Forem: ANISH ARAZ

Terminal setup for speed & ease

ANISH ARAZ — Sat, 03 Jan 2026 07:40:09 +0000

You, yes you, I'm talking to you my friend. You spend a significant amount of time in terminals typing and running various commands, which sometimes can be time-consuming if the right tools are not used.

Therefore, open up your terminal and follow along to set up your terminal for easy use and faster command execution. (You will never regret this setup)

I have a video on it for someone who enjoys watching.

This is the comparison image of before and after.

Features

Syntax highlighting, so mistakes pop up before running
auto-suggestion for quickly running previous commands
better search tool for searching through your files, previous commands, available command options and more.
alias to long commands to you can quickly run commands, for eg, dk for docker

Installation

Install Zsh if you are on bash or something else.
Link to install instruction https://github.com/ohmyzsh/ohmyzsh/wiki/Installing-ZSH
Install ohh-my-zsh, a framework for managing awesome tooling in zsh. Link: https://ohmyz.sh/#install
It will ask you to use it as the default. Just press Y and enter, then you will be in the zsh shell, where we can start customising it.

Spicing up

Install the auto-suggestion and syntax highlighting plugin
Link: https://gist.github.com/n1snt/454b879b8f0b7995740ae04c5fb5b7df#install-plugins
It has 4 plugins, but for now just copy and paste the commands for the first 2, i.e auto-suggestion and syntax highlighting
In your home directory, you will find .zshrc file. Open it and search for plugins. plugins = (git). just add and make it plugins = (git zsh-autosuggestions zsh-syntax-highlighting). and you are all set. Just restart your terminal.
Install fzf - it is a search tool that zsh uses. LInk: https://github.com/junegunn/fzf?tab=readme-ov-file#installation
after installation, again open .zshrc and add source <(fzf --zsh) just below this line source $ZSH/oh-my-zsh.sh. Now you can use ctrl + r after a terminal restart to search previous commands.
One more cherry on top, https://github.com/Aloxaf/fzf-tab , i leave this for you to explore and figure out. You are welcome!!

And there you have a better terminal with 5 min of setup. Cheers!! 2026

What is a file?

ANISH ARAZ — Tue, 25 Nov 2025 10:56:33 +0000

if you are a visual learner and want some practical learning here is the video

Simple question, what is a computer file? eg. image,pdf,docs etc.

When you think of a file on your computer, you probably imagine documents, pictures, videos, or maybe some code files. But what is a file really? At its core, a file is just a collection of tiny pieces of data called bytes stored on your hard drive or SSD. These bytes are made up of zeros and ones, and it’s the way these bytes are put together and read that makes one file a photo and another a song or a text document.

If every file is a sequence of bytes, how do they differ?

It all depends on how a program reads those bytes. For example, a text editor sees the bytes as letters and words. An image viewer sees those same bytes as pixels that come together to form a picture. This “reading” is called encoding, and different file types have different rules for how bytes turn into something meaningful.

The Magic Numbers

Here’s a cool trick your computer uses to know what kind of file it’s dealing with a file’s "magic number." It’s a special set of bytes right at the very start of every file, kind of like a fingerprint. This helps your computer instantly recognize if a file is a PDF, a PNG image, or something else, no matter what the file is named.

So, renaming a file from “mypic.png” to “mypic.pdf” doesn’t actually change the file. Inside, it’s still an image, and programs will get confused if you try to open it like a PDF.

Find out more here https://en.wikipedia.org/wiki/List_of_file_signatures

Why Do File Extensions Matter Then?

File extensions, the .txt, .jpg, .pdf parts are like labels that help your operating system decide which app should open the file. They don’t actually change the file’s content, but they guide your computer on where to send the file when you double-click it.

What Happens If You Open a File the Wrong Way?

If you try to open a picture file with a text editor, you’ll see a bunch of weird, jumbled characters. That’s because the text editor is trying to read image data as if it were text. On the other hand, your image viewer knows exactly how to make sense of those bytes and shows you the photo beautifully.

In simple terms, a computer file is just a string of bytes, and the magic lies in how computers and programs read and understand those bytes. The combination of magic numbers and file extensions helps your computer know exactly what to do with each file.

I post about useful topics on X , see you✌️: https://x.com/AnishAraz

How ads are so relevant to what you search: A complete look at HTTP cookies 🍪.

ANISH ARAZ — Sat, 05 Apr 2025 15:19:19 +0000

TL;DR for non-technical people

Ads use something called third-party cookies in your browser to track your activities. So to prevent it, just turn off third-party cookies in your browser settings.

You might have encountered that some time you just searched something on Google, and it started appearing on the ads. This is all because they use HTTP cookies, so let's start exploring. This read is going to be focused on the anatomy of cookies.

