A standard way to represent the characters commonly used in the Western
European languages as 7-bit integers, now largely superceded by
Unicode.
allocation block
The minimum unit of disk space that a filesystem allocates to a file.
Even a file that contains a single byte occupies one full allocation block,
so a file's actual disk usage is always a multiple of the block size.
authentication challenge
A piece of data sent by a server to a client that the client must transform
using a secret (such as a private key) to prove its identity
without transmitting the secret itself.
authentication
The act of establishing one's identity.
authorization
The act of establishing that one has a right to access certain information.
B
background a process
To disconnect a process from the terminal but keep it
running.
ball-and-stick model
FIXME
base64 encoding
A representation of binary data that represents each group of 6 bits
as one of 64 printable characters.
"block device"
FIXME
"block (in filesystem)"
FIXME
buffer (noun)
An area of memory used to hold data temporarily.
buffer (verb)
To store something in memory temporarily,
e.g., while waiting for there to be enough data to make an I/O operation worthwhile.
C
cache
To store a copy of data locally in order to speed up access,
or the data being stored.
callback function
A function A that is passed to another function B so that B can call it at
some later point.
capability
FIXME
certificate
A digitally-signed document that binds a public key to an identity (such as a domain name).
Used in TLS to allow clients to verify that they are communicating
with the intended server.
certificate authority (CA)
An organization trusted to sign certificates,
vouching that the public key in the certificate belongs to the claimed identity.
Browsers and operating systems ship with a list of trusted root CAs.
A program such as a browser that sends requests to a server and does something with the response.
command interpolation
FIXME
concurrency
The ability of different parts of a system to take action at the same time.
copy-on-write
FIXME
D
daemon
A long-lived process managed by an operating system
that provides a service such as printer management to other processes.
dependency conflict
The situation that arises when two packages require incompatible versions of a third package.
device
FIXME
digital certificate
A digitally-signed document that binds a public key to an identity.
See also certificate.
digital signature
A value computed from some data using a private key that allows anyone
with the corresponding public key to verify that the data has not been
tampered with and was signed by the holder of the private key.
Domain Name System (DNS)
The distributed database that translates human-readable hostnames such as
example.com into numeric IP addresses.
Docker
A tool for creating and managing isolated computing environments.
Docker container
A particular running (or runnable) instance of a Docker image.
Docker image
A package containing the software and supporting files Docker needs
to run an application in isolation.
layer (of Docker image)
FIXME
tag (a Docker image)
FIXME
Dockerfile
The name usually given to a file containing commands to build a Docker image.
dynamic content
Web site content that is generated on the fly.
Dynamic content is usually customized according to the requester's identity,
query parameter,
etc.
E
encryption
The process of converting data from a representation that anyone can read
to one that can only be read by someone with the right algorithm and/or key.
To create a duplicate of an existing process,
typically in order to run a new program.
G
group ID (GID)
FIXME
H
hash
FIXME
HMAC (Hash-based Message Authentication Code)
A type of message authentication code that combines a cryptographic hash function
with a secret key, used to verify both the integrity and authenticity of a message.
host key
A key pair that uniquely identifies an SSH server.
Clients store the server's public host key after the first connection
and reject connections if it changes unexpectedly.
hostname
A human-readable name for a computer on a network.
HTTP
full: HyperText Transfer Protocol
The protocol used to exchange information between browsers and websites,
and more generally between other clients and servers.
Communication consists of requests and responses.
header (of HTTP request or response)
A name-value pair at the start of an HTTP request or response.
Headers are used to specify what data formats the sender can handle,
the date and time the message was sent,
and so on.
HTTP method
The verb in an HTTP request that defines what the client wants to do.
Common methods are GET (to get data) and POST (to submit data).
HTTP request
A precisely-formatted block of text sent from a client such as a browser
to a server
that specifies what resource is being requested,
what data formats the client will accept, etc.
HTTP response
A precisely-formatted block of text sent from a server
back to a client in reply to a request.
HTTP status code
A numerical code that indicates what happened when an HTTP request was processed,
such as 200 (OK),
404 (not found),
or 500 (internal server error).
HTTPS
HTTP over TLS. Encrypts all traffic between client and server
and allows the client to verify the server's identity using a certificate.
I
inode
FIXME
internal fragmentation
The disk space wasted when a file does not completely fill its last allocation block.
A 1-byte file in a filesystem with 4 KiB blocks wastes 4,095 bytes.
IP address
A numerical label assigned to each device on a network that uses the Internet Protocol.
IPv4 addresses are 32 bits (e.g., 192.168.1.1); IPv6 addresses are 128 bits.
J
journald
The logging daemon that is part of systemd on Linux.
It collects log messages from the kernel, services, and applications
and stores them in a structured binary format queryable with journalctl.
JavaScript Object Notation (JSON)
A way to represent data by combining basic values like numbers
and character strings in lists and key-value structures. Unlike
other formats, it is unencumbered by a syntax for writing comments.
K
key pair
A matched pair of cryptographic keys consisting of a private key,
which is kept secret, and a public key, which can be shared freely.
