skip to content
<glossary>
- Account SID
- Unique account identifier required for authenticating API requests to Twilio services. posts →
- ACME
- Automated Certificate Management Environment protocol used by Let's Encrypt for automated TLS certificate issuance and renewal. posts →
- Active Directory groups
- Windows directory service mechanism for organizing users and computers, enabling centralized permission management through group membership assignments. posts →
- Active Response
- Automated capability that executes scripts or commands on endpoints in reaction to specific security alerts. posts →
- ad hoc analysis
- On-demand data analysis performed to answer specific questions without pre-planned reporting structure. posts →
- Advanced Audit Policy
- Windows feature enabling detailed success and failure auditing across system categories for security event logging. posts →
- Agentless monitoring
- Monitoring approach that collects data without installing agents, using protocols like SNMP or WMI instead. posts →
- AI Agent node
- An n8n component that processes natural language input, makes decisions about required actions, and orchestrates tool calls like database queries. posts →
- Alarmo
- Home Assistant integration for managing alarm system states and sensor-based security automation. posts →
- analogRead
- Arduino function that reads analog voltage values from specified pins, typically used for sensors or random seed generation. posts →
- APIPA
- Automatic Private IP Addressing; a mechanism that automatically assigns self-configured IP addresses when DHCP is unavailable. posts →
- app password
- A unique password generated for third-party applications to access Gmail accounts securely without exposing the main account password. posts →
- App-Token
- Authentication token used by GLPI API to authorize application requests without user session involvement. posts →
- Arduino_CO5300
- Display driver library for CO5300 AMOLED display controllers, handling low-level display initialization and frame buffering. posts →
- Arduino IDE
- Integrated development environment for writing, compiling, and uploading code to Arduino-compatible microcontroller boards. posts →
- Argon2
- Modern password hashing algorithm that is memory-hard and resistant to GPU-based brute-force attacks. posts →
- ARM
- Advanced RISC Machine; a family of reduced instruction set computing architectures for processors, known for power efficiency and extensive use in mobile devices. posts →
- ARPA
- Address and Routing Parameter Area; a special domain used for reverse DNS lookups to map IP addresses to domain names. posts →
- ARP Scanning
- Network scanning technique using Address Resolution Protocol to discover active devices on local network. posts →
- AsyncTCP
- Arduino library enabling asynchronous TCP socket communication for ESP32, allowing non-blocking network operations. posts →
- Attestation object
- A data structure returned during passkey registration containing the public key, credential ID, and attestation statement for server validation. posts →
- Authelia
- Open-source authentication and authorization server providing multi-factor authentication and single sign-on for web applications. posts →
- authorized_keys
- File storing public SSH keys that are permitted to authenticate as a specific user on a remote system without password. posts →
- Auth Token
- Secret API key used alongside Account SID for securing authentication to Twilio API endpoints. posts →
- Auto Discovery
- Automatic detection and identification of network devices and services without manual configuration. posts →
- autoregressive
- A model architecture where each generated token depends on all previously generated tokens, requiring sequential generation. posts →
- AXP2101
- Power management unit IC that handles battery charging, voltage regulation, and power distribution in portable devices. posts →
- Backblaze
- Cloud backup service providing scalable, off-site storage for automated data backup and protection. posts →
- BadUSB
- A technique exploiting USB devices to execute unauthorized commands on a computer, treating the device as a trusted peripheral like a keyboard. posts →
- Base64
- Encoding scheme that converts binary data into ASCII text format for transmission. posts →
- Bicubic upsampling
- Image interpolation method that resizes depth maps back to original resolution using smooth cubic polynomial curves. posts →
- blocking strategy
- Sablier strategy that waits until services are fully ready before allowing traffic. posts →
- Board Manager URL
- A web link in Arduino IDE that points to a repository containing board definitions and drivers for installing support for third-party microcontroller boards. posts →
- Browserless
- Headless Chrome service for automating web interactions, text extraction, and screenshot capture via HTTP API. posts →
- BSSID
- Basic Service Set Identifier; the unique MAC address assigned to a Wi-Fi access point for identification purposes. posts →
- business intelligence
- Technology and processes for analyzing business data to inform strategic decision-making and insights. posts →
- C2 server
- Command and Control server used by attackers to send instructions to and receive data from compromised systems. posts →
- CAM table
- Content Addressable Memory table in switches that maps MAC addresses to physical ports for frame forwarding. posts →
- captive portal
- Web page automatically displayed when connecting to a network, typically for login or terms acceptance. posts →
- CASB
- Cloud Access Security Broker; a security tool that monitors and controls access to cloud applications and enforces security policies. posts →
- CCD
- Chromebook Certified Device; a state that controls security features and must be opened to enable certain developer capabilities like USB boot. posts →
- Celery
- Distributed task queue library for Python that handles asynchronous job processing and scheduling in web applications. posts →
- Certbot
- A tool that automates obtaining and renewing SSL certificates from Let's Encrypt certificate authority. posts →
- CGNAT
- Carrier-grade Network Address Translation that assigns private IP addresses to users, requiring Dynamic DNS for VPN access. posts →
- cgroup v2
- Linux control group version 2; modern resource limiting and accounting framework for CPU, memory, PIDs, and I/O per service. posts →
- ChaCha20
- Stream cipher algorithm used for data encryption in WireGuard's cryptographic suite. posts →
- Chat Message Trigger
- An n8n node that initiates workflows based on incoming chat messages, enabling real-time chat-based automation. posts →
- Checkmk
- Open-source monitoring tool for IT infrastructure visibility across servers, networks, applications, and cloud environments. posts →
- Chirp Spread Spectrum
- A modulation technique that varies radio wave frequency for transmission, enabling long-range communication with minimal power consumption. posts →
- CIFS
- Common Internet File System protocol used for sharing files and printers over a network, commonly used for NAS mounts. posts →
- clearnet
- The standard public internet outside of Tor, accessible through normal DNS and direct TCP connections. posts →
- Cloudflare Tunnel
- A service that creates secure, encrypted connections from your infrastructure to Cloudflare's network without exposing ports publicly. posts →