Basics first

1) What are HTTP cookies?
A small data that can be stored on the client's browser, which is sent to the server in every request.

2) What is the use of it?
It is used to store auth tokens after login, personalized data like theme, language, and much more. Basically, you can store any data that the server can use to tailor the data returned to the client.

Most people know about the cookies and use of it, but there are some important nuance to it, like

What are the different purposes of attributes set on the cookies? For example, HttpOnly, Secure, Domain, and SameSite.
How cookies behave in cross-site requests.
What the heck are third-party cookies?

And the biggest question

If I search for something on the internet, how does the ad provider come to know, and they start showing me related ads ?

Lets start

Starting off, we need to understand the attributes set on the cookies.

1. HttpOnly

Cookies are key-value pair data, e.g. foo=baar. These cookies are stored on browser and HttpOnly attribute defines if the cookies can be accessed using JavaScript or not.

Set this cookie auth_token = sjdsd8hjd7dhbshd on any website just for trial and set the HttpOnly attribute to true. To see cookies using js just type console.log(document.cookies) in the browser console. You will see all other cookies printed (if there are any) but not the cookie that you just set. Now again set the HttpOnly attribute to false, after which you can see it is printed on the console when you re-enter the console.log(document.cookies) command.

Conclusion: HttpOnly cookies are sent with requests but cannot be accessed using JavaScript when HttpOnly is set to true.

2. Secure

The secure attribute is very simple. When it's true, the cookies are only sent in https not in http connection. If set to false, it will also be sent in an insecure http connection.

3. Domain

The domain attribute defines for which domain we are setting the cookies. The cookies can only be set for the same domain you are on right now. Websites are not allowed to set the cookies for other domains. For example,https://dev.to cannot set cookies for https://google.com while staying on https://dev.to. You may see the cookies the browser inspect tool but as soon as you refres it will be gone because browser automatically rejects that.

Another important thing: when you set a domain in the cookies, the cookies will be sent to any subdomain of that domain. For e.g. if you set the domain of the cookies to example.com then the cookies will be shared with any subdomain of that domain, like foo.example.com, baar.example.com. But if you do not set the domain attribute, then the browser automatically sets it to the domain, e.g., example.com in that case, the cookies are not shared on the subdomains.

4. SameSite

This attribute has 3 possible values: Strict, Lax, None.

Lax -> When you are redirected to the website from other website then the cookies will be included in the request.
Example. You are on Instagram, and someone posts a link to a product on amazon.com. When you click on the link, the request is made to amazon.com, and the request will contain the cookie of amazon.com. So when you are logged in on amazon.com the cookies will be sent on redirect request from instagram and you can directly make the purchase since you auth cookies are present in the cookies.

Strict -> Since we already understood lax strict became simple to understand. When strict is set in the same-site attribute, then any redirect request will not contain the cookies. So although you are logged in on amazon.com, it will again ask you to log in because cookies were not sent in the redirect request as a result of setting strict in the same-site attribute.

None -> when same site is set to none, then it does not matter which website you are on; the request will include the cookies. Let's say you are on xyzmovies.com, and it contains an iframe of an ad provider. So any cookies set by ads in that iframe that has sameSite set to none will include the cookies in the request to the ad provider. Did you notice that although we are on different websites, the ads can have access to cookies and use those cookies set by the ad provider? Yes, this is the basis for answer to how ads are relevent to our current search. One more thing to keep in mind that samesite can only be set to none when the connection is https. Browser doesnot allow to set samesite to none on a http connection.

How do cookies behave in a cross-site request? Let's answer this question.

Cross-site request means if you are on example.com and you make a request at another domain, let's say abc.com then it is called a cross-site request. When you are on example.com and making a request to a subdomain of example.com (e.g., api.example.com), then it is also considered a cross-site request.

When you make a cross-site request, the cookies associated with that domain (abc.com) will not be included automatically. You need to include the cookies. In the Fetch API, you can do it this way.

fetch("https://abc.com",{
   credentials: 'include',
})

But still it will not work because browser CORS policy block including cookies in a cross-site request unless the cross-site server has these two headers set, and remember, the allowed origin must be specific; * is not allowed; the browser will again block the request if the allowed origin is *.

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://example.com

Ensure these 2 points when you need to make cross-site request with cookies

The website you are requesting must set the allow credential headers, and the allowed origin must match the origin you are trying to request from.
Your request must set the credentials to 'include'

Now the answering main question.

How does the ad provider come to know your search, and how do they start showing related ads ?

