The Linux Junkies Glossary

407 terms — Linux jargon explained in plain English, cross-linked to the guides.

#A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

ABI: Application Binary Interface (ABI) is a set of rules and conventions that define how software components interact at the binary level, including function calling conventions, memory layout, and system calls.
absolute path: A file or directory path that starts with a forward slash (/) and specifies the complete location from the root of the filesystem, independent of the current working directory.
ACL: Access Control List (ACL) is a set of rules that defines which users or groups have permission to access a file or directory and what operations they can perform.
address space: The range of memory addresses available to a process, including code, data, heap, and stack segments. Each process has its own isolated address space, typically managed by virtual memory.
admission controller: A Kubernetes component that intercepts and validates API requests before they're persisted to the cluster, allowing or rejecting them based on configured policies.
AIDE: AIDE (Advanced Intrusion Detection Environment) is a file integrity monitoring tool that detects unauthorized changes to system files by comparing their current state against a stored database of known-good checksums and attributes.
alias: A user-defined shortcut that maps a custom name to a command or series of commands. Aliases let you create abbreviated or alternative names for frequently used commands.
Alpine Linux: Alpine Linux is a lightweight, security-focused Linux distribution based on musl and BusyBox, designed for minimal resource usage and often used in containerized environments.
ANSI color: A standard system for adding colored and styled text to terminal output using special escape sequences. ANSI colors enable Linux applications to display text in different colors and text styles like bold or underline.
ANSI escape code: A special sequence of characters that controls text formatting, color, and cursor movement in terminal output. ANSI escape codes begin with the ESC character (ASCII 27) followed by brackets and parameters.
AppArmor: AppArmor is a Linux security module that restricts programs' capabilities by enforcing mandatory access control (MAC) policies on a per-application basis.
APT: APT (Advanced Package Tool) is the package manager for Debian and Ubuntu systems that downloads, installs, updates, and removes software packages from configured repositories.
ARP: Address Resolution Protocol (ARP) is a network protocol that maps IP addresses to physical MAC addresses on a local network, allowing devices to find each other's hardware addresses.
ARP cache: A table that maps IP addresses to MAC addresses on a local network, cached by the operating system to speed up network communication.
ARPANET: ARPANET was the earliest wide-area computer network, created by the U.S. Department of Defense's Advanced Research Projects Agency (ARPA) in 1969. It is the direct predecessor to the modern Internet.
atomic operation: An operation that completes entirely without interruption, appearing to happen as a single indivisible unit from the perspective of other processes or threads.
AUR: The Arch User Repository (AUR) is a community-driven collection of build recipes for software packages not in Arch Linux's official repositories, allowing users to compile and install software from source.
awk: awk is a text processing language and utility that scans files line-by-line, splits each line into fields, and performs pattern matching and transformations on the data.

B

background process: A process that runs independently without occupying the terminal, allowing you to continue entering commands. Background processes execute asynchronously while you use the shell for other tasks.
bash: Bash is the Bourne Again Shell, a command-line interpreter that reads and executes user commands and shell scripts on Linux and Unix systems. It's the default login shell on most Linux distributions.
BBR: BBR (Bottleneck Bandwidth and Round-trip time) is a modern TCP congestion control algorithm that optimizes network throughput by measuring available bandwidth and latency instead of relying on packet loss.
BGP: BGP (Border Gateway Protocol) is the routing protocol used to exchange network reachability information between autonomous systems on the internet.
big endian: A byte order where the most significant byte (largest value) is stored first in memory. The opposite of little endian, commonly used in network protocols and some CPU architectures.
binary: An executable file containing compiled machine code that the CPU can directly run, as opposed to human-readable source code or scripts.
bind mount: A bind mount is a Linux filesystem operation that attaches an existing file or directory to another location in the filesystem hierarchy, making the same content accessible from multiple paths.
block device: A hardware device that stores data in fixed-size blocks and allows random read/write access, such as hard drives, SSDs, and USB drives. Block devices are accessed through special device files in /dev.
boot loader: A program that runs before the operating system kernel, responsible for loading the Linux kernel into memory and passing control to it during system startup.
Bourne shell: The Bourne shell (sh) is the original Unix shell created by Stephen Bourne in 1979, serving as the standard command interpreter and scripting language for Unix and Unix-like systems including Linux.
BPF: Berkeley Packet Filter (BPF) is a kernel technology that allows safe, in-kernel execution of sandboxed programs for monitoring, filtering, and analyzing system events without requiring kernel module compilation.
btrfs: Btrfs (B-tree filesystem) is a modern Linux filesystem that provides advanced features like snapshots, subvolumes, and built-in RAID support, designed to replace ext4 with better scalability and reliability.
buffer: A temporary storage area in memory that holds data being transferred between processes, devices, or programs. Buffers allow data to be read in chunks rather than byte-by-byte, improving performance.
busy wait: A CPU-intensive waiting technique where a process repeatedly checks a condition in a tight loop instead of blocking or sleeping, consuming CPU cycles unnecessarily.
BusyBox: A lightweight software suite that combines many standard Unix utilities into a single small executable, commonly used in embedded Linux systems and containers where space is limited.
bytecode: Intermediate machine-independent code produced by compilers that must be interpreted or further compiled before execution. It serves as a bridge between human-readable source code and native machine instructions.

C

cache: A high-speed storage layer that temporarily holds frequently accessed data to reduce retrieval time from slower storage or computation sources.
cache hit: A cache hit occurs when requested data is found in a cache, avoiding a slower access to main memory or disk. It's the opposite of a cache miss.
capabilities: Linux capabilities are granular permissions that allow processes to perform specific privileged operations without needing full root access. They divide root's power into distinct abilities that can be independently granted or revoked.
capability: A fine-grained permission that grants a process a specific privileged action, allowing non-root users to perform tasks that normally require root access without full superuser rights.
cgroup: A Linux kernel feature that limits, prioritizes, and isolates resource usage (CPU, memory, I/O) for groups of processes. cgroups allow fine-grained control over system resources at the process-group level.
cgroup namespace: A Linux namespace that isolates a process's view of cgroups, allowing it to see only the cgroups within its own namespace hierarchy rather than the system-wide cgroup tree.
cgroup v2: cgroup v2 is the second major version of Linux control groups, a unified kernel interface for limiting and monitoring resource usage (CPU, memory, I/O, network) for process groups and containers.
character device: A device file that represents a hardware device allowing character-by-character (byte-stream) I/O, such as terminals, serial ports, or USB devices. Data is read and written sequentially without buffering.
checksum: A checksum is a small value calculated from data that allows verification the data hasn't been corrupted or altered. It's computed using a mathematical algorithm and compared against the original to detect changes.
chroot: A system call and command that changes the root directory (/) for a process and its children to a new location, isolating them in a restricted filesystem subtree.
ClamAV: ClamAV is a free, open-source antivirus engine designed to detect trojans, viruses, malware, and other malicious threats on Linux and other Unix-like systems.
CLI: A Command Line Interface (CLI) is a text-based user interface where you interact with a computer by typing commands instead of clicking a graphical interface.
CNAME record: A CNAME (Canonical Name) record is a DNS record type that maps an alias domain name to another domain name (the canonical name), allowing multiple domain names to resolve to the same IP address.
command substitution: Command substitution is a shell feature that executes a command and replaces it with its output, allowing you to use a command's result as input to another command or variable assignment.
compiler: A program that translates human-readable source code (usually in languages like C, C++, or Rust) into machine-executable binary code or intermediate code that the computer can run.
ConfigMap: A Kubernetes object that stores non-sensitive configuration data as key-value pairs, allowing you to decouple configuration from container images.
conntrack: A kernel subsystem that tracks the state of network connections, maintaining a table of active TCP, UDP, and other protocol connections to enable stateful packet filtering.
container: A lightweight, isolated runtime environment that bundles an application with its dependencies, libraries, and configuration into a single package that runs consistently across different systems.
container registry: A centralized repository service that stores and distributes container images, allowing users to push, pull, and manage containerized applications.
context switch: The process by which a CPU switches from executing one process to another, saving the current process's state and restoring the next process's state.
control group: A kernel feature that limits and monitors resource usage (CPU, memory, I/O) for a group of processes. Control groups organize processes hierarchically and enforce resource quotas at the OS level.
copy-on-write: A memory optimization technique where multiple processes share the same physical memory pages until one attempts to modify the data, at which point a private copy is created for that process.
core dump: A core dump is a file containing the memory contents and state of a process at the moment it crashed, used for debugging to understand what caused the failure.
CRD: CRD (Custom Resource Definition) is a Kubernetes extension mechanism that allows users to define custom objects and APIs beyond the built-in resource types, enabling declarative management of application-specific resources.
cron: A system daemon that automatically executes scheduled tasks (called cron jobs) at specified times or intervals. It runs continuously in the background and uses configuration files called crontabs to determine what commands to execute and when.
cron job: A scheduled task that runs automatically at specified intervals on a Linux system, managed by the cron daemon. Users define recurring jobs in a configuration file called a crontab.
CUBIC: CUBIC is a TCP congestion control algorithm designed for high-speed networks that adjusts transmission rates based on packet loss to maximize throughput while maintaining fairness.
CUPS: CUPS (Common Unix Printing System) is the standard printing service on Linux and macOS that manages print queues, drivers, and communication between applications and printers.
current working directory: The directory in which the shell is currently operating, displayed by pwd and changed using cd. It determines where relative paths begin and where new files are created by default.

