今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#ux

找到 124 篇相关文章

AI 资讯

linux lab

Lab 1 – Linux Navigation & Files (20 points) Task 1 Create the following structure. /home/student/ ├── project │ ├── logs │ ├── scripts │ └── backup Requirements create all directories create app.log error.log install.sh inside correct folders. Task 2 Move app.log into backup Task 3 Delete error.log Task 4 Find install.sh using only one command. Lab 2 – Permissions (20 points) Create secret.txt Requirements Owner read/write Group read Others no access Verify permissions. Create a new user developer Switch to that user. Can the user read secret.txt Explain why. Lab 3 – Processes (20 points) Start a process Example sleep 500 Questions Find PID Kill the process Verify it stopped. Bonus Find the top five processes using the most memory. Lab 4 – Disk Space (20 points) Create a directory practice Generate a file about 100 MB. Questions How much disk space is used? How much free disk space remains? Which command shows directory size? Lab 5 – Networking (30 points) Find Your hostname private IP default gateway DNS server Ping 8.8.8.8 Questions Did it work? Ping google.com If this fails but 8.8.8.8 works, what is the problem? Display All listening ports. What service is listening on port 22? Lab 6 – Troubleshooting (40 points) Scenario 1 A user says "Internet is not working." Show the commands you would run. Expected ideas ip addr ping 8.8.8.8 ping google.com ip route cat /etc/resolv.conf Explain each step. Scenario 2 A website is down. Questions How do you verify server is running? nginx is running? port 80 is listening? firewall issue? logs? Commands should include systemctl status nginx journalctl -u nginx ss -tuln curl localhost systemctl restart nginx Scenario 3 SSH stopped working. How would you troubleshoot? Expected ping server ssh localhost systemctl status ssh ss -tulpn journalctl -xe systemctl restart ssh Lab 7 – Mixed Practical (Best Assessment) Tell students: You are the new Junior DevOps Engineer. The manager asks you to prepare a server. Complete all tasks. Ta

2026-06-26 原文 →
AI 资讯

From Root CA to User Authorization in nginx+apache. Part 2: Certificate Revocation, CRL and OCSP

A follow-up to Part 1 ( EN on LinkedIn · RU on Habr ), where we stood up a two-tier PKI: a Root CA and three intermediate CAs — Person, Server and Code. At the end of Part 1 I promised we'd learn to revoke certificates and run OCSP. That's what we'll do here. Like Part 1, this article is meant as a hands-on manual : for every command and extension we touch, there's an extended reference of the parameters you can actually use — with syntax, allowed values, defaults and gotchas. If you don't need a given option right now, just skim past the table; it's there so you don't have to dig through man later. Each section has the same shape: first the working commands for the common case, then the full parameter reference. Tested on versions. Flag names, defaults and extension syntax were verified against the official documentation of OpenSSL master , plus nginx and Apache mod_ssl. OpenSSL evolves per branch: anything marked "OpenSSL 4.0 / master" (for example the nonss qualifier on authorityKeyIdentifier ) is not yet available in the stable 3.x line. If you're on OpenSSL 3.0–3.6, double-check the disputed options with openssl <cmd> --help or your version's man before copy-pasting config. The numeric openssl verify error codes above 40 also shifted between branches — confirm them against your version's header. In this part: How a revoked certificate differs from an expired one, and why we need two mechanisms — CRL and OCSP. Adding the distribution points (CDP) and AIA to the config so issued certificates "tell" verifiers where to check them. Revoking a certificate and working with the CA database. Generating a CRL and inspecting it with openssl crl . Checking revocation with openssl verify . Running an OCSP responder: issuing its certificate, starting the daemon, querying status. Publishing the CRL and OCSP over HTTP (nginx), configuring OCSP stapling and revocation checking on the web server. All paths, file names and config sections are the same as in Part 1. Where you name

2026-06-25 原文 →
开源项目

Fixing RPM Database Desynchronization on RHEL

Recently, we encountered a case on a RHEL 9 machine where an RPM query did not show any information about installed package even though the package files were present in the filesystem. Although RPM reported that the package was not installed, I was still able to run tcpdumpcommand and use it without any issues. The binary was present there in the filesystem and I was able to run it successfully. Fixing RPM Database Desynchronization on RHEL - bidhankhatri.com.np Recently, we encountered a case on a RHEL 9 machine where an RPM query did not show any information about installed package even though the package files were present in the filesystem. bidhankhatri.com.np

