Dictionary

Terms

A

ABI

Application Binary Interface. The low-level contract between a binary and the operating system: syscall numbers, calling conventions, data layout. Determines which binaries run on which kernel.

ACID

Atomicity, Consistency, Isolation, Durability. The four guarantees a database transaction must provide for reliability.

ACME

Automatic Certificate Management Environment. The protocol Let's Encrypt uses to issue and renew TLS certificates without manual intervention.

Ansible

An agentless automation tool for configuration management, application deployment, and orchestration. Uses YAML playbooks over SSH.

AWS

Amazon Web Services. The dominant cloud computing platform offering IaaS, PaaS, and managed services.

B

BPF

Berkeley Packet Filter. Originally a packet capture mechanism, extended in Linux as eBPF for programmable kernel-level filtering. Used by seccomp-bpf to inspect and decide on every syscall at runtime.

Bun

An all-in-one JavaScript runtime, bundler, transpiler, and package manager. Written in Zig, designed for speed.

C

Caddy

A web server with automatic HTTPS via built-in ACME client. Written in Go. Often used as a reverse proxy.

Ambient Authority

The security property where a process inherits all the permissions of the user who launched it. The default Unix model since 1969. Capsicum eliminates it; seccomp restricts it.

Capsicum

A capability-based security framework in FreeBSD. One syscall (cap_enter) permanently removes all access to global namespaces. The process keeps only its existing file descriptors, each restricted via cap_rights_limit(). Irreversible. Compiled into FreeBSD 10.0 by default since 2014.

CAST

The templating language used by CASTD. Five delimiter pairs for variables, conditions, slots, comments, and expressions.

CDDL

Common Development and Distribution Licence. Sun Microsystems' open-source licence, intentionally incompatible with the GPL. The licence under which ZFS was released.

CI/CD

Continuous Integration / Continuous Deployment. Automated pipelines that build, test, and deploy code on every commit.

CNCF

Cloud Native Computing Foundation. The Linux Foundation project hosting Kubernetes, Prometheus, Envoy, and other cloud-native infrastructure projects.

CQRS

Command Query Responsibility Segregation. Separates read models from write models, allowing independent optimisation of each path.

Cracktro

A signature animation attached to cracked software by pirate groups in the 1980s and 1990s. Scrolling text, chiptune music, and vector effects as calling cards. The art form that evolved into the demoscene.

Copy-on-Write

A storage strategy where data is never overwritten in place. New data is written to a new location, then the pointer is updated. Guarantees consistency after power failure.

cron

The Unix job scheduler. Executes commands at specified times using a five-field time expression (minute, hour, day, month, weekday).

CrowdStrike Incident

On 19 July 2024, a rapid content update to CrowdStrike's Falcon Sensor bypassed quality control and crashed 8.5 million Windows machines globally. Airlines, hospitals, banks, and emergency services were affected. $5.4 billion in Fortune 500 damages.

CSR

Client-Side Rendering. Building the page DOM entirely in the browser via JavaScript after an initial empty HTML shell is delivered.

CSS Layers

The @layer rule in CSS, allowing authors to define explicit cascade priority between groups of styles, eliminating specificity wars.

CSS-in-JS

A pattern where CSS is authored inside JavaScript files, generating styles at runtime. Adds bundle weight and runtime overhead.

D

Debian

A community-driven Linux distribution known for its stability-first release policy. Debian Stable freezes packages and releases when ready, not on a schedule. The reference for conservative, tested software deployment.

Demoscene

A computer art subculture producing real-time audiovisual presentations (demos) within extreme size constraints, often 64 KB or less.

Deno

A secure JavaScript/TypeScript runtime by the creator of Node.js. Built-in TypeScript support, URL imports, and sandboxed permissions.

DKMS

Dynamic Kernel Module Support. A framework for building kernel modules that automatically recompile when the kernel is updated. Used by ZFS on Linux.

Dependabot

A GitHub-integrated bot that automatically opens pull requests to update dependencies. On a monorepo, it can generate hundreds of PRs per week, each requiring review and testing.

Docker

A container runtime that packages applications with their dependencies into isolated filesystem images, sharing the host kernel.

