Posts

/etc/shadow and Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes

15 Rules of Channels and Their Implementation

5 DevSecOps open source projects to know

6 YAML Features most programmers don't know

6首國際最強公認催眠曲

[Community] Cisco UCS CIMC series

[Golang] Use build tags for different build configs

[Juniper Firewall] command

[Kubernetes] Service Overview

[Notes] Build an Ubuntu remote desktop environment on GCP

[Share] Keychain - Pendant from a Type 57 rifle bayonet scabbard

[Translated] Go inline strategy and limitations

A Brief Look at Go Iterators

A Concise Go embed Tutorial

A fast and powerful log viewer and processor that converts JSON logs or logfmt logs into a clear human-readable format.

A python script that allows your terminal to snow.

Abount Ansible Hosts

Add SFTP user and share directory

Advanced macOS Command-Line Tools

Advanced Shell Scripting Techniques: Automating Complex Tasks with Bash

Aliyun CDN Cache Rules

An easy way to identify virtualization technology

An introduction to hacker tools: the tip of the iceberg

Ancient Time Units

Ansible Introduction

ansible.builtin.slurp - read file content

Applying HTTPS Certificates for CDN

Argo CD ApplicationSet Controller: The World Turns for Me!

Avalon (The Resistance: Avalon)

Avoiding the Top 10 NGINX Configuration Mistakes - NGINX

Back up databases with mydumper

Backup FortiOS config with Ansible - with RestAPI

Bash Bitwise Operators

Basic kubeadm usage notes (by request)

Best Practices for Writing Bash Scripts

Best V2Ray One-Click Install & Management Script

Bind JSON with jsoniter in Gin

BIRD and BGP: a beginner's kickoff

Build a Lightweight Docker Image for Your Go App? | IT Man

Build a Private Object Storage with Traefik v3 and MinIO in Docker

Bypass X-Frame-Options with Nginx

Cannot set command timeout per task with network_cli

Cloudflare Traffic sequence

Cloudflare Tunnel

Cloudflare Zero Trust

Common GitBook plugins

Common shell scripting tips

Configuring SSH Keys for Multiple GitHub Accounts

Container security fundamentals

Containers from scratch

Containers From Scratch by Golang (feat. Liz Rice)

Convert a List to a List of Dicts

Convert Cloudflare WARP to an HTTP Proxy

Convert Command Output to an Image

Convert your codebase into a single LLM prompt.

Create macOS DMG and Bootable ISO

CS Visualized: Useful Git Commands

Data Center Notes

Database Fundamentals

Day 19 BGP Protocol (1)

Day 28 - Introduction to Useful Third-Party Kubernetes Tools

Dedicated Server CPU Frequency Maximization Guide

Deploying OpenVPN with AD domain authentication

Do you understand the Nginx request processing flow?

Docker Containers Can't Access the Internet? NAT Configuration Guide for nftables

Docker Introduction

Docker Security Best Practices: Cheat Sheet

Docker Tips: Using Docker Config

docker-compose yaml problem

Dockertest: A Fast Way to Set Up Integration Test Environments

Draw Diagrams With Markdown

Elasticsearch Study Notes

Emoji Regular expression

Enable GitLab project integration: Mattermost slash commands

Everyone Needs an HTTP Proxy to Debug

Everything About MTU and MSS

Excessive Errors from `sentry.lang.javascript.processor: SoftTimeLimitExceeded()`

Expose your local web server to the internet with a public URL.

Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide

Fetch GraphQL schema information

Fighting DDoS: nginx, iptables, and fail2ban

Fighting ISP Cache Hijacking Again with iptables

Firewall Update

Fix Nginx 500 errors (too many open files, connection)

Fixing Disk Space Not Freed on Linux

Force file download with Nginx

Fortigate Management Interface in HA Mode

Getting Started with GitHub Actions

Gin documentation (Chinese)

GitLab CI Can Automatically Check Code Quality! How to Use SonarQube for Code Quality Checks?