2026-06-25 原文 →
AI 资讯

How we went from no-code agents to no-prompt agents

When we started Reach , the plan was simple. We had a bunch of small businesses we were already in touch with - real SMBs, the kind that live on WhatsApp and don't have a "tech team." We'd give each of them an AI agent that talks to their customers, hand them a clean starter template for the instructions, and let them tweak it from there. That was the whole bet: give people a good starting prompt and a template, and they'll play along. We were so wrong it's almost funny now. The part nobody warns you about Here's the thing about prompt engineering that you only learn by watching non-technical people try to do it: writing the instructions is not the hard part. The hard part is thinking about the task in the abstract . We'd hand a business owner an agent that mostly worked, and say "just adjust the instructions when it gets something wrong." Sounds easy. It is not. Sitting down and imagining all the ways a conversation could go, then writing rules for a machine to follow - that's a skill. It's basically a job. And it's a completely different job from running a flower shop or a real estate office. So they got stuck. They'd open the instructions editor, stare at it, and close it. The agent stayed mediocre because the iteration loop we designed required them to be part-time prompt engineers. A few of them just quietly left. That stung, but it taught us the actual problem. What "iteration" actually looked like We started doing the iterations for them, manually. And once we did that a few dozen times, a pattern jumped out. The feedback never led to an abstract change. It was never something that made us "rethink the agent's persona" or "restructure the system prompt." It was tiny, concrete, and tied to a real conversation: "It suggests all of our services, but honestly most customers only care about these three - push those." "It pulled our opening hours from the website and they're just wrong. We changed them months ago." These were one-line corrections. The owner knew ex

2026-06-24 原文 →
AI 资讯

Prototype vs MVP: How to Validate an Interactive Product Before Overengineering It

Prototype vs MVP: How to Validate an Interactive Product Before Overengineering It A common early-stage product mistake is treating development output as product validation. The team creates screens, components, integrations, API endpoints, and increasingly complex application logic. The backlog is moving. The product is growing. But the core assumption may still be untested. Before building a full MVP, a startup should be able to answer a simpler question: What exactly are we trying to validate? For some products, a clickable UI prototype is enough. For others — especially products involving real-time 3D, WebAR, WebXR, data visualization, or spatial interaction — the experience cannot be validated through static screens alone. The team may need a functional interactive prototype. Prototype and MVP solve different problems A prototype is an experiment. Its purpose is to explore the concept, test the main interaction, and expose incorrect assumptions early. An MVP is a usable product. Its purpose is to deliver real value in production conditions and test market demand. A prototype helps validate: interaction logic; product comprehension; technical feasibility; the main user flow; visual communication; investor or stakeholder response. An MVP helps validate: real usage; retention; willingness to pay; production performance; operational requirements; market demand. The distinction becomes important because prototypes and MVPs require different engineering decisions. A prototype should be focused and fast. An MVP needs a more reliable technical foundation. Building the second before learning from the first can lead to unnecessary architecture, unused features, and expensive rework. Define the hypothesis before choosing the stack Teams often begin technical discussions too early. Should we use React? Should the 3D layer be built with Three.js? Do we need WebXR support? Should the backend be serverless? These may be relevant questions, but they are not the first questions

2026-06-23 原文 →
AI 资讯

You Don't Need Kubernetes to Monitor 20 Linux VMs

If you've ever tried to set up Prometheus by following the official getting-started path, you're likely to find a path that does not follow your infrastructure model. Out of the gate, page one mentions kube-prometheus-stack. Page two wants you to install a Helm chart, and page three assumes you already have a cluster running. The documentation for monitoring plain Linux servers is in there somewhere, but you have to dig for it. When you do find it, the tone suggests you are doing something slightly old-fashioned. If that sounds like your setup, the tooling is making this harder than it actually is. Monitoring a fleet of Linux VMs is fairly simple and has been for years. It is just obscured behind documentation that would prefer to sell you something bigger. Modern infrastructure tooling has quietly decided everyone runs Kubernetes. If you don't, the assumption is that you eventually will. Meanwhile, most real-world infrastructure still runs on VMs. TL;DR: Modern observability documentation often assumes you're running Kubernetes. Most small teams aren't. If you're managing a fleet of Linux VMs, node_exporter plus Prometheus gives you everything you need for infrastructure monitoring with a single lightweight agent and a straightforward deployment model. No cluster required. VMs are often the answer For most small businesses, running VMs instead of Kubernetes does not mean you failed to evolve. Most workloads under a certain scale perform better on VMs: One process per box, predictable resource limits, and the ability to ssh in and look at what's happening, which makes it easier to keep track of the infrastructure as a whole. They're cheaper, both financially and in the mental overhead of running them. Backups and snapshots are straightforward in a way stateful Kubernetes still isn't. There's no control plane that itself needs monitoring and upgrades and care. Kubernetes solves problems that mostly pertain to companies with dozens of engineers and hundreds of service