- Code Injection
- A Ghost feature allowing administrators to insert custom HTML, CSS, or JavaScript into page headers or footers site-wide. posts →
- Conditional access rules
- Policies that grant or deny access to resources based on user identity, device status, location, and other contextual factors. posts →
- conntrack
- Kernel module tracking stateful NAT/firewall connection state; memory-bound and prone to exhaustion from connection flooding. posts →
- Coqui TTS
- Open-source text-to-speech engine that converts text to natural-sounding speech with GPU acceleration support. posts →
- corosync
- A distributed clustering middleware that maintains consensus and state consistency across Proxmox cluster nodes using quorum mechanisms. posts →
- Cowrie
- An SSH/Telnet honeypot that simulates a working login prompt and fake shell environment to log attacker interactions safely. posts →
- Cr50
- A secure microcontroller embedded in some Chromebooks that runs firmware controlling write protection and allows secure device debugging without physical opening. posts →
- cron
- Unix time-based job scheduler that automatically executes scripts or commands at specified intervals. posts →
- CrowdSec
- Open-source security tool that provides threat detection and IP reputation management for hardening server infrastructure. posts →
- CSV Import/Export
- Feature enabling data transfer between applications using Comma-Separated Values file format for quick data management. posts →
- CTAP
- Client to Authenticator Protocol; the device-side protocol enabling browsers to communicate with authenticators holding private keys. posts →
- CUDA
- NVIDIA's parallel computing platform enabling GPU acceleration for computationally intensive tasks like LLM inference. posts →
- curl
- Command-line tool for transferring data using URLs, commonly used to make HTTP requests and post data to web services. posts →
- Curve25519
- Elliptic curve cryptography algorithm used for key exchange in WireGuard's encryption. posts →
- daemon-reexec
- Systemd command that reexecutes the systemd manager process, reloading its binary and state. posts →
- dashboard
- Visual interface displaying key metrics, charts, and data visualizations for monitoring and analysis. posts →
- DDL/DML
- Data Definition Language and Data Manipulation Language; SQL commands for schema creation and data modification, respectively. posts →
- Deauthentication frames
- Network packets sent to disconnect specific devices from a WiFi network without disrupting the entire network. posts →
- Debian Bookworm
- The stable release version of the Debian Linux distribution, used as the OS for this Orange Pi project. posts →
- debounce
- A technique that filters out unintended rapid button press signals by adding a delay before recognizing state changes. posts →
- Deduplication
- Technology that eliminates redundant data by storing only unique information, reducing storage space requirements for backups. posts →
- Deep Packet Inspection
- Network technique that examines data packets in detail to identify, filter, or block specific traffic patterns and encrypted protocols. posts →
- DeepStack
- AI-powered application that processes images for facial recognition and person detection without cloud services. posts →
- DenseCRF
- Probabilistic post-processing technique that sharpens transitions between foreground and background in depth maps. posts →
- Dense Prediction Transformer
- State-of-the-art neural network family for monocular depth estimation, optimized for predicting pixel-wise distance from 2D images. posts →
- Developer Mode
- A special operating mode on Chromebooks that unlocks the ability to modify the system and access the shell for advanced configuration. posts →
- DHCP
- Dynamic Host Configuration Protocol; a network protocol that assigns IP addresses and network configuration to devices automatically. posts →
- DietPi
- Lightweight, optimized Debian-based operating system designed for single-board computers with minimal installation and pre-configured software options. posts →
- dietpi-software
- DietPi utility providing a collection of pre-configured software options for quick installation and deployment on single-board computers. posts →
- DigiKeyboard library
- A software library that provides functions to send keyboard strokes and text from a Digispark microcontroller to a connected computer. posts →
- Digispark ATtiny85
- A tiny, low-cost microcontroller board capable of USB HID emulation, allowing it to behave like a keyboard or other USB device. posts →
- digitalRead
- Arduino function that reads the digital state (HIGH or LOW) of a specified pin, commonly used for button input detection. posts →
- Discord embed
- Rich formatted message structure in Discord containing formatted text, colors, and metadata for improved message presentation. posts →
- Discoverable credentials
- Passkeys that can be selected without pre-identifying the user, allowing authentication without providing a credential ID list. posts →
- DISM
- Deployment Image Servicing and Management tool that captures, modifies, and deploys Windows system images for customized OS installations. posts →
- DKIM
- DomainKeys Identified Mail protocol using cryptographic signatures to authenticate email message origins. posts →
- DMARC
- Domain-based Message Authentication, Reporting and Conformance; email authentication protocol that prevents domain spoofing and phishing. posts →
- DNS challenge
- A validation method for SSL certificate issuance where domain ownership is proved by creating specific DNS records rather than HTTP requests. posts →
- DNS over HTTPS
- A protocol that encrypts DNS requests and sends them over HTTPS, protecting DNS queries from interception and manipulation. posts →
- DNS over QUIC
- A newer DNS protocol using QUIC transport that offers improved performance and resilience compared to TCP-based DNS encryption methods. posts →
- DNSSEC
- DNS Security Extensions; a protocol that adds cryptographic signatures to DNS records to verify their authenticity and integrity. posts →
- Docker
- A containerization platform that packages applications and dependencies into isolated containers for consistent deployment. posts →
- docker compose
- Tool for defining and running multi-container Docker applications using YAML configuration files. posts →
- Docker Swarm
- Docker's built-in container orchestration system that distributes containers across multiple machines using Compose-style YAML configuration. posts →
- DoH
- DNS over HTTPS; a protocol that encrypts DNS queries using the HTTPS protocol for enhanced privacy and security. posts →
- domain fronting
- Technique using a legitimate domain's DNS and SNI while routing traffic to a hidden backend server to evade censorship. posts →
- DoT
- DNS over TLS; a protocol that encrypts DNS queries using Transport Layer Security for secure DNS resolution. posts →
- Double-Take
- Front-end tool that integrates with DeepStack and Frigate to reduce false positives in facial recognition. posts →
- drill down
- Interactive feature allowing users to navigate from summary data to detailed underlying information. posts →
- Duplicacy
- Automated backup software that simplifies backup management and helps implement backup strategies without manual intervention. posts →
- edge-based object detection