The answer is by using the third-party cookies
Let's take an example of Google Ads. Imagine when you visit some e-commerce site searching for a laptop and that e-commerce site contains the ad from Google. The ad can set cookies on the browser with the SameSite property to None. That means the cookies of that ad provider will be sent no matter the website you are on. When you visit some other website that also contains the ads from the same provider, here it is: Google Ads. Then again, the request to the ad server will be made using the cookies it set earlier, and it will figure out that this same client visited the e-commerce site to buy a laptop, so let's show ads related to laptops.

How to prevent it ?

Simply blocking any third-party cookies on the browser. Some browsers by default block 3rd-party cookies, and in some you need to enable them.

Conclusion

If you are a developer, set the cookies attribute mindfully to prevent cookie-related attacks.
And if you don't want the ads to track you, then block 3rd-party cookies.

I keep posting useful content on Twitter. Lets connect

x.com

If you own a domain, you need to setup ....

ANISH ARAZ — Wed, 05 Mar 2025 06:12:44 +0000

Cloudflare has a free plan account, and it provides a lot of features in the free plan. If you already use Cloudflare, do not worry; I assure you will find this blog useful; if not, you surely will. If you need help in any of the cloudflare setup contact me on

x.com

Features to use.

Use a cloudflare tunnel to host your website from your local infrastructure.
Use cloudflare for your domain to protect from DDoS attack and Hide real server IP
Create an email address from your domain. eg admin@example.com
and a lot more...

Setup

Create a Cloudflare account.
Change your domain nameserver to cloudflare. and DONE

We shall talk about 2 specific things in this blog. Tunnel and How Cloudflare Protects from DDoS Attack and Hides Real Server IP.

Cloudflare Tunnel

Cloudflare connects to your infrastructure from their infrastructure using TCP Tunnel technology. So you do not need a public IP address, just your infrastructure should be connected to the internet, and it will work.

cloudflare have very clear docs for getting started check it out.
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/

Protection from DDoS attacks and hiding real server IP.

Cloudflare uses a TCP proxy server, which receives requests from clients and forwards the request to the real server. It forwards requests and responses back and forth, hiding the real ip of the server.

When creating the DNS record remember to turn on this proxy button and you will be good to go

Clonclusion

Cloudflare is awesome and free; make use of it. If you need any setup help in any part, react me out on twitter

x.com

You need a Personal remote workbench. Use Github Codespace.

ANISH ARAZ — Mon, 03 Mar 2025 15:53:49 +0000

Everyone loves free stuff.

Would you not want to have a computer in the cloud that is always ready to login and work from anywhere?

Yes, this is what github codespaces provide. It is useful in many other different ways, but let's talk about this interesting use case.So simple enough, codespaces are computers in the cloud, which allows you to login remotely from anywhere and start working in them. You can use VScode to access the codespace and work on your project on the codespace computer.

Enough background, Lets get right into it

Github free account provides you free codespace where you have 120 core hours that means NUMBER OF CORES x HOURS OF USES = CORES HOURS. Lets say you picked a codespace with a spec of 2 core that means you have 120/2 = 60 hours of uses time per month. It renews every month and the good part is that if you keep the codespace turned off when not required it will not add up in cores hour.

Next thing, Lets talk about the storage. codespaces provide 15gb of storage that means you can have a total of 15 gbs of file stored in that codespace but, The storage counts even of the codespaces are turned off.

Finally

Mine limit is higher because I have a pro account provided by the GitHub student program. Get yourself a codespace. Do not worry about the storage used because it will not allow you to store more than what is allowed. Keep checking the amount of CPU time used and left in the billing section of your github account and enjoy the remote workbench from anywhere.

Get your codespace here : https://github.com/codespaces

Use this vs code extension to easily connect to codespace
: https://marketplace.visualstudio.com/items?itemName=GitHub.codespaces

On Twitter, I keep posting about technology and tools. Will sure give you a follow-back

x.com

The simplest Docker image you can ever imagin!

ANISH ARAZ — Thu, 06 Feb 2025 04:41:45 +0000

This is the 4-line code for the simplest Docker image. BUT

What is this FROM scratch ?
Do we need a base image like ubuntu or alpine ?
What are the benefits of doing this ?

let's answer these all questions !

Lets clear the basics first

Running a Docker container means running the single application inside the Docker container. The single application is nothing but a process inside the host machine.

We use different base images, like ubuntu and alpine Because these images contain the files and dependencies which our application may require to run.

Ever wondered how the base images are made?

Every Docker image starts with an empty image called scratch which is empty inside, meaning it has nothing inside it. The files and folders required are copied inside it.
Let's take an example of the base image 'ubuntu`.

linux directory example

all the directory structure are created and all the required files are copied inside the scratch image and finally base image ubuntu is created.

so, ubuntu base image is nothing but a file & directory structures copied inside a scratch image.