Gitlab-CI Introduction

Gluetun: Route Docker Containers Through a VPN, Disconnect on No Network

Go 1.21 GA PGO Optimization You Can't Grasp in One Read — A Try on WebP Server Go

Go AES Encryption and Decryption in Three Modes (CBC/ECB/CFB)

Go code refactoring : the 23x performance hunt

Go Generics Beginner Notes

Go High-Performance Programming Handbook (Long Read)

Go Modules workflow for private Git repositories

Go pprof in Practice

Go Practical Guide: Execute Lua Scripts with go-redis

Go Protobuf: The New Opaque API

Go string format

Go Style Decisions - Pass values

go-mysql-elasticsearch-benchmarking

Golang benchmarks

Golang os/exec usage (notes)

Golang Service Exceeded File Handle Limit (too many open files)

Google Cloud Platform(GCP): Access Linux Server using GUI running in GCP instance using Windows Remote Desktop Connection.

Google Search Operators: The Complete List (44 Advanced Operators)

GraphQL Introspection Query

Harden a Server with Fail2Ban + nftables

Hide Within Cloudflare's Global Network

High Performance Go Workshop

How Core Git Developers Configure Git

How Does Nginx Defend Against DDoS?

How Go Reads a 16GB File in 25 Seconds

How I configure my Git identities

How Nginx Hides Upstream Errors

How Terminals Work

How to automatically resize virtual box disk with vagrant

How to capture web pages and long screenshots with Chrome DevTools?

How to Choose a Go File Reading Approach

How to configure time zone and NTP on RHEL7/CentOS7

How to Create Temporary Files in Bash: mktemp and trap

How to deal with a 50GB large csv file in r language?

How to Delete Files With Names That Contain Non-printable Characters

How to deploy on remote Docker hosts with docker-compose

How to Detect RAID Information in Linux

How to Enable SNMP on a Switch

How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance

How to Make an iPhone Ringtone: Turn an MP3 into a Ringtone or Alarm

How to Make Output Overwrite the Same Line in a Terminal

How to use a here documents to write data to a file in bash script

How to Use which on an Aliased Command

I can feel the speed — optimize zsh and oh my zsh cold start

I Replaced Redis with PostgreSQL (And It's Faster)

I use Zip Bombs to Protect my Server

Illustrating How Data Alignment Affects Memory Usage in Go

In 2020, use the latest NGINX ngx_http_geoip2 module to block IPs by country or region

Inspecting Web Views in macOS

Install Chrome OS

Install Font Libraries and Chinese Fonts on Linux CentOS 7

Install PowerDNS and PowerDNS-Admin on Ubuntu 22.04|20.04|18.04

Introduction to Git internals

Is there a regular expression to detect a valid regular expression?

iTerm2 features I find useful

Jinja docx template, avoiding new line in nested for

Kubernetes Runtime Explained in Plain Language

Kubernetes Without kube-proxy

Let Zsh read macOS system proxy settings and set env vars

Lightweight Linux Distributions For Older PCs

Linkerd 2.8 - Build a Simple and Secure Multi-Cluster Kubernetes Architecture

Little Git Tricks: Use .mailmap to Merge Different Authors

llamafile - Distribute and run LLMs with a single file.

LLM Visualization

LLMs Hackmd Docs

Load Balancing with iptables and ip rule

LocalStorage vs. IndexedDB vs. Cookies vs. OPFS vs. WASM-SQLite

LVM - lvg and lvol

Mac Niche App Recommendations and Workflow Share (2024)

macOS Tips & Tricks

Makefiles for Web Projects: Manage Your Environment Workflow

Marp教學：Markdown搭配VS Code做簡報，快速輸出為PPTX或PDF，提昇做簡報效率

Misspelling, missing collection, or incorrect module path for fortios_system_config_backup_restore

Monitoring HTTP Requests on a Network Interface in Real Time

More Powerful Go Execution Tracing

Mount a Synology NAS folder on CentOS 7

Mount AWS S3 Bucket On Amazon EC2

My Productivity Mac Settings and Apps

Netcat (Linux nc) Practical Examples for Network Admins

New LibSSH Connection Plugin for Ansible Network Replaces Paramiko, Adds FIPS Mode Enablement