- Machine learning inference performed locally on devices rather than sending data to cloud servers for processing. posts →
- Edgecore ECS4120-28Fv2
- A network switch model that may share CLI similarities with the Nimbra 230, manufactured by Edgecore. posts →
- ei.cfg
- Configuration file in Windows installation media that controls edition selection and bypasses product key prompts during OS deployment. posts →
- ElevenLabs
- Premium text-to-speech service providing highly realistic and natural-sounding voices for voice assistant applications. posts →
- eMMC
- Embedded MultiMediaCard; a type of internal storage used in Chromebooks that requires write protection bypass for permanent Linux installation. posts →
- EOS Utility
- Canon's software utility that receives images and videos from Canon EOS cameras over WiFi and writes them to a specified folder on the network. posts →
- Ephemeral
- Temporary or short-lived; in computing, refers to workspaces or data that exist briefly and are discarded after use. posts →
- ERP
- Enterprise Resource Planning system that integrates business processes like finance, supply chain, and HR across an organization. posts →
- ESP32-S3
- A microcontroller chip with WiFi and Bluetooth connectivity, used in LoRa32 V3 boards for IoT applications. posts →
- ESPAsyncWebServer
- Arduino library providing asynchronous HTTP web server functionality for ESP32 microcontrollers with non-blocking request handling. posts →
- ESPHome
- Open-source framework for building custom firmware for microcontrollers like ESP32, enabling easy integration with Home Assistant. posts →
- ESP-IDF
- Espressif IoT Development Framework - the official SDK for programming ESP32 and related microcontrollers with toolchain, drivers, and RTOS support. posts →
- ESP-WROOM-32
- A compact ESP32 module variant featuring integrated WiFi and Bluetooth capabilities with USB connectivity. posts →
- Etcher
- A tool for flashing operating system images onto microSD cards and USB drives reliably. posts →
- evil twin AP
- A rogue access point that broadcasts the same SSID as a legitimate network to deceive users into connecting and stealing credentials. posts →
- EXECUTIONS_DATA_PRUNE
- n8n configuration option that automatically deletes old workflow execution history records based on age and count limits. posts →
- EXIF
- Exchangeable Image File Format; metadata standard for storing information like camera settings in image files that can be abused for steganography. posts →
- Exit relay
- The final Tor server that decrypts traffic and connects to the regular internet, seeing destination but not origin. posts →
- export:entities
- n8n CLI command that exports database entities (workflows, credentials, variables) to files for migration or backup purposes. posts →
- external library
- A folder or storage location outside Immich's main directory that Immich can scan and import photos and videos from. posts →
- Fail2Ban
- An open-source security tool that monitors logs and blocks IP addresses attempting multiple failed authentication attempts. posts →
- FastAPI
- Python web framework for building APIs with automatic documentation and fast performance. posts →
- FAT32
- File allocation table filesystem format supporting files up to 4GB, commonly used on SD cards and storage devices. posts →
- FFmpeg
- Command-line multimedia framework for processing, converting, and combining audio and video files. posts →
- FIDO2
- An authentication standard combining WebAuthn (browser API) and CTAP (device protocol) for passwordless public key credential authentication. posts →
- FIM
- File Integrity Monitoring; detects unauthorized changes to files and system registry keys on endpoints. posts →
- flat-file CMS
- A content management system that stores data in files rather than a database, eliminating the need for database software. posts →
- FLOPS
- Floating-point operations per second; a measure of computational speed for processing numerical calculations. posts →
- FreeRTOS task
- A concurrent execution unit in FreeRTOS, allowing multiple operations to run independently on embedded systems without blocking. posts →
- Frigate NVR
- Open-source edge-based object detection system that processes CCTV footage locally in real-time without cloud services. posts →
- fstab
- Linux configuration file that defines how storage devices and partitions are mounted automatically at system startup. posts →
- FT3168
- Capacitive touch controller IC that manages touch input and coordinate conversion for touchscreen displays via I2C protocol. posts →
- Full Clone
- A complete independent copy of a virtual machine template, including all disk data and configuration separate from the original. posts →
- GAM
- Command-line tool for Google Workspace administrators to manage domain and user settings quickly and efficiently. posts →
- Gantt chart
- Horizontal bar chart displaying project tasks, timelines, and dependencies over time for schedule visualization. posts →
- gateway account
- A privileged SSH user account on a server used as an intermediary to access other systems securely. posts →
- Gerbil
- Pangolin component running on the VPS that coordinates tunnel endpoints and relays traffic between users and upstream services. posts →
- gevent
- Python library providing lightweight concurrency through coroutines, enabling efficient async I/O operations. posts →
- ghcr.io
- GitHub Container Registry; a container image repository hosted by GitHub for storing and distributing Docker images. posts →
- Ghost CMS
- A lightweight, open-source content management system designed for blogging with minimal hardware requirements. posts →
- GitOps
- A pattern where a Git repository serves as the single source of truth for infrastructure and application state, applied via automation. posts →
- GLPI
- Free and open-source IT Service Management software for managing assets, tickets, and incidents in enterprise environments. posts →
- Google Cloud Console
- Web-based interface for managing Google Cloud Platform resources, services, and API projects. posts →
- Google Workspace
- Google's suite of cloud-based productivity tools including Gmail, Drive, Docs, and other business applications. posts →
- GoPhish
- Open-source phishing simulation framework for security awareness training and red team exercises. posts →
- GPG key
- A cryptographic key used to verify the authenticity and integrity of software packages from trusted repositories. posts →
- GPU pass-through
- Virtualization technique that grants a VM direct access to physical GPU hardware, bypassing the hypervisor for better performance. posts →
- Grav CMS
- An open-source, flat-file content management system designed for speed, flexibility, and ease of customization without requiring a database. posts →
- Gravity Sync
- A tool that synchronizes blocklists between multiple Pi-hole instances to ensure consistent ad and tracker blocking across instances. posts →
- GStreamer
- Multimedia framework for creating applications that handle audio, video, and media streaming across different platforms. posts →
- GstRtspServer
- GStreamer component that creates and manages RTSP protocol servers for streaming multimedia content over networks. posts →
- gunicorn
- Python WSGI HTTP server for running web applications, handling concurrent requests with worker processes. posts →
- H2
- Lightweight embedded database engine often used as default storage for applications like Metabase. posts →