If your application requires nothing else than your application binary, then you can just copy the binary inside the scratch base image and it will work. and this is what we are doing in the 4-line docker image file.

Answering the question.

What is this FROM scratch ?

Ans: scratch is a keyword in docker which tells docker that you are starting an empty image and you will copy files as required and nothing else than that.

Do we need a base image like ubuntu or alpine ?

Ans: if your application doesnot depends on any files or programs inside these image than you donot require them, you can just start from scratch.

What are the benefits of doing this ?

Ans: It minimizes the image size as much as possible. Additionally, since your Docker image includes only the necessary components, it reduces the risk of security vulnerabilities.

Things to remember

When you write your application in compiled languages like C Rust, Golang you must compile it into a static binary. Static binary refers to a binary of your application that does not require anything from the operating system and contains all the dependencies required by it. This allows the application to run independently. Read more here

Conclusion

You can use scratch to create image of your application which will be super simplified, containing only the required components and nothing else which makes your image smaller and less prone to security issues.

Stay in touch where i keep posting technology related stuff

X.com : https://x.com/anisharaz

Understanding DNS 0 to 1 | A clear approach

ANISH ARAZ ・ Feb 5

#learning #linux #architecture #webdev

Understanding DNS 0 to 1 | A clear approach

ANISH ARAZ — Wed, 05 Feb 2025 13:27:56 +0000

If you are a visual learner, I already have a video on this topic.

For the ones who love reading, let's start from the basics.

Any websites you visit on the internet have an address, which are called IP addresses. You make a request to the server's IP address, expecting a response.
As the websites on the internet grew, remembering the IP addresses of all servers was very hard, so DNS was introduced.

DNS, i.e. Domain Name System

The DNS system maps friendly, easy-to-remember names to the IP address of the server so you do not need to remember IP addresses (eg. 192.168.254.23).

So if you visit https://dev.to your computer is actually making a request to the server IP address, which is translated from domain to IP by DNS.

Is it that simple?

The simple task of translating a name to IP becomes complex and requires a reliable system if all the computers on the internet are making requests for it.

Using this image, we will start understanding each step.

Browser

when you visit a website, your browser is making a dns request to stub resolver to get the ip address of the website server.

What is a stub resolver?

Stub resolver is an operating system component that is used to make DNS requests for applications running on a computer. You can think of it as a library, which helps the applications running in the operating system to make DNS requests. For the DNS server, STUB resolver acts as a client, which is making DNS requests.

What is a DNS recursive resolver?

Getting the IP address of a domain involves making requests to multiple servers, which is done by a recursive resolver for us. Since it makes multiple requests repeatedly, hence its name is recursive resolver.

The domain name is divided into 2 parts The part after ‘.’ is called a top-level domain TLD, and the part before the ‘.’ is called DOMAIN. Domain name to IP address is a record, and the records of the domain are held on a server, which are called authorative name servers.

So the authoritative name servers ip address, which actually holds the record for all domain with '.com' TLD, is held on another server called the TLD server.

So it states that for every different TLD, for example ‘.me’ ‘.com’ '.xyz', there will be different TLD servers.

The DNS recursive resolver has the domain, and it knows the TLD of the domain to be queried. So it must know the location of the TLD server, and since there are multiple TLD servers. The IP address of the TLD server is provided by another server called a root name server.

Request flow

So the first request that a recursive resolver makes is to a root name server to find out what the IP address of the TLD server is. The second request it makes to the TLD server is to get the IP of the authoritative name server of that particular domain. The final request is made to the authoritative name server, and it returns the IP address of that domain, and then the resolver returns the IP to the STUB resolver, and finally your browser can make a request to that particular IP and get the consent of the website.

See In action

Use the dig command on linux (if you are on windows or mac, search for similar command) to see the process of requests by recursive resolver

