Dictionary

Terms

A

ABI

Application Binary Interface. The low-level contract between a binary and the operating system: syscall numbers, calling conventions, data layout. Determines which binaries run on which kernel.

ACID

Atomicity, Consistency, Isolation, Durability. The four guarantees a database transaction must provide for reliability.

ACME

Automatic Certificate Management Environment. The protocol Let's Encrypt uses to issue and renew TLS certificates without manual intervention.

AGPL

Affero General Public Licence. A copyleft licence that closes the GPL's network gap: if users interact with the software over a network, they must be offered its source. Written for server-side software the GPL's distribution trigger never reached.

Alpine

A small, security-oriented Linux distribution built on musl and BusyBox rather than glibc and GNU coreutils. Widely used as a minimal container base image. One of the userlands that share the Linux kernel and little else.

Alpine.js

A lightweight JavaScript framework, around ten kilobytes, for adding client-side behaviour directly in HTML attributes. A smaller, declarative alternative to the large single-page-application frameworks.

Andrew Tanenbaum

The computer scientist who wrote MINIX in 1987 as a teaching operating system, and Linus Torvalds' opponent in the well-known 1992 debate over microkernel versus monolithic kernel design.

Ansible

An agentless automation tool for configuration management, application deployment, and orchestration. Uses YAML playbooks over SSH.

Anthropic

American AI company. In June 2026 it complied with a US Commerce Department directive to suspend its two most capable models for all foreign nationals, three days after launch, withdrawing them from every customer. Cited as evidence that the institutional lever reaches proprietary, paid software as readily as open source.

Arch

A rolling-release Linux distribution following a minimalist, do-it-yourself philosophy. Ships current packages continuously rather than in fixed versions, leaving system composition to the user. Like every distribution, an assembly of independently-governed projects rather than a single tree.

ARM

A processor instruction-set architecture designed in Cambridge and licensed, core by core, to chip makers worldwide; the most widely deployed ISA on Earth, owned since 2016 by Japan's SoftBank.

AWS

Amazon Web Services. The dominant cloud computing platform offering IaaS, PaaS, and managed services.

AWS Amplify

Amazon Web Services' platform for building and deploying modern front-end and full-stack applications, alongside Vercel and Netlify in the deployment-economy tier whose business depends on the heavy stack.

B

Babel

A JavaScript compiler that transforms modern or non-standard syntax into widely-supported JavaScript. A near-universal part of the standard front-end toolchain, alongside Webpack, ESLint and Jest.

Base System

In FreeBSD and the other BSDs, the kernel, C library, userland utilities, documentation, toolchain and release-engineering process maintained together in one source tree by one project and shipped as one tested snapshot. Contrasts with a Linux distribution, which assembles several hundred independently-governed projects. Base means what is shipped together; system means integrated whole.

Berkeley

The University of California, Berkeley, and in particular its Computer Systems Research Group, where the Berkeley Software Distribution was developed from the late 1970s. The second wellspring of Unix after Bell Labs; the BSD family carries Berkeley's code to this day.

Berkeley Software Design

Berkeley Software Design Inc. (BSDi), the commercial spinoff that sold a Net/2-based product from 1992 and was sued by AT&T's Unix System Laboratories in USL v. BSDi.

Berkeley Software Distribution

The line of Unix begun in 1977 by Berkeley's Computer Systems Research Group as modifications to AT&T Unix; over fifteen years it became a fully alternative line, 1BSD through 4.4BSD, and the root of today's FreeBSD, NetBSD, OpenBSD and DragonFly.

Bionic

Android's C library and low-level runtime, used in place of glibc. One of several userlands that share the Linux kernel and little else, alongside GNU, musl and BusyBox.

BIOS

The traditional system firmware that initialised a PC at power-on before handing control to the operating system; today largely replaced by UEFI.

BPF

Berkeley Packet Filter. Originally a packet capture mechanism, extended in Linux as eBPF for programmable kernel-level filtering. Used by seccomp-bpf to inspect and decide on every syscall at runtime.

BSD

Berkeley Software Distribution. The line of Unix developed at the University of California, Berkeley from the late 1970s, and the family that descends from it today (FreeBSD, OpenBSD, NetBSD, DragonFly). Unix by inheritance, carrying the AT&T-and-Berkeley code in its source under a permissive licence.

BSDi

Berkeley Software Design Inc., the commercial spinoff that from 1992 sold a product based on Berkeley's Net/2; defendant in the USL v. BSDi lawsuit that ran 1992 to 1994.

build.rs

A Rust build script: arbitrary code a crate runs at build time, with full filesystem and network access under the developer's permissions. The reason Rust is not exempt from install-time code execution.

Bun

An all-in-one JavaScript runtime, bundler, transpiler, and package manager. Written in Zig, designed for speed.

BusyBox

A single small executable combining stripped-down versions of many standard Unix utilities, common on embedded Linux systems. Another userland that shares the Linux kernel with GNU, musl and Bionic.

C

Caddy

A web server with automatic HTTPS via built-in ACME client. Written in Go. Often used as a reverse proxy.

Ambient Authority

The security property where a process inherits all the permissions of the user who launched it. The default Unix model since 1969. Capsicum eliminates it; seccomp restricts it.

Capsicum

A capability-based security framework in FreeBSD. One syscall (cap_enter) permanently removes all access to global namespaces. The process keeps only its existing file descriptors, each restricted via cap_rights_limit(). Irreversible. Compiled into FreeBSD 10.0 by default since 2014.

cargo-vet

A Rust supply-chain tool from Mozilla that requires human-reviewed audits of a crate before it is allowed into a build, so a dependency cannot enter a project unreviewed.

CAST

The templating language used by CASTD. Five delimiter pairs for variables, conditions, slots, comments, and expressions.