- H264
- Video compression codec that reduces file size while maintaining quality, widely used in professional streaming and CCTV systems. posts →
- HCCAPX
- File format for storing captured WPA/WPA2 handshakes, used with Hashcat for offline password cracking. posts →
- Headless browser
- Browser without graphical user interface, automated via code for web scraping, testing, and screenshot generation. posts →
- healthcheck
- Automated test that verifies a running container is functioning and ready to accept traffic. posts →
- Healthchecks.io
- A monitoring service that tracks script and job execution via heartbeat pings to detect failures and missed runs. posts →
- Helm
- Package manager for Kubernetes that simplifies application deployment and management using pre-configured charts. posts →
- HID
- Human Interface Device; a protocol that allows computer peripherals like keyboards and mice to communicate with a host computer. posts →
- HiddenServiceDir
- Tor configuration parameter specifying the directory where private keys and hostname files for onion services are stored. posts →
- HiddenServicePort
- Tor configuration parameter mapping a virtual port on an onion service to a local address and port on the server. posts →
- HiFi-GAN
- Neural vocoder that converts spectrograms to high-fidelity audio waveforms in real-time with fast inference. posts →
- HMC5883
- 3-axis digital magnetometer that functions as a compass to determine drone heading relative to magnetic north. posts →
- HomeBox
- Open-source inventory and organization system designed for home users, built in Go with SQLite and embedded web UI for simplicity. posts →
- honeypot
- A security mechanism that deliberately exposes fake or emulated services to attract attackers and record their behavior for analysis. posts →
- Hosted chat mode
- An n8n feature providing a shareable chat endpoint with configurable CORS settings and response handling modes. posts →
- html5-qrcode
- JavaScript library that enables QR code scanning directly from a web browser using the device's camera without additional dependencies. posts →
- HTTP POST request
- Network communication method that sends data to a server to trigger an action or update, commonly used for API interactions. posts →
- I2C
- Inter-Integrated Circuit bus protocol for low-speed communication between devices on short distances. posts →
- IAM
- Identity and Access Management; systems for managing user identities and controlling access to resources and services. posts →
- import:entities
- n8n CLI command that imports previously exported database entities into a new n8n instance or different database. posts →
- Incident sampling
- Statistical technique of selecting a random subset of incidents for review to identify patterns, trends, and systemic issues without selection bias. posts →
- Incremental backups
- Backup method that only saves changes made since the last backup, reducing time and storage compared to full backups. posts →
- Inventory
- A file listing all managed nodes (servers) that Ansible will connect to and manage. posts →
- InvenTree
- Open-source inventory management system for tracking parts, stock levels, and asset organization. posts →
- IOMMU
- Input/Output Memory Management Unit; hardware feature that manages direct memory access between devices, enabling secure PCI device pass-through in virtual machines. posts →
- iptables
- Linux firewall tool for managing network rules, packet filtering, and network address translation (NAT). posts →
- itemtype
- Parameter specifying the type of asset or object in GLPI to be created or modified, such as Computer or Phone. posts →
- ITSM
- IT Service Management; a comprehensive system for managing IT infrastructure, services, and operations within an organization. posts →
- iwgetid
- Linux command-line utility that retrieves the SSID of the currently connected WiFi network. posts →
- Jellyseerr
- A web-based interface for requesting and managing media additions to a Jellyfin library. posts →
- joiner–mover–leaver workflows
- Automated processes managing access provisioning for new hires, role changes, and access removal when employees leave an organization. posts →
- jq
- A command-line tool for parsing, filtering, and transforming JSON data in shell scripts and terminal operations. posts →
- K3S
- Lightweight Kubernetes distribution by Rancher Labs designed for resource-constrained environments like edge devices and IoT appliances. posts →
- Kanban
- Visual project management method using columns to represent workflow stages, with cards moving across columns as tasks progress. posts →
- Kasm
- Containerized virtual desktop platform providing on-demand, secure, ephemeral workspaces accessible through a web browser. posts →
- KDC
- Key Distribution Center; the Kerberos server that issues tickets for authentication and access to services. posts →
- Kiwix
- Offline knowledge library that stores and serves resources like Wikipedia without internet access. posts →
- Kokoro Web TTS
- Lightweight open-source text-to-speech server that generates natural-sounding speech audio from text input. posts →
- kubectl
- Command-line tool for controlling and managing Kubernetes clusters, used to deploy and inspect applications. posts →
- KV cache
- Memory storing key-value pairs of intermediate states for each token to avoid recomputing the entire context history. posts →
- KVM Virtualisation
- Kernel-based Virtual Machine technology that enables hardware-accelerated virtualization on Linux systems. posts →
- LACP
- Link Aggregation Control Protocol; a standard protocol for bonding multiple physical network interfaces into a single logical link with automatic failover. posts →
- LAGG
- A logical aggregated network interface created by bonding multiple physical network interfaces together for redundancy and increased throughput. posts →
- Layer-2 bridge
- A network device that forwards frames at the data link layer without inspecting or modifying IP addresses or routing. posts →
- LDAP
- Lightweight Directory Access Protocol; a protocol for accessing and managing directory information services like user accounts and permissions. posts →
- Let's Encrypt
- A free, automated certificate authority that issues SSL/TLS certificates for securing websites and services. posts →
- libhidapi
- Cross-platform C library for communicating with USB and Bluetooth HID (Human Interface Device) devices. posts →
- libusb
- C library providing userspace access to USB devices on Linux, macOS, Windows, and other systems. posts →
- LicheeRV Nano
- A small embedded Linux device serving as the hardware basis for the NanoKVM Lite IP-KVM. posts →
- LoadBalancer
- Kubernetes service type that distributes incoming traffic across multiple pods and assigns an external IP address. posts →
- LowEndBox
- A community-driven marketplace and forum for low-cost VPS and hosting deals and reviews. posts →
- lshw
- Hardware lister utility that displays detailed information about the system's hardware configuration and drivers. posts →
- lspci
- Command-line utility that lists and displays information about PCI devices connected to a system. posts →
- LTE dongle
- A USB device that provides mobile broadband connectivity via LTE/4G cellular networks, functioning as a modem. posts →
- LuCI