dig +trace blockx3.xyz This command will produce result something like this

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> +trace blockx3.xyz
;; global options: +cmd
.                       513851  IN      NS      a.root-servers.net.
.                       513851  IN      NS      b.root-servers.net.
.                       513851  IN      NS      c.root-servers.net.
.                       513851  IN      NS      d.root-servers.net.
.                       513851  IN      NS      e.root-servers.net.
.                       513851  IN      NS      f.root-servers.net.
.                       513851  IN      NS      g.root-servers.net.
.                       513851  IN      NS      h.root-servers.net.
.                       513851  IN      NS      i.root-servers.net.
.                       513851  IN      NS      j.root-servers.net.
.                       513851  IN      NS      k.root-servers.net.
.                       513851  IN      NS      l.root-servers.net.
.                       513851  IN      NS      m.root-servers.net.
.                       513851  IN      RRSIG   NS 8 0 518400 20250218050000 20250205040000 26470 . CY4QrS4dmuSrVo3HMfnNphtwmQ+TCGObgDI6figtrGbNWiOvEu8XCO9i 2qgYVpSDBJPWl1hqh2Iy66BB0ZWW9gXuzw4cTnv+QqmbjCfnTcFSxDIV poKAAWhkWFqVRb7G+hQzLe01uhHwoqzeMT5i1VYSAPvzR/irtl+QI7BS uAO6pjWIGMIzT6pC3FZdc2fPK4aeSEhzqh51E1vvWJG4UWL398FP5JOj 921ih2nwxfcgzAq2CtnXeE7VxutWpq1PsNs/Rf0khkolffVpqhoVC+nq 1IQdyPdPVusVCCsB0P170nFl6HB3kddqCPfB4xYDe+8AdZ/OyqeoexnH ii6waQ==
;; Received 525 bytes from 1.1.1.1#53(1.1.1.1) in 9 ms

;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for blockx3.xyz failed: network unreachable.
xyz.                    172800  IN      NS      x.nic.xyz.
xyz.                    172800  IN      NS      y.nic.xyz.
xyz.                    172800  IN      NS      z.nic.xyz.
xyz.                    172800  IN      NS      generationxyz.nic.xyz.
xyz.                    86400   IN      DS      3599 8 2 B9733869BC84C86BB59D102BA5DA6B27B2088552332A39DCD54BC4E8 D66B0499
xyz.                    86400   IN      DS      18130 8 2 5AA5961266594CCEAC50949A99219FE004F130E1864A427143E9FF2E 641CAC6F
xyz.                    86400   IN      RRSIG   DS 8 1 86400 20250218050000 20250205040000 26470 . cvKzs7LpC+sJLTzxPeaCgJhaHmGefPv4ujvMQXdzC+TXcMussJwQeaHw 8SUarW+1D8W2hPDLvu6xd3pukH4e+T7ay/VPmAznF9dQLyz7BNUUVSKi 8F1/G3ZOeCbf97IwGQ9FxuRjyN5B1NzLr6Y/kLDEis9zFcb0RF9v2wPV loMHJYiPxaTr8SYV2Hbwf2p7ubbM6OJlaneJBnrZTRjgxYRqZ9vXnAx+ gc52G7Kp0I4Ldi+YXYEHXrEDUXjBS04Ttt8uLLSuVlaHoVROSvoa/rVI uaN0HhXtjkekEzgAPeNuO7839Av9ozJloFOPOWYiJT+ANuxA05nSr8YU 7KfjRw==
;; Received 679 bytes from 192.58.128.30#53(j.root-servers.net) in 0 ms

;; UDP setup with 2a04:2b00:13cc::1:42#53(2a04:2b00:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ff::42#53(2a04:2b00:13ff::42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2001:67c:13cc::1:42#53(2001:67c:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ee::42#53(2a04:2b00:13ee::42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13cc::1:42#53(2a04:2b00:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ff::42#53(2a04:2b00:13ff::42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2001:67c:13cc::1:42#53(2001:67c:13cc::1:42) for blockx3.xyz failed: network unreachable.
;; UDP setup with 2a04:2b00:13ee::42#53(2a04:2b00:13ee::42) for blockx3.xyz failed: network unreachable.
blockx3.xyz.            3600    IN      NS      dion.ns.cloudflare.com.
blockx3.xyz.            3600    IN      NS      nataly.ns.cloudflare.com.
2tjms8vm0h8n7j9e748d19gpnujm0emj.xyz. 900 IN NSEC3 1 1 0 - 2TJP61HRH0BQP2HJ34JUU7VA1J23PCRO NS SOA RRSIG DNSKEY NSEC3PARAM
6s3p73q4afrm6vqrcuod60pb1g734kqp.xyz. 900 IN NSEC3 1 1 0 - 6S62PHU98JJSL59927DFT1P49TPLDQ8P NS DS RRSIG
2tjms8vm0h8n7j9e748d19gpnujm0emj.xyz. 900 IN RRSIG NSEC3 8 2 900 20250220025356 20250121012356 65206 xyz. lBGYS4VdleLIc2G1kte18ziguj1enpLCL8ZGn+Bxdjf2h5os3rlaQo28 nd0w2ytj+Z7nGD3n+vjWQmTerScHkaggzHtFgAOUjTl/wSKD/vWqvR4W 6uOi69dC835D9T9qRTbnuSkLdWCnE9WMhA1Q3+JfMDBSlaPK1mz++NgU sF8=
6s3p73q4afrm6vqrcuod60pb1g734kqp.xyz. 900 IN RRSIG NSEC3 8 2 900 20250226025354 20250127012354 65206 xyz. YOKi1x3DISv0rQ/zZclUsv7loYDXW//TCpfqBbfx7IzLqdjFeVWLWoCP VcSolF3JlQTBP2sGz5xZ1g7h/KYl82ytlphsd/URN3Flbg9lMe1Bcr9u E++R5/Dvr/U8rPrcIM2on4mwBXjTvS3GcxD88ashEYu8uZUMoPQsCjP/ i6w=
;; Received 610 bytes from 194.169.218.42#53(x.nic.xyz) in 149 ms

blockx3.xyz.            300     IN      A       104.21.45.168
blockx3.xyz.            300     IN      A       172.67.217.3
;; Received 72 bytes from 172.64.33.156#53(dion.ns.cloudflare.com) in 29 ms