DTrace

A dynamic tracing framework for real-time analysis of running systems. Originated in Solaris, ported to FreeBSD and macOS. Traces kernel and userspace with near-zero overhead when idle.

E

ES Modules

The native JavaScript module system using import/export syntax, loaded by browsers without a bundler.

Event Sourcing

A pattern that stores every state change as an immutable event rather than overwriting current state. The event log becomes the source of truth.

F

Fetch API

The modern browser interface for making HTTP requests, replacing XMLHttpRequest. Returns Promises and supports streaming.

FFmpeg

A universal multimedia framework handling over 100 audio and video codecs. 1.5 million lines of C. Powers YouTube, Netflix, VLC, Spotify, Chrome. Created by Fabrice Bellard in 2000.

FOSDEM

Free and Open Source Developers' European Meeting. Annual two-day conference in Brussels, free to attend, no registration.

FreeBSD

An open-source Unix operating system descended from the Berkeley Software Distribution. Known for ZFS, Jails, and its licence model.

G

GDPR

General Data Protection Regulation. EU law governing the collection, processing, and storage of personal data. Effective since 2018.

GIL

Global Interpreter Lock. A mutex in CPython that allows only one thread to execute Python bytecode at a time, serialising CPU-bound work. Elegant until load disagrees.

Goroutine

A lightweight thread managed by the Go runtime. Multiplexed onto OS threads. Enables high concurrency but subject to garbage collection pauses.

Grafana

A visualisation platform for metrics, logs, and traces. Connects to Prometheus, Loki, InfluxDB, and dozens of other data sources.

Goodhart's Law

When a measure becomes a target, it ceases to be a good measure. Named after economist Charles Goodhart (1975). Explains why velocity tracking corrupts estimation.

GraphQL

A query language for APIs where the client specifies exactly which fields it needs. Developed by Facebook, alternative to REST.

gRPC

A high-performance RPC framework using Protocol Buffers and HTTP/2. Supports streaming, code generation, and strong typing.

H

HAProxy

A high-performance TCP/HTTP load balancer and reverse proxy. Event-driven, widely used for traffic distribution.

HTTP/2

The second major version of HTTP. Binary framing, multiplexed streams over a single TCP connection, header compression.

HTTP/3

HTTP over QUIC. Replaces TCP with UDP-based transport, eliminating head-of-line blocking. Built-in encryption.

I

IaaS

Infrastructure as a Service. Virtual machines, storage, and networking rented from a cloud provider instead of running your own hardware.

IPsec

Internet Protocol Security. A suite of protocols for authenticating and encrypting IP packets. Complex configuration, largely replaced by WireGuard for VPNs.

J

Jails

FreeBSD's OS-level virtualisation. Lightweight isolation of processes, filesystems, and network stacks without a hypervisor.

jq

A functional programming language for transforming JSON on the command line. Generators, backtracking, immutable values, compiled to a stack-based bytecode VM. 822 KB binary. Written in C by Stephen Dolan in 2012. MIT licence.

JSON-RPC

JSON Remote Procedure Call. A lightweight protocol that encodes function calls and responses as JSON objects, transported over HTTP or WebSockets.

K

KubeCon

The Cloud Native Computing Foundation's flagship conference for Kubernetes and cloud-native technologies.

Kubernetes

An orchestration platform for managing containerised workloads across clusters. Handles scheduling, scaling, and self-healing.

L

Landlock

A Linux security module (merged in 5.13, 2021) that adds unprivileged filesystem sandboxing. Moves closer to Capsicum's capability model but does not yet match the simplicity of cap_enter().

light-dark()

A CSS function that returns one of two values depending on the computed color-scheme. Eliminates media-query duplication for dark mode.

Linuxulator

FreeBSD's Linux binary compatibility layer. Translates Linux system calls to FreeBSD equivalents in the kernel, running Linux binaries natively without emulation. Active since 1995.

LTS

Long-Term Support. A release designated for extended maintenance, typically receiving only security patches and critical bug fixes. Node.js LTS lasts 30 months. PostgreSQL supports each major for 5 years.

Lua

A lightweight embeddable scripting language. 30 KB runtime, first-class functions, metatables for OOP. Used in game engines and web servers.