2026-06-23 原文 →
AI 资讯

Why Your Ubuntu Laptop Lags, and How to Fix It for Free

My main work laptop is a Dell from 2017 with 8 GB of RAM. For weeks it had been crawling, freezing for whole seconds while I worked, and every so often it would simply switch itself off in the middle of a task. If you have ever lost unsaved work to a laptop that powers down on its own, you know exactly how frustrating that is. So I sat down and fixed it properly. The first thing I learned is worth saying up front: a slow, crashing laptop is usually two different problems wearing the same costume . Treat them as one and you will chase your tail. Separate them, and both become fixable. Everything below is free and copy-paste ready. It was tested on Ubuntu 24.04 LTS, and it applies to almost any older Linux machine. The honest disclaimer: Nobody can promise an old laptop will never lag. Software cannot add cores or memory that are not physically there. But you can absolutely stop the freezes and shutdowns completely and make everyday work feel smooth. That is the realistic, achievable goal. 0. Diagnose first, do not guess The biggest mistake is blindly applying "speed up Ubuntu" tweaks before knowing what is actually wrong. Spend five minutes measuring. Your lag has one of four common causes: heat, memory, disk, or a dying battery . Check temperature (the usual cause of random shutdowns): sudo apt install lm-sensors -y sudo sensors-detect --auto sensors Watch the Core temperatures while you work. If they spike past 90 to 100 °C right before a crash, you have a thermal problem, not a software one. Check memory (the usual cause of freezing): free -h sudo apt install htop -y htop In htop , watch the Mem and Swp bars during normal use. If memory pins near your limit and swap fills up, that thrashing is your freeze. Check disk space (a quiet killer): df -h / A root partition above 90% full makes Linux lag and turn unstable. Small SSDs fill up fast. Read the crash logs and battery health: # What went wrong during the previous (crashed) session journalctl -b -1 -p err --no-pa

2026-06-23 原文 →
AI 资讯

A Cron Job Took Our Server to Load 41 by Attacking Itself

A */1 rsync took our staging box to a load average of 41 one afternoon, and it took me longer than I want to admit to work out why. The sync normally finished in about twenty seconds. That day the backup target's NFS mount went sluggish, the sync started taking ninety seconds, and cron — which does not know or care whether the last run is still going — launched a fresh copy every single minute on top of it. Inside ten minutes there were a half-dozen rsyncs all reading the same tree off the same slow disk, each one making the disk slower, each new minute adding another. The box wasn't under attack. It was attacking itself, one polite copy at a time. The thing that stung was that nothing was broken — every individual rsync was correct, the disk eventually recovered on its own, and the only reason it became an outage is that cron has no concept of "the last one is still running." That's the trap with scheduled jobs: a command that's perfectly fine when you run it by hand can take down a server the first time it runs longer than its interval with nobody watching. The fix everyone reaches for first is the wrong one The instinct is a PID file: write $$ to /var/run/job.pid on start, check whether that file exists on the next run, bail if it does. It almost works. Then one run gets kill -9 'd, or the box reboots mid-job, and the PID file is left behind pointing at a process that died on Tuesday. Now every future run sees a "lock" owned by a PID that no longer exists, and the job never runs again — the opposite failure, just as silent. There's also a race between the check and the write, and the times you most need the lock to be clean are exactly the times cleanup didn't happen, because the process died before it could clean up. flock has none of that. The lock isn't a file you create and delete — it's a lock the kernel holds on an open file descriptor , and the kernel releases it automatically the instant that descriptor closes. The process exiting closes it. So does crash