- Web-based interface for OpenWrt that allows users to configure router settings and manage network configuration graphically. posts →
- LVGL
- Light and Versatile Graphics Library; an open-source embedded GUI library for creating user interfaces on microcontroller displays. posts →
- Magic DNS
- An automatic DNS naming system that assigns human-readable DNS names to nodes in a network without manual configuration. posts →
- MariaDB
- Open-source relational database management system, a drop-in replacement for MySQL with enhanced features and performance. posts →
- MASQUERADE
- An iptables NAT rule that rewrites source IP addresses to appear as the VPN server's IP. posts →
- MDM mode
- Modem mode for LTE devices where the modem operates as a raw network device without integrated router capabilities. posts →
- MeshCentral
- Remote desktop and device management software that allows secure access and control of computers over the internet. posts →
- Mesh network
- A network where devices relay data through each other, allowing communication over longer distances without central infrastructure. posts →
- Meshtastic LoRa32
- Long-range radio device enabling text communication over LoRa protocol without infrastructure. posts →
- Middle relay
- An intermediate Tor server that passes encrypted traffic between relays without knowing sender or destination. posts →
- Mirai
- An IoT botnet malware that infects devices like routers and cameras, often scanning ports 22 and 23 for vulnerable systems to compromise. posts →
- MJPEG
- Motion JPEG video format that streams individual JPEG frames sequentially, commonly used in IP cameras and streaming applications. posts →
- Module
- Predefined units of work in Ansible that perform specific tasks, such as package installation or file management. posts →
- monocular depth estimation
- Process of predicting the distance of every pixel in a single 2D image without knowing actual 3D geometry. posts →
- Moonlight
- Open-source game streaming client that receives video/audio streams from host PC and allows remote gameplay from various devices. posts →
- moving average filter
- Signal processing technique that smooths data by averaging a fixed window of recent values to reduce noise and fluctuations. posts →
- MQTT
- Lightweight message broker protocol for communication between IoT devices and applications on local networks. posts →
- MS5611
- High-resolution barometric pressure sensor used to measure altitude and maintain consistent flight height. posts →
- mutagen
- Python library for reading and writing metadata in audio files, including MP3 duration information. posts →
- MX record
- DNS mail exchange record specifying mail servers responsible for receiving email for a domain. posts →
- n8n
- A workflow automation tool that connects different services and applications using node-based logic to automate data processing and transfer tasks. posts →
- NanoKVM Lite
- A cheap RISC-V IP-KVM device based on LicheeRV Nano that captures HDMI output and presents as USB keyboard/mouse for remote machine control. posts →
- NAT traversal
- A technique enabling devices behind NAT firewalls to establish direct connections by discovering and communicating through their public addresses. posts →
- NetBackup
- Default rsync target directory created by Synology NAS devices for receiving backup data from remote sources. posts →
- Netdata
- Real-time monitoring tool providing live graphs and detailed insights into system performance, CPU, memory, disk usage, and network activity. posts →
- NetFlow
- A network protocol that collects and reports IP traffic flow data for monitoring and analysis of network usage patterns. posts →
- Netplan
- Ubuntu's network configuration abstraction tool used to manage network interfaces and settings through YAML files. posts →
- Newt
- Pangolin component running in private networks that establishes WireGuard tunnels and handles TCP/UDP proxying without manual interface configuration. posts →
- NextCloud
- Open-source file hosting and collaboration platform providing cloud storage, calendar, contacts, and productivity applications. posts →
- Nginx Proxy Manager
- A reverse proxy service that manages SSL certificates and routes traffic to backend containers using domain names and subdomains. posts →
- Nimbra 230
- A carrier-grade Media Access Network switch manufactured by Edgecore and rebranded by Net Insight, used for high-performance multimedia transport. posts →
- NixOS
- A Linux distribution where the entire system configuration is declared in code and reproducibly deployed via Nix expressions. posts →
- Nmap
- Command-line tool for network scanning, mapping, port detection, and OS identification. posts →
- nmcli
- NetworkManager command-line interface tool for configuring and managing network connections on Linux systems. posts →
- nmtui
- Text-based user interface for NetworkManager that allows interactive configuration of network settings and WiFi connections. posts →
- Noise protocol framework
- Cryptographic framework used by WireGuard for secure key exchange and authenticated encryption. posts →
- NT hash
- A Windows password hash format used as the encryption key for RC4-encrypted Kerberos tickets. posts →
- Nyx
- A terminal-based monitoring tool for displaying real-time Tor relay statistics and connection information. posts →
- OAuth
- An open standard protocol for secure authorization allowing users to authenticate through third-party services without sharing passwords. posts →
- OIDC SSO
- OpenID Connect Single Sign-On; authentication protocol allowing users to sign into applications using existing identity provider credentials. posts →
- Ollama
- Open-source framework for deploying large language models locally on personal infrastructure with command-line interface. posts →
- on-demand workloads
- Services that automatically start when needed and shut down after idle periods to save resources. posts →
- onion service
- A hidden service accessible via Tor using a .onion address derived from its cryptographic public key. posts →
- Open vSwitch
- A multilayer virtual switch supporting network automation and advanced features like VLANs, used as alternative to Linux bridge in Proxmox. posts →
- Open WebUI
- Offline-capable web interface for interacting with LLM runners like Ollama using a GPT-like chat interface. posts →
- OpenWrt
- Open-source firmware for embedded devices like routers, offering extensive customization and package management for optimized resource use. posts →
- OrangeHRM
- Open-source Human Resource Management software providing employee records, recruitment, performance management, and payroll integration capabilities. posts →
- Orange Pi Zero 3
- A single-board computer similar to Raspberry Pi, featuring ARM64 architecture for running Linux-based applications. posts →
- OsmAnd
- Open-source offline mapping and navigation application using OpenStreetMap data. posts →
- OTA updates
- Over-the-air updates allow remote firmware installation on devices without physical connection, enabling convenient device maintenance. posts →
- OTRS
- Open Ticket Request System; comprehensive open-source helpdesk and IT service management platform. posts →
- Pangolin
- A reverse proxy and WireGuard tunnel endpoint used to route HTTPS traffic into the Swarm overlay network. posts →
- PCAP
- File format for storing network packet captures, used for analyzing network traffic and security testing. posts →
