Tech notes document specific technical behaviours — the kind that surface when you are debugging something real and the official documentation either omits the detail entirely or describes it in a way that does not match what you observe. Each note focuses on a particular platform interaction, protocol behaviour, command-line tool quirk, or system internal and records what actually happens rather than what is supposed to happen.

This section is the observational counterpart to the how-to guides. Where the guides walk you through a task, these notes explain the specific behaviours you encounter along the way. A guide tells you how to configure X11 forwarding on WSL; a tech note tells you exactly what rm -rf does when it encounters the Windows filesystem layer underneath. The scope covers Windows internals, Linux subsystem behaviour, DNS protocol usage, Apple platform quirks, desktop environment specifics, and hardware-level interactions.

Most of these notes start from a direct observation — something behaved unexpectedly during real work, the cause was investigated, and the finding was documented here. Where the behaviour has changed across versions, the note marks what has shifted. For cross-section navigation by theme, the topics index groups these notes alongside related guides and investigations.

Windows and WSL internals​

The Windows Subsystem for Linux introduced a layer of complexity that neither traditional Windows administration nor standard Linux documentation covers well. These notes document the specific internal behaviours of that layer and the Windows components that interact with it.

LXSS and lxrun​

Before WSL had its own installer and distribution management, the underlying subsystem was controlled through lxrun.exe and the LXSS Manager service. This note documents what LXSS actually was, how lxrun operated, the filesystem layout it created, and the migration path to the modern wsl.exe management model. If you encounter references to LXSS in older scripts, registry keys, or troubleshooting guides, this note explains the context.

rm -rf in WSL​

Running rm -rf inside a WSL environment does not behave identically to running it on a native Linux filesystem, and the differences are consequential. This note documents the specific behaviour when the operation encounters DrvFS-mounted Windows directories, the permission model interactions, the performance characteristics, and the edge cases where files appear to be deleted but are not fully released by the Windows filesystem layer. If you have ever had rm -rf complete successfully inside WSL but found remnants visible from the Windows side, this note explains exactly what happened.

What is TwinUI​

TwinUI appears in Windows error messages, task manager process lists, and event logs without any obvious explanation of what it does. This note documents the TwinUI component — its role in the Windows shell, the processes associated with it, the conditions under which it appears in error dialogs, and the circumstances where it consumes unexpected resources. It is one of those Windows internals that most administrators have encountered but few have had reason to investigate thoroughly until something breaks.

DNS and networking​

DNS is fundamental infrastructure that behaves with more subtlety than most administrators give it credit for. These notes cover the protocol-level details and platform-specific implementations that affect real-world deployments.

DNS SRV Usage​

SRV records are part of the DNS specification and supported by every major resolver, but their actual usage patterns vary wildly across protocols and client implementations. This note documents which protocols and services genuinely use SRV records for service discovery, which ones define support in the specification but do not implement it in practice, and the practical caveats around TTL handling, failover behaviour, and client library support. If you are considering SRV records for service discovery in your own infrastructure, this note covers the real-world adoption landscape rather than just the RFC.

Windows mDNS/DNS-SD​

Multicast DNS and DNS-based Service Discovery on Windows have a complicated history involving multiple implementations, partial support, and version-specific behaviour. This note documents how mDNS and DNS-SD actually work on Windows 10 and later — which components handle resolution, what the limitations are compared to Apple's Bonjour implementation, and where the gaps create practical problems for service discovery on mixed-OS networks. The note is particularly relevant for anyone running development environments that rely on .local hostname resolution.

Firewall and security tools​

UFW vs firewalld​

UFW and firewalld are both front-ends for the Linux kernel's packet filtering, but they approach the problem differently enough that switching between them — or inheriting a system configured with the one you do not usually use — requires understanding the conceptual model behind each tool. This note compares the two side by side: their default behaviours, their zone and profile concepts, how they interact with Docker and container networking, and the specific scenarios where each tool is the better choice. It is not a tutorial; it is a reference for understanding why the same intended firewall policy produces different results depending on which tool implements it.