2026-06-23 原文 →
AI 资讯

Meet mytuis: A Sleek Terminal Application Manager Built with Bash and Gum

Having spent over 25 years in software development and managing countless Linux environments, I've accumulated a vast collection of custom bash scripts, containers, and CLI tools. Remembering their exact paths and managing them efficiently directly from the terminal is a common challenge. To solve this, I built mytuis . mytuis is a small, attractive terminal UI for managing a personal catalogue of applications. It is built with gum and plain bash, with persistent storage in a human-readable YAML file. GITHUB REPO : https://github.com/horaciod/mytuis Why mytuis? I wanted a tool that didn't require heavy dependencies or a complex setup, but still looked great and provided a smooth user experience. Here is what mytuis brings to the terminal: CRUD operations: You can create, read, update, and delete application entries from a single menu. Quick launch: Pick an app from the filterable list and it is launched immediately. It replaces the manager process via exec, meaning no extra shell window is left behind. Smart path handling: It accepts absolute paths (like /usr/bin/firefox), relative paths (./scripts/myscript.sh), tilde paths (~/bin/foo), or plain command names looked up in your $PATH (firefox). Persistent metadata: Every entry stores its name, description, absolute path, creation date, and last-used date. Friendly TUI: You get clear menus, color-coded messages, and clean borders, all powered by gum. Under the Hood: Plain Text and Standard Utils Simplicity and standard compliance were key goals. mytuis requires bash ≥ 4 and standard Unix utilities like awk, sed, grep, date, and tput. Your catalogue is stored at ~/.mytuis.yaml. Because it is a standard YAML file, it can be inspected, edited, or backed up with any text editor. It is also completely safe to sync with a dotfiles repository or version-control. To ensure data integrity, all file operations are performed atomically by rewriting the YAML file from scratch on every change, so there is no risk of leaving the fi

2026-06-21 原文 →
AI 资讯

100 Days of DevOps, Day 1: Linux User Management and AWS Key Pairs

Doing the work and being able to explain the work are two different skills. I've had the first one for 8 years. I'm building the second one now. I'm a Cloud Platform Engineer. AWS, Kubernetes, Terraform, Linux. Regulated environments, healthcare, production systems. Real experience. Almost zero public documentation of it. That's the gap I'm closing, starting from Day 1. The platform is KodeKloud. Each session gives you tasks across multiple tools. I'm posting the Linux and AWS tasks here. Here's what I built and what actually matters about each one. Task 1 (Linux): Create a User with a Non-Interactive Shell The task was to create a system user that can own processes but cannot log in interactively. This is what you do for service accounts. bash ssh user@hostname sudo su - useradd username -s /sbin/nologin cat /etc/passwd | grep username The /sbin/nologin shell is the important part. The user exists in the system, can own files and run processes, but cannot open a shell session. You verify by checking /etc/passwd because the last field in each line is the assigned shell. I've been doing this in production environments for years. I still verify every time. Not because I'm unsure. Because in a regulated environment, you don't assume, you confirm. Task 2 (AWS): Create an EC2 Key Pair via CLI aws ec2 create-key-pair \ --key-name my-key-pair \ --key-type rsa \ --key-format pem \ --query "KeyMaterial" \ --output text > my-key-pair.pem aws ec2 describe-key-pairs --key-names my-key-pair The private key is returned exactly once at creation. AWS does not store it. If you lose it, you generate a new one and replace it everywhere it was used. I've seen this cause real problems in production environments where the key wasn't backed up properly. Always run chmod 400 my-key-pair.pem after saving it. SSH will refuse to use a key file with open permissions. It won't tell you that's the reason straight away. What Day 1 Taught Me That 8 Years Didn't Nothing here was technically new to

2026-06-21 原文 →
AI 资讯

Cử chỉ Trackpad trong Workflow Code: ROG Zephyrus G14 hay MSI Creator 16 AI?