- PGID
- Process Group ID; an environment variable in Docker that specifies the group ID for running containerized applications with proper permissions. posts →
- Pi-hole
- A DNS sinkhole that blocks advertisements, tracking systems, and malicious domains at the network level by intercepting DNS requests. posts →
- Piper
- Default Wyoming text-to-speech engine that converts text responses into spoken words with a functional but robotic voice quality. posts →
- PKCS #12
- A file format (.pfx) that contains private keys and certificates in an encrypted, password-protected container. posts →
- Playbook
- A YAML file containing a series of tasks and configurations to be executed on managed nodes in Ansible. posts →
- PMKID
- Pairwise Master Key Identifier used in WPA/WPA2 authentication, captured for password cracking attempts. posts →
- PMW3901
- Optical flow sensor that detects motion by analyzing changes in visual patterns to help drones maintain position. posts →
- PoE hat
- Power over Ethernet adapter that supplies power to a Raspberry Pi through network cables, reducing need for separate power connections. posts →
- Portainer
- Web-based container management platform providing GUI interface for managing Docker, Kubernetes, and other container environments. posts →
- postgresql
- Open-source relational database management system known for reliability, advanced features, and SQL compliance. posts →
- PowerShell
- Task automation and configuration management framework from Microsoft using scripting language with command-line shell. posts →
- PPA
- Personal Package Archive; a third-party Ubuntu repository for distributing software packages. posts →
- PREBOOT_CHROME
- Docker environment variable that pre-loads Chrome instance for faster response times in browserless containers. posts →
- privilege creep
- Gradual accumulation of unnecessary access rights by users over time due to role changes, poor governance, or lack of regular permission reviews. posts →
- promiscuous mode
- Network interface setting that captures all frames on the network segment, not just those addressed to the device. posts →
- Prompt engineering
- Practice of designing and refining text inputs to optimize LLM outputs for specific tasks or contexts. posts →
- Prowlarr
- An indexer manager that manages torrent and usenet indexers and integrates with download clients. posts →
- Proxmox
- Open-source hypervisor platform for managing virtual machines and containers with enterprise features like clustering and backup. posts →
- psycopg2
- A PostgreSQL adapter for Python that enables database connections and query execution from Python scripts. posts →
- PUID
- Process User ID; an environment variable in Docker that specifies the user ID for running containerized applications with proper permissions. posts →
- Pydantic
- Python library for data validation and parsing using type hints. posts →
- pygame.mixer
- Python library module for loading and playing sound and music files in applications. posts →
- PyInstaller
- Python tool that converts Python scripts into standalone executable files that can run without requiring Python installation. posts →
- PyMuPDF
- Python library for extracting text and rendering content from PDF documents programmatically. posts →
- Pyodide
- A WebAssembly-based Python interpreter that runs Python in web browsers and JavaScript environments with limited system access. posts →
- qBittorrent
- A free, open-source BitTorrent client for downloading files via torrent protocol. posts →
- QEMU guest agent
- Software that runs inside a virtual machine to improve performance and enable better integration with the hypervisor host. posts →
- qemu-nbd
- QEMU utility that mounts virtual machine disk images as network block devices, enabling direct filesystem access on Linux hosts. posts →
- qmake
- Qt build system tool that generates Makefiles from project files for compiling Qt applications. posts →
- QSPI
- Quad Serial Peripheral Interface; a high-speed SPI variant using four data lines for faster data transfer to displays. posts →
- QUIC
- UDP-based transport protocol underlying HTTP/3 that provides faster, encrypted connections with lower latency than TCP. posts →
- Quishing
- QR phishing: embedding malicious or deceptive URLs inside QR codes to trick users into scanning fake login pages or malware. posts →
- Radarr
- An automated movie management application that monitors, organizes, and manages movie collections. posts →
- RAID
- Redundant Array of Independent Disks; provides drive redundancy but is not a substitute for backups as it cannot restore deleted or corrupted files. posts →
- RDP
- Remote Desktop Protocol; network protocol enabling remote connection to and control of computers over a network. posts →
- Recursion Desired flag
- DNS header flag (RD) indicating whether a resolver should perform recursive lookups. RD=1 requests recursion; RD=0 requests only cached responses. posts →
- Recursive DNS
- A DNS server that performs full DNS lookups by querying other nameservers on behalf of clients to resolve domain names. posts →
- recursive resolver
- A DNS server that performs full domain name lookups by querying root, TLD, and authoritative nameservers on behalf of clients. posts →
- ReDoS
- Regular expression Denial of Service; crafted input causing regex backtracking explosion, leading to exponential runtime and CPU exhaustion. posts →
- Regulatory Bundle
- KYC process required by UK law where Twilio verifies identity before provisioning phone numbers for regulatory compliance. posts →
- Relying Party ID
- A cryptographic domain identifier (rpID) that binds a passkey to a specific service, preventing cross-domain credential reuse. posts →
- REST command
- Configuration in Home Assistant that makes HTTP requests to external APIs or services. posts →
- Reverse proxy
- A server that forwards client requests to backend servers and returns responses, improving security, performance, and load distribution. posts →
- RFC1918 space
- Private IP address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) reserved for internal use behind NAT. posts →
- RFC1918/ULA
- Private IPv4 (RFC1918) and IPv6 Unique Local Address ranges reserved for internal networks, not routable on the public internet. posts →
- RGB LED
- Light-emitting diode capable of displaying multiple colors by combining red, green, and blue light channels for visual feedback. posts →
- ring buffer
- Fixed-size circular data structure that overwrites oldest data when full, commonly used for continuous logging. posts →
- RISC-V
- An open-source instruction set architecture designed to be simple, modular, and freely available for processor design and implementation. posts →
- RMS volume
- Root Mean Square: a measurement of audio signal strength calculated from the square root of the mean of squared audio samples. posts →
- Role
- A way to group related tasks, handlers, and variables together for reusability across multiple playbooks. posts →
- role-based access control
- Security model restricting user access to resources based on assigned organizational roles and permissions. posts →
- RSSI
- Received Signal Strength Indicator; a measurement in dBm indicating the power level of a Wi-Fi signal received by a device. posts →
- rsync
- Network protocol and utility for efficiently transferring and synchronizing files between computers over SSH or other protocols. posts →