D

daemon: A daemon is a background process that runs continuously without direct user interaction, typically started at boot time and managed by the system.
DaemonSet: A Kubernetes resource that ensures a pod runs on every (or selected) node in a cluster, automatically spawning new instances when nodes are added.
DARPA: DARPA is the U.S. Defense Advanced Research Projects Agency, a federal organization that funds high-risk, high-reward research. It played a foundational role in creating the technologies underlying the Internet and modern computing.
dbus: D-Bus is a message bus system that enables inter-process communication (IPC) between applications on a Linux system, allowing them to discover and invoke each other's services.
deadlock: A situation where two or more processes are blocked indefinitely, each waiting for a resource held by another, preventing any of them from proceeding.
Debian: Debian is a free, community-driven Linux distribution known for stability, package management via apt, and serving as the base for many other distributions like Ubuntu.
dependency: A software library, package, or component that another program requires to function properly. Dependencies must be installed and available on the system before or alongside the program that needs them.
Deployment: Deployment is the process of moving software from a development environment to production, making it available for end users. It includes installation, configuration, and activation of applications on target systems.
desktop environment: A desktop environment is a graphical user interface (GUI) layer that provides a complete visual and interactive experience for Linux, including a window manager, file manager, panels, menus, and themed widgets.
device file: A special file that represents a hardware device or pseudo-device, allowing programs to interact with hardware through standard file operations like read and write.
DHCP: Dynamic Host Configuration Protocol (DHCP) is a network protocol that automatically assigns IP addresses and other network configuration settings to devices on a network, eliminating the need for manual configuration.
directory: A container that holds files and other directories, organized in a hierarchical tree structure. Directories are special files that act as organizational units in the filesystem.
dirty page: A memory page that has been modified by a process but not yet written back to disk. The kernel tracks dirty pages and flushes them periodically or on demand.
distribution: A curated collection of the Linux kernel, GNU utilities, package manager, and pre-selected software packaged together for easy installation and use. Different distributions target different needs and philosophies.
DKMS: DKMS (Dynamic Kernel Module Support) is a framework that automatically builds and installs kernel modules for new kernel versions, eliminating the need to manually recompile drivers after kernel updates.
DNS: DNS (Domain Name System) is a distributed network service that translates human-readable domain names into IP addresses, enabling computers to locate each other on the internet.
DNSSEC: DNSSEC is a security protocol that adds cryptographic signatures to DNS records, allowing clients to verify that DNS responses are authentic and haven't been tampered with.
DoH: DoH (DNS over HTTPS) is a protocol that encrypts DNS queries by sending them over HTTPS instead of plain-text UDP, preventing ISPs and network observers from seeing which domains you visit.
DoT: DNS over TLS (DoT) is a protocol that encrypts DNS queries and responses using TLS encryption, preventing eavesdropping on domain name lookups.
dotfile: A hidden configuration file in Linux whose filename begins with a dot (.), making it invisible to standard directory listings. Dotfiles store user preferences and settings for applications and shells.
dotfiles: Configuration files in a user's home directory that start with a dot (.), which are hidden by default in Linux file listings. They store personal settings for shells, editors, and applications.
DRM: Digital Rights Management (DRM) is a technology that restricts how users can copy, modify, or distribute digital content by enforcing access controls at the software or hardware level.
DTrace: DTrace is a dynamic tracing framework that allows real-time observation and analysis of kernel and application behavior without stopping or recompiling the system.
dual boot: A computer configuration where two different operating systems are installed on separate partitions of the same disk, allowing the user to choose which one to boot at startup.

E

eager evaluation: Eager evaluation is the immediate computation of expressions when encountered, rather than waiting until their results are actually needed. It's the default behavior in most Linux shells and programming languages.
eBPF: eBPF (extended Berkeley Packet Filter) is a lightweight virtual machine embedded in the Linux kernel that allows unprivileged user-space programs to run sandboxed code safely in kernel space.
EFI: EFI (Extensible Firmware Interface) is a modern firmware standard that replaces the legacy BIOS, providing a standardized interface between the operating system and hardware during boot.
elementary OS: Elementary OS is a free, open-source Linux distribution based on Ubuntu that emphasizes a clean, intuitive user interface and thoughtful design principles.
ELF: ELF (Executable and Linkable Format) is the standard binary file format used by Linux and Unix systems for executables, object files, and shared libraries.
EndeavourOS: EndeavourOS is a rolling-release Linux distribution based on Arch Linux that provides an accessible entry point to Arch while maintaining its minimalist philosophy and cutting-edge software.
environment: A set of variables and their values that a process inherits and uses to modify its behavior, including PATH, HOME, and USER.
environment variable: A named value that the shell and programs use to configure behavior and pass information. Environment variables are inherited by child processes and persist for the duration of a session.
epoch: The epoch is the reference point (January 1, 1970, 00:00:00 UTC) from which Unix timestamps measure elapsed seconds. All time on Unix-like systems is calculated as the number of seconds since this moment.
escape sequence: A special sequence of characters (usually starting with a backslash or escape character) that represents a non-printing or special character, or signals a command to interpret text in a specific way.
exFAT: exFAT (Extended File Allocation Table) is a modern, lightweight file system designed for removable storage devices like USB drives and SD cards, offering compatibility across Linux, Windows, and macOS.
exit status: A numeric code returned by a command or process to indicate whether it succeeded or failed, with 0 meaning success and non-zero values indicating specific errors.
ext2: ext2 is a classic Linux filesystem that stores files in a hierarchical structure using inodes and data blocks. It was the standard filesystem for Linux systems throughout the 1990s before being superseded by ext3 and ext4.
ext3: ext3 is a journaling filesystem for Linux that extends ext2 with a journal to prevent data corruption after unclean shutdowns or crashes.
ext4: ext4 is a modern journaling filesystem for Linux that improves upon ext3 with better performance, larger file support, and increased reliability through extent-based allocation.

