Sign in

We’ve been using the load average to see the health of the servers.

There are several drawbacks associated with using the load average:

  • The load average shows the CPU load for the last 1 minute. We may need to see the load average in a much shorter window (how about 10 seconds?).
  • You can’t understand if your load average is high because of the I/O waits. You should see other statistics of your server (iotop, sysstat etc.).
  • You should do some calculation to interpret the load average:
    Load average / Number of enabled cpu cores. It can be confusing for new…

The networking is the first thing that comes to a lot of people’s minds when we are talking about containers.

Most container technologies use the Network Namespaces feature of the Linux Kernel. The network namespaces provide an isolated network stack in the operating system.

You can create a virtualized network stack that has its own interface, IP range, routing table, etc. You can run your applications in different network stacks.

E.g.: By default, Docker creates a virtual interface (docker0) with the IP range:

Photo by Jordan Harrison on Unsplash

Virtual Ethernet Device

Let’s assume that you have 2 computers. You probably know, you can create a network link…

As I said in the previous post, there are a couple of different security modules in the Linux Kernel: SELinux, AppArmor, Seccomp, Tomoyo, Smack, Capabilities, etc.

I’d like to talk about the Seccomp module in this post.

Seccomp stands for secure computing mode.

Photo by Raimond Klavins on Unsplash

Hundreds of system call available in the Linux Kernel. You may want to explicitly disable some system calls for a binary execute the file.

Seccomp allows you to set fine-grained filtering of the syscalls. You can set which syscalls are allowed or disallowed for a binary executable file before running it.

Let’s assume you have an application…

I’ve realized that setuid is still a common approach to allow normal users to run a process with the root privileges. However, setuid comes with a lot of security issues.

There are a couple of different security modules in the Linux Kernel: SELinux, AppArmor, Seccomp, Tomoyo, Smack, Capabilities, etc.

In this post, I’d like to talk about the Capabilities module of the Linux Kernel.

The root user (the effective user ID is zero) has no restrictions in the Linux Kernel. That user can do anything in Linux. …

As you probably know, you call getaddrinfo when you make a DNS request in a Linux/Unix based operating system.

Some domains have multiple A records. Let’s say you make a DNS request for, and you get, and

There may be lots of different scenarios to choose one of those IP addresses in real life.

Since we are living in the cloud age, most services don’t have this kind of static IP assignments.

You may want to use only one subnet of those 3 different subnets. Because of some routing issues, some DNS load balancing issues etc.

Photo by Jordan Harrison on Unsplash

Since the netstat (actually net-tools) is deprecated, people are moving from netstat to the ss command.

I see that a lot of people get confused with the output of ss -s command.

The closed column is especially mind-blowing.

Total: 246
TCP: 129 (estab 87, closed 28, orphaned 4, timewait 28)
Transport Total IP IPv6
RAW 1 0 1
UDP 6 4 2
TCP 101 94 7
INET 108 98 10
FRAG 0 0 0

This output is from my test server. The test server’s OS is Ubuntu 20.04.1 LTS, Linux Kernel version is 5.4.0 and iproute2 package version is 5.5.0

I have a bunch of Bash scripts. I separated them into groups of three. The first group has 3 scripts, the second group has 3 scripts, the third group has…

VPC (Virtual Private Cloud) is one of the most important services of AWS. You can create redundant network on VPC.

As you might guess, you can create public network and private network on AWS. I’ll walk you through the steps of creating redundant public network and private network.

First of all, please have a look at the VPC pricing page in order to not be shocked when you get your bill.

Photo by Thomas Jensen on Unsplash

Let’s get started!

Open the VPC dashboard. Click the Create VPC button.

Working as serverless is fashion in these days. However some problems still there. Deployment!

Amazon Web Services has introduced canary release for Lambda functions. So, we will be able to rolling out new software versions in production by slowly.

Let’s get started!

The first version of the Lambda function (index.js):

exports.handler = async(event) => {
const response = {
statusCode: 200,
body: JSON.stringify("V1")
return response;

Terraform configuration for the Lambda function:

data "archive_file" "blog_endpoint_zip" {
type = "zip"
source_file = "index.js"
output_path = ""
resource "aws_lambda_function" "blog_endpoint" {
filename = ""…

IPTraf is one of the network debug tools. You can monitor the network activity via IPTraf.

Photo by Thomas Jensen on Unsplash

How can I filter one IP on IPTraf?

You can setup some filters on IPTraf.

Open the filters:


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store