CDDL

Common Development and Distribution Licence. Sun Microsystems' open-source licence, intentionally incompatible with the GPL. The licence under which ZFS was released.

certification mark

A trademark that certifies a product meets a defined standard rather than identifying its commercial source. UNIX is one: it may sit only on systems tested and approved against the Single UNIX Specification. Such a mark survives in law only by staying narrow, which is why The Open Group disowns loose use of the word.

Computer Systems Research Group

The group at the University of California, Berkeley (CSRG) that from 1977 produced the Berkeley Software Distribution and, before disbanding in the 1990s, the clean 4.4BSD-Lite release from which the modern BSDs descend.

Copyleft

A licensing strategy that grants the freedoms to use, study, modify and share on the condition that derivative works carry the same terms. The licence travels with every line into any fork and remains there in perpetuity. The GPL is the canonical example; permissive licences such as BSD impose no such condition.

coreboot

An open-source replacement for the proprietary system firmware (BIOS or UEFI) of a machine, available on some hardware classes; one of the few sub-OS layers that admits an open alternative.

coreutils

The GNU implementation of the basic file, shell and text utilities (ls, cp, cat and the rest) shipped by most Linux distributions. One component among the several hundred a distribution maintainer selects and integrates around the kernel.

CI/CD

Continuous Integration / Continuous Deployment. Automated pipelines that build, test, and deploy code on every commit.

CNCF

Cloud Native Computing Foundation. The Linux Foundation project hosting Kubernetes, Prometheus, Envoy, and other cloud-native infrastructure projects.

CQRS

Command Query Responsibility Segregation. Separates read models from write models, allowing independent optimisation of each path.

Cracktro

A signature animation attached to cracked software by pirate groups in the 1980s and 1990s. Scrolling text, chiptune music, and vector effects as calling cards. The art form that evolved into the demoscene.

Copy-on-Write

A storage strategy where data is never overwritten in place. New data is written to a new location, then the pointer is updated. Guarantees consistency after power failure.

crates.io

The package registry for the Rust language. A published version is immutable: it can never be overwritten, only yanked, which removes the republish-an-existing-name trick used against npm.

cron

The Unix job scheduler. Executes commands at specified times using a five-field time expression (minute, hour, day, month, weekday).

CrowdStrike Incident

On 19 July 2024, a rapid content update to CrowdStrike's Falcon Sensor bypassed quality control and crashed 8.5 million Windows machines globally. Airlines, hospitals, banks, and emergency services were affected. $5.4 billion in Fortune 500 damages.

CSR

Client-Side Rendering. Building the page DOM entirely in the browser via JavaScript after an initial empty HTML shell is delivered.

CSS Layers

The @layer rule in CSS, allowing authors to define explicit cascade priority between groups of styles, eliminating specificity wars.

CSS-in-JS

A pattern where CSS is authored inside JavaScript files, generating styles at runtime. Adds bundle weight and runtime overhead.

D

Datastar

A small hypermedia and reactivity framework taking a server-sent-events approach, combining ideas from HTMX and Alpine in one package in the same order of magnitude as HTMX. A modern entry in the lightweight front-end tier.

dayjs

A small, widely used JavaScript date library. Its name and metadata were impersonated by the typosquat easy-day-js in the June 2026 Mastra supply-chain attack.

Debian

A community-driven Linux distribution known for its stability-first release policy. Debian Stable freezes packages and releases when ready, not on a schedule. The reference for conservative, tested software deployment.

Demoscene

A computer art subculture producing real-time audiovisual presentations (demos) within extreme size constraints, often 64 KB or less.

Deno

A secure JavaScript/TypeScript runtime by the creator of Node.js. Built-in TypeScript support, URL imports, and sandboxed permissions.

distinfo

The FreeBSD ports file that pins the SHA256 checksum and size of every distribution file a port downloads. A tampered upstream tarball fails the checksum and the port never builds.

DKMS

Dynamic Kernel Module Support. A framework for building kernel modules that automatically recompile when the kernel is updated. Used by ZFS on Linux.

Dependabot

A GitHub-integrated bot that automatically opens pull requests to update dependencies. On a monorepo, it can generate hundreds of PRs per week, each requiring review and testing.

Docker

A container runtime that packages applications with their dependencies into isolated filesystem images, sharing the host kernel.

DragonFly

DragonFly BSD. A fork of FreeBSD begun by Matthew Dillon in 2003, with its own approach to multiprocessing and the HAMMER filesystem. A member of the BSD family, Unix by descent.

DTrace

A dynamic tracing framework for real-time analysis of running systems. Originated in Solaris, ported to FreeBSD and macOS. Traces kernel and userspace with near-zero overhead when idle.

E

Ed25519

A modern public-key signature scheme, fast and compact, used by OpenSSH keys and by OpenBSD's signify for signing releases and packages.

Enshittification

The process by which platforms degrade their product to extract value. Coined by Cory Doctorow in 2022. Three phases: attract users, lock in businesses at users' expense, extract value for shareholders at everyone's expense. Word of the Year 2023 (American Dialect Society) and 2024 (Macquarie Dictionary).

ES Modules

The native JavaScript module system using import/export syntax, loaded by browsers without a bundler.

ESLint

A configurable linter for JavaScript and TypeScript that flags errors and enforces style rules. A standard fixture of the modern front-end toolchain.

EulerOS

Huawei's enterprise Linux distribution, once on The Open Group's register as conforming to UNIX and lapsed in 2022. One of the few Linux systems ever to hold the mark, a reminder that the certificate measures the interface, not the lineage.

European Processor Initiative

An EU-funded consortium (EPI) developing sovereign high-performance processors for European supercomputers, including the SiPearl Rhea line for the JUPITER exascale system.