F

F2FS: F2FS (Flash-Friendly File System) is a Linux file system optimized for NAND flash storage devices like SSDs and USB drives, designed to reduce write amplification and extend device lifespan.
fd-find: fd-find is a modern, user-friendly alternative to the find command that searches for files and directories using a simpler syntax and faster performance.
FHS: The Filesystem Hierarchy Standard (FHS) is a specification that defines the directory structure and organization of files in Linux and Unix systems, ensuring consistency across distributions.
file descriptor: A non-negative integer that represents an open file or I/O resource in a process. It acts as a reference handle that the kernel uses to track and manage access to files, sockets, pipes, and devices.
filesystem: A filesystem is the method and data structure that an operating system uses to organize, store, and retrieve files on storage devices. It defines how data is named, accessed, and managed on disk or other media.
firewall: A firewall is a system or software tool that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.
firmware: Low-level software that runs on hardware devices before the operating system loads, controlling the device's basic functions and hardware initialization.
fish shell: Fish (Friendly Interactive Shell) is a modern command-line shell for Linux and Unix systems designed to be user-friendly with smart autocompletion, syntax highlighting, and helpful defaults out of the box.
flame graph: A visualization technique that displays CPU time spent in functions as a stacked area chart, where the width of each block represents the amount of time spent in that function and its callees.
Flatpak: Flatpak is a containerized application packaging format for Linux that bundles an app with its dependencies, allowing it to run consistently across different Linux distributions without requiring system-wide installations.
fork: A system call that creates a new process by duplicating the current process. The child process is an identical copy of the parent, but runs independently with its own process ID.
free software: Software that users can freely run, study, modify, and distribute, typically governed by licenses like the GPL that guarantee these freedoms.
fstab: The /etc/fstab file is a configuration file that defines how disk partitions, block devices, and remote filesystems are mounted automatically when Linux boots.
fsync: A system call that forces the kernel to write all pending file data and metadata to disk immediately, ensuring data persistence even if the system crashes.
ftrace: ftrace is a kernel tracer that dynamically instruments Linux kernel functions to capture real-time execution traces for performance analysis and debugging without recompiling the kernel.
FUSE: FUSE (Filesystem in Userspace) is a mechanism that allows non-root users to create and manage custom filesystems without modifying kernel code.
futex: A futex (fast userspace mutex) is a kernel-assisted synchronization primitive that allows processes or threads to efficiently coordinate access to shared resources with minimal system calls.
fzf finder: fzf is a fast, interactive command-line fuzzy finder that searches through lists of items (files, command history, processes) and lets you select matches using keyboard navigation and pattern matching.

G

GCC: GNU Compiler Collection, a free, widely-used compiler system that translates source code (C, C++, Fortran, and others) into executable machine code for Linux and other platforms.
Gentoo: Gentoo is a lightweight, source-based Linux distribution designed for advanced users who want maximum control and optimization. It compiles all software from source code rather than using pre-built binaries.
GFS2: GFS2 (Global File System 2) is a shared-disk cluster file system that allows multiple nodes to access and modify the same file system simultaneously over a network, with built-in locking and consistency mechanisms.
GID: GID (Group ID) is a numeric identifier that uniquely represents a user group in Linux. Every group on a system has a unique GID, used for access control and permission management.
glibc: glibc (GNU C Library) is the standard C library for Linux systems, providing essential functions for program execution including memory management, input/output, string handling, and system calls.
globbing: Globbing is filename pattern matching that expands wildcard characters like * and ? into matching filenames directly in the shell before executing a command.
GNOME: GNOME is a free, open-source desktop environment that provides a graphical user interface, windows manager, and applications for Linux systems. It emphasizes simplicity and accessibility.
GNU: GNU is a free software project and recursive acronym for 'GNU's Not Unix' that created Unix-like operating system tools and utilities. It forms the core userland of Linux systems.
GNU Stow: GNU Stow is a symlink farm manager that helps organize and deploy software packages into a central directory tree by creating symbolic links to files in separate package directories.
GPL: The GNU General Public License (GPL) is a free software license that guarantees users the freedom to use, modify, and distribute software, with the requirement that derivative works remain under the same license.
GPT: GPT is a partitioning scheme for hard drives and SSDs that uses a GUID Partition Table to organize disk space into partitions, supporting larger drives and more partitions than the older MBR standard.
Grafana: Grafana is an open-source visualization and monitoring platform that creates interactive dashboards to display time-series metrics and data from various sources like Prometheus, InfluxDB, and Elasticsearch.
GRE tunnel: A GRE (Generic Routing Encapsulation) tunnel is a networking protocol that encapsulates packets from one network inside another, creating a virtual point-to-point connection between remote networks or hosts.
group: A collection of user accounts that share common permissions and access rights to files and resources. Groups simplify management by allowing multiple users to be granted the same privileges at once.
GRUB: GRUB (GRand Unified Bootloader) is the boot loader that loads the Linux kernel into memory when your computer starts up, allowing you to select which operating system or kernel version to boot.
GUI: A graphical user interface (GUI) is a visual way to interact with a computer using windows, icons, menus, and a pointer instead of typing commands. Most Linux desktop environments like GNOME and KDE provide GUIs.

H

hard link: A hard link is a directory entry that points directly to the same inode as another file, making both names refer to identical file data on disk.
hardirq: A hardware interrupt (hardirq) is an asynchronous signal from a hardware device to the CPU that forces it to stop executing the current code and immediately handle the interrupt. Hardirqs are the fastest and most critical type of interrupt in the Linux kernel.
hash: A mathematical function that converts input data of any size into a fixed-length string of characters, used to verify data integrity and create secure checksums. In Linux, hashes are commonly used to verify file authenticity and store password hashes.
heredoc: A heredoc (here document) is a shell syntax that allows you to pass a multi-line string to a command without using quotes or escape characters. It begins with << followed by a delimiter and ends when that delimiter appears alone on a new line.
hostname: The unique name assigned to a computer on a network, used to identify the machine and enable communication with other systems.
hot swap: Hot swap is the ability to remove and replace hardware components while the system is running without shutting down or interrupting service.
HTTP/2: HTTP/2 is a binary protocol and major revision of the HTTP web protocol that improves performance through multiplexing, server push, and header compression.
HTTP/3: HTTP/3 is the third major version of the Hypertext Transfer Protocol that uses QUIC as its transport layer instead of TCP, enabling faster and more reliable web communication with improved connection establishment and multiplexing.
hypervisor: A hypervisor is software that creates and manages virtual machines, allowing multiple operating systems to run simultaneously on a single physical computer by abstracting hardware resources.

I

I/O: Input/Output (I/O) refers to the transfer of data between a computer and external devices, including reading from and writing to files, disks, networks, and peripherals.
ICMP echo: A network diagnostic message that tests connectivity by sending a request packet and waiting for an echo reply from a remote host, commonly used by the ping command.
image layer: A read-only snapshot of filesystem changes in a container or virtual machine, stacked to form a complete filesystem. Layers are combined using a union filesystem to create the final runtime environment.
image manifest: A metadata file that describes the contents, layers, and configuration of a container image, typically in JSON format. It ensures image integrity and enables proper distribution and deployment across systems.
Ingress: Network traffic flowing into a system or interface from external sources. The opposite of egress, which is traffic leaving the system.
init: The first process (PID 1) that the Linux kernel starts after booting, responsible for launching all other processes and managing the system's startup sequence and shutdown.
init container: A specialized container in a Kubernetes pod that runs to completion before application containers start, used to perform initialization tasks like downloading files or configuring the environment.
init system: The first user-space process (PID 1) that the kernel starts, responsible for launching and managing all other processes on the system.
initramfs: A compressed archive containing a minimal root filesystem and kernel modules loaded into RAM during boot, before the real root filesystem is mounted. It enables the kernel to access storage devices and prepare the system for startup.
inode: An inode is a data structure that stores metadata about a file or directory on the filesystem, such as permissions, ownership, timestamps, and pointers to the actual file data—but not the filename itself.
IP address: A unique numerical label assigned to each device on a network that identifies it and enables communication with other devices using the Internet Protocol.
IP header: The IP header is the metadata section at the beginning of an IP packet that contains addressing and routing information, including source IP, destination IP, TTL, and protocol type.
IPC: Inter-Process Communication (IPC) is a set of mechanisms that allow processes running on a system to exchange data and synchronize their actions. Common IPC methods include pipes, sockets, message queues, and shared memory.
IPC namespace: An IPC namespace isolates inter-process communication resources (message queues, semaphores, shared memory) so that processes in different namespaces cannot access each other's IPC objects.
IPsec: IPsec is a suite of protocols that encrypts and authenticates IP packets, providing secure communication at the network layer for end-to-end protection of data traveling across IP networks.
iptables: A command-line utility for configuring Linux kernel firewall rules that filter and route network packets based on protocols, ports, IP addresses, and other criteria.

