Blog
Thoughts on engineering, design, and building great products.
Maps: Memory and the Bridge to Userspace
An eBPF program runs per event then shuts off, keeping no variables between runs. Maps are how it remembers state and talks to userspace. This article writes a program that counts every process exec into a map, loads it into the kernel, runs a few commands, then reads the map from userspace with bpftool — watching the number actually go up. Plus inspecting a real Cilium map holding per-CPU metrics, and distinguishing a plain array from a per-CPU one.
The eBPF Virtual Machine: Registers, Instruction Set, and Bytecode
Last article we saw an eBPF program with 'xlated 512B' (verified bytecode) and 'jited 333B' (machine code). This article goes inside that bytecode: eBPF is a RISC-style virtual machine with 11 64-bit registers and a small instruction set, designed to translate quickly to native code and be verifiable for safety. We read a running Cilium program's bytecode directly, see how each instruction maps to registers and its class, then why this design lets the verifier prove safety.
Seccomp, AppArmor and Capabilities
Article 54 made pods declare runAsNonRoot, drop ALL capabilities, seccomp RuntimeDefault — but that's only Kubernetes-level policy. This article goes to the kernel layer to see what they actually do: read /proc/self/status from two pods, one default and one hardened, comparing CapEff, Seccomp, NoNewPrivs, AppArmor. Then prove by hand that dropping a capability blocks a specific operation — chown is denied even when the container still runs as root.
Cron and Scheduled Tasks
Have commands and scripts run on a schedule — nightly backups, weekly log cleanup. Learn crontab syntax, the common pitfalls (PATH, environment), at for one-off jobs, and a wrap-up of the whole Linux series.
Shell Scripting: Automating with Bash
Combine commands into scripts so you don't retype them and can automate your work. Learn the shebang, variables, parameters, conditionals, loops, functions, exit codes, and safe-scripting habits like set -euo pipefail.
systemd and Services
systemd is the init system that controls every service on modern Linux. Learn systemctl to start/stop/restart services, have them auto-start at boot, write your own unit files, and view logs with journalctl.
SSH and File Transfer: ssh, scp, rsync
How you actually get into a remote Linux server: SSH with key authentication (safer than passwords), a handy config file, and transferring files with scp and rsync. A foundational skill for everything you do on a server.