Đối với một developer, trackpad không chỉ là thiết bị điều hướng mà còn là công cụ tối ưu hóa workflow. Khi làm việc với các IDE nặng như VS Code hay IntelliJ, khả năng phản hồi của trackpad quyết định tốc độ xử lý tác vụ. Trong bài so sánh giữa ROG Zephyrus G14 GA403 hay MSI Creator 16 AI? Đâu là lựa chọn cho sáng tạo chuyên nghiệp? , trải nghiệm trackpad là một điểm nhấn quan trọng. Trải nghiệm cử chỉ và độ chính xác trong lập trình Khi làm việc với code, các cử chỉ như chuyển đổi desktop ảo (Virtual Desktops) là cực kỳ quan trọng để tách biệt môi trường chạy Docker, trình duyệt và editor. Vuốt 3-4 ngón: Cả hai dòng máy đều hỗ trợ tốt, nhưng trên MSI Creator 16 với diện tích lớn hơn, việc nhận diện cử chỉ vuốt ngang giữa các workspace mượt mà hơn đáng kể. Độ chính xác chọn văn bản: Với một developer, việc bôi đen một đoạn code dài hoặc chọn chính xác một ký tự nhỏ là yếu tố sống còn. Trackpad trên G14 có độ nhạy cao nhờ kích thước gọn nhẹ, trong khi Creator 16 cho cảm giác vững chãi, ít bị trượt hơn khi thao tác nhanh. Độ trễ (Latency): Cả hai đều đạt chuẩn cao, tuy nhiên trên Windows, trải nghiệm đôi khi không mượt bằng macOS. Để khắc phục, việc sử dụng driver tùy chỉnh là cần thiết. So sánh hệ điều hành và mẹo cấu hình cho Developer Trải nghiệm trackpad thay đổi rõ rệt giữa Windows và Linux : Windows: Hỗ trợ tốt Precision Drivers. Bạn nên vào Settings > Bluetooth & devices > Touchpad để tinh chỉnh độ nhạy.\n- Linux: Nếu bạn dùng Ubuntu hay Fedora, hãy cài đặt libinput . Để tối ưu hóa cho workflow code, bạn có thể cấu hình file .wslconfig nếu chạy môi trường Windows Subsystem for Linux nhằm đảm bảo tài nguyên không bị nghẽn khi thao tác giao diện.\n Thông số kỹ thuật tóm tắt: ROG Zephyrus G14 GA403: Ryzen 9 8945HS, RTX 4070, 32GB LPDDR5X, OLED 14" 120Hz, nặng 1,5 kg. MSI Creator 16 AI Studio: Core Ultra 9 185H, RTX 4080/4090, lên đến 64GB DDR5, Mini LED 16" 120Hz, nặng 2,1-2,5 kg. Bài viết này là bản tóm tắt kỹ thuật. Xem chi tiết tại bài gốc.

2026-06-20 原文 →
开发者

Memory Profiling: Valgrind & Heaptrack trên WSL2 vs Native Linux

Là một developer thường xuyên đối mặt với các lỗi memory leak trong hệ thống C++/Rust, việc chọn môi trường profiling là yếu tố sống còn. Nếu bạn đang cân nhắc giữa việc chạy Valgrind hay Heaptrack trên WSL2 so với Native Linux (hoặc máy trạm có RAM SO-DIMM nâng cấp được), đây là những trải nghiệm thực tế từ quá trình debugging. Hiệu năng Valgrind và Heaptrack: Sự khác biệt rõ rệt Khi sử dụng valgrind --tool=memcheck , tốc độ thực thi thường giảm xuống còn 10-50 lần so với bình thường. Trên Native Linux , việc quản lý bộ nhớ diễn ra trực tiếp trên kernel, giúp các công cụ này hoạt động ổn định nhất. Ngược lại, trên WSL2 , do lớp ảo hóa và cơ chế quản lý memory của Microsoft, bạn sẽ thấy overhead đáng kể hơn. Đặc biệt là khi tạo Heaptrack flame graph , việc phân tích bộ nhớ lớn có thể khiến WSL2 bị giới hạn bởi file .wslconfig nếu không cấu hình đủ RAM.\n Lệnh thực thi nhanh: # Chạy Valgrind trên hệ thống của bạn valgrind --leak-check = full --show-leak-kinds = all ./your_app # Sử dụng Heaptrack để lấy flame graph chi tiết hơn heaptrack ./your_app WSL2 Overhead và bài toán phần cứng (Onboard vs SO-DIMM) Một vấn đề thực tế là khi profiling các ứng dụng nặng, bộ nhớ hệ thống bị chiếm dụng cực nhanh. Nếu bạn đang dùng laptop với RAM onboard 16GB , việc chạy đồng thời Docker + IDE + Valgrind trên WSL2 dễ dàng dẫn đến tình trạng swap liên tục do giới hạn cứng của phần cứng. Từ kinh nghiệm thực tế, nếu công việc yêu cầu profiling chuyên sâu thường xuyên, một chiếc máy có RAM SO-DIMM cho phép nâng cấp lên 32GB hoặc 64GB sẽ là cứu cánh tuyệt vời. Bạn có thể tham khảo thêm về sự khác biệt giữa ReviewLaptop để hiểu rõ tại sao việc chọn đúng loại RAM lại quan trọng cho workflow của một developer. Bảng so sánh nhanh: | Đặc điểm | Native Linux | WSL2 (Ubuntu) | --- | --- | --- | | Speed Overhead | Thấp hơn (Direct Kernel) | Memory Management | Trực tiếp, ổn định | Có lớp ảo hóa, dễ bị giới hạn bởi .wslconfig | | Flame Graph Rendering | Mượt mà | Đôi khi chậm do I/O file qua hệ th