J

jailbreak: A technique to escape or bypass security restrictions imposed by a container, virtual machine, or sandboxed environment to gain unauthorized access to the host system.
journal: A log of filesystem changes written sequentially before they are committed to disk, allowing recovery from crashes without data corruption. The most common implementation is ext4's journaling feature.
journald: journald is the systemd journal daemon that collects and manages system logs from kernel, services, and applications in a structured binary format.
journaling filesystem: A filesystem that maintains a journal (log) of changes before committing them to disk, allowing rapid recovery from unexpected shutdowns or crashes without lengthy disk checks.
jumbo frame: A network frame larger than the standard 1500-byte Ethernet maximum transmission unit (MTU), typically 9000 bytes, used to improve throughput on high-speed local networks.

K

Kali Linux: Kali Linux is a Debian-based Linux distribution designed specifically for penetration testing, ethical hacking, and cybersecurity research, pre-loaded with hundreds of security tools.
kallsyms: A kernel subsystem that maintains a symbol table mapping kernel memory addresses to function and variable names, used for debugging and generating readable stack traces.
KASAN: KASAN (Kernel Address Sanitizer) is a dynamic memory error detector built into the Linux kernel that finds use-after-free, out-of-bounds access, and other memory safety bugs in kernel code.
kernel: The core component of Linux that manages hardware resources, schedules processes, and handles system calls from user applications.
kernel lockdown: A Linux kernel security feature that restricts privileged operations and access to kernel internals, even when running as root, to prevent malicious code from modifying the running kernel.
kernel module: A piece of code that can be loaded into or removed from the Linux kernel at runtime without requiring a reboot. Kernel modules extend kernel functionality for hardware drivers, filesystems, and other features.
kernel panic: A kernel panic is a critical error in the Linux kernel that causes the system to halt and display an error message, unable to recover automatically. It typically indicates a serious hardware failure, memory corruption, or fatal software bug.
kernel space: The protected memory region where the Linux kernel executes with unrestricted hardware access, separate from user space where applications run with limited privileges.
kexec: A Linux kernel mechanism that allows a running kernel to directly boot into another kernel without going through the BIOS/firmware, skipping the full hardware initialization process.
kill signal: A signal sent to a process to request or force its termination. The most common is SIGKILL (signal 9), which forcefully stops a process, while SIGTERM (signal 15) allows graceful shutdown.
kprobe: A dynamic kernel debugging mechanism that allows you to insert instrumentation points into running kernel code without recompiling or reloading modules. Kprobes capture function arguments, return values, and execution flow for performance analysis and troubleshooting.
kthread: A kernel thread is a lightweight execution context that runs entirely in kernel space, used by the kernel to perform background tasks without requiring a user-space process.
KVM: KVM (Kernel-based Virtual Machine) is a Linux kernel module that enables hardware virtualization, allowing a single physical machine to run multiple isolated virtual machines efficiently.

L

lazy evaluation: A computation strategy where values are calculated only when actually needed, rather than in advance. Common in functional programming and shell scripting to improve performance and handle infinite sequences.
LDAP: LDAP (Lightweight Directory Access Protocol) is a protocol for querying and modifying centralized directory services, commonly used for user authentication and organizational information lookups in enterprise Linux environments.
library: A reusable collection of precompiled functions and code that programs link against to perform common tasks, avoiding code duplication across applications.
link: A reference to a file or directory that allows access to it from another location in the filesystem. Links can be either hard links (direct references to the same inode) or symbolic links (shortcuts containing a path).
Linux: Linux is a free and open-source operating system kernel created by Linus Torvalds in 1991 that manages hardware resources and enables software to run on computers. It forms the core of Linux distributions like Ubuntu, Fedora, and Debian.
load average: Load average is a measure of how many processes are waiting to run on the CPU, averaged over specific time periods (1, 5, and 15 minutes). It indicates system busyness and potential CPU contention.
loadable module: A piece of kernel code that can be dynamically loaded into or unloaded from a running Linux kernel without recompiling or rebooting the system.
localhost: A hostname that refers to the local computer itself, typically mapped to the IP address 127.0.0.1 (IPv4) or ::1 (IPv6). It allows a system to communicate with services running on the same machine.
lockless: A programming technique where multiple processes or threads access shared data without using locks or mutual exclusion mechanisms, relying instead on atomic operations or careful data structure design to prevent conflicts.
log aggregation: Log aggregation is the process of collecting log files from multiple sources (servers, applications, containers) into a centralized location for analysis, monitoring, and troubleshooting.
log rotation: Log rotation is the automatic or manual process of archiving old log files and starting fresh ones to prevent logs from consuming excessive disk space. Rotated logs are typically compressed and kept for a set period before deletion.
logind: A systemd service that manages user login sessions, device access, and power state transitions on Linux systems.
loopback: A virtual network interface that allows a computer to communicate with itself, typically assigned the IP address 127.0.0.1 on IPv4. It's used for testing network software without requiring physical network hardware.
LTS: LTS stands for Long Term Support, a software release that receives maintenance and security updates for an extended period, typically 5-10 years.
LVM: Logical Volume Manager (LVM) is a storage abstraction layer that allows you to create flexible virtual disk partitions called logical volumes from physical storage devices, enabling dynamic resizing and management without rebooting.
Lynis: Lynis is an open-source security auditing tool that scans Linux and Unix systems to identify vulnerabilities, misconfigurations, and security gaps, providing detailed reports and recommendations for hardening.