Data encrypted with one key can only be decrypted with the other.
L
hard link (in filesystem)
FIXME
symbolic link (in filesystem)
FIXME
lint
FIXME
local server
A server running on the programmer's own computer,
typically for development purposes.
localhost
A special host name that identifies
the computer that the software is running on.
log formatter
A component of a logging system that controls the text layout of each log message,
including fields such as timestamp, level, and message text.
log handler
A component of a logging system that decides where log messages are sent,
such as to the terminal, a file, or a remote service.
log level
A label indicating the severity or importance of a log message.
Common levels in order of increasing severity are
DEBUG, INFO, WARNING, ERROR, and CRITICAL.
logger
A named channel through which log messages flow in a structured logging system.
Loggers can be given different levels and handlers.
M
MIME type
A standard that defines types of file content,
such as text/plain for plain text and image/jpeg for JPEG images.
man-in-the-middle attack
An attack in which an adversary secretly intercepts and possibly alters
communications between two parties who believe they are talking directly to each other.
mount
FIXME
N
name collision
The problem that occurs when two different applications use the same name
for different things.
O
octal
FIXME
operating system (OS)
A program whose job is to manage the hardware of a computer.
Other programs interact with the OS through system calls.
P
parent process
A process which has created one or more other processes,
which are called its child processes.
passphrase
A password used to encrypt a private key when it is stored on disk.
Using a passphrase means a stolen key file cannot be used without it.
path (in filesystem)
An expression that refers to a file or directory in a filesystem.
port
A logical endpoint for communication,
like a phone number in an office building.
private key
The secret half of a key pair.
The private key must never be shared; it is used to decrypt messages encrypted
with the corresponding public key or to create digital signatures.
process
A running instance of a program.
process ID
The unique numerical identifier of a running process.
process tree
The set of processes created directly or indirectly by one process
and the parent-child relationships between them.
public key
The non-secret half of a key pair.
The public key can be shared freely; it is used to encrypt messages intended for
the holder of the corresponding private key or to verify digital signatures.
Q
query parameter
A key-value pair included in a URL that the server may use to modify or customize its response.
R
refactor
To reorganize code without changing its overall behavior.
To translate a path into the canonical name of the file or directory it refers to.
robustness
The property of a program or system that continues to function correctly
across a wide range of inputs, conditions, and execution orderings.
root directory
The top-most directory in the filesystem
that contains all other directories and files.
root (user account)
The usual ID of the superuser account on a computer.
S
salt
A random value added to a password before hashing it,
so that two users with the same password will have different stored hashes
and precomputed rainbow-table attacks are ineffective.
sandbox
An isolated computing environment in which operations can be executed safely.
server
A program that waits for requests from clients
and sends them data in response.
session key
A symmetric encryption key generated for a single TLS session
and discarded afterward.
Both client and server derive the same session key during the TLS handshake
without transmitting it directly.
shell
A program that allows a user to interact with a computer's operating system
and other programs through a textual user interface.
shell_script
A program that uses shell commands as its programming language.
An endpoint for two-way communication between processes,
either on the same machine or across a network.
Sockets make network I/O look similar to file I/O.
source (in shell script)
To run one shell script in the same process as another.
SSH (Secure Shell)
A network protocol and tool for logging into remote machines and running commands on them.
All traffic is encrypted, and the server's identity is verified using a host key.
SSH tunnel
A secure channel created by SSH that forwards network traffic from a local port
to a port on (or reachable from) the remote machine.
static file
Web site content that is stored as a file on disk that is served as-is.
Serving static files is usually faster than generating dynamic content,
but can only be done if what's wanted is unchanging and known in advance.
stream
A sequence of data elements made available one at a time,
such as the bytes read from a file or received over a network connection.
structured logging
A logging approach in which each log record is written as a machine-readable
data structure (typically JSON) rather than as free-form text,
making logs easier to filter and analyze programmatically.
superuser
An administrative account on a computer that has permission
to see, change, and run everything.
suspend (a process)
To pause the execution of a process but leave it intact so that it
can resume later.
A cryptographic protocol that provides encrypted, authenticated communication
over a network. Used by HTTPS and SSH, among others.
Formerly known as SSL.
TLS/SSL
See TLS. SSL (Secure Sockets Layer) is the older name for the protocol
now standardized as TLS; the two terms are often used interchangeably.
U
user ID (UID)
FIXME
Unicode
A standard that defines numeric codes for many thousands of characters and
symbols. Unicode does not define how those numbers are stored; that is
done by standards like UTF-8.
user group
FIXME
UTF-8
A way to store the numeric codes representing Unicode
characters that is backward-compatible with the older ASCII standard.
Universally Unique Identifier (UUID)
FIXME
V
virtual environment
A set of libraries, applications, and other resources that are isolated from the main system
and other virtual environments.
W
web scraping
The act of extracting data from HTML pages on the web.
wrap (an object)
To create a new object that delegates most operations to an existing object
while adding or modifying specific behavior,
such as wrapping a plain socket with a TLS layer.