to store data and programs currently in use. It's erased when the system powers off.
RBAC: Role-Based Access Control (RBAC) is a security model that restricts system access based on a user's assigned role rather than individual permissions, simplifying management of who can do what.
RCU: Read-Copy-Update (RCU) is a Linux kernel synchronization mechanism that allows multiple readers to access shared data concurrently without locks, by deferring updates until all current readers finish.
read amplification: Read amplification occurs when a single logical read request from an application causes multiple physical reads from storage, increasing I/O overhead and reducing performance.
realtime scheduling: A scheduling mode that prioritizes urgent tasks to run immediately with minimal delay, guaranteeing they meet strict time deadlines. Linux provides realtime scheduling classes for tasks requiring predictable, low-latency execution.
reconciliation loop: A control mechanism in Kubernetes and similar systems that continuously compares the desired state with the actual state and makes corrections to keep them in sync.
recording rule: A Prometheus configuration that defines how to aggregate time-series metrics into new metrics at regular intervals. Recording rules precompute expensive queries to improve performance and reduce load on the monitoring system.
recursive query: A DNS query where the resolver is asked to perform a complete lookup on behalf of the client, returning either the final answer or an error. Unlike iterative queries, the resolver does all the work rather than pointing the client to other servers.
RED method: RED method is not a standard Linux term. You may be thinking of RED (Random Early Detection), a network congestion management algorithm, or possibly a different Linux concept.
redirect-on-write snapshot: A snapshot technique where changes to the original volume are tracked and written to separate storage, while the snapshot presents a frozen view of the data at the moment of creation.
redirection: Redirection is the process of sending the input or output of a command to a file or another command instead of the terminal. It uses operators like >, >>, <, and | to change where data flows.
reentrant code: Code that can be safely called multiple times concurrently or interrupted and re-invoked without losing correctness or causing data corruption.
rEFInd: rEFInd is a boot manager for UEFI systems that allows you to select and launch different operating systems or boot options from a graphical menu instead of relying solely on the firmware's boot interface.
reflink: A filesystem feature that creates instant, copy-on-write clones of files or ranges of data without duplicating the actual blocks on disk, saving space and time.
regular expression: A pattern of characters used to match, find, and manipulate text in Linux. Regular expressions define rules for searching and replacing strings based on patterns rather than exact text.
ReiserFS: ReiserFS is a journaling filesystem for Linux that was popular in the early 2000s, known for efficient handling of small files and dynamic inode allocation.
relatime: A mount option that reduces disk writes by updating file access times only when they are older than the modification or change time, or when the file is actually accessed.
relative path: A file or directory location specified relative to the current working directory, rather than from the root of the filesystem. Relative paths do not begin with a forward slash.
replay protection: A security mechanism that prevents attackers from capturing and reusing valid encrypted messages or authentication tokens to gain unauthorized access or perform unauthorized actions.
replica set: A replica set is a group of database instances that maintain identical copies of data, with one primary node handling writes and secondary nodes serving reads and providing failover redundancy.
repository: A centralized storage location containing software packages, libraries, or configuration files that users can download and install. In Linux, repositories are typically hosted on remote servers and managed by package managers.
request ID: A unique identifier assigned to a system request or I/O operation, used to track and correlate it throughout its lifecycle in the kernel or application.
resolved: A systemd service that provides DNS resolution and caching for Linux systems, translating domain names into IP addresses.
resolver: A system component that translates human-readable domain names (like example.com) into IP addresses using DNS queries. It's the mechanism that makes web addresses work by converting hostnames to the numerical addresses computers actually use.
Return-Path: An email header field that specifies the address to which bounce messages and delivery failure notifications should be sent; used by mail systems to route non-delivery reports.
reverse proxy: A reverse proxy is a server that sits between clients and backend servers, intercepting client requests and forwarding them to the appropriate backend server on behalf of the client.
RIP: RIP (Routing Information Protocol) is a distance-vector routing protocol that determines network paths by counting hops to a destination, with a maximum of 15 hops per route.
ripgrep: ripgrep (rg) is a fast, line-oriented search tool that recursively searches directories for patterns matching a regular expression, similar to grep but significantly faster and with better defaults.
rkhunter: rkhunter is a security tool that scans Linux systems for rootkits, backdoors, and other malicious software by checking for known attack signatures and suspicious system changes.
ROCm: ROCm (Radeon Open Compute) is AMD's open-source platform for GPU computing that enables developers to use AMD graphics cards for general-purpose computing tasks like machine learning and scientific simulations.
role-based access control: Role-based access control (RBAC) is a security model where user permissions are determined by their assigned role within a system, rather than individual permission grants. Users inherit all permissions associated with their role.
RoleBinding: A Kubernetes object that grants a role (set of permissions) to a user, group, or service account within a namespace or cluster-wide.
rollback: The process of reverting a system or application to a previous state, typically after an update or change fails or causes problems.
rolling deploy: A deployment strategy where updates are gradually rolled out to a subset of servers or instances at a time, keeping the service running throughout the process without downtime.
rolling release: A software distribution model where updates are delivered continuously rather than in fixed version releases, so the system is always kept current with the latest packages.
root: The superuser account (UID 0) with unrestricted permissions to modify any file, run any command, and manage the entire Linux system. The administrative account with the highest privilege level.
root directory: The topmost directory in the Linux filesystem hierarchy, denoted by a forward slash (/) and serving as the parent of all other directories and files on the system.
rootfs: The root filesystem (rootfs) is the top-level filesystem mounted at / that contains all essential system directories and files needed to boot and run a Linux system.
rootless container: A container runtime that executes container processes without requiring root privileges on the host system, enhancing security by limiting what a compromised container can access.
route reflector: A BGP router that re-advertises (reflects) route announcements from one set of BGP peers to another, reducing the need for a full mesh of BGP connections in large networks.
rpath: rpath (run-time search path) is a compiler and linker feature that embeds a list of directories into an executable, telling the dynamic linker where to search for shared libraries at runtime without relying on LD_LIBRARY_PATH.
RPM: RPM (Red Hat Package Manager) is a package management system for installing, updating, and removing software on Linux distributions like Red Hat, CentOS, and Fedora. It handles dependencies and maintains a database of installed packages.
rpm-ostree: rpm-ostree is a hybrid package management and immutable operating system tool that combines RPM package management with OSTree's versioned filesystem approach, enabling atomic updates and easy rollback capabilities.
rpmbuild: rpmbuild is a command-line tool that compiles source code and creates RPM (Red Hat Package Manager) binary and source packages from a specification file (SPEC file).
RSA: RSA is a widely-used asymmetric cryptographic algorithm that uses a pair of public and private keys for secure data encryption and digital signatures. It forms the basis of many Linux security tools including SSH key authentication and SSL/TLS certificates.
RSS: Resident Set Size (RSS) is the portion of a process's memory that is currently held in physical RAM, as opposed to swapped to disk or stored in the page cache.
rsync: rsync is a command-line tool that efficiently synchronizes files and directories between local and remote systems, copying only the differences since the last sync.
runbook: A runbook is a documented set of step-by-step procedures for operating, maintaining, or troubleshooting a system or application. It serves as a manual guide for system administrators and DevOps engineers to follow during routine tasks or incident response.
runc: runc is a lightweight container runtime that creates and runs containers according to the OCI (Open Container Initiative) specification. It is the low-level tool that actually executes containerized applications on Linux.
runlevel: A runlevel is a predefined operating state of a Linux system that determines which services and daemons are started at boot or when switched to. Modern systemd systems use targets instead, but runlevels remain an important concept for understanding legacy systems.