The steps

STEP 1: A request is made to the root name server to find the address of TLD servers.

.                       513851  IN      NS      a.root-servers.net.
.                       513851  IN      NS      b.root-servers.net.
.                       513851  IN      NS      c.root-servers.net.
.                       513851  IN      NS      d.root-servers.net.
.                       513851  IN      NS      e.root-servers.net.
.                       513851  IN      NS      f.root-servers.net.
.                       513851  IN      NS      g.root-servers.net.
.                       513851  IN      NS      h.root-servers.net.
.                       513851  IN      NS      i.root-servers.net.
.                       513851  IN      NS      j.root-servers.net.
.                       513851  IN      NS      k.root-servers.net.
.                       513851  IN      NS      l.root-servers.net.
.                       513851  IN      NS      m.root-servers.net.

Step 2: second request is made to TLD server to find the address of authoritative name server.

xyz.                    172800  IN      NS      x.nic.xyz.
xyz.                    172800  IN      NS      y.nic.xyz.
xyz.                    172800  IN      NS      z.nic.xyz.

Step 3: final request is made to authoritative name server to find the ip address of the website

blockx3.xyz.            3600    IN      NS      dion.ns.cloudflare.com.
blockx3.xyz.            3600    IN      NS      nataly.ns.cloudflare.com.

Now finally the ip address is returned to our computers.

Are your dns query secured ?

dns request can be seen by any one of you are on open network and if you are not using secure dns. Check the video to setup a secured private DNS server for yourself.

Conclusion

Now you know how the DNS is resolved.A developer or devops engineer or any field in IT require you to know the basics of technology we are using. I keep posting about the technologies on my twitter.

Social links

X.com : https://x.com/anisharaz
Github.com : https://github.com/anisharaz

Next read

A Look Inside Docker & Its working.

ANISH ARAZ ・ Jan 23

#docker #learning #linux #architecture

How does Docker work internally?

ANISH ARAZ — Thu, 23 Jan 2025 09:37:01 +0000

To make it easy, I have already made a video on it. If you are a visual learner, you may watch the video.

For those who like to read, let's start from here.

Before starting the inner workings of Docker, let's clear the basics first.

What is Docker?

It is a tool that is used to run containers and build images. It gives us CLI + API as well to work with containers programmatically. Apart from software, Docker have made multiple standards around container technology, which is governed by OCI

What are containers?

Containers are the isolated entities that contain the application and its dependencies along with configuration that can easily run on a container host. for example. MySQL database container. Using the MySQL container, you can easily and quickly start the MySQL server without messing with dependencies on the actual host because the container comes along with all the things required for MySQL to function properly.

What are Images?

Images are the blueprints that define what the container should contain and how the container should function. Using images, a container is started because all the required files and configuration are present inside the image.

The flow of docker command to start the container

Docker CLI

It is a simple client that translates our Docker command into an API request. The API request is then sent to the Docker Daemon.

Docker daemon

It is a background process that is listening for the API call, & it is responsible for interpreting the call and instructing its component to take action in the described way. So basically when you run Docker, it means you are running the docker daemon (background process in linux are called daemons)

ContainerD

It is called the container runtime interface. It takes the instruction for container creation and management. Along with container actions, it also manages the image management. When we call, docker pull image_name containerD is invoked by the Docker daemon, and it starts pulling the image and stores and manages it.

RUNC

ContainerD is not all alone when it comes to creating & managing containers. At a very low level, containers are made using 2 features of Linux called NameSpaces & C-Groups. The creation & management of namespaces & c-groups is handled by runc that is why it is called as low level container runtime.

1. What are Namespaces?

Namespaces are the feature of the Linux kernel that allows it to isolate a running process. For example, if the process is in example_namespaces, then it can only see and communicate with other processes in example_namespaces. There are different types of namespaces for different tasks. You can use this article for learning about namespaces in detail.

2. What is C-Groups?

Cgroups are also the feature of the Linux kernel that allows it to allocate precise hardware resources to a running process. Resources like the CPU, RAM, storage, network I/O and more. For example, if 512MB of RAM is allocated to a particular process, then it cannot use more than that because C-Group is present to limit it.

