Linux

Articles

SingleFlight macOS 奇怪的安全扫码机制 Agentic Design Patterns 你不知道的 Claude Code：架构、治理与工程实践你不知道的 Agent：原理、架构与工程实践 rtk: CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies difftastic: a structural diff that understands syntax I Ditched Elasticsearch for Meilisearch. Here’s What Nobody Tells You. 策展島嶼的深度敘事: https://github.com/frank890417/taiwan-md Linux 中网络包的一生 Gitingest: Turn any Git repository into a prompt-friendly text ingest for LLMs. 7 More Common Mistakes in Architecture Diagrams Use Cases Superpowers: Superpowers is a complete software development workflow for your coding agents, built on top of a set of composable “skills” and some initial instructions that make sure your agent uses them. everything-claude-code: The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond. Agency Agents: A complete AI agency at your fingertips - From frontend wizards to Reddit community ninjas, from whimsy injectors to reality checkers. Each agent is a specialized expert with personality, processes, and proven deliverables. MiroFish: A Simple and Universal Swarm Intelligence Engine, Predicting Anything. Lightpanda Browser: the headless browser designed for AI and automation Anatomy of the .claude/ Folder Cocoa-Way: Native macOS Wayland Compositor written in Rust using Smithay. Experience seamless Linux app streaming on macOS without XQuartz. Pretext: Fast, accurate & comprehensive text measurement & layout Ghostmoon.app: A Swiss Army Knife for your macOS menu bar CodingFont: A game to help you pick a coding font The Git Commands I Run Before Reading Any Code Winhance: Application designed to optimize, customize and enhance your Windows experience. Native Instant Space Switching on MacOS FluidCAD: Write CAD models in JavaScript. See the result in real time. Awesome DESIGN.md: Copy a DESIGN.md into your project, tell your AI agent “build me a page that looks like this” and get pixel-perfect UI that actually matches. graphify: AI coding assistant skill (Claude Code, Codex, OpenCode, Cursor, Gemini CLI, GitHub Copilot CLI, OpenClaw, Factory Droid, Trae, Google Antigravity). Turn any folder of code, docs, papers, images, or videos into a queryable knowledge graph SingleFlight package analyzer import ( "context" "sync" "golang.org/x/sync/singleflight" "github.com/nathan/stock_bot/internal/storage" ) type AnalysisService struct { genai *GenAIClient d1Client *storage.D1Client stockCache map[string]*StockAnalysisResult mu sync.RWMutex sf singleflight.Group } func (s *AnalysisService) analyzeStock(ctx context.Context, code, name string) (*StockAnalysisResult, error) { // 1. 第一層防護：檢查記憶體快取 (L1 Cache) s.mu.RLock() if result, ok := s.stockCache[code]; ok { s.mu.RUnlock() return result, nil } s.mu.RUnlock() // 2. 第二層防護：Singleflight (請求合併) key := "stock:" + code v, err, _ := s.sf.Do(key, func() (interface{}, error) { // 3. 執行昂貴的邏輯 (DB + Gemini API) result, err := s.doAnalyzeStock(ctx, code, name) if err != nil { return nil, err } // 4. 寫入快取 (務必在 singleflight 內部完成，防止下一波瞬間擊穿) s.mu.Lock() s.stockCache[code] = result s.mu.Unlock() return result, nil }) if err != nil { return nil, err } return v.(*StockAnalysisResult), nil } func (s *AnalysisService) doAnalyzeStock(ctx context.Context, code, name string) (*StockAnalysisResult, error) { // 建立一個子 Context 用於內部的多個非同步任務 g, ctx := errgroup.WithContext(ctx) var dbData string var aiResult string // 任務 1：查資料庫 g.Go(func() error { // 隨時檢查 Context 是否已取消 select { case <-ctx.Done(): return ctx.Err() default: // 模擬資料庫查詢 dbData = "Historical Data" return nil } }) // 任務 2：呼叫 Gemini API g.Go(func() error { // 將 ctx 傳入 API 客戶端，讓它能跟隨整體的超時控制 res, err := s.genai.Generate(ctx, "Analyze this: "+code) if err != nil { return err } aiResult = res return nil }) // 等待所有任務完成或其中一個出錯 if err := g.Wait(); err != nil { return nil, err } return &StockAnalysisResult{Data: dbData, Analysis: aiResult}, nil } func (s *AnalysisService) analyzeStockWithMetrics(ctx context.Context, code string) (*StockAnalysisResult, error) { key := "stock:" + code v, err, shared := s.sf.Do(key, func() (interface{}, error) { return s.doAnalyzeStock(ctx, code, "Name") }) // 紀錄監控指標：分辨是「原始呼叫」還是「共享結果」 status := "original" if shared { status = "shared" } s.sfCounter.Add(ctx, 1, metric.WithAttributes( attribute.String("stock_code", code), attribute.String("type", status), )) if err != nil { return nil, err } return v.(*StockAnalysisResult), nil } macOS 奇怪的安全扫码机制 # 查看最近的 syspolicyd 扫描记录 log show --predicate 'subsystem == "com.apple.syspolicy.exec"' --last 5m --style compact | grep performScan System Settings → Privacy & Security → Full Disk Access，给 VS Code 完全磁盘访问权限有效