Event Sourcing

A pattern that stores every state change as an immutable event rather than overwriting current state. The event log becomes the source of truth.

exascale

A class of supercomputer capable of a billion billion operations per second. Europe's first, JUPITER, is intended to run on SiPearl's Rhea processor.

F

fabrication

The manufacturing of chips from a design, carried out at a foundry. Leading-edge fabrication is dominated by TSMC, Samsung and Intel, with SMIC advancing in China.

Fetch API

The modern browser interface for making HTTP requests, replacing XMLHttpRequest. Returns Promises and supports streaming.

FFmpeg

A universal multimedia framework handling over 100 audio and video codecs. 1.5 million lines of C. Powers YouTube, Netflix, VLC, Spotify, Chrome. Created by Fabrice Bellard in 2000.

firmware

Software stored in hardware that runs below the operating system, such as the system firmware that boots a machine or the firmware on a management processor. Often vendor-signed and not user-replaceable.

fixi

A minimalist implementation of generalised hypermedia controls by the HTMX team, built to be as small as possible: roughly 3.5 KB uncompressed, around 1.3 KB compressed. The smallest end of the hypermedia tier.

FOSDEM

Free and Open Source Developers' European Meeting. Annual two-day conference in Brussels, free to attend, no registration.

FreeBSD

An open-source Unix operating system descended from the Berkeley Software Distribution. Known for ZFS, Jails, and its licence model.

FreeBSD Foundation

The non-profit that supports FreeBSD development, infrastructure and release engineering. Registered in Colorado, United States. A single-tree architecture does not by itself relocate this institutional anchor, which is the distinction between the architectural layer and the jurisdictional one.

FSF

Free Software Foundation. Founded by Richard Stallman in 1985 to promote software freedom; author and steward of the GPL family of licences. In a sovereignty reading, the FSF remains a co-governor of any GPL fork through the licence it authored.

G

GDPR

General Data Protection Regulation. EU law governing the collection, processing, and storage of personal data. Effective since 2018.

genericide

The death of a trademark by becoming the generic name for its category, as befell aspirin, escalator and thermos. The risk that drives The Open Group to police the UNIX mark narrowly: allowed to mean any Unix-ish system, it would cease to be a mark at all.

glibc

The GNU C Library, the default C library on most Linux distributions. Implements the standard library and the syscall interface to the kernel. One userland among several (alongside musl, Bionic and BusyBox) that share the Linux kernel; its ABI contract with the kernel has occasionally broken in ways no single project owned.

GIL

Global Interpreter Lock. A mutex in CPython that allows only one thread to execute Python bytecode at a time, serialising CPU-bound work. Elegant until load disagrees.

GNU

GNU's Not Unix. The free-software project Richard Stallman began in 1983 to build a complete Unix-compatible system; its userland supplies the standard utilities, C library and toolchain on most Linux distributions. Unix-like by design, with no inherited Unix code.

GPL

GNU General Public Licence. The canonical copyleft licence, authored by the Free Software Foundation. Requires derivative works to carry the same terms, so its conditions travel with every line into any fork and cannot be repealed by the forker. The Linux kernel is licensed under GPLv2. Deliberately designed not to let go.

Goroutine

A lightweight thread managed by the Go runtime. Multiplexed onto OS threads. Enables high concurrency but subject to garbage collection pauses.

Grafana

A visualisation platform for metrics, logs, and traces. Connects to Prometheus, Loki, InfluxDB, and dozens of other data sources.

Goodhart's Law

When a measure becomes a target, it ceases to be a good measure. Named after economist Charles Goodhart (1975). Explains why velocity tracking corrupts estimation.

GraphQL

A query language for APIs where the client specifies exactly which fields it needs. Developed by Facebook, alternative to REST.

gRPC

A high-performance RPC framework using Protocol Buffers and HTTP/2. Supports streaming, code generation, and strong typing.

H

HAProxy

A high-performance TCP/HTTP load balancer and reverse proxy. Event-driven, widely used for traffic distribution.

htm/a

A four-kilobyte server-side reactivity framework with a type-safe Rust core and no dependencies, the author's own study built to see how low the front-end floor can go; it runs htma.run. Not a supported product, but a proof that the floor is lower than the industry assumes.

HTTP/2

The second major version of HTTP. Binary framing, multiplexed streams over a single TCP connection, header compression.

HTTP/3

HTTP over QUIC. Replaces TCP with UDP-based transport, eliminating head-of-line blocking. Built-in encryption.

I

IaaS

Infrastructure as a Service. Virtual machines, storage, and networking rented from a cloud provider instead of running your own hardware.

IEEE 1003

The IEEE standard family better known as POSIX, first published as IEEE 1003.1 in 1988. The technical text the Single UNIX Specification incorporates, specifying the interface a program sees rather than the system that implements it.

infostealer

Malware whose purpose is to harvest secrets from a machine, browser data, cryptocurrency wallets, SSH keys, cloud tokens and credential files, and exfiltrate them to attacker infrastructure.

Intel Management Engine

A small autonomous processor inside Intel chipsets, running its own MINIX-based firmware at a privilege below the kernel, with system access and a network path, active even while the machine is powered off. Built for remote fleet management; CVE-2017-5689 showed it could be taken over remotely.

io-pkt

The networking stack of the QNX operating system, built directly on NetBSD's networking code. Berkeley's code compiled into QNX's own address space, which is why a Unixoid by kernel carries a genuine piece of the BSD line inside it.

IPsec

Internet Protocol Security. A suite of protocols for authenticating and encrypting IP packets. Complex configuration, largely replaced by WireGuard for VPNs.

IRIX

Silicon Graphics' Unix flavour for its workstations, one of the proprietary Unixes of the 1980s.