S

safetensors: A safe, efficient file format for storing and loading machine learning model weights, designed as a safer alternative to pickle-based formats like PyTorch's .pth files.
Samba: Samba is a free software suite that enables Linux and Unix systems to interoperate with Windows networks by implementing the SMB/CIFS protocol, allowing file and printer sharing between different operating systems.
sar: sar (System Activity Reporter) is a command-line tool that collects, reports, and saves system performance statistics including CPU, memory, disk I/O, and network activity over time.
SATA: SATA (Serial ATA) is a computer bus interface standard for connecting storage devices like hard drives and SSDs to a motherboard, replacing the older parallel ATA interface.
SBOM: A Software Bill of Materials (SBOM) is a detailed inventory of all software components, libraries, and dependencies that make up an application or system, including their versions and sources.
SBOM ingest: SBOM ingest is the process of importing and parsing a Software Bill of Materials (SBOM) document into a system for vulnerability scanning, compliance tracking, or dependency analysis.
scheduler: The kernel component that decides which processes run on the CPU and when, dividing processor time among competing tasks.
scope unit: A systemd unit that defines a lightweight container for processes without a service definition, typically used for organizing and managing ad-hoc groups of processes or system calls.
scrape target: A target system or resource that is scanned, analyzed, or extracted data from without authorization, often for reconnaissance in security testing or malicious hacking.
scratch image: A temporary, disposable container or virtual machine image used for testing, building, or development without affecting production systems. It can be created quickly and discarded after use.
screen: A terminal multiplexer that allows multiple shell sessions to run simultaneously within a single terminal window, with the ability to detach and reattach sessions.
scrypt: A memory-hard key derivation function designed to be resistant to brute-force attacks by requiring significant CPU and RAM resources. It's commonly used for password hashing and key generation.
seccomp: Secure Computing Mode (seccomp) is a Linux kernel feature that restricts the system calls a process can make, limiting its capabilities to only what it needs.
Secret: In Linux security contexts, a secret is any sensitive credential or data (passwords, API keys, tokens, certificates) that must be kept confidential and protected from unauthorized access.
Secure Boot: A UEFI firmware security feature that verifies the digital signature of the bootloader before execution, preventing unauthorized or malicious code from loading during system startup.
sed substitution: A sed command that finds text matching a pattern and replaces it with new text. The basic syntax is sed 's/pattern/replacement/' to substitute the first occurrence per line, or sed 's/pattern/replacement/g' to replace all occurrences.
SELinux: SELinux (Security-Enhanced Linux) is a mandatory access control (MAC) system that enforces fine-grained security policies beyond traditional file permissions, controlling what processes and users can access on the system.
semaphore: A synchronization primitive that controls access to a shared resource by maintaining a counter; processes can wait for or signal the semaphore to coordinate execution.
send/receive: A fundamental I/O operation where a process transmits (send) or receives data through a network socket or inter-process communication channel. In networking, send writes data to a socket destined for a remote host, while receive reads incoming data.
Server-Sent Events: A web technology that enables a server to push real-time updates to connected clients over a single HTTP connection, allowing one-way communication from server to browser.
service: A service is a background process or daemon that runs continuously on a Linux system to provide specific functionality, such as web serving, email delivery, or SSH access. Services are typically managed by init systems like systemd and can be started, stopped, or restarted on demand.
service mesh: A service mesh is a dedicated infrastructure layer that manages communication between microservices in containerized applications, handling routing, security, and observability without changing application code.
service unit: A systemd unit file that defines how to start, stop, and manage a background service or daemon on a Linux system. Service units are configuration files with a .service extension that describe the executable, dependencies, and behavior of a long-running process.
session: A session is a login instance that groups related processes and terminal connections together, typically starting when a user logs in and ending when they log out.
session ticket: A session ticket is a cryptographic token issued by a server that allows a client to resume a previous TLS/SSL session without performing a full handshake, reducing latency and computational overhead.
setgid: A special file permission bit that causes an executable to run with the group privileges of the file's owner rather than the user executing it. On directories, it ensures new files inherit the directory's group.
setuid: A special file permission bit that allows a program to execute with the permissions of its owner rather than the user running it. Commonly used to grant temporary elevated privileges for specific tasks.
SHA-256: SHA-256 is a cryptographic hash function that produces a 256-bit (32-byte) fixed-length digest from any input data. It is widely used for verifying file integrity and security applications.
SHA-3: SHA-3 is the latest standard cryptographic hash function family approved by the U.S. National Institute of Standards and Technology (NIST), designed to generate fixed-size fingerprints of data for integrity verification and security applications.
shebang: A special line at the start of a script file that tells the operating system which interpreter to use to execute the script. It begins with #! followed by the path to an interpreter.
shell: A shell is a command-line interpreter that reads user input, executes commands, and returns output. It acts as the interface between you and the Linux kernel.
shellcheck: ShellCheck is a static analysis tool that scans shell scripts for syntax errors, potential bugs, and style issues before execution.
shfmt: A command-line tool that automatically formats shell scripts (bash, sh, ksh) to follow consistent style conventions, similar to how gofmt works for Go.
shim: A small piece of code or library that provides compatibility or acts as an intermediary layer between two software components, allowing them to work together despite differences in their interfaces or versions.
sidecar: A sidecar is a lightweight container or process that runs alongside a main application to provide supporting functionality like logging, monitoring, or networking without modifying the primary application code.
sidecar proxy: A lightweight proxy service that runs as a separate container or process alongside an application, handling networking tasks like traffic routing, load balancing, and security without requiring changes to the application code.
signal: A signal is a software interrupt that delivers a notification to a process, allowing the operating system or other processes to communicate asynchronously with that process. Signals can trigger predefined actions like termination, suspension, or custom handling.
sigstore: Sigstore is an open-source project providing keyless code signing and verification infrastructure, allowing developers to sign software artifacts without managing long-lived cryptographic keys.
SLA: SLA (Service Level Agreement) is a formal contract between a service provider and customer that specifies guaranteed performance metrics, uptime requirements, and remedies if those standards are not met.