- RTSP
- Real Time Streaming Protocol used for transmitting live video feeds from IP cameras over network connections. posts →
- RUM
- Real User Monitoring; technique for measuring actual user experience and performance metrics from production applications. posts →
- Salamander
- Traffic obfuscation mechanism that masks packet patterns to make encrypted tunnels appear as regular HTTPS traffic. posts →
- SCA
- Security Configuration Assessment; evaluates endpoint configuration against security standards like CIS, NIST, and PCI DSS. posts →
- SCP
- Secure file transfer protocol that copies files between systems using SSH encryption for secure data transmission. posts →
- SD_MMC
- Arduino library interface for communicating with SD and MMC memory cards on ESP32 using the SDMMC protocol. posts →
- Self-hosted
- Software deployed and maintained on your own servers or infrastructure rather than accessed as a cloud service. posts →
- Serval Mesh
- App creating mesh networks via Wi-Fi for text and voice communication without cellular networks. posts →
- Server Name Indication
- TLS extension allowing clients to specify which domain they're connecting to, enabling multiple HTTPS sites on one IP address. posts →
- ServiceNow API
- Application programming interface for programmatically accessing and managing incidents, tickets, and data within ServiceNow's cloud-based IT service management platform. posts →
- Service ticket (TGS)
- A Kerberos ticket issued by the KDC to allow a user to access a specific service, encrypted with the service account's password-derived key. posts →
- sessions
- A period of user activity on a website, typically from initial page load until a set timeout or departure. posts →
- session token
- Temporary credential returned after successful login that authenticates subsequent API requests within a single session. posts →
- SFP interfaces
- Small Form-factor Pluggable ports that support hot-swappable optical transceivers for high-speed network connections. posts →
- SFTP
- Secure File Transfer Protocol for encrypted file transfer over SSH connections. posts →
- SFTPGo
- A lightweight SFTP server solution that enables secure file transfer protocol access for uploading and downloading files remotely. posts →
- SIEM tools
- Security Information and Event Management platforms that aggregate and analyze logs to detect security anomalies and unauthorized access patterns. posts →
- Silver Ticket
- A forged Kerberos service ticket created by an attacker who has compromised a service account's password hash. posts →
- skeleton
- A pre-packaged set of themes, plugins, and sample content providing a ready-to-use foundation for quickly setting up a new site. posts →
- SLA
- Service Level Agreement; defines the expected level of service performance and response times between provider and customer. posts →
- SMB share
- Server Message Block network share protocol enabling file sharing across Windows and Unix systems on a local network. posts →
- SMTP
- Simple Mail Transfer Protocol; standard protocol used for sending emails from applications to mail servers. posts →
- Snapshot
- Point-in-time copy of a system's state, allowing it to be restored to that exact configuration later. posts →
- SnipeIT
- Free and open-source asset and inventory management platform targeting IT departments for tracking hardware, software, licenses, and consumables. posts →
- Sonarr
- An automated TV series management application that monitors, organizes, and manages television show collections. posts →
- sops-nix
- A NixOS tool for managing encrypted secrets that are decrypted at deploy time on each node. posts →
- sounddevice
- Python library for capturing and playing audio from microphones and speakers in real-time applications. posts →
- speedtest-cli
- Command-line tool that measures internet download and upload speeds by running speed tests against speedtest.net servers. posts →
- split-brain
- A cluster failure scenario where nodes lose communication and disagree about cluster state, potentially causing data corruption or inconsistency. posts →
- Split-horizon DNS
- A DNS configuration that returns different answers for the same domain based on the client's network location or identity. posts →
- SQLAlchemy
- Python ORM and SQL toolkit that provides database abstraction across multiple database engines. posts →
- SQLite
- Lightweight, file-based relational database engine that requires minimal setup and resources for deployment. posts →
- SRT
- SubRip Text format for storing subtitle timing and content, commonly used for video captions. posts →
- SSDP discovery daemon
- Simple Service Discovery Protocol service that allows devices to announce and discover each other on a local network automatically. posts →
- SSH key authentication
- A secure login method using cryptographic key pairs instead of passwords to authenticate remote access. posts →
- SSH Keypairs
- Asymmetric cryptographic key pairs used for SSH authentication, consisting of a public key and private key for secure remote access. posts →
- SSID
- Service Set Identifier; the name of a Wi-Fi network that identifies it from other networks in the area. posts →
- SSID Spoofing
- Configuring a rogue access point to broadcast the same SSID as a legitimate network to deceive users into connecting. posts →
- sslmode=require
- Postgres connection parameter that enforces encrypted SSL/TLS connections and rejects unencrypted database communication. posts →
- SSL Termination
- The process of handling SSL/TLS encryption and decryption at a proxy, simplifying backend server security management. posts →
- ST7798_DRIVER
- Display driver specification for TFT LCD controllers, defining how the ESP32 communicates with the screen hardware. posts →
- Statement_timeout
- A PostgreSQL setting that limits the maximum duration of a single query execution to prevent expensive or runaway queries. posts →
- steganography
- The practice of hiding information within seemingly harmless files like images, audio, or video to avoid detection. posts →
- stego-malware
- Malware that uses steganography to hide commands, payloads, or data within ordinary media files to evade security detection. posts →
- stress-ng
- Linux utility for controlled CPU, memory, I/O, and resource stress testing to validate system limits and monitoring behavior. posts →
- STUN
- Session Traversal Utilities for NAT; a protocol that helps devices discover their public IP address and NAT type for peer-to-peer communication. posts →
- Sub-interface
- Virtual interface associated with physical interface for specific VLAN, typically named like eth0.100 for VLAN ID 100. posts →
- Sunshine
- Open-source game streaming server software that captures GPU output and streams games to Moonlight clients with low latency. posts →
- SX1262
- A LoRa transceiver module used in LoRa32 boards for long-range, low-power wireless communication. posts →
- SYN cookies
- Kernel mechanism encoding TCP state in SYN-ACK cookies to handle SYN backlog overflow without storing full connection state. posts →
- systemd service
- Linux system service managed by systemd init system for automatic startup and process management. posts →
- Tacotron2-DDC
- Neural network-based speech synthesis model using double decoder consistency to improve robustness and naturalness of generated speech. posts →