ISA

Instruction-set architecture: the contract between software and a processor, the set of instructions a CPU exposes. x86, ARM and RISC-V are the three main ISAs, and which a chip implements is a question of ownership as much as of engineering.

J

jails

FreeBSD's kernel-native operating-system virtualisation: an isolated environment that is a first-class kernel primitive rather than a daemon-mediated arrangement of namespaces. With VNET each jail holds an independent network stack.

Jest

A JavaScript testing framework, widely used in the React ecosystem. One of the tools, with React, Webpack, Babel and ESLint, that make a junior engineer a known quantity to the hiring market.

jq

A functional programming language for transforming JSON on the command line. Generators, backtracking, immutable values, compiled to a stack-based bytecode VM. 822 KB binary. Written in C by Stephen Dolan in 2012. MIT licence.

JSON-RPC

JSON Remote Procedure Call. A lightweight protocol that encodes function calls and responses as JSON objects, transported over HTTP or WebSockets.

K

K-UX

Inspur K-UX, a Linux-based operating system from the Chinese vendor Inspur, certified against UNIX in 2013 and later lapsed. One of the very few Linux distributions ever to hold the UNIX mark.

KubeCon

The Cloud Native Computing Foundation's flagship conference for Kubernetes and cloud-native technologies.

Kubernetes

An orchestration platform for managing containerised workloads across clusters. Handles scheduling, scaling, and self-healing.

L

Landlock

A Linux security module (merged in 5.13, 2021) that adds unprivileged filesystem sandboxing. Moves closer to Capsicum's capability model but does not yet match the simplicity of cap_enter().

light-dark()

A CSS function that returns one of two values depending on the computed color-scheme. Eliminates media-query duplication for dark mode.

LibreOffice

A free, open-source office suite forked from OpenOffice.org in 2010 and maintained by The Document Foundation. A common component of European public-sector migrations away from proprietary productivity software.

Linux

The kernel Linus Torvalds wrote from scratch in 1991, and the operating systems built around it with a GNU or other userland. Unix-like, not Unix: it inherited no Bell Labs or Berkeley code and has never been certified by The Open Group. A separate family that looks Unix-shaped by design.

Linux Foundation

A non-profit consortium that hosts the Linux kernel's infrastructure and many other projects (including the CNCF). Registered in the United States as a 501(c)(6) trade association and therefore bound by US legal reach. Its 2024/2025 report put 84.3 per cent of kernel commits with developers paid by their employers.

Linuxulator

FreeBSD's Linux binary compatibility layer. Translates Linux system calls to FreeBSD equivalents in the kernel, running Linux binaries natively without emulation. Active since 1995.

Lions' Commentary

John Lions' line-by-line reading of the Unix V6 kernel source, written at the University of New South Wales in 1976. Later restricted by AT&T and circulated in samizdat photocopies for two decades, one of the most-copied computer-science documents of its era.

LoongArch

A domestic instruction-set architecture developed by China's Loongson in 2021, moving away from the MIPS lineage toward an ISA under its own control.

LTS

Long-Term Support. A release designated for extended maintenance, typically receiving only security patches and critical bug fixes. Node.js LTS lasts 30 months. PostgreSQL supports each major for 5 years.

Lua

A lightweight embeddable scripting language. 30 KB runtime, first-class functions, metatables for OOP. Used in game engines and web servers.

M

Mach

A microkernel developed at Carnegie Mellon from the mid-1980s, part of the separate microkernel engineering tradition that grew up beside the monolithic Unix line and the basis of several later systems.

MAINTAINERS file

A file in the Linux kernel source tree listing who is responsible for each subsystem. In October 2024 it was edited to remove approximately eleven entries under stated compliance requirements, a change Linus Torvalds confirmed and declined to reverse. Illustrates that forking the source does not fork the governance.

Mastra

An open-source TypeScript framework for building AI applications, distributed as the @mastra npm scope. In June 2026 its publishing scope was hijacked through a dormant contributor account and 144 of its packages were backdoored.

MCP

Model Context Protocol, an open standard for connecting AI assistants to external tools and data sources. Packages aimed at MCP developers were a pointed target of the June 2026 PyPI supply-chain campaign.

Merkle tree

A hash tree where every leaf node is labelled with the hash of a data block and every non-leaf node is labelled with the hash of its children. Used by ZFS for end-to-end checksumming.

microcode

The lowest layer of a CPU: the signed, encrypted program that translates architectural instructions into the processor's internal operations. It can be updated only with the manufacturer's signature; one cannot read it, write it, or fork it.

microkernel

An operating-system design that keeps drivers, filesystems and the network stack out of kernel space, communicating through a small message-passing core, so a failed driver restarts in milliseconds rather than taking the machine down. QNX is the long-standing production example.

Microservices

An architecture that decomposes an application into small, independently deployable services communicating over network protocols.

Minix

A small Unix-like operating system written by Andrew Tanenbaum in 1987 for teaching. Famously the system the young Linus Torvalds ran and outgrew, prompting him to write the Linux kernel.

Monolith

A single deployable unit containing all application logic. Often contrasted with microservices but not inherently inferior.

musl

A clean-room, lightweight implementation of the C standard library for Linux, emphasising POSIX correctness and small size. Used in place of glibc by Alpine and many container images. One userland among several (alongside glibc, Bionic and BusyBox) that share the Linux kernel and little else.

MVC

Model-View-Controller. An architectural pattern that separates data (Model), presentation (View), and input handling (Controller).

MVCC

Multi-Version Concurrency Control. A database technique where readers see a consistent snapshot without blocking writers. Used in PostgreSQL.

MVS

Multiple Virtual Storage, the IBM mainframe operating-system line whose design reaches back to the 1960s and the kernel beneath today's z/OS. It carries no Bell Labs or Berkeley code; the certified-Unix part of z/OS is a POSIX layer sitting on top of it.