slab allocator: The slab allocator is a kernel memory management subsystem that efficiently allocates and caches small objects of fixed sizes, reducing fragmentation and allocation overhead.
Slackware: Slackware is a minimalist Linux distribution known for simplicity, stability, and giving users direct control over system configuration with minimal abstraction.
SLI: Scalable Link Interface (SLI) is a technology that allows multiple graphics processing units (GPUs) to work together in parallel to improve graphics performance on a single system.
slice unit: A systemd unit type that groups processes into a hierarchy for resource management and control. Slices organize cgroups (control groups) to limit CPU, memory, and other resources allocated to sets of services.
SLO: Service Level Objective (SLO) is a target metric that defines the acceptable performance or availability level a system should maintain, such as 99.9% uptime.
SLOG: SLOG is a ZFS intent log stored on a fast device (typically SSD) that caches synchronous write operations before they're written to the main pool, improving write performance and data safety.
SLSA level: SLSA (Supply Chain Levels for Software Artifacts) is a framework that defines security maturity levels for software supply chains, ranging from level 1 (basic) to level 4 (highest assurance), helping organizations prevent tampering and improve artifact integrity.
SMTP: SMTP (Simple Mail Transfer Protocol) is the standard protocol used to send emails from a client to a mail server or between mail servers across the internet.
snap: A snap is a self-contained software package that bundles an application with all its dependencies, designed to work across different Linux distributions. Snaps are installed and managed using the snapd daemon and the snap command-line tool.
snap channel: A release track or version stream for a snap package that determines which version of the software a user receives when they install or update. Channels like stable, candidate, beta, and edge allow developers to roll out updates progressively.
snapshot: A point-in-time copy of a filesystem or volume that captures its state at a specific moment, allowing you to restore data or create backups without duplicating all storage space.
SNI: Server Name Indication (SNI) is a TLS extension that allows a client to specify which hostname it is connecting to during the initial handshake, enabling a single IP address to host multiple SSL/TLS certificates.
SOA: SOA (Start of Authority) is a DNS record that contains essential information about a DNS zone, including the primary nameserver, administrator email, and timing parameters for zone transfers and caching.
SOA record: An SOA (Start of Authority) record is a DNS resource record that defines the primary nameserver, administrator contact, and important timing parameters for a DNS zone.
socket: A socket is an endpoint for network communication or inter-process communication (IPC) that allows two programs to send and receive data. It abstracts the underlying protocol complexity and provides a file-like interface for data exchange.
socket unit: A systemd unit file that defines and manages a Unix socket, allowing services to listen on sockets and handle incoming connections independently of the associated service.
soft link: A soft link (symbolic link) is a special file that points to another file or directory by storing its path, rather than directly referencing its data. Unlike hard links, soft links can point across filesystems and to directories.
soft lockup: A kernel warning that occurs when a CPU is stuck running kernel code for too long without yielding, often indicating a performance problem or infinite loop rather than a hardware failure.
softirq: A deferred interrupt handler mechanism that allows the kernel to process less critical interrupt work outside of hard interrupt context, improving system responsiveness and reducing interrupt latency.
soname: The internal name and version identifier of a shared library that the linker and dynamic loader use to resolve runtime dependencies. It decouples the library's filename from its interface compatibility.
source code: Human-readable program instructions written in a programming language that must be compiled or interpreted to run on a computer. It's the original form before transformation into executable machine code.
span: In RAID and storage contexts, a span is a single physical drive or a set of drives treated as one logical unit. In networking, it refers to a Virtual LAN (VLAN) segment or the range of network interfaces a bridge connects.
SPF: SPF (Sender Policy Framework) is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain.
spinlock: A spinlock is a synchronization primitive that causes a process to wait in a tight loop, repeatedly checking a condition, rather than sleeping until a resource becomes available. Commonly used in kernel code where context switching overhead would be too high.
split brain: A state where a distributed system splits into isolated partitions that can no longer communicate, each partition believing it has authority or is the primary node.
split DNS: Split DNS is a configuration where different DNS results are returned to clients based on their network location—typically serving internal IP addresses to internal users and public IP addresses to external users.
split horizon DNS: A DNS configuration technique where different DNS responses are returned to clients based on whether they're querying from inside or outside a private network, allowing the same domain to resolve to different IP addresses for internal and external users.
split-horizon: A DNS technique where a nameserver returns different IP addresses for the same domain depending on whether the query comes from inside or outside a network. This allows internal and external clients to resolve the same hostname to different destinations.
split-tunnel VPN: A VPN configuration where only specific traffic is routed through the VPN tunnel while other traffic uses the local network connection directly.
SRV record: A DNS record type that specifies the location and port of services available on a network, allowing clients to discover where services like LDAP, SIP, or Kerberos are hosted.
ss: ss is a command-line utility that displays socket statistics and network connections on a Linux system, replacing the older netstat tool with improved performance and output.
ssh: SSH (Secure Shell) is a cryptographic network protocol that allows secure remote login and command execution on distant computers over an insecure network.
SSH certificate: A cryptographic credential issued by a Certificate Authority that verifies the identity of an SSH server or user, enabling secure authentication without relying solely on password exchange or manual key fingerprint verification.
SSH known_hosts: A file that stores the public keys of remote SSH servers you've connected to, allowing SSH to verify server identity and prevent man-in-the-middle attacks.
standard error: Standard error (stderr) is the default output stream where a program sends error messages and diagnostic output, separate from normal output (stdout).
standard input: Standard input (stdin) is the default data stream from which a program reads input, typically from the keyboard or a piped source.
standard output: Standard output (stdout) is the default destination where a program sends its normal text output, typically the terminal display. It is represented by file descriptor 1 in Unix/Linux systems.
starship prompt: Starship is a fast, customizable cross-platform shell prompt written in Rust that displays git status, language versions, and system information with minimal performance overhead.
StatefulSet: A Kubernetes object that manages stateful applications by maintaining stable, persistent identities and storage for each pod replica, unlike Deployments which treat pods as interchangeable.