M

Merkle tree

A hash tree where every leaf node is labelled with the hash of a data block and every non-leaf node is labelled with the hash of its children. Used by ZFS for end-to-end checksumming.

Microservices

An architecture that decomposes an application into small, independently deployable services communicating over network protocols.

Monolith

A single deployable unit containing all application logic. Often contrasted with microservices but not inherently inferior.

MVC

Model-View-Controller. An architectural pattern that separates data (Model), presentation (View), and input handling (Controller).

MVCC

Multi-Version Concurrency Control. A database technique where readers see a consistent snapshot without blocking writers. Used in PostgreSQL.

N

nftables

The Linux packet classification framework replacing iptables. Uses a unified syntax for filtering, NAT, and mangling.

nginx

A high-performance HTTP server and reverse proxy using an event-driven, non-blocking architecture. Serves static files and proxies upstream applications.

npm

Node Package Manager. The default registry and CLI for JavaScript packages. Manages dependency trees in node_modules.

O

OKLCH

A perceptually uniform colour space using Lightness, Chroma, and Hue. Produces consistent perceived brightness across all hues, unlike HSL.

OOCSS

Object-Oriented CSS. A methodology that separates structure from skin and container from content, promoting reusable CSS classes.

OpenBSD

A security-focused open-source Unix operating system. Produced OpenSSH, LibreSSL, OpenBGPD, and the pledge()/unveil() system calls. Known for code audits and minimal defaults.

OpenVPN

An open-source VPN solution using SSL/TLS for key exchange. Flexible but verbose configuration compared to WireGuard.

ORM

Object-Relational Mapping. A layer that translates between programming-language objects and relational database rows, abstracting SQL behind method calls.

P

PaaS

Platform as a Service. A managed environment where developers deploy code without managing servers, containers, or operating systems.

pf

Packet Filter. The firewall in FreeBSD (and OpenBSD). Stateful, with anchors, tables, and a concise rule syntax.

PHP-FPM

FastCGI Process Manager for PHP. Manages a pool of PHP worker processes, each handling one request at a time. Typical memory: 40-128 MB per worker.

POSIX

Portable Operating System Interface. A family of IEEE standards defining Unix-compatible APIs, shell behaviour, and utility conventions.

PostgreSQL

An advanced open-source relational database with MVCC, JSON support, full-text search, and extensibility via custom types and functions.

Privilege Separation

A security architecture that splits a process into a small privileged monitor and a larger unprivileged worker. Limits damage when the worker is compromised. Pioneered by OpenSSH in 2002.

Prometheus

A time-series monitoring system with a pull-based model, PromQL query language, and built-in alerting.

PyCon

The annual Python community conference. Held in multiple countries, featuring talks, sprints, and community gatherings.

R

RAII

Resource Acquisition Is Initialisation. A pattern where resources are tied to object lifetimes: acquired in the constructor, released in the destructor. Rust enforces this through ownership. No garbage collector needed.

Redis

An in-memory data structure store used as database, cache, and message broker. Single-threaded, sub-millisecond latency.

REST

Representational State Transfer. An architectural style for APIs using standard HTTP methods (GET, POST, PUT, DELETE) on resource URLs.

Rolling Checksum

A hash that can be updated incrementally as a window slides across data. Enables rsync to find matching blocks in O(n) instead of O(n²). Based on Adler-32.

Rolling Release

A software distribution model where updates ship continuously rather than in discrete versions. No fixed release date, no frozen state. The system is always current, never finished.

rsync

A fast, incremental file transfer utility. Transfers only the differences between source and destination using a rolling checksum algorithm.

Rust

A systems programming language emphasising memory safety without garbage collection, using ownership and borrowing rules enforced at compile time.

S

SaaS

Software as a Service. Renting access to software hosted by the vendor, paid via recurring subscription rather than a perpetual licence.

Sass

A CSS preprocessor adding variables, nesting, and mixins. Largely obsoleted by native CSS custom properties, nesting, and @layer.

Scrum

An agile framework using fixed-length Sprints, daily stand-ups, and defined roles (Product Owner, Scrum Master, Development Team).

seccomp

Secure Computing mode. A Linux kernel facility that restricts which system calls a process may invoke. Strict mode (2005) permits four calls. seccomp-bpf (2012) allows programmable filters via BPF programmes.