2026-06-19 原文 →
AI 资讯

Most AI dev tools assume you have a repo. Ops engineers have a broken node and a 3am page.

Most AI coding tools assume you're sitting in front of a repo. There's a working directory, some source files, tests, maybe a CI pipeline. The AI reads your code, suggests changes, ru****ns tests. Great model — if you're a developer writing code on a Tuesday afternoon. Now picture the other scenario. It's 2am. PagerDuty fires. You SSH into a box you haven't touched in three months. Something is broken, you're not sure what, and the runbook was last updated by someone who left the company in 2022. You're not thinking about repos. You're thinking: what OS is this thing running? What just failed? Is it safe to restart that service or will I make it worse? These are two fundamentally different workflows. But almost every AI terminal tool I've seen is built for the first one. The 30 minutes nobody builds for There's a ton of tooling for the world before you log into the box: Prometheus, Grafana, PagerDuty, incident.io, runbooks, dashboards. All useful. No complaints. But there's this practical 30-minute window after you SSH in where you're basically doing archaeology with journalctl and grep. You check systemd. You look at disk. You read logs that were clearly written by someone who hated future-you. You copy-paste terminal output into Slack so your teammate can squint at it from a different timezone. This is where I think AI could actually help. Not by replacing Grafana. Not by building another dashboard. Just by being present in the shell while you're debugging. Please, for the love of uptime, don't replace my shell I've seen a few AI terminal projects that basically build an entire new terminal experience from scratch. New keybindings, new UI, new everything. Here's the thing: ops people have muscle memory. We have aliases we wrote in 2019 and forgot about. We have tmux configs we'd defend with our lives. We SSH through jump hosts with key forwarding chains that barely work but have worked for years so nobody touches them. If your AI tool requires me to abandon all of

2026-06-19 原文 →
AI 资讯

Linux 7.1, tRPC's Query Overhaul, and Biome 2.0 Beta: What Developers Need to Know

This week's tooling landscape is quieter on the AI-native side but dense with infrastructure moves that affect how AI-driven workloads actually run in production. Cloudflare's Workflows scaling overhaul is the clearest signal: agent-triggered execution is now an assumed pattern, not a novelty, and platforms are rearchitecting accordingly. The rest of the week rounds out with a kernel maintenance drop, a meaningful abstraction removal in tRPC, and a Biome beta that's finally making ESLint replacement feel plausible. Linux 7.1 Released with Driver and Networking Fixes 7.1 is a maintenance release. No architectural changes, no new subsystems—just patches you should care about if you're running affected hardware or kernel-adjacent tooling. The two fixes worth flagging are heap overflows in the USB serial io_ti driver ( get_manuf_info() and build_i2c_fw_hdr() ), plus memory leak corrections scattered across drivers and networking subsystems. Trace tooling also gets updates, which matters if you're doing kernel-level performance analysis on production systems. One operational note: Torvalds is traveling, so merge window latency may be irregular. If you're tracking pull request timelines for custom kernel builds, plan for slippage. Verdict: Ship — if you're on 7.0 and running USB serial hardware or affected networking paths, upgrade on your normal kernel cycle. No breaking changes, no new dependencies, nothing to validate beyond your existing regression suite. tRPC Drops Abstraction Layer for React Query This is the kind of change that looks small in a changelog and feels large in daily development. The new tRPC client exposes native TanStack Query interfaces— QueryOptions and MutationOptions —directly, rather than wrapping them in tRPC-specific hooks. The practical effect: if you're already using TanStack Query elsewhere in your app, you stop context-switching between two similar-but-different mental models. You call .queryOptions() and .mutationOptions() factories and pa