static binary: An executable file that contains all its required library code compiled directly into the binary, rather than depending on external shared libraries at runtime.
static route: A network route that is manually configured and remains fixed in the routing table, directing packets to a specific destination network via a predetermined gateway or interface.
sticky bit: A special file permission bit that prevents users from deleting or renaming files they don't own, even if they have write permission to the directory. Commonly used on shared directories like /tmp to protect other users' files.
STONITH: STONITH (Shoot The Other Node In The Head) is a fencing mechanism in high-availability clusters that forcibly isolates or reboots a failed node to prevent data corruption and split-brain scenarios.
StorageClass: A Kubernetes resource that defines the provisioning and management parameters for persistent storage volumes, determining how storage is allocated and configured when pods request it.
strace: strace is a diagnostic tool that traces and displays all system calls and signals made by a process, showing what the kernel is doing on behalf of a running program.
structured log: A log format where entries are organized into named fields (like timestamp, severity, message) rather than unstructured plain text, making logs easier to parse, search, and analyze programmatically.
STUN server: A STUN server is a network service that helps devices behind NAT firewalls discover their public IP address and port number for peer-to-peer communication.
subshell: A subshell is a child shell process spawned by the current shell, which runs commands in an isolated environment and inherits variables from its parent but cannot modify the parent's state.
subvolume: A Btrfs filesystem subdivision that acts as an independent mountable filesystem with its own namespace, snapshots, and quotas, while sharing physical storage with its parent volume.
sudo: A command that allows a permitted user to execute a program with the security privileges of another user, typically the root user, by entering their own password.
sudoers: The sudoers file is a configuration file that controls which users can run commands with elevated privileges using the sudo command, and what commands they're allowed to execute.
summary: A brief overview or condensed representation of information, often used in Linux tools to display key statistics or totals rather than detailed output.
superuser: The superuser (root) is a special user account with unrestricted permissions to perform any operation on a Linux system, including modifying system files and managing other users.
supply chain attack: A security attack that targets a software vendor or dependency rather than the end user directly, compromising the integrity of legitimate software before it reaches users. Attackers inject malicious code into widely-used libraries, tools, or update mechanisms to affect thousands of downstream systems at once.
swap: Swap is disk space used as virtual memory, allowing the system to run more processes than physical RAM can hold by temporarily storing inactive memory pages to disk.
swap unit: A swap unit is a systemd service unit that manages swap space (virtual memory) on a Linux system, typically representing a swap partition or swap file that extends available memory.
swappiness: A kernel parameter that controls how aggressively the system swaps memory pages to disk. Higher values favor swapping; lower values favor keeping pages in RAM.
symbol table: A data structure that maps symbolic names (like function and variable names) to their corresponding memory addresses or values in compiled code. It's created during compilation and used by debuggers and other tools to understand program structure.
symbol versioning: A mechanism that allows multiple versions of the same symbol (function or variable) to coexist in a shared library, enabling backward compatibility when library APIs change.
symbolic link: A symbolic link is a special file that contains a path to another file or directory, acting as a shortcut or alias. When accessed, the system follows the link to the target file.
symlink: A symbolic link (symlink) is a special file that points to another file or directory by storing its path, allowing you to reference the target from a different location without duplicating it.
syscall: A syscall (system call) is a request from a user program to the Linux kernel to perform a privileged operation, such as reading a file, creating a process, or allocating memory.
syscall vDSO: The virtual Dynamic Shared Object (vDSO) is a kernel-provided virtual shared library that allows certain system calls to execute in user space without the overhead of a traditional context switch to kernel mode.
sysctl: A command-line tool that reads and modifies kernel parameters at runtime without requiring a reboot. Settings are stored in /proc/sys and can be persisted in /etc/sysctl.conf.
sysctl key: A sysctl key is a named parameter in the kernel's sysctl interface that controls runtime system behavior, such as network settings, memory management, and security policies. Modified using the sysctl command or by editing /etc/sysctl.conf.
sysctl.conf: A configuration file that sets kernel and system parameters at boot time. Changes made here persist across reboots, unlike temporary sysctl command adjustments.
sysfs: A virtual filesystem that exposes kernel objects and device information as files and directories in /sys, allowing userspace programs to view and modify hardware settings and kernel parameters.
sysprep: Sysprep is a Windows system preparation tool that removes system-specific configuration to create a generalized image for deployment; it is not a native Linux utility, though similar preparation tasks in Linux are handled by tools like cloud-init or manual image customization.
system call: A system call is a request from a user-space program to the Linux kernel to perform a privileged operation that the program cannot do directly, such as reading files, allocating memory, or creating processes.
systemd: systemd is a modern system and service manager for Linux that replaces traditional init systems, handling startup processes, service management, and system initialization.
systemd target: A systemd target is a logical grouping of units that defines a system state or boot goal, similar to SysV init runlevels. Targets are used to organize and synchronize the startup of related services and other units.
systemd timer: A systemd unit file that triggers actions at specified times or intervals, replacing traditional cron jobs with a modern, integrated scheduling system.
systemd unit: A systemd unit is a resource that systemd manages, defined in a configuration file and identified by a name and type suffix. Units describe services, devices, mount points, sockets, and other system resources.
systemd-boot: systemd-boot is a lightweight EFI bootloader that manages the boot process on UEFI-based systems, replacing the need for GRUB on many modern Linux installations.
systemd-homed: A systemd service that manages user home directories as encrypted, portable volumes that can be stored on local disks or network locations. It provides centralized user account and home directory management with optional full-disk encryption.
systemd-journald: systemd-journald is the system service that collects and stores log messages from the kernel, services, and applications in a centralized, indexed binary journal database.
SystemTap: SystemTap is a dynamic tracing framework that lets you inspect and monitor running Linux kernel and user-space processes without recompiling or restarting the system.
sysuser: A system user is a special-purpose account created automatically by the OS or packages to run services and daemons, rather than for interactive human login.