Wednesday, April 15, 2026 Read

How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance

How to Install Fedora Linux on Surface Go 2 to Boost Entry-Level Tablet Performance Surface Go 2 (Intel Pentium 4425Y, 4G/64G) WiFi edition For Surface Go 2 hardware support, see this GitHub table: Supported Devices and Features Create a Linux boot drive Download the ISO from the Fedora KDE official site. Use Ventoy to create a boot drive. Surface Go 2 only has Type-C ports, so you may need a hub. It cannot boot from an SD card. Install Linux Shut down the Surface Go 2. Hold the power button and volume up to enter UEFI. The interface is touch-capable, but you may still need a physical keyboard for installation. Fedora supports Secure Boot, but it is recommended to disable it to avoid manual signing when installing drivers. Set the boot order to the USB drive. Boot and follow the installer. Choose to wipe the disk and install Fedora. For Chinese input, install Fcitx5: sudo dnf install fcitx5 fcitx5-chewing fcitx5-gtk3 fcitx5-gtk4 fcitx5-qt fcitx5-qt6 fcitx5-configtool Tip: Fedora enables zRAM by default. If the Surface Go has limited RAM, edit /etc/systemd/zram-generator.conf to increase SWAP size (MB). [zram0] zram-size = 8192 Install the linux-surface kernel Follow the GitHub instructions. On Fedora, add the linux-surface repo to the system: sudo dnf config-manager addrepo --from-repofile=https://pkg.surfacelinux.com/fedora/linux-surface.repo Install the linux-surface kernel and reboot: sudo dnf install --allowerasing kernel-surface iptsd libwacom-surface Use uname -a to verify the kernel is switched; it should show linux-surface. Fedora updates kernels frequently, so new kernels may override the linux-surface kernel. After installing the linux-surface packages, the linux-surface-default-watchdog.path service is enabled automatically to ensure linux-surface is used on boot. Using the virtual keyboard on KDE Enable it in System Settings → Keyboard → Virtual Keyboard. Note that this keyboard cannot be used with Fcitx5.