N

Neoverse

ARM's line of licensed CPU cores for servers and high-performance computing; the cores on which Europe's SiPearl Rhea1 is built.

Net/2

Berkeley's 1991 release, an attempt to ship a Unix distribution containing only Berkeley-written code and no AT&T-licensed source; the basis of BSDi's product and the trigger for the USL lawsuit.

Netflix

The streaming company, cited here for a 2017 web-performance result: removing client-side React from its logged-out home page cut Time to Interactive by around half. In the Unix context, its Open Connect appliances also run FreeBSD.

Netlify

A deployment and hosting platform for modern front-end applications, in the same tier as Vercel. Its hosting model and integrations are coupled to the heavy modern stack, and pricing tends to scale with bundle size.

Network Effect

The phenomenon where a product becomes more valuable as more people use it. The mechanism that creates lock-in: leaving the network means losing the connections you built on it.

Nextcloud

An open-source, self-hostable file-sync and collaboration platform, often deployed as a sovereign alternative to proprietary cloud suites. A common component of European public-sector migrations.

nftables

The Linux packet classification framework replacing iptables. Uses a unified syntax for filtering, NAT, and mangling.

nginx

A high-performance HTTP server and reverse proxy using an event-driven, non-blocking architecture. Serves static files and proxies upstream applications.

Nintendo Switch

Nintendo's games console (2017). Its Horizon operating system carries FreeBSD's networking code without being a FreeBSD derivative outright, code from one family running inside another. Counted with Sony's consoles, it tilts the console world towards BSD.

Novell

The software company that acquired AT&T's Unix System Laboratories, and with it the UNIX trademark, in 1993, before passing the mark to X/Open the same year. One link in the chain of custody that ends at The Open Group.

npm

Node Package Manager. The default registry and CLI for JavaScript packages. Manages dependency trees in node_modules.

O

Open Software Foundation

An industry consortium founded in 1988 to develop an open Unix standard, which merged with X/Open in 1996 to form The Open Group. One of the two bodies whose union produced the present keeper of the UNIX mark.

Organic Reach

The percentage of a page's followers who see a post without paid promotion. Facebook organic reach for business pages fell from 16% in 2012 to 1.37% in 2024, the canonical example of platform enshittification.

OKLCH

A perceptually uniform colour space using Lightness, Chroma, and Hue. Produces consistent perceived brightness across all hues, unlike HSL.

OOCSS

Object-Oriented CSS. A methodology that separates structure from skin and container from content, promoting reusable CSS classes.

OpenBSD

A security-focused open-source Unix operating system. Produced OpenSSH, LibreSSL, OpenBGPD, and the pledge()/unveil() system calls. Known for code audits and minimal defaults.

OpenVPN

An open-source VPN solution using SSL/TLS for key exchange. Flexible but verbose configuration compared to WireGuard.

ORM

Object-Relational Mapping. A layer that translates between programming-language objects and relational database rows, abstracting SQL behind method calls.

osv-scanner

An open-source vulnerability scanner that reads the OSV database of advisories rather than only CVE feeds. It flagged the malicious Mastra dependency that CVE-bound tools, finding no CVE, did not.

P

PaaS

Platform as a Service. A managed environment where developers deploy code without managing servers, containers, or operating systems.

permissive

A licence family (BSD, MIT, Apache 2.0) that lets the receiver build on, fork, ship and relicense the code freely, keeping only attribution. The counterpart to copyleft, which carries its conditions into everything built on it.

pf

Packet Filter. The firewall in FreeBSD (and OpenBSD). Stateful, with anchors, tables, and a concise rule syntax.

PHP-FPM

FastCGI Process Manager for PHP. Manages a pool of PHP worker processes, each handling one request at a time. Typical memory: 40-128 MB per worker.

Platform Security Processor

AMD's equivalent of the Intel Management Engine: an embedded ARM core inside the SoC running signed proprietary firmware with full system access, but without the direct network path the Intel ME carries.

POSIX

Portable Operating System Interface. A family of IEEE standards defining Unix-compatible APIs, shell behaviour, and utility conventions.

PostgreSQL

An advanced open-source relational database with MVCC, JSON support, full-text search, and extensibility via custom types and functions.

postinstall

An npm lifecycle hook: a script a package declares to run automatically the moment it is installed, with the full rights of whoever ran the install. Convenient for setup, and the standard foothold for supply-chain malware.

Poudriere

The FreeBSD tool for building binary packages from ports inside clean, isolated jails, so a build process cannot reach the host that drives it.

Privilege Separation

A security architecture that splits a process into a small privileged monitor and a larger unprivileged worker. Limits damage when the worker is compromised. Pioneered by OpenSSH in 2002.

Prometheus

A time-series monitoring system with a pull-based model, PromQL query language, and built-in alerting.

PSE52

The realtime-controller profile of the POSIX standard (IEEE 1003.13), against which QNX holds a formal certification. Issued by the same bodies that keep the UNIX register, only against a different standard, which is how QNX claims genuine POSIX certification without being certified UNIX.

PyCon

The annual Python community conference. Held in multiple countries, featuring talks, sprints, and community gatherings.

Q

Quantum Software Systems

The Canadian company, founded near Ottawa, that began building QNX in 1982. The origin of one of the most widely deployed operating systems almost nobody can name.

R

RAII

Resource Acquisition Is Initialisation. A pattern where resources are tied to object lifetimes: acquired in the constructor, released in the destructor. Rust enforces this through ownership. No garbage collector needed.

Red Hat Enterprise Linux

A commercially supported Linux distribution from Red Hat (RHEL), aimed at enterprise deployments with long support cycles and certified hardware. Like every distribution, an assembly of independently-governed projects selected, patched and integrated by the vendor rather than a single tree.

