Links

Convert your codebase into a single LLM prompt.

Thursday, December 11, 2025 Read

How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance

How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance Surface Go 2 (Intel Pentium 4425Y, 4G/64G) WiFi edition For Surface Go 2 hardware support, see this GitHub table: Supported Devices and Features Create a Linux boot drive Download the ISO from the Fedora KDE official site. Use Ventoy to create a boot drive. Surface Go 2 only has Type-C ports, so you may need a hub. It cannot boot from an SD card. Install Linux Shut down the Surface Go 2. Hold the power button and volume up to enter UEFI. The interface is touch-capable, but you may still need a physical keyboard for installation. Fedora supports Secure Boot, but it is recommended to disable it to avoid manual signing when installing drivers. Set the boot order to the USB drive. Boot and follow the installer. Choose to wipe the disk and install Fedora. For Chinese input, install Fcitx5: sudo dnf install fcitx5 fcitx5-chewing fcitx5-gtk3 fcitx5-gtk4 fcitx5-qt fcitx5-qt6 fcitx5-configtool Tip: Fedora enables zRAM by default. If the Surface Go has limited RAM, edit /etc/systemd/zram-generator.conf to increase SWAP size (MB). [zram0] zram-size = 8192 Install the linux-surface kernel Follow the GitHub instructions. On Fedora, add the linux-surface repo to the system: sudo dnf config-manager addrepo --from-repofile=https://pkg.surfacelinux.com/fedora/linux-surface.repo Install the linux-surface kernel and reboot: sudo dnf install --allowerasing kernel-surface iptsd libwacom-surface Use uname -a to verify the kernel is switched; it should show linux-surface. Fedora updates kernels frequently, so new kernels may override the linux-surface kernel. After installing the linux-surface packages, the linux-surface-default-watchdog.path service is enabled automatically to ensure linux-surface is used on boot. Using the virtual keyboard on KDE Enable it in System Settings → Keyboard → Virtual Keyboard. Note that this keyboard cannot be used with Fcitx5.

Thursday, December 11, 2025 Read

VSCode Integration with DevSpace for Debugging!

VSCode Integration with DevSpace for Debugging! DevSpace Install required tools 📦 # Check Go version go version # Install the Delve debugger go install github.com/go-delve/delve/cmd/dlv@latest # Check DevSpace version devspace version # Install VSCode Go extensions code --install-extension golang.go code --install-extension devspace.devspace Project structure design 📁 . ├── cmd │ └── main.go ├── devspace.yaml ├── Dockerfile.dev ├── Dockerfile.prod ├── go.mod ├── go.sum ├── internal │ ├── handler.go │ ├── model.go │ └── service.go ├── k8s │ └── dev │ ├── deployment.yaml │ └── service.yaml ├── main └── start-dev.sh Prepare the Go application 🚀 First, build a simple but practical Go application with a few API endpoints so you can test breakpoints.

Wednesday, December 10, 2025 Read

Harden a Server with Fail2Ban + nftables

Monday, December 8, 2025 Read

parqeye

parqeye install methods cargo install parqeye brew install kaushiksrini/parqeye/parqeye