Thursday, December 11, 2025 Read

Mosdns-X

Mosdns-X Make DNS faster and cleaner on Linux: Deploy Mosdns-X install bash <(curl -sL https://raw.githubusercontent.com/lidebyte/bashshell/refs/heads/main/mosdns-x-manager.sh) config sudo tee /etc/mosdns-x/config.yaml > /dev/null <<'EOF' # mosdns-x concurrent query (no split routing) config log: level: info file: /var/log/mosdns-x/mosdns-x.log plugins: # Cache plugin - tag: cache type: cache args: size: 1024 lazy_cache_ttl: 1800 # Concurrent upstreams: take the first usable answer - tag: forward_all type: fast_forward args: upstream: # AliDNS - addr: "udp://223.5.5.5" - addr: "tls://dns.alidns.com" # DNSPod / doh.pub - addr: "udp://119.29.29.29" - addr: "tls://dot.pub" # Cloudflare - addr: "udp://1.1.1.1" - addr: "tls://cloudflare-dns.com" # Google - addr: "udp://8.8.8.8" - addr: "tls://dns.google" # Main pipeline: small cache -> concurrent selection - tag: main type: sequence args: exec: - cache - forward_all # Listen on dual-stack UDP/TCP 53 servers: - exec: main listeners: - addr: :53 protocol: udp - addr: :53 protocol: tcp EOF systemd sudo tee /etc/systemd/system/mosdns.service > /dev/null <<'EOF' [Unit] Description=Mosdns-X DNS Accelerator After=network.target [Service] Type=simple User=root Group=root ExecStart=/usr/local/bin/mosdns-x start --as-service -d /usr/local/bin -c /etc/mosdns-x/config.yaml Restart=always RestartSec=5 StandardOutput=journal StandardError=journal SyslogIdentifier=mosdns [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable --now mosdns # Backup system DNS sudo cp -n /etc/resolv.conf /etc/resolv.conf.mosdns-backup # Switch to local Mosdns-X echo -e "nameserver 127.0.0.1\noptions edns0" | sudo tee /etc/resolv.conf # If port 53 is occupied by systemd-resolved, disable it sudo systemctl disable --now systemd-resolved 2>/dev/null || true # If you also want to lock it (prevent DHCP changes), run chattr too: echo -e "nameserver 127.0.0.1\n" > /etc/resolv.conf && chattr +i /etc/resolv.conf # Check process status sudo systemctl status mosdns --no-pager # Test resolution speed (second run should hit cache) dig +stats www.google.com dig +stats www.baidu.com # View logs in real time tail -f /var/log/mosdns-x/mosdns-x.log

Sunday, November 9, 2025 Read

Docker Containers Can't Access the Internet? NAT Configuration Guide for nftables

Docker Containers Can’t Access the Internet? NAT Configuration Guide for nftables

Wednesday, September 3, 2025 Read

Dedicated Server CPU Frequency Maximization Guide

Dedicated Server CPU Frequency Maximization Guide Check which CPU mode is in use Prerequisites System: Linux (Debian, Ubuntu, Proxmox, etc.) Privileges: root CPU: supports dynamic frequency scaling (Intel Xeon, AMD EPYC / Ryzen, etc.) governor cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor powersave: low-power mode (locked low frequency, power-saving but weak) ondemand: on-demand boost (only boosts when needed, may respond a bit slowly) performance: full performance (this is what we want) Check which driver the kernel uses (Intel / AMD) cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver

Tuesday, September 2, 2025 Read

Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps

Use LinuxServer.io Docker Images to Turn Desktop Apps into Web Apps LinuxServer.io Official Site

Friday, August 1, 2025 Read

Lightweight Linux Distributions For Older PCs

lightweight-linux-distributions-for-your-pc Name Site Comment Puppy Linux https://puppylinux-woof-ce.github.io/ This tiny OS weighs in at under 300MB, so it can run smoothly even on systems with as little as 512MB of RAM. Bodhi Linux https://www.bodhilinux.com/ System requirements are just 512MB of RAM and a 500MHz processor. Peppermint OS https://peppermintos.com/ It only needs 512MB of RAM to run, so it will fly on that Pentium 4 machine or Core 2 Duo laptop you have stashed in your closet. While Peppermint OS is light on local resources, it integrates well with cloud and web apps. The OS builds in close integration with services like Dropbox, Google Drive, and more. AntiX https://antixlinux.com/ AntiX is designed to run on systems with as little as 64MB of RAM and a Pentium II processor. Lubuntu https://lubuntu.me/ Lubuntu will run smoothly on computers with as little as 512 MB of RAM and a 1 GHz processor.