M

MAC address: A MAC address (Media Access Control address) is a unique 48-bit identifier assigned to a network interface card (NIC) that identifies devices on a local network. It is used for communication within the same physical network segment.
magic SysRq: A kernel feature that allows direct communication with the Linux kernel via keyboard shortcuts, even when the system is unresponsive, enabling emergency debugging and system recovery.
mainline kernel: The mainline kernel is the official Linux kernel source code maintained by Linus Torvalds and the core kernel developers, representing the primary development line from which all stable and long-term support releases are derived.
man page: A manual page is built-in documentation for Linux commands, libraries, and system calls, accessible via the 'man' command. It provides syntax, options, examples, and usage information.
Manjaro: Manjaro is a user-friendly Linux distribution based on Arch Linux that provides an accessible entry point to Arch's rolling-release model with pre-configured defaults and graphical installers.
MBR: The Master Boot Record is the first 512 bytes of a hard disk that contains the bootloader code and partition table, allowing the system to boot and identify disk partitions.
mDNS: mDNS (Multicast DNS) is a protocol that allows computers on a local network to discover and communicate with each other by hostname without needing a central DNS server.
measured boot: A security process that records cryptographic measurements of firmware, bootloader, and kernel components in a Trusted Platform Module (TPM) before they execute, allowing verification that a system hasn't been tampered with during startup.
memoization: A programming optimization technique that caches the results of expensive function calls and returns the cached result when the same inputs occur again, avoiding redundant computation.
memory barrier: A CPU instruction that enforces ordering of memory operations, preventing the processor from reordering reads and writes across the barrier point. Essential for correct synchronization in multi-threaded and multi-processor systems.
metapackage: A metapackage is a lightweight package that contains no files of its own but instead depends on other packages, used to simplify installation of related software groups.
metric: A quantifiable measurement or value used to evaluate system performance, network quality, or routing decisions. In Linux, metrics track various aspects like CPU usage, memory consumption, or network path costs.
mirror: An exact copy of software, files, or data maintained on a separate server or location to distribute load and provide redundancy. In Linux contexts, it typically refers to a repository mirror that hosts copies of packages or distributions.
modprobe.d: A directory containing configuration files that control how the modprobe command loads kernel modules, allowing you to set module parameters and blacklist specific drivers.
mount namespace: A Linux namespace that isolates the filesystem mount points visible to a process and its children, allowing different processes to have different views of the filesystem hierarchy.
mount point: A directory in the filesystem where a storage device, partition, or filesystem is attached and made accessible. Once mounted, the contents of that device become available under that directory path.
MPLS: Multiprotocol Label Switching (MPLS) is a forwarding mechanism that uses labels instead of traditional IP routing to direct data packets through a network, enabling faster packet processing and traffic engineering.
mtab: A system file at /etc/mtab that records currently mounted filesystems and their mount options. It provides a dynamic view of what is actually mounted on the system.
mTLS: Mutual TLS (mTLS) is a security protocol where both the client and server authenticate each other using digital certificates, rather than just the server authenticating to the client.
multiuser: A system property that allows multiple users to access and use the same computer simultaneously, each with their own login session, files, and processes.

N

namespace: A Linux kernel feature that isolates system resources (like process IDs, network interfaces, or filesystems) so that groups of processes see different views of the system. Namespaces are fundamental to containerization.
NAT: Network Address Translation (NAT) is a networking technique that translates IP addresses in packet headers as they pass through a router, allowing multiple devices on a private network to share a single public IP address.
netfilter: Netfilter is a Linux kernel subsystem that provides packet filtering, network address translation (NAT), and connection tracking capabilities. It allows administrators to control, modify, and filter network traffic.
netmask: A netmask is a 32-bit number that defines which portion of an IP address identifies the network and which portion identifies the host on that network.
network namespace: A network namespace is an isolated network environment within a single Linux kernel that allows processes to have separate network interfaces, IP addresses, routing tables, and firewall rules. Multiple namespaces can coexist on one system, each with its own independent network stack.
networkd: systemd-networkd is a system service that manages network configuration and connectivity on Linux systems, handling IP address assignment, routing, and DNS resolution automatically.
NFS: Network File System (NFS) is a distributed file system protocol that allows a computer to access files and directories over a network as if they were mounted locally.
nftables: nftables is a modern Linux firewall and packet filtering framework that replaces iptables, offering a unified syntax for managing network rules across different network protocol families.
nice value: A numeric priority level (-20 to 19) that controls how much CPU time a process receives relative to others; lower values get higher priority.
NixOS: A Linux distribution built on the Nix package manager, where the entire system configuration is declared in a single reproducible configuration file, enabling atomic upgrades and rollbacks.
NTFS: NTFS (New Technology File System) is a file system developed by Microsoft, commonly used on Windows drives but readable and writable on Linux with appropriate drivers or tools.
NUMA: NUMA (Non-Uniform Memory Access) is a computer architecture where multiple processors have memory banks attached locally, with faster access to their own memory and slower access to remote memory banks on other processors.

O

OCI: OCI (Open Container Initiative) is an open standard for defining container image format and runtime specifications, ensuring portability across different container platforms.
OCI image: An OCI image is a standardized, containerized application package that follows the Open Container Initiative specification, defining how container images are built, distributed, and run across different container runtimes.
oh-my-zsh: Oh My Zsh is a popular open-source framework for managing Zsh shell configuration, providing themes, plugins, and shortcuts to enhance productivity and customize the shell experience.
OOM killer: A kernel mechanism that forcibly terminates processes when the system runs critically low on memory to prevent a complete system crash.
OOM killer event: The Linux kernel's automatic process termination mechanism that frees memory by killing non-essential processes when the system runs critically low on available RAM.
oops: An "oops" is a kernel error message indicating that the Linux kernel detected a serious problem but managed to recover without crashing the entire system, typically printed to the kernel log when a driver or kernel module violates memory safety or encounters an illegal operation.
open source: Software whose source code is freely available for anyone to view, modify, and distribute under a license that permits these freedoms. Linux itself is open source.
openSUSE: openSUSE is a free, open-source Linux distribution sponsored by SUSE that emphasizes ease of use, stability, and community-driven development.
OpenTelemetry: OpenTelemetry is an open-source framework for collecting, processing, and exporting observability data (metrics, logs, and traces) from applications and infrastructure. It provides standardized APIs and instrumentation libraries to help developers monitor system behavior and diagnose performance issues.
operating system: An operating system (OS) is the core software that manages a computer's hardware resources and provides essential services for applications and users. Linux is a free, open-source operating system kernel that powers everything from servers to smartphones.
orphan process: A process whose parent process has terminated before it does. The orphan is automatically adopted by the init process (PID 1), which becomes responsible for reaping it when it exits.
OSPF: OSPF (Open Shortest Path First) is a dynamic routing protocol that allows routers to automatically discover and communicate network topology, calculating the shortest path to reach destinations.
overlay filesystem: A filesystem that layers multiple directory trees on top of each other, combining them into a single unified view where upper layers can shadow or modify lower layers without changing the originals.

P

package manager: A software tool that automates the installation, upgrade, removal, and management of application packages on a Linux system. It handles dependencies, file placement, and system integration automatically.
page cache: The page cache is the Linux kernel's in-memory cache of file data from disk, automatically managed to speed up repeated file access without additional system calls.
page fault: A page fault occurs when a program tries to access memory that is not currently loaded in physical RAM, forcing the kernel to fetch it from disk or allocate it. It's a normal performance mechanism, not necessarily an error.
PAM: PAM (Pluggable Authentication Modules) is a flexible framework that allows Linux administrators to configure how users are authenticated, authorized, and managed across the system without modifying individual applications.
Parrot OS: Parrot OS is a Debian-based Linux distribution designed for penetration testing, digital forensics, and cybersecurity work, featuring a curated collection of hacking and security tools.
partition: A partition is a logical division of a physical hard drive or storage device into separate sections, each functioning as an independent storage unit with its own filesystem.
PATH: PATH is an environment variable that lists directories where the shell searches for executable programs when you type a command. It determines which version of a program runs when multiple copies exist on your system.
perf event: A perf event is a countable hardware or software occurrence in the system that can be monitored and analyzed using the perf tool to profile application and kernel performance.
permissions: Permissions are rules that control who can read, write, or execute a file or directory on a Linux system. They are enforced at the filesystem level and assigned to the owner, group, and others.
PID: PID (Process ID) is a unique numerical identifier assigned by the kernel to every running process on a Linux system, used to manage, track, and control processes.
PID namespace: A Linux kernel feature that isolates process ID numbering, allowing different groups of processes to have their own independent PID sequences. Processes in different namespaces can have the same PID without conflict.
pipe: A pipe is a mechanism that connects the standard output of one command directly to the standard input of another, allowing data to flow between processes. It is represented by the | character.
Pod: A Pod is the smallest deployable unit in Kubernetes, typically containing one or more tightly-coupled containers that share networking and storage resources.
Pop_OS: Pop!_OS is a free, open-source Linux distribution developed by System76 that is based on Ubuntu and optimized for productivity, with a focus on user experience and hardware compatibility.
POSIX: POSIX is a set of international standards that define how Unix-like operating systems should behave, ensuring portability and compatibility of software across different Unix and Linux implementations.
PPA: A Personal Package Archive (PPA) is a software repository hosted on Launchpad that allows Ubuntu users to install and update packages beyond those in the official repositories.
preemption: The ability of the operating system to interrupt a running process and switch to another task, ensuring fair processor time distribution and responsiveness. In Linux, preemption allows the kernel itself to be interrupted, not just user processes.
privilege escalation: The act of gaining higher-level permissions or access rights on a system than originally granted, typically from a regular user to root/administrator level.
process: A process is a running instance of a program in memory with its own memory space, file descriptors, and process ID (PID). Each process is an independent execution context managed by the kernel.
process group: A collection of related processes that share the same process group ID (PGID), allowing them to be managed together as a unit for job control and signal delivery.
Prometheus: Prometheus is an open-source systems monitoring and alerting toolkit that collects metrics from targets at specified intervals, stores them in a time-series database, and evaluates alert rules to trigger notifications.
pseudo-terminal: A software abstraction that emulates a physical terminal, consisting of a master side (controlled by a terminal emulator or SSH daemon) and a slave side (used by a shell or application). It allows text-based communication between programs and users.
pwd: pwd (print working directory) is a command that displays the full path of the current directory in the filesystem.