Tuesday, November 18, 2025 Read

Mosdns-X

Mosdns-X Make DNS faster and cleaner on Linux: Deploy Mosdns-X install bash <(curl -sL https://raw.githubusercontent.com/lidebyte/bashshell/refs/heads/main/mosdns-x-manager.sh) config sudo tee /etc/mosdns-x/config.yaml > /dev/null <<'EOF' # mosdns-x concurrent query (no split routing) config log: level: info file: /var/log/mosdns-x/mosdns-x.log plugins: # Cache plugin - tag: cache type: cache args: size: 1024 lazy_cache_ttl: 1800 # Concurrent upstreams: take the first usable answer - tag: forward_all type: fast_forward args: upstream: # AliDNS - addr: "udp://223.5.5.5" - addr: "tls://dns.alidns.com" # DNSPod / doh.pub - addr: "udp://119.29.29.29" - addr: "tls://dot.pub" # Cloudflare - addr: "udp://1.1.1.1" - addr: "tls://cloudflare-dns.com" # Google - addr: "udp://8.8.8.8" - addr: "tls://dns.google" # Main pipeline: small cache -> concurrent selection - tag: main type: sequence args: exec: - cache - forward_all # Listen on dual-stack UDP/TCP 53 servers: - exec: main listeners: - addr: :53 protocol: udp - addr: :53 protocol: tcp EOF systemd sudo tee /etc/systemd/system/mosdns.service > /dev/null <<'EOF' [Unit] Description=Mosdns-X DNS Accelerator After=network.target [Service] Type=simple User=root Group=root ExecStart=/usr/local/bin/mosdns-x start --as-service -d /usr/local/bin -c /etc/mosdns-x/config.yaml Restart=always RestartSec=5 StandardOutput=journal StandardError=journal SyslogIdentifier=mosdns [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable --now mosdns # Backup system DNS sudo cp -n /etc/resolv.conf /etc/resolv.conf.mosdns-backup # Switch to local Mosdns-X echo -e "nameserver 127.0.0.1\noptions edns0" | sudo tee /etc/resolv.conf # If port 53 is occupied by systemd-resolved, disable it sudo systemctl disable --now systemd-resolved 2>/dev/null || true # If you also want to lock it (prevent DHCP changes), run chattr too: echo -e "nameserver 127.0.0.1\n" > /etc/resolv.conf && chattr +i /etc/resolv.conf # Check process status sudo systemctl status mosdns --no-pager # Test resolution speed (second run should hit cache) dig +stats www.google.com dig +stats www.baidu.com # View logs in real time tail -f /var/log/mosdns-x/mosdns-x.log

Sunday, November 9, 2025 Read

go-synctest

go-synctest func TestAfterFunc(t *testing.T) { synctest.Test(t, func(*testing.T) { ctx, cancel := context.WithCancel(context.Background()) called := false context.AfterFunc(ctx, func() { called = true }) synctest.Wait() // Wait until all goroutines are blocked if called { t.Fatal("AfterFunc was called before cancel") } cancel() synctest.Wait() // Wait again if !called { t.Fatal("AfterFunc was not called after cancel") } }) }

Friday, November 7, 2025 Read

onion-mirror

onion-mirror Install Tor sudo apt update sudo apt install tor Configure Tor # Disable SOCKS proxy since we aren't making outbound connections # through Tor SocksPort 0 # Make sure Tor runs as a daemon (i.e. in the background) RunAsDaemon 1 # Setup the hidden service on port 80, this is where we tell Tor to # create a .onion service for our web server HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 # Disable inbound connections, since we aren't running a relay or # exit node ORPort 0 # Disable directory services, since we won't be mirroring directory # information to other Tor nodes DirPort 0 sudo systemctl restart tor Get Your .onion Address sudo cat /var/lib/tor/hidden_service/hostname Configure Caddy http://jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion:80 { # Set up a reverse proxy, or serve static files, etc. } Advertise Your .onion Address header { Onion-Location http://jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion{uri} }