T

Tails: Tails is a security-focused Linux distribution designed to preserve user privacy and anonymity by routing all internet traffic through Tor and leaving no digital footprint on the host system.
taint: A kernel state that marks the Linux kernel as running under unsupported or unreliable conditions, such as when proprietary modules are loaded or hardware errors occur. Tainting helps developers identify whether problems are caused by non-standard modifications.
tarball: A tarball is a compressed archive file created by the tar command, typically with a .tar.gz or .tar.bz2 extension, used to bundle multiple files and directories into a single distributable package.
target unit: In systemd, a target unit is a special unit file that groups other units together and represents a system state or runlevel, such as multi-user.target or graphical.target.
tasklet: A tasklet is a lightweight kernel mechanism for deferring work from interrupt handlers to a later, safer time when the CPU can handle it with interrupts enabled. Tasklets run in softirq context and are faster and simpler than workqueues.
tc qdisc: A Linux command-line tool that manages Quality of Service (QoS) by configuring traffic control queuing disciplines to shape, prioritize, and rate-limit network traffic.
TCP: TCP (Transmission Control Protocol) is a reliable, connection-oriented network protocol that ensures data arrives in order and without errors. It is fundamental to internet communication and works alongside IP to form TCP/IP.
TCP cubic: TCP CUBIC is a modern TCP congestion control algorithm designed for high-speed, long-distance networks that adapts faster to bandwidth changes than traditional TCP Reno.
TCP Fast Open: TCP Fast Open (TFO) is a TCP extension that allows applications to transmit data during the initial connection handshake, reducing latency by eliminating one round-trip time compared to standard TCP.
TCP segment: A TCP segment is a unit of data transmitted over a TCP connection, consisting of a header containing control information and a payload containing application data.
TCP_FASTOPEN: TCP_FASTOPEN is a Linux kernel feature that allows applications to send data during the TCP connection handshake, reducing latency by eliminating one full round-trip time (RTT) from connection establishment.
TCP_NODELAY: A socket option that disables Nagle's algorithm, causing data to be sent immediately rather than waiting to combine small packets for efficiency.
tensor core: A specialized hardware processing unit in NVIDIA GPUs designed to accelerate matrix multiplication and deep learning operations. Tensor cores perform low-precision mathematical operations (like matrix-matrix multiplication) much faster than general-purpose GPU cores.
terminal: A text-based interface where users type commands to interact with the operating system. The terminal displays command output and receives keyboard input, serving as the primary way to communicate directly with the Linux shell.
thin pool: A logical volume pool that uses thin provisioning to allocate storage space on-demand rather than pre-allocating it, allowing multiple logical volumes to share physical space efficiently.
thin volume: A logical volume that doesn't pre-allocate all its storage space upfront, but allocates disk blocks dynamically as data is written to it. This allows multiple thin volumes to share a larger pool of physical storage, enabling over-provisioning.
thread: A lightweight execution unit within a process that shares the same memory space and resources as other threads in that process. Multiple threads can run concurrently, allowing parallel execution within a single program.
thread-local storage: Memory storage that is private to each thread within a process, allowing multiple threads to maintain independent copies of the same variable without interference.
three-way handshake: The three-step process by which TCP establishes a connection between a client and server: SYN, SYN-ACK, and ACK.
throughput: The amount of data successfully transmitted or processed per unit of time, typically measured in bits per second (bps) or bytes per second (B/s). It represents the actual useful work accomplished by a system or network connection.
tickless kernel: A kernel that doesn't rely on periodic timer interrupts (clock ticks) to manage scheduling and time-keeping. Instead, it uses event-driven timers that only fire when needed, reducing CPU wake-ups and power consumption.
time namespace: A Linux namespace that isolates the system time and clock settings for processes, allowing different groups of processes to perceive different times or have independent clock adjustments.
TIME_WAIT: TIME_WAIT is a TCP connection state that occurs after a socket closes, during which the system keeps the connection in memory to ensure delayed packets don't interfere with new connections using the same port.
timer unit: A systemd unit file that defines a scheduled task or timer, specifying when and how often a service or script should run, similar to cron jobs but with more flexibility and integration with the init system.
TLB miss: A TLB miss occurs when the CPU's Translation Lookaside Buffer doesn't contain a virtual-to-physical address translation, forcing a slower lookup in the page table. This is a performance penalty because the CPU must access main memory to find the correct mapping.
TLS: Transport Layer Security (TLS) is a cryptographic protocol that encrypts data transmitted over networks, ensuring secure communication between clients and servers. It's the modern successor to SSL and is widely used for HTTPS, email, and other sensitive data transfers.