Nginx HTTPS with Basic Auth reverse proxy for VMware ESXi 6.5 fixed VMRC /screen

Nginx if 避坑指南

NGINX Native ACME Support: Rethinking TLS Automation from the Ground Up

Nginx request_time and upstream_response_time explained

Nginx SSL/TLS configuration with TLSv1.2 and TLSv1.3 - ECDHE and strong ciphers suite (Openssl 1.1.1)

nginx 添加第三方nginx_upstream_check_module 模块实现健康状态检测

Objective-See: An Open Source Project Org for Apple Privacy and Security

OIDC(OpenID Connect) 简介

On High Availability Systems

OpenResty + Redis: Block High-Frequency IPs

Parse Command Line Arguments in Bash

Pitfalls When Parsing Binary Data in Go

Pokemon Legends: Arceus - Two Playthroughs Completed

Printing ASCII Art in the Shell

Privacy Badger: A Free EFF Browser Extension to Block Online Tracking

Prometheus relabeling and linux metrics

Provisioning a Windows Server Vagrant box with IIS, .NET 4.5 and Octopus Deploy

Python install module issues

Python Numbers Every Programmer Should Know

Python Telegram Bot

Python's many command-line utilities

Quagga Routing - Install, Configure and setup BGP

RAID10 Total Failure: Mirror Drives in the Same Group Failed Together

Rainman Engineering Culture: Eight Interview Questions to Spot Excellence

Record Millisecond Precision in Nginx Access Logs

Reduce the Chance of Home Web Services Being Reported

Regex for Markdown Syntax

Relay V2Ray Traffic via Cloudflare

Replace Watchtower with WUD: Build a Controlled Docker Auto-Update Plan

Representative HTTP Status Codes

Rules that terminal programs follow

Running GitHub Actions for Certain Commit Messages

Rust Easy! Modern Cross-platform Command Line Tools to Supercharge Your Terminal

Selectively Disabling HTTP/1.0 and HTTP/1.1

Sentry Source Code Development Notes

Set interface IP with netplan on Ubuntu 18.04

Set SSLKEYLOGFILE on MacBook to decrypt HTTPS traffic

Setting up JWT Authentication

Sharpen the Axe Before Cutting Wood: My Home Network Setup

Shell Script Best Practices

Shell Script Study Notes

Sign git commits with GPG

Simple A/B Testing with Nginx split_clients

Simulate Network Anomalies with TC and Netem

Smarter than 'Ctrl+F': Linking Directly to Web Page Content

Some Jenkinsfile examples

Some Software Design Principles

Speeding up the Rust edit-build-run cycle

SQL Join types explained visually

SQL queries don't start with SELECT

SSH certificate login guide

SSH failing with Error : fatal: daemon() failed: No such device

string field was converted to True (type string)

Struct Tricks Every Gopher Should Know

Style PowerShell with oh-my-posh

Super easy! Build a beautiful and handy zsh terminal

Supply chain attack

Surprisingly, you can view images in the Linux CLI?

Switch Firmware Update

Synology: Your NAS RAM Details at a Glance

Systemd Tutorial: Practical Part

Taide - training data

TaigiTube - Taiwanese Hokkien YouTube

Taiwanese Minnan Input Method App Launched: Mobile Devices Can Now Type Taiwanese

Take Screenshots with Selenium in Go

Tcpdump Usage Summary

Terraform Getting Started Notes

Terraform Provider Development Notes

Test Whether a Server Is Vulnerable to Shellshock Bug

The Art of Command Line

The One Billion Row Challenge in Go: from 1m45s to 3.4s in nine solutions

TIL: timeout in Bash scripts

Top 25 Nginx Tips and Tricks From Practical Experience

Tracking SQLite Database Changes in Git

Trellis Ansible Bad Interpreter Error

Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes

Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes

Uncle Joe teaches Elastic - 30 - Elasticsearch optimization tips (4/4) - Shard optimization management

Understand the crypto trio: Encode, Encrypt, and Hash

Understanding Cilium Series (1): Introduction to Cilium

Upgrade database failed after ugrade to Zabbix 5...

