2026

Articles

gstack: Use Garry Tan’s exact Claude Code setup: 23 opinionated tools that serve as CEO, Designer, Eng Manager, Release Manager, Doc Engineer, and QA Waza: Engineering habits you already know, turned into skills Claude can run. docmd: Build production-ready documentation from Markdown in seconds. talk-normal: Make any LLM talk like a normal person. A system prompt that removes AI slop. The Quiet Colossus smolvm: Tool to build & run portable, lightweight, self-contained virtual machines. MAD Bugs: “cat readme.txt” is not safe in iTerm2 https://aistupidlevel.info/ https://markdown.new/ caveman: Claude Code skill that cuts 65% of tokens by talking like caveman trellis-mac: This is a port of Microsoft’s TRELLIS.2 — a state-of-the-art image-to-3D model — from CUDA-only to Apple Silicon via PyTorch MPS. No NVIDIA GPU required. ggsql: A grammar of graphics for SQL https://lawsofsoftwareengineering.com/ VidStudio: a browser based video editor that doesn’t upload your files cal.diy: Scheduling infrastructure for absolutely everyone. RustTraining opendoas: A portable fork of the OpenBSD doas command, is a minimal replacement for the venerable sudo. compressO: Convert any video/image into a tiny size. 100% free & open-source. Available for Mac, Windows & Linux. kami: Part of a trilogy: Kaku (書く) writes code, Waza (技) drills habits, Kami (紙) delivers documents. design-md-chrome: Chrome extension to extract styles from any website and generate DESIGN.md files and design skills for AI based on TypeUI 佐enter 成人碎牛皮手套 localsend: An open-source cross-platform alternative to AirDrop GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems. Warp is an agentic development environment, born out of the terminal. Just the Browser: Remove AI features, telemetry data reporting, sponsored content, product integrations, and other annoyances from web browsers. Copy Fail: CVE-2026-31431 MAD Bugs: “cat readme.txt” is not safe in iTerm2 The core bug The bug is a trust failure. iTerm2 accepts the SSH conductor protocol from terminal output that is not actually coming from a trusted, real conductor session. In other words, untrusted terminal output can impersonate the remote conductor.

Thursday, April 30, 2026 閱讀

Articles

SingleFlight macOS 奇怪的安全扫码机制 Agentic Design Patterns 你不知道的 Claude Code：架构、治理与工程实践你不知道的 Agent：原理、架构与工程实践 rtk: CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies difftastic: a structural diff that understands syntax I Ditched Elasticsearch for Meilisearch. Here’s What Nobody Tells You. 策展島嶼的深度敘事: https://github.com/frank890417/taiwan-md Linux 中网络包的一生 Gitingest: Turn any Git repository into a prompt-friendly text ingest for LLMs. 7 More Common Mistakes in Architecture Diagrams Use Cases Superpowers: Superpowers is a complete software development workflow for your coding agents, built on top of a set of composable “skills” and some initial instructions that make sure your agent uses them. everything-claude-code: The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond. Agency Agents: A complete AI agency at your fingertips - From frontend wizards to Reddit community ninjas, from whimsy injectors to reality checkers. Each agent is a specialized expert with personality, processes, and proven deliverables. MiroFish: A Simple and Universal Swarm Intelligence Engine, Predicting Anything. Lightpanda Browser: the headless browser designed for AI and automation Anatomy of the .claude/ Folder Cocoa-Way: Native macOS Wayland Compositor written in Rust using Smithay. Experience seamless Linux app streaming on macOS without XQuartz. Pretext: Fast, accurate & comprehensive text measurement & layout Ghostmoon.app: A Swiss Army Knife for your macOS menu bar CodingFont: A game to help you pick a coding font The Git Commands I Run Before Reading Any Code Winhance: Application designed to optimize, customize and enhance your Windows experience. Native Instant Space Switching on MacOS FluidCAD: Write CAD models in JavaScript. See the result in real time. Awesome DESIGN.md: Copy a DESIGN.md into your project, tell your AI agent “build me a page that looks like this” and get pixel-perfect UI that actually matches. graphify: AI coding assistant skill (Claude Code, Codex, OpenCode, Cursor, Gemini CLI, GitHub Copilot CLI, OpenClaw, Factory Droid, Trae, Google Antigravity). Turn any folder of code, docs, papers, images, or videos into a queryable knowledge graph SingleFlight package analyzer import ( "context" "sync" "golang.org/x/sync/singleflight" "github.com/nathan/stock_bot/internal/storage" ) type AnalysisService struct { genai *GenAIClient d1Client *storage.D1Client stockCache map[string]*StockAnalysisResult mu sync.RWMutex sf singleflight.Group } func (s *AnalysisService) analyzeStock(ctx context.Context, code, name string) (*StockAnalysisResult, error) { // 1. 第一層防護：檢查記憶體快取 (L1 Cache) s.mu.RLock() if result, ok := s.stockCache[code]; ok { s.mu.RUnlock() return result, nil } s.mu.RUnlock() // 2. 第二層防護：Singleflight (請求合併) key := "stock:" + code v, err, _ := s.sf.Do(key, func() (interface{}, error) { // 3. 執行昂貴的邏輯 (DB + Gemini API) result, err := s.doAnalyzeStock(ctx, code, name) if err != nil { return nil, err } // 4. 寫入快取 (務必在 singleflight 內部完成，防止下一波瞬間擊穿) s.mu.Lock() s.stockCache[code] = result s.mu.Unlock() return result, nil }) if err != nil { return nil, err } return v.(*StockAnalysisResult), nil } func (s *AnalysisService) doAnalyzeStock(ctx context.Context, code, name string) (*StockAnalysisResult, error) { // 建立一個子 Context 用於內部的多個非同步任務 g, ctx := errgroup.WithContext(ctx) var dbData string var aiResult string // 任務 1：查資料庫 g.Go(func() error { // 隨時檢查 Context 是否已取消 select { case <-ctx.Done(): return ctx.Err() default: // 模擬資料庫查詢 dbData = "Historical Data" return nil } }) // 任務 2：呼叫 Gemini API g.Go(func() error { // 將 ctx 傳入 API 客戶端，讓它能跟隨整體的超時控制 res, err := s.genai.Generate(ctx, "Analyze this: "+code) if err != nil { return err } aiResult = res return nil }) // 等待所有任務完成或其中一個出錯 if err := g.Wait(); err != nil { return nil, err } return &StockAnalysisResult{Data: dbData, Analysis: aiResult}, nil } func (s *AnalysisService) analyzeStockWithMetrics(ctx context.Context, code string) (*StockAnalysisResult, error) { key := "stock:" + code v, err, shared := s.sf.Do(key, func() (interface{}, error) { return s.doAnalyzeStock(ctx, code, "Name") }) // 紀錄監控指標：分辨是「原始呼叫」還是「共享結果」 status := "original" if shared { status = "shared" } s.sfCounter.Add(ctx, 1, metric.WithAttributes( attribute.String("stock_code", code), attribute.String("type", status), )) if err != nil { return nil, err } return v.(*StockAnalysisResult), nil } macOS 奇怪的安全扫码机制 # 查看最近的 syspolicyd 扫描记录 log show --predicate 'subsystem == "com.apple.syspolicy.exec"' --last 5m --style compact | grep performScan System Settings → Privacy & Security → Full Disk Access，给 VS Code 完全磁盘访问权限有效