TLS handshake: The TLS handshake is the initial exchange of messages between a client and server to establish an encrypted connection, authenticate the server (and optionally the client), and agree on encryption parameters.
TLS-RPT: TLS-RPT (SMTP TLS Reporting) is a protocol that enables mail servers to report on their TLS connection attempts and failures when sending email to other servers, helping administrators identify and troubleshoot encryption issues.
TLS-SNI: TLS Server Name Indication (SNI) is a TLS extension that allows a client to specify the hostname it wants to connect to during the SSL/TLS handshake, enabling a single server with one IP address to host multiple SSL certificates for different domains.
tmpfile.d: A systemd configuration directory that defines temporary files and directories to be created, deleted, or cleaned up automatically at boot and during regular maintenance.
tmpfiles.d: A systemd mechanism that automatically creates, deletes, and manages temporary files and directories at boot time and during system operation. Configuration files in /etc/tmpfiles.d/ define what temporary resources should exist.
tmpfs: tmpfs is a virtual filesystem that stores data in RAM (and swap if needed) rather than on disk, providing fast temporary storage that disappears when unmounted or the system reboots.
tmux: tmux is a terminal multiplexer that allows you to run multiple terminal sessions within a single window, switch between them, and detach/reattach sessions without losing their state.
token: A token is a unique string of characters that authenticates or authorizes a user or application to access a system or service without needing a password each time.
tokenizer: A software component that breaks input text into discrete units called tokens, typically used in parsing, lexical analysis, and command-line argument processing.
toleration: In Kubernetes, a toleration is a property of a pod that allows it to be scheduled on nodes with matching taints, which would normally repel pods.
TOTP: Time-based One-Time Password (TOTP) is a two-factor authentication method that generates a unique 6-digit code that changes every 30 seconds based on the current time and a shared secret key.
TPM: TPM (Trusted Platform Module) is a dedicated microchip on a computer's motherboard that provides cryptographic functions and secure storage for sensitive data like encryption keys and passwords.
TPM2: TPM2 (Trusted Platform Module 2.0) is a cryptographic coprocessor chip that securely stores encryption keys, passwords, and certificates to enable hardware-based security features like secure boot and full-disk encryption.
trace: A debugging technique that monitors system calls, function calls, or program execution to observe what a process is doing in real-time.
trace ID: A unique identifier assigned to a request or transaction as it flows through a system, allowing you to track and correlate related log entries and events across multiple services or processes.
tracepoint: A lightweight instrumentation point in the Linux kernel that allows dynamic tracing of kernel events without modifying code or recompiling, enabling real-time observation of system behavior.
tracing: Tracing is a debugging technique that records and monitors system calls, function calls, or kernel events in real-time to observe program behavior and performance. Tools like strace and ftrace capture detailed execution flows without requiring code modification.
training: Training in Linux typically refers to formal or informal education programs designed to teach users Linux skills, from basic command-line usage to advanced system administration and kernel development.
transparent huge page: A memory optimization feature that automatically uses large 2MB or 1GB memory pages instead of standard 4KB pages, reducing CPU overhead without requiring application changes.
TRIM: TRIM is a command that tells solid-state drives (SSDs) which data blocks are no longer in use, allowing the drive to reclaim and optimize storage space.
true colour terminal: A terminal emulator that supports displaying 24-bit color (16.7 million colors) instead of the legacy 256-color or 16-color palettes, enabling true RGB color reproduction.
trunk: In networking, a trunk is a link that carries traffic for multiple VLANs (Virtual LANs) between switches or network devices, as opposed to an access port that belongs to a single VLAN.
TTL: TTL (Time To Live) is a numeric value in network packets that decreases by one at each router hop; when it reaches zero, the packet is discarded to prevent infinite routing loops.
tty: A terminal interface that allows users to interact with the system through text input and output. Originally referred to physical typewriter-like devices, now commonly means virtual terminal emulators or terminal sessions.
TUI: A Text User Interface (TUI) is a graphical interface displayed in the terminal using text characters and keyboard navigation, offering a middle ground between command-line and GUI applications.
Tumbleweed: openSUSE Tumbleweed is a rolling-release Linux distribution that receives frequent updates with the latest software packages, contrasting with fixed-release distributions that require periodic upgrades.
TURN server: A TURN (Traversal Using Relays around NAT) server is a network relay that helps clients behind firewalls or NATs establish peer-to-peer connections by forwarding traffic when direct communication is blocked.
TXT record: A DNS record that holds arbitrary text information about a domain, commonly used for email authentication, domain verification, and service discovery.

