Adriksh

the linux kernel has a per-process limit on open files. hit it and syscalls start failing with “too many open files” no matter how much ram you have, the soft limit is often 1024 by default. the hard limit can be much higher (like hundreds of thousands). every backend service that scales eventually runs into this.

on linux, you can run a program in an isolated environment its own process tree, mount view, hostname, network, and more without docker or any container runtime. the kernel does it directly. it’s called unshare. only a few processes visible. the rest of the system is hidden.

processes on linux can map the same memory and share data directly no sockets or pipes. it’s called shared memory. the kernel maps the same physical pages into each process. fast, but without synchronization, concurrent writes race results are unpredictable.

write() doesn’t mean written to disk. it usually copies data into the page cache and returns. the kernel marks it dirty and flushes it later. your program thinks it’s done but the data may still only exist in memory.

this works because of linux namespaces. docker, podman, lxc use these primitives directly. kubernetes builds on top of those runtimes.

linux lets you switch a process to real-time scheduling with one syscall. it will run ahead of normal tasks and is used in audio and other low-latency systems. if you spin in a while(1) without yielding, you can starve other processes and make the system feel frozen. requires CAP_SYS_NICE (or root).

strcpy, strcat, sprintf, gets these functions have caused a lot of real production bugs. they’re still in libc and still being taught. they don’t check buffer size and they fail. using them with untrusted input is unsafe.

printf("%s", user_input) is safe, printf(user_input) is a vulnerability. printf interprets the first argument as a format string every % makes it read arguments that weren’t passed user-controlled format string = arbitrary memory reads (and with %n, writes) this class of bugs is old, and it still shows up

on linux, you can take a snapshot of a running process its memory, its open files, its registers write it to disk, kill it, and restore it later (even on another machine, if the environments match). it's called CRIU. docker’s checkpoint/restore uses this under the hood.

linux has a directory that contains your CPU's exact model, every flag it supports, the cache sizes, and the temperature. it's just a file: linux exposes your CPU info as a text file, a lot of tools are just parsing it

bro: v.clear(); 🤔

PR from a guy with 10 years of C++:

it’s surprisingly easy to get a server running what’s hard is everything after this

people use volatile for threading. it doesn’t do that. volatile is for memory that can change outside the program, like hardware registers. the compiler isn’t allowed to optimize these accesses away.

redis returns string pointers that point to the middle of malloc'd memory. the length is hidden behind the pointer. it's evil and beautiful.

I keep this in my dotfiles it prints how long any command takes in human-readable units.

still thinking about this how did <10 engineers pull this off