Wednesday, April 15, 2026 閱讀

Tools

tirith: Tirith guards the gate and intercepts suspicious URLs, ANSI injection, and pipe-to-shell attacks before they execute. subtrace: Inspect HTTP requests in any server with just a single command. prek: ⚡ Better pre-commit, re-engineered in Rust sandbox-exec: macOS’s Little-Known Command-Line Sandboxing Tool babyshark: Flows-first PCAP TUI (case files, gorgeous UX). llmfit: A terminal tool that right-sizes LLM models to your system’s RAM, CPU, and GPU. Detects your hardware, scores each model across quality, speed, fit, and context dimensions, and tells you which ones will actually run well on your machine. sandbox-exec(Deprecated) sandbox-exec -f profile.sb command_to_run

Sunday, March 15, 2026 閱讀

Links

AnyStorage: AnyStorage brings S3, R2, Backblaze B2, MinIO, and other compatible services into a single desktop workspace with a cleaner rhythm than cloud dashboards. 歹晚郎內推互助網絡 Grid: Free, Privacy-First Digital Fabrication Tools for STEM Learning Free British Accent Generator minimal: Minimal CVE Hardened container image collection Docker Hardened Images: secure, minimal, production-ready images. webr: The statistical language R compiled to WebAssembly via Emscripten, for use in web browsers and Node. Can I Run AI locally?: Find out which AI models your machine can actually run. Can’t Maintain: A “Can’t Unsee”-style training game that teaches junior React/TypeScript developers proper prop naming conventions and JSDoc documentation. Go Katas: A collection of daily coding challenges designed to help you master idiomatic Go through deliberate, repetitive practice. Paged Out!: a free experimental (one article == one page) technical magazine about programming (especially programming tricks!), hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other similar topics. Free Weather API: Open-Meteo is an open-source weather API and offers free access for non-commercial use. No API key required.

Saturday, March 14, 2026 閱讀

Articles

You don’t need Kafka: Building a message queue with only two UNIX signals It’s 2026, Just Use Postgres What canceled my Go context? Notes on Writing Wasm Go 1.26 interactive tour It’s 2026, Just Use Postgres The “Use the Right Tool” Trap You’ve heard the advice: “Use the right tool for the right job.” Sounds wise. So you end up with: Elasticsearch for search Pinecone for vectors Redis for caching MongoDB for documents Kafka for queues InfluxDB for time-series PostgreSQL for… the stuff that’s left Here’s what most people don’t realize: Postgres extensions use the same or better algorithms as specialized databases (in many cases).