Use Go Fuzzing to Write More Complete Unit Tests

Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps

Use Nginx and mod_pagespeed to Convert Images to WebP on the Fly

Use terminal and SSH to remote host

Using Python for multimedia: video, audio, and images

Using Vagrant to Deploy Multiple VMs on vSphere

Using Vim as a Diff Tool

Vagrantfile and Provider

Vim Tips - Edit Remote Files With Vim On Linux

vimrc Configuration Guide

VSCode Integration with DevSpace for Debugging!

WebP Cloud uses Cloudflare Workers to fetch content from the origin server in order to protect the origin server and start providing origin fetch time information.

What does `< <(command args)` mean in the shell?

What Happened To WebAssembly

What happens after you type a URL in the browser and press Enter?

What is the SHA256 that comes on the sshd entry in auth.log?

What the f*ck Python! 🐍

What to Do With Long Strings in YAML?

Why are QR Codes with capital letters smaller than QR codes with lower-case letters?

Why do browser user-agent strings always include Mozilla/5.0?

Why is this running?

Windows SSH Setup

WSL 2 .wslconfig configuration explained

Yongling Foundation AI Forum: How AI Shapes the Future of Humanity

Zsh Config Files and Priority

Zsh tab-completion not working

一張圖學會【拼音輸入法】

朋友旅行防止絕交檢查表

設定 Haproxy 以防止 DDOS 攻擊

Ricky Lin

Sunday, March 15, 2026

Tools

tirith: Tirith guards the gate and intercepts suspicious URLs, ANSI injection, and pipe-to-shell attacks before they execute.
subtrace: Inspect HTTP requests in any server with just a single command.
prek: ⚡ Better pre-commit, re-engineered in Rust
sandbox-exec: macOS’s Little-Known Command-Line Sandboxing Tool
babyshark: Flows-first PCAP TUI (case files, gorgeous UX).
llmfit: A terminal tool that right-sizes LLM models to your system’s RAM, CPU, and GPU. Detects your hardware, scores each model across quality, speed, fit, and context dimensions, and tells you which ones will actually run well on your machine.

sandbox-exec(Deprecated)

sandbox-exec -f profile.sb command_to_run

example

Sandboxed Terminal Session

# Create terminal-sandbox.sb:
(version 1)
(allow default)
(deny network*)
(deny file-read-data (regex "^/Users/[^/]+/(Documents|Pictures|Desktop)"))

# Run a sandboxed terminal
sandbox-exec -f terminal-sandbox.sb zsh

Using Pre-built System Profiles

macOS includes several pre-built sandbox profiles in /System/Library/Sandbox/Profiles

# Run a command with the system's no-network profile
sandbox-exec -f /System/Library/Sandbox/Profiles/weatherd.sb command

debugging

Using the Console App

Open Console.app (Applications → Utilities → Console)
Search for “sandbox” and your application name
Look for lines containing “deny” to identify blocked operations
Using Terminal for Real-time Logs
1. For real-time monitoring of sandbox violations: log stream --style compact --predicate 'sender=="Sandbox"'
2. To filter for a specific application: log stream --style compact --predicate 'sender=="Sandbox" and eventMessage contains "python"'

advanced

Creating a Sandbox Alias

but did the same for UI applications it didn’t work for some reason
sandbox-no-network /Applications/Firefox.app/Contents/MacOS/firefox

# Add to ~/.zshrc or ~/.bash_profile
alias sandbox-no-network='sandbox-exec -p "(version 1)(allow default)(deny network*)"'

# Then use it as:
sandbox-no-network curl -v https://google.com

Importing Existing Profiles

(version 1)
(import "/System/Library/Sandbox/Profiles/bsd.sb")
(deny network*)  # Add additional restrictions

Improve this page

TIL: timeout in Bash scripts

Top 25 Nginx Tips and Tricks From Practical Experience

Table of Contents