Redis

An in-memory data structure store used as database, cache, and message broker. Single-threaded, sub-millisecond latency.

REST

Representational State Transfer. An architectural style for APIs using standard HTTP methods (GET, POST, PUT, DELETE) on resource URLs.

RISC-V

An open instruction-set architecture, originally from UC Berkeley, that anyone may implement without a licence fee. Its specification is open; its governing body, RISC-V International, sits in Switzerland.

RISC-V International

The non-profit foundation that governs the RISC-V specification. It moved its incorporation from the United States to Switzerland in 2020 to insulate the open ISA from any single state's trade policy.

Rolling Checksum

A hash that can be updated incrementally as a window slides across data. Enables rsync to find matching blocks in O(n) instead of O(n²). Based on Adler-32.

Rolling Release

A software distribution model where updates ship continuously rather than in discrete versions. No fixed release date, no frozen state. The system is always current, never finished.

rsync

A fast, incremental file transfer utility. Transfers only the differences between source and destination using a rolling checksum algorithm.

Rust

A systems programming language emphasising memory safety without garbage collection, using ownership and borrowing rules enforced at compile time.

S

SaaS

Software as a Service. Renting access to software hosted by the vendor, paid via recurring subscription rather than a perpetual licence.

Sass

A CSS preprocessor adding variables, nesting, and mixins. Largely obsoleted by native CSS custom properties, nesting, and @layer.

Scrum

An agile framework using fixed-length Sprints, daily stand-ups, and defined roles (Product Owner, Scrum Master, Development Team).

seccomp

Secure Computing mode. A Linux kernel facility that restricts which system calls a process may invoke. Strict mode (2005) permits four calls. seccomp-bpf (2012) allows programmable filters via BPF programmes.

SemVer

Semantic Versioning. A versioning scheme using MAJOR.MINOR.PATCH where major means breaking changes, minor means new features, patch means bug fixes. The contract is voluntary and routinely violated.

server-side rendering

Generating a page's HTML on the server and sending it to the browser ready to display, rather than shipping JavaScript that builds the page on the client. The default of the web before the SPA era, and the model the lean alternatives return to.

Share-Nothing

An architecture where each request handler starts with no shared state. Every request is isolated. PHP's default model. Beautiful for safety, structural impediment for persistent connections.

Serverless

A cloud execution model where the provider allocates resources per request. You write functions, the vendor manages infrastructure.

SiFive

A US company that designs and licenses RISC-V processor cores, one of the earliest commercial RISC-V vendors.

signify

OpenBSD's signature tool, written by Ted Unangst in 2014, using Ed25519. It signs releases and packages; pkg_add verifies each file against its recorded checksum immediately after extraction, before doing anything with it.

Single UNIX Specification

The written standard a system must conform to in order to be certified UNIX, maintained by The Open Group and aligned with POSIX; its current edition, Issue 8, aligns with POSIX.1-2024. It certifies the interface (the C library, the shell, the standard utilities), not the kernel beneath.

SiPearl

A French company building high-performance server processors for the European Processor Initiative. Its Rhea1, taped out in 2025 as the most complex chip designed in Europe, is built on licensed ARM Neoverse cores and fabricated in Taiwan.

SMIC

Semiconductor Manufacturing International Corporation, China's largest chip foundry. It has produced 5nm-class parts (the Huawei Kirin 9030) using deep-ultraviolet multi-patterning, without the extreme-ultraviolet tools restricted to it.

SoftBank

The Japanese holding company that has owned ARM since 2016. NVIDIA's attempt to buy ARM from SoftBank in 2020-2022 was blocked by regulators; ARM listed publicly in 2023 but remains majority SoftBank-owned.

SPA

Single-Page Application. A web app that loads one HTML document and rewrites it dynamically via JavaScript, avoiding full page reloads.

Specificity

The algorithm browsers use to determine which CSS rule wins when multiple rules target the same element. Based on selector weight: ID > class > element.

SQLite

A self-contained SQL database engine stored in a single file. No server process. Handles terabytes with zero configuration.

SSH

Secure Shell. A cryptographic protocol for secure remote login, command execution, and tunnelling over untrusted networks.

SSR

Server-Side Rendering. Generating the full HTML of a page on the server before sending it to the browser, as opposed to client-side rendering.

Steam Deck

Valve's handheld games console (2022), running the Linux-based SteamOS. The Linux counterweight in a console market otherwise dominated by FreeBSD-derived systems from Sony and Nintendo.

Stimulus

The small JavaScript framework in Hotwire (37signals) for the islands of a page that genuinely need client-side behaviour. Controllers attach to HTML via data attributes; deliberately modest, meant to complement server-rendered HTML, not replace it.

Stormshield

A French network-security vendor whose appliances run on FreeBSD. One of the security-appliance tier, alongside pfSense and OPNsense, that quietly runs BSD in the gap between the public internet and the office.

supply chain

In software, the full chain of third-party code, registries, maintainer accounts and build steps a project depends on. A supply-chain attack compromises one of those links to reach everyone downstream.

SUSE

A German-founded Linux vendor and its enterprise distribution (SUSE Linux Enterprise, openSUSE). One of the long-established distributions that select, patch and integrate upstream components into a coherent system: an assembly process, not a single tree.

System V

The commercial Unix line developed by AT&T from 1983, ancestor of the certified commercial Unixes AIX and HP-UX. One of the two great branches of the Unix genealogy, alongside BSD.

systemd

The init system and service manager in most Linux distributions. Manages processes, logging, networking, and device events. Controversial for its scope.

T

tape-out

The point at which a finished chip design is sent to a foundry for manufacture; the milestone SiPearl's Rhea1 reached in 2025.