Tuesday, August 20, 2024 Read

Add SFTP user and share directory

Add SFTP user and share directory dev_test_user, qa_test_user 同權限 dev_user, qa_user 同權限 1. 建立共享資料夾(SFTP 使用的資料夾) sudo mkdir -p /home/{test,prod}/{exchange,upload} sudo mkdir -p /home/{test,prod}/exchange/success sudo mkdir -p /home/{test,prod}/upload/backup 2. 建立使用者群組 sudo groupadd share01-test sudo groupadd share01-prod 3. 創建 qa_test_user 使用者並設定 qa_test_user 使用者的群組為 share01-test sudo useradd -m -G share01-test qa_test_user # 設定 dev_test_user 使用者的群組為 share01-test sudo usermod -G share01-test dev_test_user # 設定密碼 sudo passwd qa_test_user 4. 創建 qa_user 使用者並設定 qa_user 使用者的群組為 share01-prod sudo useradd -m -G share01-prod qa_user # 設定 dev_user 使用者的群組為 share01-prod sudo usermod -G share01-prod dev_user # 設定密碼 sudo passwd qa_user 5. 設定權限 # 設定 /home/test 資料夾(含下級資料夾)的使用者為 qa_test_user，群組為 share01-test sudo chown -R qa_test_user:share01-test test/ # 設定 /home/prod 資料夾(含下級資料夾)的使用者為 qa_user，群組為 share01-prod sudo chown -R qa_user:share01-prod prod/ # SFTP 登入資料夾權限要給 root sudo chown root:root /home/test sudo chown root:root /home/prod 6. 設定 /etc/ssh/sshd_config /etc/ssh/sshd_config

Thursday, November 30, 2023 Read

Container security fundamentals

Container security fundamentals: Exploring containers as processes Container security fundamentals part 2: Isolation & namespaces Container security fundamentals part 3: Capabilities Container security fundamentals part 4: Cgroups Container security fundamentals part 5: AppArmor and SELinux Container security fundamentals part 6: seccomp

Wednesday, October 4, 2023 Read

Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes

Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes Performance Tuning (Linux) 矽谷牛的耕田筆記 Linux Kernel Tuning node level, basically the non-namespaced sysctls # Sets the maximum number of file handles allowed by the kernel sysctl -w fs.file-max=2097152 # Sets the maximum number of open file descriptors that a process can have sysctl -w fs.nr_open=2097152 namespaced sysctls # Sets the maximum number of connections that can be queued for acceptance by the kernel. sysctl -w net.core.somaxconn=32768 # Sets the maximum number of SYN requests that can be queued by the kernel sysctl -w net.ipv4.tcp_max_syn_backlog=16384 # Setting the minimum, default and maximum size of TCP Buffer sysctl -w net.ipv4.tcp_rmem='1024 4096 16777216' sysctl -w net.ipv4.tcp_wmem='1024 4096 16777216' # Setting Parameters for TCP Connection Tracking sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait=30 # Controls the maximum number of entries in the TCP time-wait bucket table sysctl -w net.ipv4.tcp_max_tw_buckets=1048576 # Controls Timeout for FIN-WAIT-2 Sockets: sysctl -w net.ipv4.tcp_fin_timeout=15 There are some more namespaced sysctls that will improve the performance but because of an active issue we are not able to set them on the container level # Sets the size of the backlog queue for the network device sysctl -w net.core.netdev_max_backlog=16384 # Amount of memory that is allocated for storing incoming and outgoing data for a socket sysctl -w net.core.rmem_default=262144 sysctl -w net.core.wmem_default=262144 # Setting the maximum amount of memory for the socket buffers sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.core.optmem_max=16777216 Erlang VM Tuning ## Erlang Process Limit node.process_limit = 2097152 ## Sets the maximum number of simultaneously existing ports for this system node.max_ports = 2097152 EMQX Broker Tuning # Other configuration… EMQX_LISTENER__TCP__EXTERNAL: "0.0.0.0:1883" EMQX_LISTENER__TCP__EXTERNAL__ACCEPTORS: 64 EMQX_LISTENER__TCP__EXTERNAL__MAX_CONNECTIONS: 1024000

