TECHNICAL BLOG

Deep Dives into Linux Internals

Security research, performance analysis, and OS fundamentals

Linux InternalsFEATURED

How read() Really Works: From Syscall to Disk and Back

A deep dive into what happens when your program calls read() — from the C wrapper all the way down to the storage driver.

12 min read · May 2025
Performance

Why npm install makes 40,000 stat() calls

We traced npm install and found something surprising about how it resolves modules.

8 min · Apr 2025
Security

Detecting Malware via Syscall Fingerprinting

Certain syscall sequences reliably identify malicious behavior. Here's how we built our detection rules.

15 min · Apr 2025
Performance

The Hidden Cost of file I/O in Node.js

Why your Node.js app might be making hundreds of unnecessary filesystem calls.

10 min · Mar 2025
Research

How Chrome and Firefox Differ at the Kernel Level

We ran both browsers under strace and compared 10,000+ syscalls. The differences are fascinating.

18 min · Mar 2025
Linux Internals

Understanding mmap: Memory-Mapped Files Explained

mmap() is one of the most powerful and misunderstood syscalls. This is your complete guide.

11 min · Feb 2025
Linux Internals

ptrace: The Syscall That Makes strace Possible

How ptrace works, why it's powerful, and what security implications it has.

14 min · Feb 2025