TCP/IP

The core networking protocols of the internet, whose reference implementation Berkeley shipped in 4.2BSD in 1983; every modern operating system on the internet uses what Berkeley wrote.

Terraform

An infrastructure-as-code tool by HashiCorp. Declares cloud resources in HCL files and manages their lifecycle.

Time to Interactive

A web-performance metric measuring how long until a page can reliably respond to user input. A page heavy with client-side JavaScript can render and yet stay unresponsive; reducing the script is the most direct way to improve it.

TLS

Transport Layer Security. The cryptographic protocol securing HTTPS, email, and other network traffic. Successor to SSL.

tmux

A terminal multiplexer. Runs multiple shell sessions in one terminal, supports detaching and reattaching, split panes, and session persistence.

transitive closure

The full set of dependencies a project pulls in: not only the packages you declared, but everything they depend on, recursively. A package.json of 30 to 50 entries routinely resolves to a transitive closure of well over a thousand packages.

TSMC

Taiwan Semiconductor Manufacturing Company, the world's largest contract chip foundry and the dominant maker of leading-edge silicon, including Europe's SiPearl Rhea1.

Turbo

The navigation half of Hotwire (37signals): it intercepts link clicks and form submissions, fetches the new HTML over the wire, and swaps it into the page without a full reload. No client-side router, no virtual DOM.

TypeScript

A typed superset of JavaScript that compiles to plain JS. Adds static type checking at build time.

typosquat

A malicious package given a name deliberately close to a popular one, so that a typo, an autocomplete or an injected dependency line pulls in the impostor instead of the real library. easy-day-js was a typosquat of dayjs.

U

UEFI

Unified Extensible Firmware Interface, the modern replacement for the BIOS: the system firmware that initialises hardware and hands control to the operating-system bootloader. Some hardware admits open alternatives such as coreboot; much does not.

Ultrix

DEC's Unix flavour for its own hardware, one of the proprietary workstation Unixes of the 1980s Unix wars.

UNIX

The registered trademark, held by The Open Group, for operating systems certified against the Single UNIX Specification. Written in capitals it denotes the mark; written Unix it denotes the wider family. Not a roof over that family but a certification mark, kept deliberately narrow: it sits only on tested, fee-paying products, and the holder disowns loose use of the word.

Unix Philosophy

Design principles favouring small, composable programs that do one thing well, connected via text streams.

Unix System Laboratories

AT&T's subsidiary, spun out in 1991, that held the UNIX trademark and the System V source before both passed to Novell in 1993. The first owner in the trademark's chain of custody.

UNIX System Services

The certified-UNIX component of IBM's z/OS: a POSIX environment layered on top of the mainframe MVS kernel. The part of z/OS that holds the certificate, proof that a system can speak Unix at the surface while being a mainframe all the way down.

UNIX V7

The stricter brand level of the UNIX certification, corresponding to the Single UNIX Specification version 4 (POSIX.1-2008). IBM's AIX 7 is the only product on the register certified at this level; macOS sits one rung lower, at UNIX 03.

Unix wars

The 1980s period in which DEC, IBM, HP, Sun, SGI, NeXT and others each shipped an incompatible proprietary Unix flavour for their own hardware; the fragmentation POSIX was created to bridge.

unixoid

A Unix-like system: one that rebuilt the Unix design from resemblance without inheriting a line of Bell Labs or Berkeley code. Linux is the most widely deployed unixoid, QNX another. A unixoid resembles Unix without being Unix by descent.

userland

Everything that runs outside the kernel: the C library, the shell, the standard utilities and the applications. On Linux the userland is supplied separately from the kernel (GNU, musl, Bionic, BusyBox); in a BSD base system it is maintained in the same source tree as the kernel.

V

Version 6

Unix Version 6 (V6), released by Bell Labs in 1975, the first version to spread widely outside the Labs and the subject of Lions' line-by-line Commentary.

virtual DOM

An in-memory representation of the page that a framework such as React diffs against the real DOM to decide what to update. A core mechanism of single-page-application frameworks, and one that hypermedia approaches like HTMX deliberately do without.

Vite

A frontend build tool using native ES Modules for instant dev server startup and Rollup for production builds. Replaces Webpack.

VNET

Virtual Network Stack in FreeBSD. Gives each jail its own interfaces, routing table, and firewall rules. Kernel-native network isolation without overlay networks.

W

WebAssembly

A binary instruction format for a stack-based virtual machine. Runs near-native speed in browsers alongside JavaScript.

Webpack

A JavaScript module bundler that resolves dependency graphs and outputs optimised bundles. Largely replaced by Vite and native ES Modules.

WebSocket

A persistent, full-duplex communication channel over a single TCP connection, enabling real-time data exchange between browser and server.

WireGuard

A modern VPN protocol using state-of-the-art cryptography. One C file, ~4,000 lines, replaces IPsec and OpenVPN.

X

X/Open

The industry consortium that received the UNIX trademark from Novell in 1993 and merged with the Open Software Foundation in 1996 to form The Open Group. Custodian of the mark in the years between AT&T and the present.

x86

The dominant desktop and server processor architecture, designed by Intel and also built by AMD under licence, held behind a patent thicket dense enough that the practical number of vendors is two.

XuanTie

Alibaba's T-Head line of RISC-V processors; its C930, announced in 2025, is a RISC-V server CPU for AI and high-performance workloads.

Z

ZFS

Zettabyte File System. A combined filesystem and volume manager with checksumming, snapshots, clones, and built-in RAID.

Zscaler

A cloud-security company whose service edge has run on FreeBSD. Part of the FreeBSD security-appliance tier that handles a large share of corporate traffic between the public internet and the office.