- tar
- Unix archiving tool that compresses and bundles multiple files into a single compressed archive file. posts →
- tcpdump
- Command-line tool for capturing and analyzing network packets in real-time or from saved files. posts →
- Technitium DNS Server
- A self-hosted DNS server application that supports recursive DNS resolution and encrypted protocols like DoH and DoT. posts →
- Telnet
- An older network protocol for remote login, transmitted unencrypted; now largely superseded by SSH but still probed by legacy IoT botnets. posts →
- telnetlib
- A Python library providing a Telnet client implementation for remote command execution and network administration. posts →
- Test-time augmentation
- Inference optimization technique where input is processed multiple ways (e.g., flipped), then predictions are averaged for improved accuracy. posts →
- TFT_eSPI
- Arduino library for controlling TFT LCD displays via SPI interface, enabling graphics and text rendering on small screens. posts →
- time to first token
- The latency delay before a model produces its first output token in response to an input prompt. posts →
- TLS/SSL
- Transport Layer Security and Secure Sockets Layer protocols that provide encryption and authentication for secure communication over networks. posts →
- token
- The smallest unit of text a language model processes, typically a word or sub-word piece. posts →
- torrc
- Tor daemon's configuration file located at /etc/tor/torrc containing service definitions and network settings. posts →
- TOTP
- Time-based One-Time Password; a temporary code generated by an authenticator app for second-factor authentication. posts →
- Traefik
- A modern reverse proxy and load balancer that automatically discovers services and handles routing with integrated SSL/TLS certificate management. posts →
- Transfer learning
- Machine learning technique that applies knowledge from pre-trained models to new tasks with limited data. posts →
- TTL
- Time-to-Live; a numeric value indicating how long a DNS record can be cached before expiring and requiring a fresh lookup. posts →
- TTS
- Text-to-Speech technology that converts written text into audible speech announcements. posts →
- TwiML
- Twilio Markup Language; XML-based format defining call behavior and interactions like text-to-speech responses. posts →
- TXID
- Transaction ID; a 16-bit value used to match DNS responses to their corresponding queries. posts →
- U8g2lib
- A monochrome graphics library for embedded systems that simplifies control of small OLED and LCD displays. posts →
- UDP
- User Datagram Protocol, a connectionless transport protocol commonly used for DNS queries on port 53. posts →
- UFW
- Uncomplicated Firewall; a user-friendly firewall management tool for Linux that simplifies configuring firewall rules and policies. posts →
- Unbound
- A validating, recursive DNS resolver that supports DNSSEC validation and can be self-hosted for enhanced security and control. posts →
- unbuffered output
- Printing output immediately to logs rather than storing in a buffer, ensuring real-time visibility in monitoring systems. posts →
- UNC path
- Universal Naming Convention path format used to access network resources, typically in the form \\server\share on Windows systems. posts →
- Unifi UDM Pro
- UniFi Dream Machine Pro; prosumer/enterprise network router supporting VLAN configuration and advanced networking features. posts →
- unpublish:workflow
- n8n CLI command that disables active workflows to prevent triggers from executing during maintenance operations. posts →
- urlparse
- Python function that breaks down a URL into its components like scheme, netloc, path, and query parameters for analysis. posts →
- uvicorn
- ASGI web server implementation for running Python async web applications. posts →
- Veeam
- Enterprise backup and disaster recovery software used for automated data protection and system recovery. posts →
- VFIO
- Virtual Function I/O; Linux framework enabling userspace drivers and direct hardware pass-through to virtual machines via PCI isolation. posts →
- VL53L1X
- Time-of-flight laser distance sensor that precisely measures height from the ground for altitude tracking. posts →
- VLAN
- Virtual Local Area Network; a segmented network that isolates traffic and provides controlled access to specific machines or devices. posts →
- VLAN-aware Bridge
- A special bridge type in Proxmox that handles VLAN tagging internally, allowing VMs on different VLANs without per-interface configuration. posts →
- VNC
- Virtual Network Computing; remote desktop protocol allowing users to view and control computers remotely over a network. posts →
- Voice API
- Twilio service enabling programmatic initiation of outbound phone calls with text-to-speech messages. posts →
- Vosk
- Open-source speech recognition engine that converts voice input to text, known for speed and responsiveness in voice assistant applications. posts →
- VPC peering
- Direct network connection between virtual private clouds, allowing resources to communicate privately without traversing the public internet. posts →
- WAF
- Web Application Firewall; security tool that monitors, filters, and protects web applications from common attacks and malicious traffic. posts →
- Wasabi
- Cloud storage service offering affordable, scalable off-site backup and data storage solutions. posts →
- WatchTower
- A Docker container automation tool that automatically updates running containers when new images become available. posts →
- Webhook
- HTTP callback mechanism that sends real-time data from one application to another when specific events occur. posts →
- WebRTC
- A web-based real-time communication protocol enabling low-latency audio, video, and data transmission directly between browsers. posts →
- wg-easy
- A Docker-based WireGuard VPN server with a web UI for easy management and client configuration. posts →
- WiFi pairing
- Process of establishing a wireless connection between a Canon camera and another device to enable photo or video transfer. posts →
- WIM
- Windows Imaging Format; a file format used to store complete disk images, allowing efficient capture and deployment of Windows installations. posts →
- WireGuard
- Modern VPN protocol providing simplified, faster, and more secure tunneling compared to older protocols like OpenVPN and IPSec. posts →
- Wyoming protocol
- Integration protocol used in Home Assistant for connecting speech-to-text, text-to-speech, and other voice processing components together. posts →
- XDR
- Extended Detection and Response platform that combines SIEM and response capabilities to automatically react to security alerts on endpoints. posts →
- Xfce
- Lightweight desktop environment providing graphical user interface and remote desktop capabilities for Linux systems. posts →
- YAML
- Human-readable data serialization format commonly used for configuration files and Ansible playbooks. posts →
- Zeek
- A network monitoring framework that analyzes traffic and logs network security events for threat detection and investigation. posts →
- Zero Trust
- A security model that verifies every user and device before granting access, regardless of network location or previous authorization. posts →
- ZHA
- Home Assistant Zigbee Home Automation integration for managing Zigbee device networks and sensors. posts →