SemVer

Semantic Versioning. A versioning scheme using MAJOR.MINOR.PATCH where major means breaking changes, minor means new features, patch means bug fixes. The contract is voluntary and routinely violated.

Share-Nothing

An architecture where each request handler starts with no shared state. Every request is isolated. PHP's default model. Beautiful for safety, structural impediment for persistent connections.

Serverless

A cloud execution model where the provider allocates resources per request. You write functions, the vendor manages infrastructure.

SPA

Single-Page Application. A web app that loads one HTML document and rewrites it dynamically via JavaScript, avoiding full page reloads.

Specificity

The algorithm browsers use to determine which CSS rule wins when multiple rules target the same element. Based on selector weight: ID > class > element.

SQLite

A self-contained SQL database engine stored in a single file. No server process. Handles terabytes with zero configuration.

SSH

Secure Shell. A cryptographic protocol for secure remote login, command execution, and tunnelling over untrusted networks.

SSR

Server-Side Rendering. Generating the full HTML of a page on the server before sending it to the browser, as opposed to client-side rendering.

systemd

The init system and service manager in most Linux distributions. Manages processes, logging, networking, and device events. Controversial for its scope.

T

Terraform

An infrastructure-as-code tool by HashiCorp. Declares cloud resources in HCL files and manages their lifecycle.

TLS

Transport Layer Security. The cryptographic protocol securing HTTPS, email, and other network traffic. Successor to SSL.

tmux

A terminal multiplexer. Runs multiple shell sessions in one terminal, supports detaching and reattaching, split panes, and session persistence.

TypeScript

A typed superset of JavaScript that compiles to plain JS. Adds static type checking at build time.

U

Unix Philosophy

Design principles favouring small, composable programs that do one thing well, connected via text streams.

V

Vite

A frontend build tool using native ES Modules for instant dev server startup and Rollup for production builds. Replaces Webpack.

VNET

Virtual Network Stack in FreeBSD. Gives each jail its own interfaces, routing table, and firewall rules. Kernel-native network isolation without overlay networks.

W

WebAssembly

A binary instruction format for a stack-based virtual machine. Runs near-native speed in browsers alongside JavaScript.

Webpack

A JavaScript module bundler that resolves dependency graphs and outputs optimised bundles. Largely replaced by Vite and native ES Modules.

WebSocket

A persistent, full-duplex communication channel over a single TCP connection, enabling real-time data exchange between browser and server.

WireGuard

A modern VPN protocol using state-of-the-art cryptography. One C file, ~4,000 lines, replaces IPsec and OpenVPN.

Z

ZFS

Zettabyte File System. A combined filesystem and volume manager with checksumming, snapshots, clones, and built-in RAID.

People

A

Jonathan Anderson

Computer scientist, co-creator of Capsicum with Robert Watson. Their 2010 USENIX Security paper introduced capability-based sandboxing to FreeBSD. Now at Memorial University of Newfoundland.

Andrea Arcangeli

Linux kernel developer. Created the original seccomp strict mode in 2005 (Linux 2.6.12), permitting only four syscalls. Also known for work on KVM and Transparent Huge Pages.

B

Kent Beck

Creator of Extreme Programming and co-inventor of story points with Ron Jeffries. Wrote the SUnit testing framework that became JUnit. Advocate of simplicity in software design.

Fabrice Bellard

French computer scientist. Created FFmpeg, QEMU, TinyCC, JSLinux, and Bellard's formula. Computed 2.7 trillion digits of pi on a desktop PC. Builds fundamental tools, then moves on.

Jeff Bonwick

Engineer at Sun Microsystems who designed the Slab Allocator and co-created ZFS with Matthew Ahrens. Built the filesystem that trusts mathematics over hardware.

D

Stephen Dolan

Creator of jq (2012). PhD in Algebraic Subtyping at the University of Cambridge, supervised by Alan Mycroft. Now at Jane Street, working on the OCaml compiler. Wrote a functional language for JSON in 510 KB of C.