Apple and macOS platform​

Apple News User Agent​

Apple News sends its own user agent string when fetching content from publishers, and the precise format of that string has changed across iOS and macOS versions. This note documents the observed user agent patterns, the request behaviour that accompanies them, and the implications for server-side analytics and content delivery decisions. If you are trying to distinguish Apple News prefetch traffic from real user visits in your server logs, this note provides the identification criteria.

Archive Utility and XZ​

macOS Archive Utility handles most common compression formats silently, but its support for XZ-compressed archives has specific limitations and version-dependent behaviour. This note documents what Archive Utility actually does when it encounters .xz and .tar.xz files, where it succeeds, where it fails silently, and the command-line alternatives that handle the format reliably. Given the increased scrutiny of XZ following the supply-chain security incident, understanding which tools on your system process XZ and how is more relevant than it might appear.

Desktop environments and application internals​

GNOME Apps Web API​

GNOME's application ecosystem interacts with web APIs in ways that are not always documented or expected. This note examines how GNOME applications use web-based services, the API endpoints they contact, and the observable network behaviour. It covers the practical implications for firewall configuration, privacy assessment, and understanding what your desktop environment is doing on the network without explicit user action.

GNOME CalDAV​

CalDAV support in GNOME's calendar and contacts stack works well in the common case but has specific behaviours around authentication, calendar discovery, and recurring event handling that differ from what CalDAV server operators might expect. This note documents the observed GNOME CalDAV client behaviour, the server-side compatibility considerations, and the troubleshooting steps for the most common failure modes — particularly the case where calendar discovery succeeds but events do not appear.

Word Document Formats (Office 16 TP)​

The Office 16 Technical Preview introduced changes to default document format handling that affected interoperability with older Office versions and third-party editors. This note documents the specific format defaults, the compatibility mode behaviour, and the observable differences in how documents saved in the Technical Preview rendered in other environments. It provides useful context for anyone who encountered format-related issues during the Office 16 transition period.

Hardware and driver behaviour​

Linux WiFi DPM Latency​

Dynamic power management on WiFi adapters in Linux can introduce measurable latency that does not appear in benchmark tools but is very noticeable in interactive use — SSH sessions pausing after idle, web requests taking an extra second to start, VoIP connections dropping after silence. This note documents the specific DPM behaviours observed across common WiFi chipsets, the iw and iwconfig parameters that control power saving, and the trade-offs between battery life and connection responsiveness.

Replace Broadcom WiFi with Intel​

Broadcom WiFi chipsets on Linux have been a persistent source of driver problems, and physically replacing the wireless card with an Intel alternative is sometimes the most effective solution. This note documents the replacement procedure, the hardware compatibility considerations (particularly the WiFi card whitelist that some laptop vendors enforce in firmware), and the before-and-after comparison of driver reliability, performance, and power management behaviour. If you have spent hours fighting wl, b43, or brcmfmac drivers and are considering a hardware swap, this note covers the practical path.

What readers usually need​

The tech notes that get the most traffic and the most repeat visits address a handful of common scenarios:

• Something weird in WSL → Check rm -rf in WSL and LXSS and lxrun for WSL-specific filesystem and subsystem behaviour
• TwinUI errors on Windows → What is TwinUI explains the component and its failure modes
• Choosing between UFW and firewalld → UFW vs firewalld compares both tools in depth
• WiFi latency or reliability on Linux → Start with Linux WiFi DPM Latency and consider Replace Broadcom WiFi with Intel if the problem is hardware-rooted
• mDNS not working on Windows → Windows mDNS/DNS-SD covers the implementation details and limitations

For step-by-step procedures related to these observations, the how-to guides provide the practical walkthroughs. The topics index offers cross-section navigation when a subject spans multiple categories.