U

U2F: U2F (Universal 2nd Factor) is an open authentication standard that uses hardware security keys as a second factor for user verification, requiring both something you know (password) and something you have (physical key).
Ubuntu LTS: Ubuntu LTS (Long Term Support) is a Ubuntu release that receives security and maintenance updates for 5 years on desktop and 10 years on servers, released every two years.
udev: A dynamic device manager for Linux that automatically detects hardware and creates device files in /dev, replacing the older static devfs system.
UDP: UDP (User Datagram Protocol) is a lightweight, connectionless network protocol that sends data packets without establishing a connection or guaranteeing delivery. It prioritizes speed over reliability.
UEFI: UEFI (Unified Extensible Firmware Interface) is a modern firmware standard that initializes hardware and boots the operating system, replacing the older BIOS. It supports larger disks, secure boot, and faster startup times.
UID: UID (User ID) is a unique numerical identifier assigned to each user account on a Linux system. It is used internally by the kernel and filesystem to determine ownership and access permissions.
ulimit: A shell built-in command that sets or displays resource limits for processes, controlling maximum CPU time, memory usage, file size, and other system resources.
umask: A shell setting that specifies which permission bits to remove when creating new files and directories, acting as a default restriction on file permissions.
unicast: A network transmission sent from one source address to a single destination address. The opposite of broadcast or multicast.
Unicode: Unicode is an international standard for encoding and representing text characters from all world languages and symbols. It assigns a unique number (codepoint) to each character, enabling consistent text handling across different systems and languages.
unified hierarchy: A cgroup v2 feature where all cgroups are organized in a single unified tree structure, eliminating the need for separate hierarchies per resource type. This simplifies resource management by enforcing that all processes follow one consistent cgroup organization.
union filesystem: A filesystem that layers multiple directories or filesystems on top of each other, presenting them as a single unified filesystem where files from all layers are visible together.
Unix: Unix is a modular, multi-user operating system created in the 1970s at Bell Labs that established fundamental design principles like 'everything is a file' and 'do one thing well.' Linux is a Unix-like operating system that follows these principles.
unprivileged user: A user account on Linux that does not have superuser (root) privileges and cannot perform system-wide administrative tasks. Unprivileged users operate with restricted permissions for security and system stability.
uprobe: A dynamic tracing mechanism that allows you to insert instrumentation points into user-space applications at runtime without recompiling code, capturing function calls and variable values.
uptime: A command that displays how long a system has been running since the last reboot, along with current load averages and connected users.
USE method: A systematic performance troubleshooting methodology that prioritizes investigating resource utilization (CPU, memory, disk I/O, network) and saturation before diving into deeper analysis, developed by Brendan Gregg.
user namespace: A Linux kernel feature that allows processes to have their own isolated view of user and group IDs, enabling unprivileged users to run containers or services with root-like capabilities within their namespace.
user space: The memory and execution environment where user applications and non-privileged processes run, isolated from the kernel's restricted memory space.
USS: USS (Unique Socket Service) is not a standard Linux term. You may be thinking of systemd socket units (.socket files) that manage socket-based activation, or USS could refer to a specific application or proprietary service in your environment.
UTF-8: UTF-8 is a variable-width character encoding that represents Unicode characters using one to four bytes, allowing it to encode all world languages while remaining backward-compatible with ASCII.
UTS namespace: A Linux namespace that isolates hostname and NIS domain name, allowing containers and processes to have their own independent identity without affecting the host system.
UUID: A UUID (Universally Unique Identifier) is a 128-bit number used to uniquely identify resources in Linux systems, most commonly disk partitions and filesystems. It remains the same even if the device name changes.

V

validating webhook: A validating webhook is a mechanism that intercepts and validates API requests in Kubernetes before they are persisted, allowing you to enforce custom business logic or policy compliance at the API level.
vdev: A virtual device in ZFS—a logical representation of physical storage (disk, partition, or file) that ZFS uses to manage data redundancy and allocation.
vector database: A specialized database that stores and indexes high-dimensional numerical vectors (embeddings) to enable fast similarity searches, commonly used with machine learning models and large language applications.
vfat: VFAT is a file system that extends FAT32 to support long filenames and is commonly used on USB drives, SD cards, and other removable media for cross-platform compatibility.
VG (volume group): A volume group (VG) is a logical container in LVM that combines one or more physical volumes into a single unit from which logical volumes can be carved out.
virtual filesystem: An abstraction layer that provides a unified interface to different filesystem types, allowing the kernel to treat all filesystems (local disks, network drives, RAM-based systems) uniformly regardless of their underlying implementation.
virtual memory: A memory management technique that uses disk storage to extend the apparent amount of RAM available to processes, allowing programs to use more memory than physically exists.
VLAN: A Virtual Local Area Network (VLAN) is a logical network segment that groups devices on a physical network, allowing them to communicate as if they were on the same network even if physically separated or connected through different switches.
vmlinux: vmlinux is the uncompressed Linux kernel executable image that contains the compiled kernel code and is used as the source for creating bootable kernel images.
vmstat: A command-line tool that displays virtual memory statistics and system performance metrics including CPU, memory, disk I/O, and process activity.
voluntary context switch: A context switch that occurs when a running process explicitly yields the CPU to the scheduler, allowing other processes to run. Unlike involuntary switches triggered by interrupts or time-slice expiration, the process chooses to relinquish control.
VPA: VPA stands for Vertical Pod Autoscaler, a Kubernetes tool that automatically adjusts CPU and memory resource requests and limits for containers based on actual usage patterns.
VPN: A Virtual Private Network (VPN) is a secure encrypted tunnel that routes your internet traffic through a remote server, masking your IP address and encrypting data between your computer and the VPN server.
VRF: Virtual Routing and Forwarding (VRF) is a Linux kernel feature that allows multiple independent routing tables and network interfaces to coexist on a single system, enabling network isolation and multi-tenancy.
VRRP: VRRP (Virtual Router Redundancy Protocol) is a networking protocol that allows multiple physical routers to share a single virtual IP address, ensuring automatic failover if the active router fails.
VSZ: VSZ (Virtual Memory Size) is the total amount of virtual memory allocated to a process, including all memory regions whether currently in physical RAM or swapped to disk.
vulnerability scan: An automated or manual process that examines a system for known security weaknesses, misconfigurations, or outdated software that could be exploited by attackers.
VXLAN: VXLAN (Virtual Extensible LAN) is a network virtualization technology that encapsulates Layer 2 Ethernet frames within Layer 4 UDP packets, allowing virtual networks to span across physical networks and data centers.