What are specifications?

There are standards on how to use images and run the containers. These specifications are made to ensure the container technology is functioning in the same manner on any system. Either it be a desktop or raspberry Pi , Ubuntu or Arch does not matter; the container will function the same because of the standards.
These standards are made by OCI. OCI is launched by Docker.

You can view the specification by running a command runc spec. It will generate a config.json file, and it consist of an example specification file that can be used by Docker to start containers.

Inside the container

Containers are supposed to run a single application inside it. The application can run multiple child process inside the container. But every process running inside the container is running on the host. There is nothing in between the process and kernel of the host. This is what makes it different from a virtual machine, which uses a hypervisor in between.

In the above image, you can clearly see the process of the container being named with the ID of the containers. The process in highlight and the ID of the container are the same. So you may ask, Where is the isolation then? The isolation is created by Namespaces & C-Groups.

Conclusion

The containers are fast because the process inside the container is running on the same host machine and is only separated by using namespaces & cgroups.

My social Links

X Profile On X I keep posting about technologies & programming-related information.

Drop a comment if you have any questions !

Dev.to on your own domain xyz.com.

ANISH ARAZ — Tue, 14 Jan 2025 10:04:16 +0000

Disclaimer: This post is only meant for educational purposes & nothing else.

In the video you can see I am able to access the dev.to website on my own test domain. That is possible because of reverse proxy.

Reverse Proxy

A server that sits between a client and an actual server and routes requests from clients to the actual server is called a reverse proxy.

In the real world, it is almost 100% certain that any website you are visiting or any request you are making in a browser will go through a reverse proxy. You might have heard about load balancers, which are also a type of reverse proxy that routes your request to multiple available servers behind.

Same reverse proxy we are using here to route requests on our domain to the real dev.to domain. Reverse proxies are very useful pieces of software, and if you are a developer, you should know this.

Use cases

Protect the real address of actual servers.
Route requests in microservice architecture.
Secure your servers behind one single HTTPS server (reverse proxy).
Load Balancers.
Apart from these use cases, the sky is your limit.

Reverse proxy can route requests based on domain name. So you can host multiple applications on the same server and just route according to the domain name using a reverse proxy. You will realize the power once you understand reverse proxies.

The nginx config used

One of the most popular reverse proxies is nginx. Let's see how we can use it as I did in the video at the top.

server {
    listen 443 ssl;
    server_name test.aaraz.me;
    ssl_certificate /etc/nginx/conf.d/Certs/aaraz.me/aaraz_ca_certificate.pem;
    ssl_certificate_key /etc/nginx/conf.d/Certs/aaraz.me/aaraz_origin_private.pem;
    proxy_http_version 1.1;
    add_header X-Served-By $host;
    proxy_set_header X-Forwarded-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    location / {
        resolver 1.1.1.1;
        proxy_set_header Host 'dev.to';
        proxy_pass https://dev.to$request_uri;
    }
}

It looks complicated, but you can copy and paste most of the things. The server_name is the domain you want to use. The SSL thing going around is the basic setup with Cloudflare. You can learn about it HERE.

location / {

The most important part of the setup is this location block in the config. It says when any request comes on domain test.aaraz.me send it to https://dev.to. Websites can block requests when they come from a different domain, so we are using proxy_set_header to set the origin domain of the request to be dev.to. This makes the dev.to server think the requests are coming from their domain, & this is what makes the whole setup work.

Want to implement yourself?

Get a domain and a server.
Set up nginx on the server and point the domain to the server.
use the nginx config provided above by changing these values with your own

server_name
ssl_certificate
ssl_certificate_key
proxy_set_header
proxy_pass

My social links.

x.com

anisharaz (Anish Araz) · GitHub

anisharaz has 18 repositories available. Follow their code on GitHub.

github.com

Cloud Without VM | Is it possible?

ANISH ARAZ — Fri, 10 Jan 2025 11:27:36 +0000

What is cloud & cloud computing?

Cloud is a platform where we rent and use infrastructure. Eg. google cloud, aws cloud and more. Infrastructure can be compute, storage, clusters, and much more.
Cloud computing is a practice of making the resources available all the time, with flexibility, redundancy, and pay-per-use.

What are VMs?

VMs are the technology that allows us to divide one physical machine into smaller, isolated virtual machines on the same physical machine and use them independently.It is used because setting up a whole computer is very costly compared to creating a VM. And it gives us the flexibility on dividing the resources for the VMs, e.g., RAM & storage.

If not VMs, then what else to use?