Wednesday, September 27, 2023 Read

Everything About MTU and MSS

Wednesday, April 12, 2023 Read

How to Detect RAID Information in Linux

How to Detect RAID Information in Linux lspci lspci | grep RAID 00:1f.2 RAID bus controller: Intel Corporation 82801 Mobile SATA Controller [RAID mode] (rev 04) lshw lshw -class storage *-raid description: RAID bus controller product: 82801 Mobile SATA Controller [RAID mode] vendor: Intel Corporation physical id: 1f.2 bus info: pci@0000:00:1f.2 logical name: scsi0 version: 04 width: 32 bits clock: 66MHz capabilities: raid msi pm bus_master cap_list emulated configuration: driver=ahci latency=0 resources: irq:26 ioport:f0d0(size=8) ioport:f0c0(size=4) ioport:f0b0(size=8) ioport:f0a0(size=4) ioport:f060(size=32) memory:f7e36000-f7e367ff smartctl dmesg | grep -i scsi [ 0.210852] SCSI subsystem initialized [ 0.341280] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) ... [ 1.213299] scsi 0:0:0:0: Direct-Access ATA ST320LT012-9WS14 YAM1 PQ: 0 ANSI: 5 [ 1.319886] sd 0:0:0:0: [sda] Attached SCSI disk [ 19.571008] sd 0:0:0:0: Attached scsi generic sg0 type 0 smartctl --all /dev/sda Model Family: Seagate Laptop HDD Device Model: ST320LT012-9WS14C Serial Number: S0V3R9LL LU WWN Device Id: 5 000c50 05be4653c Firmware Version: 0001YAM1 User Capacity: 320,072,933,376 bytes [320 GB] Sector Sizes: 512 bytes logical, 4096 bytes physical Rotation Rate: 5400 rpm Form Factor: 2.5 inches Device is: In smartctl database 7.3/5319 ATA Version is: ATA8-ACS T13/1699-D revision 4 SATA Version is: SATA 2.6, 3.0 Gb/s (current: 3.0 Gb/s) Local Time is: Sat Nov 19 20:52:01 2022 PKT SMART support is: Available - device has SMART capability. SMART support is: Enabled ... MegaCLI megacli -LDInfo -Lall -aALL Adapter 0 -- Virtual Drive Information: Virtual Drive: 0 (Target Id: 0) Name : SEAGATE RAID Level : Primary-1, Secondary-0, RAID Level Qualifier-0 Size : 320 GB Sector Size : 512 Mirror Data : 320 GB State : Optimal ... lsscsi lsscsi [0:0:0:0] disk ATA ST320LT012-9WS14 YAM1 /dev/sda Vendor-Specific Tools omreport storage vdisk List of Virtual Disks in the System Controller SEAGATE Laptop HDD ID : 0 Status : Ok Name : SEAGATE State : Ready Hot Spare Policy violated : Not Assigned Encrypted : No Layout : RAID-0 Size : 320.00 GB (343597383680 bytes) T10 Protection Information Status : No Associated Fluid Cache State : Not Applicable Device Name : /dev/sda Bus Protocol : ATA Media : HDD Read Policy : Adaptive Read Ahead Write Policy : Write Back Cache Policy : Not Applicable Stripe Element Size : 128 KB Disk Cache Policy : Enabled

Monday, November 28, 2022 Read