systeminternals.dev

Plain-English explanations of how databases, distributed systems, the Linux kernel, and modern LLM stacks actually work — verified against source code, not vendor blog posts.

What this site is for

Engineers face a recurring frustration: a database, kernel feature, or distributed-systems primitive sits between your application and what you're trying to ship, and the documentation either skips the mechanics or buries them in 200 pages of formal spec. Vendor blogs explain the marketing story. StackOverflow answers solve last week's specific bug. System-design interview prep regurgitates whiteboard summaries without ever explaining why Cassandra's gossip protocol converges or how ClickHouse's MergeTree actually picks parts to merge.

Every page on this site starts from a single question — "what is actually happening under the hood?" — and answers it by reading the source code, the original papers, the kernel documentation, and the relevant RFCs. Where the deployed reality differs from the whitepaper (and it almost always does), we say so. Where two protocols claim the same guarantee (e.g. "linearizable reads"), we walk through what each one really enforces in practice and where the edge cases bite.

The audience is engineers who need to make production decisions: sizing a Kafka partition count, picking between Raft and Paxos for a control plane, understanding why an eBPF program just got rejected by the verifier, or choosing between a columnar engine and a key-value store. The goal is to leave a page knowing not just what happens but which assumption the system is making, so that when an outage hits at 2am you already know where the broken assumption is most likely to be.

Browse by topic

PostgreSQL

MVCC and VACUUM internals, B-tree indexes, the query planner, WAL durability, and how transactions actually isolate at each level.

ClickHouse

MergeTree internals, partitioning, materialized views, distributed tables, replication, and the data-skipping indexes that make sub-second analytics on billions of rows possible.

DuckDB

In-process analytics, vectorized execution, the storage format, memory management, and how a single-file embedded database competes with cluster-scale analytics engines.

Linux internals

eBPF and the in-kernel VM, /proc and procfs anatomy, the page cache, scheduler internals, namespaces, the I/O stack, and how strace, perf, and ftrace actually work.

Kubernetes

Container runtime mechanics, the API server and etcd write path, scheduler decisions, networking (CNI, kube-proxy, services), pod lifecycle, RBAC, CRDs, Helm internals, and storage.

Docker

How container images are built, the runtime layer, namespaces and cgroups underneath, image layer caching, docker-compose internals, and container security boundaries.

LLM internals

Transformer architecture in detail, tokenization, GPU memory layout, KV-cache mechanics, inference serving stacks (vLLM, TensorRT-LLM), quantization, and self-driven research workflows.

Networking

TCP congestion control, DNS deep dive, HTTP/2 and HTTP/3 internals, raw socket programming, and the path a packet actually takes through the Linux network stack.

TLS

The TLS 1.3 handshake step by step, the record protocol, certificate chains and PKI, cipher suite negotiation, and why TLS 1.2 is still widely deployed.

Security

OAuth 2.0 and JWT internals, zero-trust architecture, the TLS handshake security model, common attack vectors and their mitigations.

Kafka & streaming

Consumer group rebalancing, producer batching, partition strategy, KRaft (replacement for ZooKeeper), exactly-once semantics, replication, and tiered storage.

Spark

DAG execution, the Catalyst optimizer, shuffle internals, broadcast joins, and how Spark differs from Flink for streaming workloads.

System design interviews

Walkthroughs of canonical interview problems — URL shortener, rate limiter, distributed cache, Twitter/Uber/WhatsApp-style systems — focused on the trade-offs that actually come up.

GraphQL

Schema design and federation, query execution and N+1 problems, comparison with REST, and dataloader patterns for efficient resolution.

Claude Code

Internals of Anthropic's coding agent — tool use, multi-agent orchestration, context window management, and the engineering decisions behind production AI agents.

How pages are researched

Every protocol or system page is verified against its current source code, official documentation, and (where they exist) the original papers. When a section makes a specific claim about how a system behaves — say, that PostgreSQL's default autovacuum_vacuum_scale_factor is 0.2, or that Raft's election timeout window is randomized between 150ms and 300ms — that number comes from the actual configuration files or the algorithm specification, not from a third-party blog post.

When systems change — new versions, deprecated features, security fixes — pages are updated. Dates aren't shown on every paragraph because that's noise, but the canonical sources are linked at the bottom of each deep-dive so you can verify the current upstream state yourself.

For background on how the site is built and maintained, see the about page. For questions, corrections, or topic requests, see contact.