Will Drewry

Google engineer who introduced seccomp-bpf in Linux 3.5 (2012). Extended seccomp from a binary four-syscall mode to programmable BPF-based filtering, enabling practical process sandboxing on Linux.

Dubmood

Swedish chiptune musician and demoscene legend. Two decades of tracker music across Amiga, C64, and PC platforms. Composed the soundtrack for Razor 1911's 'The Scene Is Dead' (2012).

F

Rich Felker

Author of musl libc, a clean-room lightweight C standard library for Linux. Vocal advocate for POSIX correctness and minimal PID 1 design.

Michael Färber

Computer scientist. Published the first formal specification of the jq language in 2024 (arXiv:2403.20132), twelve years after Dolan wrote the implementation. Also wrote jaq, a Rust reimplementation of jq that is 5-10x faster.

Martin Fowler

Software author and Chief Scientist at ThoughtWorks. Coined 'Microservices' with James Lewis. Wrote Refactoring, Patterns of Enterprise Application Architecture, and the 'Monolith First' essay.

H

David Heinemeier Hansson

Creator of Ruby on Rails. Co-founder of Basecamp and HEY. Now advocates software ownership over SaaS subscriptions with ONCE.

Rich Harris

Creator of Svelte and Rollup. Former graphics editor at The New York Times. Demonstrated that the Virtual DOM is 'pure overhead'.

J

Ron Jeffries

Co-creator of Extreme Programming. Agile Manifesto signatory. In 2018, wrote 'Developers Should Abandon Agile' — a rare recantation from an original author.

K

Poul-Henning Kamp

Danish FreeBSD developer. Created Jails (1999), the GEOM storage framework, and Varnish Cache. Known for phk's bikeshed argument and decades of kernel-level systems work.

Greg Kroah-Hartman

Senior Linux kernel maintainer responsible for stable releases. In 2024, removed Russian-affiliated maintainers from the MAINTAINERS file on compliance grounds.

L

James Lewis

Software architect at ThoughtWorks. Co-coined the term 'Microservices' with Martin Fowler in their 2014 article defining the architectural style.

M

Alan Mycroft

Professor of Computing at the University of Cambridge. Supervised Stephen Dolan's PhD in Algebraic Subtyping. Co-designed the Nanopass framework and contributed to static analysis research spanning four decades.

P

Lennart Poettering

Creator of systemd and PulseAudio. His replacement of SysVinit with a monolithic init system remains one of the most divisive decisions in Linux history.

R

Theo de Raadt

Founder and leader of the OpenBSD project. Forked OpenSSH in 1999. Three decades of security-first development, auditing every line, removing attack surface instead of adding features.

S

Salvatore Sanfilippo

Sicilian developer known as antirez. Created Redis in 2009, a single-threaded in-memory data structure server. Maintained it personally for fifteen years.

Ken Schwaber

Co-creator of Scrum with Jeff Sutherland. Founded the Scrum Alliance, later Scrum.org. Admitted that 75 per cent of organisations using Scrum will not succeed.

T

Dave Thomas

Agile Manifesto signatory. Co-author of The Pragmatic Programmer. Declared 'Agile is Dead' in 2014, arguing the word had been hijacked by consultancies.

Ken Thompson

Co-creator of Unix (1969), the B programming language, and the first cron (1975) at Bell Labs. Co-designed UTF-8 and Plan 9. Turing Award winner (1983) with Dennis Ritchie.

Linus Torvalds

Creator and principal developer of the Linux kernel. Also wrote Git. Maintains kernel development from Portland, Oregon.

Andrew Tridgell

Australian computer scientist. Created rsync (1996), Samba (Windows file sharing on Unix), ccache, and co-developed Git's delta compression with Linus Torvalds.

V

Paul Vixie

Author of Vixie cron (1987), BIND (the DNS server running a third of the internet), and numerous RFCs. Internet Hall of Fame inductee (2014). The five-field crontab syntax is his.

W

Robert Watson

Computer scientist at the University of Cambridge. Co-created Capsicum with Jonathan Anderson (2010, Best Student Paper at USENIX Security). Also contributed to FreeBSD's MAC framework and TrustedBSD.

Y

Greg Young

Popularised Event Sourcing and CQRS as architectural patterns. Author of Versioning in an Event Sourced System.