People

A

Jonathan Anderson

Computer scientist, co-creator of Capsicum with Robert Watson. Their 2010 USENIX Security paper introduced capability-based sandboxing to FreeBSD. Now at Memorial University of Newfoundland.

Andrea Arcangeli

Linux kernel developer. Created the original seccomp strict mode in 2005 (Linux 2.6.12), permitting only four syscalls. Also known for work on KVM and Transparent Huge Pages.

B

Kent Beck

Creator of Extreme Programming and co-inventor of story points with Ron Jeffries. Wrote the SUnit testing framework that became JUnit. Advocate of simplicity in software design.

Fabrice Bellard

French computer scientist. Created FFmpeg, QEMU, TinyCC, JSLinux, and Bellard's formula. Computed 2.7 trillion digits of pi on a desktop PC. Builds fundamental tools, then moves on.

Jeff Bonwick

Engineer at Sun Microsystems who designed the Slab Allocator and co-created ZFS with Matthew Ahrens. Built the filesystem that trusts mathematics over hardware.

D

Cory Doctorow

Canadian-British author, journalist, and digital rights activist. Coined 'enshittification' in November 2022. Published on Pluralistic. Won Word of the Year 2023. Author of Little Brother, Walkaway, and the 2025 book Enshittification.

Stephen Dolan

Creator of jq (2012). PhD in Algebraic Subtyping at the University of Cambridge, supervised by Alan Mycroft. Now at Jane Street, working on the OCaml compiler. Wrote a functional language for JSON in 510 KB of C.

Will Drewry

Google engineer who introduced seccomp-bpf in Linux 3.5 (2012). Extended seccomp from a binary four-syscall mode to programmable BPF-based filtering, enabling practical process sandboxing on Linux.

Dubmood

Swedish chiptune musician and demoscene legend. Two decades of tracker music across Amiga, C64, and PC platforms. Composed the soundtrack for Razor 1911's 'The Scene Is Dead' (2012).

F

Rich Felker

Author of musl libc, a clean-room lightweight C standard library for Linux. Vocal advocate for POSIX correctness and minimal PID 1 design.

Michael Färber

Computer scientist. Published the first formal specification of the jq language in 2024 (arXiv:2403.20132), twelve years after Dolan wrote the implementation. Also wrote jaq, a Rust reimplementation of jq that is 5-10x faster.

Martin Fowler

Software author and Chief Scientist at ThoughtWorks. Coined 'Microservices' with James Lewis. Wrote Refactoring, Patterns of Enterprise Application Architecture, and the 'Monolith First' essay.

H

David Heinemeier Hansson

Creator of Ruby on Rails. Co-founder of Basecamp and HEY. Now advocates software ownership over SaaS subscriptions with ONCE.

Rich Harris

Creator of Svelte and Rollup. Former graphics editor at The New York Times. Demonstrated that the Virtual DOM is 'pure overhead'.

J

Ron Jeffries

Co-creator of Extreme Programming. Agile Manifesto signatory. In 2018, wrote 'Developers Should Abandon Agile' — a rare recantation from an original author.

K

Poul-Henning Kamp

Danish FreeBSD developer. Created Jails (1999), the GEOM storage framework, and Varnish Cache. Known for phk's bikeshed argument and decades of kernel-level systems work.

Greg Kroah-Hartman

Senior Linux kernel maintainer responsible for stable releases. In 2024, removed Russian-affiliated maintainers from the MAINTAINERS file on compliance grounds.

L

James Lewis

Software architect at ThoughtWorks. Co-coined the term 'Microservices' with Martin Fowler in their 2014 article defining the architectural style.

M

Alan Mycroft

Professor of Computing at the University of Cambridge. Supervised Stephen Dolan's PhD in Algebraic Subtyping. Co-designed the Nanopass framework and contributed to static analysis research spanning four decades.

P

Lennart Poettering

Creator of systemd and PulseAudio. His replacement of SysVinit with a monolithic init system remains one of the most divisive decisions in Linux history.

R

Theo de Raadt

Founder and leader of the OpenBSD project. Forked OpenSSH in 1999. Three decades of security-first development, auditing every line, removing attack surface instead of adding features.

S

Salvatore Sanfilippo

Sicilian developer known as antirez. Created Redis in 2009, a single-threaded in-memory data structure server. Maintained it personally for fifteen years.

Ken Schwaber

Co-creator of Scrum with Jeff Sutherland. Founded the Scrum Alliance, later Scrum.org. Admitted that 75 per cent of organisations using Scrum will not succeed.

T

Dave Thomas

Agile Manifesto signatory. Co-author of The Pragmatic Programmer. Declared 'Agile is Dead' in 2014, arguing the word had been hijacked by consultancies.

Ken Thompson

Co-creator of Unix (1969), the B programming language, and the first cron (1975) at Bell Labs. Co-designed UTF-8 and Plan 9. Turing Award winner (1983) with Dennis Ritchie.

Linus Torvalds

Creator and principal developer of the Linux kernel. Also wrote Git. Maintains kernel development from Portland, Oregon.

Andrew Tridgell

Australian computer scientist. Created rsync (1996), Samba (Windows file sharing on Unix), ccache, and co-developed Git's delta compression with Linus Torvalds.

V

Paul Vixie

Author of Vixie cron (1987), BIND (the DNS server running a third of the internet), and numerous RFCs. Internet Hall of Fame inductee (2014). The five-field crontab syntax is his.

W

Robert Watson

Computer scientist at the University of Cambridge. Co-created Capsicum with Jonathan Anderson (2010, Best Student Paper at USENIX Security). Also contributed to FreeBSD's MAC framework and TrustedBSD.

Y

Greg Young

Popularised Event Sourcing and CQRS as architectural patterns. Author of Versioning in an Event Sourced System.