W

wait queue: A kernel data structure that holds processes blocked waiting for a specific event or resource to become available, allowing the kernel to efficiently wake them when the event occurs.
Wayland: Wayland is a modern display server protocol and compositor that replaces X11, designed to be simpler, more secure, and better suited to contemporary graphics hardware and input handling.
wear levelling: Wear leveling is a technique that distributes write operations evenly across all memory cells in solid-state storage (SSD/flash) to prevent premature failure from overuse of specific locations.
WebAuthn: WebAuthn is a web standard for passwordless authentication that uses public-key cryptography, allowing users to log in with biometrics or security keys instead of passwords.
WebSocket: A communication protocol that enables two-way, persistent connections between a client and server over a single TCP connection, allowing real-time data exchange with lower overhead than repeated HTTP requests.
wheel group: The wheel group is a special user group that grants members the ability to execute commands with elevated privileges using sudo, without requiring a password prompt in many Linux distributions.
wildcard: A special character or pattern used in the shell to match multiple filenames or strings without typing each one explicitly. Common wildcards include * (any characters), ? (single character), and [ ] (character class).
window manager: A window manager is software that controls the placement, sizing, and appearance of windows on a graphical display. It manages how application windows interact and are rendered on your screen.
WireGuard: WireGuard is a modern, lightweight VPN protocol and implementation that provides secure point-to-point connections using public-key cryptography and runs as a kernel module on Linux.
WireGuard peer: A WireGuard peer is a participant in a WireGuard VPN connection, identified by a public key and associated with an IP address on the VPN network.
work queue: A kernel mechanism that defers work (like interrupt handlers) to be executed later in a less-critical context, improving system responsiveness and allowing blocking operations that aren't safe in interrupt handlers.
working set: The set of memory pages that a process actively uses within a given time window. The kernel tracks this to optimize page replacement and predict memory demand.
workqueue: A kernel mechanism for deferring work to be executed asynchronously by background kernel threads, allowing interrupt handlers and other kernel code to return quickly without blocking.
write amplification: Write amplification occurs when a single logical write operation to storage results in multiple physical writes to the underlying hardware, reducing effective write performance and lifespan of flash-based storage devices.
write barrier: A mechanism that ensures disk writes are physically committed in the correct order, preventing data corruption if the system crashes or loses power during I/O operations.
WWN: WWN (World Wide Name) is a unique 64-bit or 128-bit identifier assigned to Fibre Channel and some other storage devices to enable persistent identification across reboots and configuration changes.

X

X11: X11 is a network-based graphical display system that manages windows, input devices, and graphics rendering on Unix and Linux systems. It follows a client-server architecture where applications (clients) send drawing requests to a display server.
X25519: X25519 is an elliptic curve Diffie-Hellman key exchange algorithm that uses the Curve25519 elliptic curve. It enables two parties to establish a shared secret over an insecure channel for encrypting communications.
XDG Base Directory: A freedesktop.org specification that defines standard locations for user configuration, cache, and data files in Linux, reducing clutter in the home directory by organizing application files into dedicated subdirectories.
XDG_CACHE_HOME: An environment variable that specifies the directory where applications should store non-essential cached data that can be safely deleted without breaking functionality.
XDG_CONFIG_HOME: An environment variable that specifies the base directory where user application configuration files should be stored, defaulting to ~/.config if unset.
XDG_DATA_HOME: An environment variable that specifies the base directory where applications store user-specific data files, defaulting to ~/.local/share if unset.
XDP: XDP (eXpress Data Path) is a Linux kernel technology that allows programs to process network packets at the earliest possible point in the network stack, before they reach the traditional networking subsystem.
XFS: XFS is a high-performance, 64-bit journaling filesystem originally developed by SGI, now widely used in Linux for large-scale storage and parallel I/O workloads.

Y

YubiKey: A hardware security key that generates time-based or challenge-response authentication codes, used to secure Linux system access and online accounts against unauthorized login.

Z

zero trust: A security model that assumes no user, device, or network connection is inherently trustworthy and requires continuous verification for every access request, regardless of location or previous authentication.
zfs driver: A kernel module that implements ZFS (Zettabyte File System) functionality in Linux, enabling advanced storage management features like snapshots, cloning, and data integrity checking.
ZIL: ZIL stands for ZFS Intent Log, a write-ahead log in ZFS that records pending changes to ensure data durability and consistency even if the system crashes before data is committed to the main storage pool.
zombie process: A zombie process is a child process that has terminated but whose exit status has not yet been read by its parent process, leaving an entry in the process table.
Zorin OS: Zorin OS is a Linux distribution based on Ubuntu designed to provide a user-friendly desktop experience with a Windows-like interface, making it accessible for users transitioning from Windows to Linux.
zram: zram is a Linux kernel module that creates compressed RAM-based block devices, allowing the system to store data in compressed form in memory to reduce physical RAM usage.
zsh: Zsh is an advanced interactive shell and command language for Linux and Unix systems that extends bash with powerful features like improved tab completion, spelling correction, and advanced pattern matching.
zswap: zswap is a Linux kernel feature that compresses pages before writing them to swap, reducing I/O and improving performance when physical memory is exhausted.