How Operating Systems Work
A twelve-part series on what Linux is actually doing when software runs.
Mechanics
Complete explanations of how things work — from first principles to full understanding.
Series
Articles
The Authorization Problem: Why LLMs Cannot Guard Authentication Boundaries
When an AI agent is granted write-level access to account management functions, the security model collapses — not because the model is poorly designed, but because language models are architecturally incompatible with the trust assumptions authentication systems depend on.
Mechanics of Miasma: OIDC Abuse, Install-Time Execution, and npm Propagation.
The Miasma attack on @redhat-cloud-services packages used three compounding mechanisms to get malicious code into production environments — OIDC token abuse, install-time execution, and worm propagation. This is how each of those worked.
How ptrace Works
ptrace is the only mechanism Linux provides for one process to observe, interrupt, and modify the execution of another. Every debugger, syscall tracer, and container runtime syscall filter uses it. Here is how the kernel implements it and where the access model breaks down.
How Windows Privilege Escalation Works
Windows enforces privilege boundaries through integrity levels, access tokens, and the Security Reference Monitor. Privilege escalation exploits don't break that model — they find paths through it. Here's how the enforcement works and where the seams are.
How a Forgotten Domain Handed Attackers Publish Rights to node-ipc
An expired maintainer email domain and a standard npm password reset handed attackers publish rights to a package with 822,000 weekly downloads — no npm breach required.
CVE-2026-20182: How a Trust Boundary Failure in Cisco SD-WAN Enables Full Fabric Compromise
A missing verification branch in the vdaemon control-plane service lets any unauthenticated attacker become a trusted SD-WAN peer — and from there, rewrite routing policy across every edge site.
How OIDC Trusted Publishing Works — and Where Mini Shai-Hulud Found the Gap
OIDC trusted publishing was designed to eliminate the long-lived credentials that supply chain attackers steal. Mini Shai-Hulud bypassed it anyway. Here's how the mechanism works, what it actually guarantees, and how three individually reasonable configuration decisions combined to let an attacker publish under TanStack's own verified identity.
Why a Linux Binary Won't Run on Windows
A program compiled for Linux won't run on Windows, and a macOS binary won't run on Linux. The reason isn't the code — it's what the binary expects the operating system to do for it.