Q

qdisc: A qdisc (queueing discipline) is a kernel subsystem that manages how network packets are queued and transmitted on a network interface. It determines the order, timing, and rate at which packets leave the system.
QUIC: QUIC is a modern transport protocol that runs over UDP instead of TCP, designed to improve connection speed, reliability, and security for web traffic and other applications.
quota: A system limit that controls the maximum amount of disk space or number of files a user or group can use on a filesystem.

R

race condition: A race condition occurs when the outcome of concurrent operations depends on their unpredictable timing or order, causing inconsistent or incorrect results.
RAID: RAID (Redundant Array of Independent Disks) is a technique for combining multiple physical hard drives into a single logical unit to improve performance, reliability, or both through data redundancy and/or striping.
RAM: RAM (Random Access Memory) is the computer's fast, temporary memory used to store data and programs currently in use. It's erased when the system powers off.
RCU: Read-Copy-Update (RCU) is a Linux kernel synchronization mechanism that allows multiple readers to access shared data concurrently without locks, by deferring updates until all current readers finish.
redirection: Redirection is the process of sending the input or output of a command to a file or another command instead of the terminal. It uses operators like >, >>, <, and | to change where data flows.
reentrant code: Code that can be safely called multiple times concurrently or interrupted and re-invoked without losing correctness or causing data corruption.
rEFInd: rEFInd is a boot manager for UEFI systems that allows you to select and launch different operating systems or boot options from a graphical menu instead of relying solely on the firmware's boot interface.
regular expression: A pattern of characters used to match, find, and manipulate text in Linux. Regular expressions define rules for searching and replacing strings based on patterns rather than exact text.
ReiserFS: ReiserFS is a journaling filesystem for Linux that was popular in the early 2000s, known for efficient handling of small files and dynamic inode allocation.
relative path: A file or directory location specified relative to the current working directory, rather than from the root of the filesystem. Relative paths do not begin with a forward slash.
repository: A centralized storage location containing software packages, libraries, or configuration files that users can download and install. In Linux, repositories are typically hosted on remote servers and managed by package managers.
resolved: A systemd service that provides DNS resolution and caching for Linux systems, translating domain names into IP addresses.
reverse proxy: A reverse proxy is a server that sits between clients and backend servers, intercepting client requests and forwarding them to the appropriate backend server on behalf of the client.
ripgrep: ripgrep (rg) is a fast, line-oriented search tool that recursively searches directories for patterns matching a regular expression, similar to grep but significantly faster and with better defaults.
rkhunter: rkhunter is a security tool that scans Linux systems for rootkits, backdoors, and other malicious software by checking for known attack signatures and suspicious system changes.
rolling release: A software distribution model where updates are delivered continuously rather than in fixed version releases, so the system is always kept current with the latest packages.
root: The superuser account (UID 0) with unrestricted permissions to modify any file, run any command, and manage the entire Linux system. The administrative account with the highest privilege level.
root directory: The topmost directory in the Linux filesystem hierarchy, denoted by a forward slash (/) and serving as the parent of all other directories and files on the system.
rootfs: The root filesystem (rootfs) is the top-level filesystem mounted at / that contains all essential system directories and files needed to boot and run a Linux system.
rootless container: A container runtime that executes container processes without requiring root privileges on the host system, enhancing security by limiting what a compromised container can access.
RPM: RPM (Red Hat Package Manager) is a package management system for installing, updating, and removing software on Linux distributions like Red Hat, CentOS, and Fedora. It handles dependencies and maintains a database of installed packages.
rsync: rsync is a command-line tool that efficiently synchronizes files and directories between local and remote systems, copying only the differences since the last sync.
runlevel: A runlevel is a predefined operating state of a Linux system that determines which services and daemons are started at boot or when switched to. Modern systemd systems use targets instead, but runlevels remain an important concept for understanding legacy systems.