Friday, March 13, 2026 閱讀

Selectively Disabling HTTP/1.0 and HTTP/1.1

Selectively Disabling HTTP/1.0 and HTTP/1.1 http { ... # Check for text-based browsers map $http_user_agent $is_text_browser { default 0; # Text-Based Browsers (not exhaustive) "~*^w3m" 1; "~*^Links" 1; "~*^ELinks" 1; "~*^lynx" 1; # Bots (not exhaustive) "~*Googlebot" 1; "~*bingbot" 1; "~*Yahoo! Slurp" 1; "~*DuckDuckBot" 1; "~*YandexBot" 1; "~*Kagibot" 1; } # Check if request is HTTP/1.X map $server_protocol $is_http1 { default 0; "HTTP/1.0" 1; "HTTP/1.1" 1; } # If Request is not text-based browser, # and is HTTP/1.X, set the http1_and_unknown variable # to 1, which is equivalent to "true" map "$is_http1:$is_text_browser" $http1_and_unknown { default 0; "1:0" 1; } ... }

Tuesday, February 3, 2026 閱讀

Go Tool Trace

淺談 Go Tool Trace - 1 淺談 Go Tool Trace - 2 Go Trace 與使用者自訂追蹤分析淺談 Go Tool Trace - 3 實際分析 Goroutine Analysis Go Tool Trace - 4 從分析到實戰：最佳化 Goroutine 數量 trace trace 是「事件時間軸」，不是「取樣統計」 go tool trace：用來看 runtime trace（執行追蹤），本質是「時間序列事件」： goroutine 的建立 / runnable / running / waiting / syscall scheduler（G/M/P）相關事件、排程延遲 blocking（net / sync / syscall）時間分佈 GC 事件、STW、heap 變化（在 trace viewer 會看到）用 pprof 是找「熱點」：誰吃 CPU / 誰 alloc 多用 trace 是找「延遲原因」：為什麼卡（排程？鎖？網路？syscall？GC？）直覺判斷：

Tuesday, January 27, 2026 閱讀

I Replaced Redis with PostgreSQL (And It's Faster)

I Replaced Redis with PostgreSQL (And It’s Faster) 在更改之前，Redis 主要處理三件事：快取（佔使用量的 70%）發布/訂閱（佔使用量的 20%）後台作業佇列（使用率 10%）痛點: 需要備份兩個資料庫 Redis 使用記憶體（規模化時成本很高） Redis 持久化機制…很複雜。 Postgres 和 Redis 之間的網路跳躍 PostgreSQL 功能 1: 使用未記錄表進行快取 Redis await redis.set("session:abc123", JSON.stringify(sessionData), "EX", 3600); PostgreSQL CREATE UNLOGGED TABLE cache ( key TEXT PRIMARY KEY, value JSONB NOT NULL, expires_at TIMESTAMPTZ NOT NULL ); CREATE INDEX idx_cache_expires ON cache(expires_at); Insert INSERT INTO cache (key, value, expires_at) VALUES ($1, $2, NOW() + INTERVAL '1 hour') ON CONFLICT (key) DO UPDATE SET value = EXCLUDED.value, expires_at = EXCLUDED.expires_at; Read SELECT value FROM cache WHERE key = $1 AND expires_at > NOW(); Cleanup (run periodically)

Monday, January 19, 2026 閱讀

臺灣台語輸入法 App 上架，即日起行動裝置也能輸入臺灣台語

臺灣台語輸入法 App 上架，即日起行動裝置也能輸入臺灣台語教育部臺灣台語輸入法 - iOS 教育部臺灣台語輸入法 - Android 「臺灣台語輸入法」除了支援拼音輸入，也提供語音輸入功能，讓使用者能透過語音轉換成文字。

Thursday, January 15, 2026 閱讀

WebAssembly 發生了什麼事

WebAssembly 發生了什麼事 Watlings

Sunday, January 11, 2026 閱讀

用 WUD 取代 Watchtower：打造可控的 Docker 自動更新方案

用 WUD 取代 Watchtower：打造可控的 Docker 自動更新方案 WUD（What’s Up Docker） services: wud: image: getwud/wud:latest container_name: wud restart: unless-stopped ports: - "3000:3000" volumes: - /var/run/docker.sock:/var/run/docker.sock - ./store:/store environment: - TZ=Asia/Shanghai # 本机 Docker watcher - WUD_WATCHER_LOCAL_SOCKET=/var/run/docker.sock # 关键：默认不监控任何容器 - WUD_WATCHER_LOCAL_WATCHBYDEFAULT=false # 每 12 小时扫描一次 - WUD_WATCHER_LOCAL_CRON=0 */12 * * * # 自动更新 + 更新后清理旧镜像 - WUD_TRIGGER_DOCKER_AUTO_PRUNE=true # 效果等同于 `watchtower --cleanup` 只監控（不自動更新） labels: - "wud.watch=true" 會出現在 WUD UI 會提示有更新不會自動重啟監控 + 自動更新（等同 Watchtower） labels: - "wud.watch=true" - "wud.trigger.include=docker.auto"

Sunday, January 11, 2026 閱讀

終端機如何運作

Friday, January 9, 2026 閱讀