Thursday, October 30, 2025 Read

NGINX Native ACME Support: Rethinking TLS Automation from the Ground Up

NGINX Native ACME Support: Rethinking TLS Automation from the Ground Up ngx_http_acme_module NGINX 1.25.1 Pre-install # Install build tools and NGINX dependencies on Debian/Ubuntu sudo apt update sudo apt install build-essential libpcre3-dev zlib1g-dev libssl-dev pkg-config libclang-dev git -y # Install the Rust toolchain (cargo and rustc) curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh source $HOME/.cargo/env mkdir -pv /app/nginx/{logs,conf,cache, acme} /app/nginx-build cd /app/nginx-build # Clone the ACME module source git clone https://github.com/nginx/nginx-acme.git /app/nginx-build/nginx-acme # Or # git clone git@github.com:nginx/nginx-acme.git /app/nginx-build/nginx-acme # Download the NGINX source (replace with the version you need) wget https://nginx.org/download/nginx-1.28.0.tar.gz tar -zxf nginx-1.28.0.tar.gz Compile cd nginx-1.28.0 ./configure \ --prefix=/app/nginx \ --error-log-path=/app/nginx/error.log \ --http-log-path=/app/nginx/access.log \ --pid-path=/app/nginx/nginx.pid \ --lock-path=/app/nginx/nginx.lock \ --http-client-body-temp-path=/app/nginx/cache/client_temp \ --http-proxy-temp-path=/app/nginx/cache/proxy_temp \ --http-fastcgi-temp-path=/app/nginx/cache/fastcgi_temp \ --http-uwsgi-temp-path=/app/nginx/cache/uwsgi_temp \ --http-scgi-temp-path=/app/nginx/cache/scgi_temp \ --user=nginx \ --group=nginx \ --with-compat \ --with-file-aio \ --with-threads \ --with-http_addition_module \ --with-http_auth_request_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_mp4_module \ --with-http_random_index_module \ --with-http_realip_module \ --with-http_secure_link_module \ --with-http_slice_module \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_sub_module \ --with-http_v2_module \ --with-http_v3_module \ --with-mail \ --with-mail_ssl_module \ --with-stream \ --with-stream_realip_module \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-cc-opt='-g -O2 -ffile-prefix-map=/home/builder/debuild/nginx-1.28.0/debian/debuild-base/nginx-1.28.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' \ --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' \ --add-dynamic-module=/app/nginx-build/nginx-acme make && \ make modules && \ make install # Run the configure script; the key is --add-dynamic-module # Note: include all existing NGINX build flags; see nginx -V # Build the module; note it is make modules, not make install Config # /app/nginx/conf/nginx.conf user nginx; error_log error.log debug; pid nginx.pid; load_module modules/ngx_http_acme_module.so; events { worker_connections 1024; multi_accept on; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$host" "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log access.log main; sendfile on; tcp_nopush on; charset utf-8; keepalive_timeout 65; gzip on; resolver 8.8.8.8 1.1.1.1; # Define an ACME issuer instance named letsencrypt acme_issuer letsencrypt { # Set the ACME directory URL; this is Let's Encrypt production uri https://acme-v02.api.letsencrypt.org/directory; # Provide a contact email for CA notices (e.g., expiration) contact mailto:security-alerts@aidig.co; # State file path for ACME account key material state_path acme/letsencrypt; # Accept the terms of service; required for Let's Encrypt accept_terms_of_service; } # Optional acme_shared_zone stores certs, keys, and challenges for issuers. # Default size is 256K; increase as needed. acme_shared_zone zone=acme_shared:1M; server { listen 443 ssl; server_name ssl.aidig.co; # Step 1: enable ACME for this server and select the letsencrypt issuer acme_certificate letsencrypt; # Step 2: use dynamic variables managed in memory by the ACME module ssl_certificate $acme_certificate; ssl_certificate_key $acme_certificate_key; ssl_certificate_cache max=2; # required ngx 1.27.4+ location / { default_type text/plain; return 200 'OK'; } } server { listen 80 default_server; server_name _; # ACME handles /.well-known/acme-challenge/ automatically; this is for all other requests location / { return 301 https://$host$request_uri; } } }

Monday, October 20, 2025 Read

Reduce the Chance of Home Web Services Being Reported

Reduce the Chance of Home Web Services Being Reported When a plaintext request hits an HTTPS service, Nginx returns a special 497 status code. If that happens, we want Nginx to close the connection and return no response. This requires another non-standard status code 444. Combining the two, add the following config in the server: error_page 497 @close; location @close { return 444; } Use the error_page directive to map 497 to the virtual path @close. When Nginx handles @close, it returns 444 and closes the connection.

Thursday, October 2, 2025 Read

Privacy Badger: A Free EFF Browser Extension to Block Online Tracking

Monday, September 29, 2025 Read

Containers From Scratch by Golang (feat. Liz Rice)

Containers From Scratch by Golang (feat. Liz Rice) container-from-scratch-golang As we enhance the functionality of our small program, we will explore the following topics, allowing us to create a basic simulation of a non-production container environment. UTS Namespace Chroot PID Namespace Mount Namespace Control Group Rootless Container

Wednesday, September 10, 2025 Read