S

Samba: Samba is a free software suite that enables Linux and Unix systems to interoperate with Windows networks by implementing the SMB/CIFS protocol, allowing file and printer sharing between different operating systems.
SATA: SATA (Serial ATA) is a computer bus interface standard for connecting storage devices like hard drives and SSDs to a motherboard, replacing the older parallel ATA interface.
scheduler: The kernel component that decides which processes run on the CPU and when, dividing processor time among competing tasks.
screen: A terminal multiplexer that allows multiple shell sessions to run simultaneously within a single terminal window, with the ability to detach and reattach sessions.
seccomp: Secure Computing Mode (seccomp) is a Linux kernel feature that restricts the system calls a process can make, limiting its capabilities to only what it needs.
Secret: In Linux security contexts, a secret is any sensitive credential or data (passwords, API keys, tokens, certificates) that must be kept confidential and protected from unauthorized access.
Secure Boot: A UEFI firmware security feature that verifies the digital signature of the bootloader before execution, preventing unauthorized or malicious code from loading during system startup.
SELinux: SELinux (Security-Enhanced Linux) is a mandatory access control (MAC) system that enforces fine-grained security policies beyond traditional file permissions, controlling what processes and users can access on the system.
semaphore: A synchronization primitive that controls access to a shared resource by maintaining a counter; processes can wait for or signal the semaphore to coordinate execution.
Server-Sent Events: A web technology that enables a server to push real-time updates to connected clients over a single HTTP connection, allowing one-way communication from server to browser.
service: A service is a background process or daemon that runs continuously on a Linux system to provide specific functionality, such as web serving, email delivery, or SSH access. Services are typically managed by init systems like systemd and can be started, stopped, or restarted on demand.
session: A session is a login instance that groups related processes and terminal connections together, typically starting when a user logs in and ending when they log out.
setgid: A special file permission bit that causes an executable to run with the group privileges of the file's owner rather than the user executing it. On directories, it ensures new files inherit the directory's group.
setuid: A special file permission bit that allows a program to execute with the permissions of its owner rather than the user running it. Commonly used to grant temporary elevated privileges for specific tasks.
shebang: A special line at the start of a script file that tells the operating system which interpreter to use to execute the script. It begins with #! followed by the path to an interpreter.
shell: A shell is a command-line interpreter that reads user input, executes commands, and returns output. It acts as the interface between you and the Linux kernel.
sidecar: A sidecar is a lightweight container or process that runs alongside a main application to provide supporting functionality like logging, monitoring, or networking without modifying the primary application code.
signal: A signal is a software interrupt that delivers a notification to a process, allowing the operating system or other processes to communicate asynchronously with that process. Signals can trigger predefined actions like termination, suspension, or custom handling.
slab allocator: The slab allocator is a kernel memory management subsystem that efficiently allocates and caches small objects of fixed sizes, reducing fragmentation and allocation overhead.
Slackware: Slackware is a minimalist Linux distribution known for simplicity, stability, and giving users direct control over system configuration with minimal abstraction.
snap: A snap is a self-contained software package that bundles an application with all its dependencies, designed to work across different Linux distributions. Snaps are installed and managed using the snapd daemon and the snap command-line tool.
SNI: Server Name Indication (SNI) is a TLS extension that allows a client to specify which hostname it is connecting to during the initial handshake, enabling a single IP address to host multiple SSL/TLS certificates.
SOA record: An SOA (Start of Authority) record is a DNS resource record that defines the primary nameserver, administrator contact, and important timing parameters for a DNS zone.
socket: A socket is an endpoint for network communication or inter-process communication (IPC) that allows two programs to send and receive data. It abstracts the underlying protocol complexity and provides a file-like interface for data exchange.
soft link: A soft link (symbolic link) is a special file that points to another file or directory by storing its path, rather than directly referencing its data. Unlike hard links, soft links can point across filesystems and to directories.
softirq: A deferred interrupt handler mechanism that allows the kernel to process less critical interrupt work outside of hard interrupt context, improving system responsiveness and reducing interrupt latency.
source code: Human-readable program instructions written in a programming language that must be compiled or interpreted to run on a computer. It's the original form before transformation into executable machine code.
span: In RAID and storage contexts, a span is a single physical drive or a set of drives treated as one logical unit. In networking, it refers to a Virtual LAN (VLAN) segment or the range of network interfaces a bridge connects.
spinlock: A spinlock is a synchronization primitive that causes a process to wait in a tight loop, repeatedly checking a condition, rather than sleeping until a resource becomes available. Commonly used in kernel code where context switching overhead would be too high.
split horizon DNS: A DNS configuration technique where different DNS responses are returned to clients based on whether they're querying from inside or outside a private network, allowing the same domain to resolve to different IP addresses for internal and external users.
ssh: SSH (Secure Shell) is a cryptographic network protocol that allows secure remote login and command execution on distant computers over an insecure network.
standard error: Standard error (stderr) is the default output stream where a program sends error messages and diagnostic output, separate from normal output (stdout).
standard input: Standard input (stdin) is the default data stream from which a program reads input, typically from the keyboard or a piped source.
standard output: Standard output (stdout) is the default destination where a program sends its normal text output, typically the terminal display. It is represented by file descriptor 1 in Unix/Linux systems.
starship prompt: Starship is a fast, customizable cross-platform shell prompt written in Rust that displays git status, language versions, and system information with minimal performance overhead.
StatefulSet: A Kubernetes object that manages stateful applications by maintaining stable, persistent identities and storage for each pod replica, unlike Deployments which treat pods as interchangeable.
sticky bit: A special file permission bit that prevents users from deleting or renaming files they don't own, even if they have write permission to the directory. Commonly used on shared directories like /tmp to protect other users' files.
subshell: A subshell is a child shell process spawned by the current shell, which runs commands in an isolated environment and inherits variables from its parent but cannot modify the parent's state.
sudo: A command that allows a permitted user to execute a program with the security privileges of another user, typically the root user, by entering their own password.
sudoers: The sudoers file is a configuration file that controls which users can run commands with elevated privileges using the sudo command, and what commands they're allowed to execute.
superuser: The superuser (root) is a special user account with unrestricted permissions to perform any operation on a Linux system, including modifying system files and managing other users.
swap: Swap is disk space used as virtual memory, allowing the system to run more processes than physical RAM can hold by temporarily storing inactive memory pages to disk.
swappiness: A kernel parameter that controls how aggressively the system swaps memory pages to disk. Higher values favor swapping; lower values favor keeping pages in RAM.
symbolic link: A symbolic link is a special file that contains a path to another file or directory, acting as a shortcut or alias. When accessed, the system follows the link to the target file.
symlink: A symbolic link (symlink) is a special file that points to another file or directory by storing its path, allowing you to reference the target from a different location without duplicating it.
syscall: A syscall (system call) is a request from a user program to the Linux kernel to perform a privileged operation, such as reading a file, creating a process, or allocating memory.
sysctl: A command-line tool that reads and modifies kernel parameters at runtime without requiring a reboot. Settings are stored in /proc/sys and can be persisted in /etc/sysctl.conf.
sysctl.conf: A configuration file that sets kernel and system parameters at boot time. Changes made here persist across reboots, unlike temporary sysctl command adjustments.
sysfs: A virtual filesystem that exposes kernel objects and device information as files and directories in /sys, allowing userspace programs to view and modify hardware settings and kernel parameters.
system call: A system call is a request from a user-space program to the Linux kernel to perform a privileged operation that the program cannot do directly, such as reading files, allocating memory, or creating processes.
systemd: systemd is a modern system and service manager for Linux that replaces traditional init systems, handling startup processes, service management, and system initialization.
systemd target: A systemd target is a logical grouping of units that defines a system state or boot goal, similar to SysV init runlevels. Targets are used to organize and synchronize the startup of related services and other units.
systemd timer: A systemd unit file that triggers actions at specified times or intervals, replacing traditional cron jobs with a modern, integrated scheduling system.
systemd unit: A systemd unit is a resource that systemd manages, defined in a configuration file and identified by a name and type suffix. Units describe services, devices, mount points, sockets, and other system resources.
systemd-boot: systemd-boot is a lightweight EFI bootloader that manages the boot process on UEFI-based systems, replacing the need for GRUB on many modern Linux installations.
systemd-journald: systemd-journald is the system service that collects and stores log messages from the kernel, services, and applications in a centralized, indexed binary journal database.
SystemTap: SystemTap is a dynamic tracing framework that lets you inspect and monitor running Linux kernel and user-space processes without recompiling or restarting the system.

T

Tails: Tails is a security-focused Linux distribution designed to preserve user privacy and anonymity by routing all internet traffic through Tor and leaving no digital footprint on the host system.
tarball: A tarball is a compressed archive file created by the tar command, typically with a .tar.gz or .tar.bz2 extension, used to bundle multiple files and directories into a single distributable package.
tasklet: A tasklet is a lightweight kernel mechanism for deferring work from interrupt handlers to a later, safer time when the CPU can handle it with interrupts enabled. Tasklets run in softirq context and are faster and simpler than workqueues.
TCP: TCP (Transmission Control Protocol) is a reliable, connection-oriented network protocol that ensures data arrives in order and without errors. It is fundamental to internet communication and works alongside IP to form TCP/IP.
TCP Fast Open: TCP Fast Open (TFO) is a TCP extension that allows applications to transmit data during the initial connection handshake, reducing latency by eliminating one round-trip time compared to standard TCP.
TCP segment: A TCP segment is a unit of data transmitted over a TCP connection, consisting of a header containing control information and a payload containing application data.
terminal: A text-based interface where users type commands to interact with the operating system. The terminal displays command output and receives keyboard input, serving as the primary way to communicate directly with the Linux shell.
thread: A lightweight execution unit within a process that shares the same memory space and resources as other threads in that process. Multiple threads can run concurrently, allowing parallel execution within a single program.
thread-local storage: Memory storage that is private to each thread within a process, allowing multiple threads to maintain independent copies of the same variable without interference.
three-way handshake: The three-step process by which TCP establishes a connection between a client and server: SYN, SYN-ACK, and ACK.
time namespace: A Linux namespace that isolates the system time and clock settings for processes, allowing different groups of processes to perceive different times or have independent clock adjustments.
TIME_WAIT: TIME_WAIT is a TCP connection state that occurs after a socket closes, during which the system keeps the connection in memory to ensure delayed packets don't interfere with new connections using the same port.
TLS: Transport Layer Security (TLS) is a cryptographic protocol that encrypts data transmitted over networks, ensuring secure communication between clients and servers. It's the modern successor to SSL and is widely used for HTTPS, email, and other sensitive data transfers.
tmpfiles.d: A systemd mechanism that automatically creates, deletes, and manages temporary files and directories at boot time and during system operation. Configuration files in /etc/tmpfiles.d/ define what temporary resources should exist.
tmpfs: tmpfs is a virtual filesystem that stores data in RAM (and swap if needed) rather than on disk, providing fast temporary storage that disappears when unmounted or the system reboots.
tmux: tmux is a terminal multiplexer that allows you to run multiple terminal sessions within a single window, switch between them, and detach/reattach sessions without losing their state.
TPM: TPM (Trusted Platform Module) is a dedicated microchip on a computer's motherboard that provides cryptographic functions and secure storage for sensitive data like encryption keys and passwords.
tracepoint: A lightweight instrumentation point in the Linux kernel that allows dynamic tracing of kernel events without modifying code or recompiling, enabling real-time observation of system behavior.
tracing: Tracing is a debugging technique that records and monitors system calls, function calls, or kernel events in real-time to observe program behavior and performance. Tools like strace and ftrace capture detailed execution flows without requiring code modification.
tty: A terminal interface that allows users to interact with the system through text input and output. Originally referred to physical typewriter-like devices, now commonly means virtual terminal emulators or terminal sessions.
TUI: A Text User Interface (TUI) is a graphical interface displayed in the terminal using text characters and keyboard navigation, offering a middle ground between command-line and GUI applications.
Tumbleweed: openSUSE Tumbleweed is a rolling-release Linux distribution that receives frequent updates with the latest software packages, contrasting with fixed-release distributions that require periodic upgrades.