Ans: Use Containers

containers

Containers are another technology that allows us to isolate an application and resources required by it at the kernel level. It is the feature of Linux. It uses CGROUP & NAMESPACES of Linux to create an isolated environment for the application.

Why containers?

Faster
Resource efficient

What is the problem then?

Containers run a single process inside it. That single process can spin up its child process. The control of processes inside the container is handled by the application that is used in the container.For example, the MySQL container has the main process of MySQL, and it manages all the child processes that it creates.
Unlike Linux systems, where init is the main process that creates all other processes, there is nothing as such in containers. And that is perfect because containers are made for single applications and their isolation. But we need something like initd for containers that can manage the process inside them; then it can start to behave like a VM.

supervisor

It is a process control system similar to initd in Linux. I tried using it as the main process in the container, which would further allow us to run and manage other child processes.

I tried using this to build a container image that can behave like a VM.
here is the Dockerfile

FROM ubuntu:25.04
RUN apt update && apt install -y supervisor
ENTRYPOINT [ "/usr/bin/supervisord", "-n" ]

It is written in Python and sometimes gets unstable at handling its job.

This is where I started to build a cloud that actually uses container technology as the main compute infrastructure in the cloud, replacing the VM technology.

It is not live yet, but it is open source. You may come along to build it or just give a star to the repo at best.This project is built with an aim to replace VMs with containers in a cloud environment. Instead of provisioning a compute instance using VMs, this proof of concept uses container technology for compute instances. Additionally, the project focuses on delivering a user-friendly and intuitive experience for its users.

Architecture of the system

Architecture of SSH proxy

Github Repo

anisharaz / CaaS

Cloud provider with container replacing virtual machines. You can rent compute units for hosting your applications.

CaaS (Container As A Service)

This project is build with an aim to replace VMs with containers in a cloud environment. Instead of provisioning a compute instance using VMs, this proof-of-concept uses container technology for compute instance. Additionally, the project focuses on delivering a user-friendly and intuitive experience for its users.

Technologies Used

Python
Ansible
FastAPI
Nextjs
Shad-cn UI & Tailwind CSS
Websockets
Nginx
Docker
SSH Tunnels

Note

Setting Up the prject GUIDE

Warning

Full Documentation of this project is under development.

View on GitHub

X Profile Github Profile

Forem: ANISH ARAZ

Terminal setup for speed & ease

This is the comparison image of before and after.

Installation

Spicing up

What is a file?

Simple question, what is a computer file? eg. image,pdf,docs etc.

If every file is a sequence of bytes, how do they differ?

The Magic Numbers

Why Do File Extensions Matter Then?

What Happens If You Open a File the Wrong Way?

How ads are so relevant to what you search: A complete look at HTTP cookies 🍪.

TL;DR for non-technical people

Basics first

Most people know about the cookies and use of it, but there are some important nuance to it, like

And the biggest question

Lets start

1. HttpOnly

2. Secure

3. Domain

4. SameSite

Next

Ensure these 2 points when you need to make cross-site request with cookies

Now the answering main question.

How to prevent it ?

Conclusion

If you own a domain, you need to setup ....

Features to use.

Setup

Cloudflare Tunnel

Protection from DDoS attacks and hiding real server IP.

Clonclusion

You need a Personal remote workbench. Use Github Codespace.

Everyone loves free stuff.

Enough background, Lets get right into it

Finally

On Twitter, I keep posting about technology and tools. Will sure give you a follow-back

The simplest Docker image you can ever imagin!

This is the 4-line code for the simplest Docker image. BUT

Lets clear the basics first

Ever wondered how the base images are made?

linux directory example

Answering the question.

Things to remember

Conclusion

Stay in touch where i keep posting technology related stuff

Read Next

Understanding DNS 0 to 1 | A clear approach

ANISH ARAZ ・ Feb 5

Understanding DNS 0 to 1 | A clear approach

If you are a visual learner, I already have a video on this topic.

For the ones who love reading, let's start from the basics.

DNS, i.e. Domain Name System

Is it that simple?

Using this image, we will start understanding each step.

Browser

What is a stub resolver?

What is a DNS recursive resolver?

Request flow

See In action

The steps

STEP 1: A request is made to the root name server to find the address of TLD servers.

Step 2: second request is made to TLD server to find the address of authoritative name server.

Step 3: final request is made to authoritative name server to find the ip address of the website

Are your dns query secured ?

Conclusion

Social links

Next read

A Look Inside Docker & Its working.

ANISH ARAZ ・ Jan 23

How does Docker work internally?

To make it easy, I have already made a video on it. If you are a visual learner, you may watch the video.

For those who like to read, let's start from here.

What is Docker?

What are containers?

What are Images?

The flow of docker command to start the container

Docker CLI

Docker daemon

ContainerD