U

Ubuntu LTS: Ubuntu LTS (Long Term Support) is a Ubuntu release that receives security and maintenance updates for 5 years on desktop and 10 years on servers, released every two years.
udev: A dynamic device manager for Linux that automatically detects hardware and creates device files in /dev, replacing the older static devfs system.
UDP: UDP (User Datagram Protocol) is a lightweight, connectionless network protocol that sends data packets without establishing a connection or guaranteeing delivery. It prioritizes speed over reliability.
UID: UID (User ID) is a unique numerical identifier assigned to each user account on a Linux system. It is used internally by the kernel and filesystem to determine ownership and access permissions.
ulimit: A shell built-in command that sets or displays resource limits for processes, controlling maximum CPU time, memory usage, file size, and other system resources.
umask: A shell setting that specifies which permission bits to remove when creating new files and directories, acting as a default restriction on file permissions.
Unicode: Unicode is an international standard for encoding and representing text characters from all world languages and symbols. It assigns a unique number (codepoint) to each character, enabling consistent text handling across different systems and languages.
Unix: Unix is a modular, multi-user operating system created in the 1970s at Bell Labs that established fundamental design principles like 'everything is a file' and 'do one thing well.' Linux is a Unix-like operating system that follows these principles.
unprivileged user: A user account on Linux that does not have superuser (root) privileges and cannot perform system-wide administrative tasks. Unprivileged users operate with restricted permissions for security and system stability.
uprobe: A dynamic tracing mechanism that allows you to insert instrumentation points into user-space applications at runtime without recompiling code, capturing function calls and variable values.
uptime: A command that displays how long a system has been running since the last reboot, along with current load averages and connected users.
user namespace: A Linux kernel feature that allows processes to have their own isolated view of user and group IDs, enabling unprivileged users to run containers or services with root-like capabilities within their namespace.
user space: The memory and execution environment where user applications and non-privileged processes run, isolated from the kernel's restricted memory space.
UTF-8: UTF-8 is a variable-width character encoding that represents Unicode characters using one to four bytes, allowing it to encode all world languages while remaining backward-compatible with ASCII.
UTS namespace: A Linux namespace that isolates hostname and NIS domain name, allowing containers and processes to have their own independent identity without affecting the host system.
UUID: A UUID (Universally Unique Identifier) is a 128-bit number used to uniquely identify resources in Linux systems, most commonly disk partitions and filesystems. It remains the same even if the device name changes.

V

vfat: VFAT is a file system that extends FAT32 to support long filenames and is commonly used on USB drives, SD cards, and other removable media for cross-platform compatibility.
virtual filesystem: An abstraction layer that provides a unified interface to different filesystem types, allowing the kernel to treat all filesystems (local disks, network drives, RAM-based systems) uniformly regardless of their underlying implementation.
virtual memory: A memory management technique that uses disk storage to extend the apparent amount of RAM available to processes, allowing programs to use more memory than physically exists.
VLAN: A Virtual Local Area Network (VLAN) is a logical network segment that groups devices on a physical network, allowing them to communicate as if they were on the same network even if physically separated or connected through different switches.
VPN: A Virtual Private Network (VPN) is a secure encrypted tunnel that routes your internet traffic through a remote server, masking your IP address and encrypting data between your computer and the VPN server.
VXLAN: VXLAN (Virtual Extensible LAN) is a network virtualization technology that encapsulates Layer 2 Ethernet frames within Layer 4 UDP packets, allowing virtual networks to span across physical networks and data centers.

W

wait queue: A kernel data structure that holds processes blocked waiting for a specific event or resource to become available, allowing the kernel to efficiently wake them when the event occurs.
Wayland: Wayland is a modern display server protocol and compositor that replaces X11, designed to be simpler, more secure, and better suited to contemporary graphics hardware and input handling.
WebSocket: A communication protocol that enables two-way, persistent connections between a client and server over a single TCP connection, allowing real-time data exchange with lower overhead than repeated HTTP requests.
wildcard: A special character or pattern used in the shell to match multiple filenames or strings without typing each one explicitly. Common wildcards include * (any characters), ? (single character), and [ ] (character class).
window manager: A window manager is software that controls the placement, sizing, and appearance of windows on a graphical display. It manages how application windows interact and are rendered on your screen.
WireGuard: WireGuard is a modern, lightweight VPN protocol and implementation that provides secure point-to-point connections using public-key cryptography and runs as a kernel module on Linux.
work queue: A kernel mechanism that defers work (like interrupt handlers) to be executed later in a less-critical context, improving system responsiveness and allowing blocking operations that aren't safe in interrupt handlers.
working set: The set of memory pages that a process actively uses within a given time window. The kernel tracks this to optimize page replacement and predict memory demand.
write barrier: A mechanism that ensures disk writes are physically committed in the correct order, preventing data corruption if the system crashes or loses power during I/O operations.

X

X11: X11 is a network-based graphical display system that manages windows, input devices, and graphics rendering on Unix and Linux systems. It follows a client-server architecture where applications (clients) send drawing requests to a display server.
XDP: XDP (eXpress Data Path) is a Linux kernel technology that allows programs to process network packets at the earliest possible point in the network stack, before they reach the traditional networking subsystem.
XFS: XFS is a high-performance, 64-bit journaling filesystem originally developed by SGI, now widely used in Linux for large-scale storage and parallel I/O workloads.

Y

YubiKey: A hardware security key that generates time-based or challenge-response authentication codes, used to secure Linux system access and online accounts against unauthorized login.

Z

zombie process: A zombie process is a child process that has terminated but whose exit status has not yet been read by its parent process, leaving an entry in the process table.
Zorin OS: Zorin OS is a Linux distribution based on Ubuntu designed to provide a user-friendly desktop experience with a Windows-like interface, making it accessible for users transitioning from Windows to Linux.
zram: zram is a Linux kernel module that creates compressed RAM-based block devices, allowing the system to store data in compressed form in memory to reduce physical RAM usage.
zsh: Zsh is an advanced interactive shell and command language for Linux and Unix systems that extends bash with powerful features like improved tab completion, spelling correction, and advanced pattern matching.