2026-06-19 原文 →
AI 资讯

Use the Telegram Bot API in OpenClaw via Cloudflare WARP (1.1.1.1)

You run a Telegram bot through OpenClaw on your own Linux server. One day it goes quiet. The bot can't send or receive. But the server itself is fine — SSH works, apt works, other sites load. The reason: your server can't reach api.telegram.org . Some networks block or throttle it, so every call times out while everything else is fine. The clean fix: route only OpenClaw's Telegram traffic through Cloudflare WARP (1.1.1.1) . Everything else on the box stays direct and fast — including your SSH login. Here is the full setup, step by step. First, confirm it's a Telegram-only problem curl --max-time 8 https://api.telegram.org/ # hangs / times out curl --max-time 8 https://www.google.com/ # works instantly If Telegram times out but other sites are quick, this guide is for you. How it works We chain three small tools: OpenClaw ──▶ iptables ──▶ redsocks ──▶ WARP (SOCKS5) ──▶ Cloudflare ──▶ api.telegram.org WARP gives us a local proxy that exits through Cloudflare's network (which can reach Telegram). redsocks turns normal connections into proxy connections (so the app needs no proxy support — OpenClaw has none). iptables picks only OpenClaw's Telegram traffic and sends it to redsocks. The trick is in that last step. We match by the app's user and Telegram's IP ranges, so nothing else is touched. Step 1: Install WARP in proxy mode # Add Cloudflare's package repo curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \ | gpg --yes --dearmor -o /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] \ https://pkg.cloudflareclient.com/ $( lsb_release -cs ) main" \ > /etc/apt/sources.list.d/cloudflare-client.list apt-get update && apt-get install -y cloudflare-warp # Sign up (free) and switch to proxy mode warp-cli --accept-tos registration new warp-cli --accept-tos mode proxy # opens a SOCKS5 proxy on 127.0.0.1:40000 warp-cli --accept-tos connect Now check that WARP can reach Telegram: curl --socks5-

2026-06-17 原文 →
AI 资讯

The Hidden Linux Routing Issue That Broke My Deployment

The deployment should have taken a few minutes. The application was running, DNS was configured correctly, and the domain was already pointing to the server's public IP. Caddy was configured as a reverse proxy and was listening on ports 80 and 443. Every item on my deployment checklist appeared healthy. Yet every Let's Encrypt validation attempt kept failing. The error looked simple enough: authorization failed timeout during connect likely firewall problem At first, I believed it. I checked DNS resolution, verified firewall rules, confirmed that Caddy was listening on the expected ports, and made sure the application itself was reachable. Every check came back clean. That was the first clue that the problem might not be where the logs were pointing. The Obvious Things The first assumption was DNS. I verified that the domain resolved to the correct public IP. dig +short my-domain.com Everything looked correct. Next came the firewall. sudo ufw status Ports 80 and 443 were open. There were no unexpected deny rules, and nothing suggested inbound traffic was being blocked. Then I checked whether Caddy was actually listening. sudo ss -tulpn | grep -E ':80|:443' Again, everything looked normal. The application itself was healthy too. curl http://localhost:3001 returned a valid response. At this point I had checked most of the things engineers typically check when certificate validation fails. DNS looked good, the firewall looked good, the reverse proxy was healthy, and the application was running. Yet the validation errors continued. The Part That Sent Me In The Wrong Direction The error messages kept mentioning connectivity problems and possible firewall issues. That wording influenced my thinking more than it should have. I spent time investigating firewall rules, reverse proxy configuration, TLS settings, and domain configuration. Every new hypothesis felt reasonable, but none of them explained why local tests consistently succeeded while external validation continued

2026-06-17 原文 →
AI 资讯

Designing Agent Email Addresses That Humans Trust

You've built the agent, the reply loop works, the demo lands — and then someone asks the question you didn't budget time for: "so what address does it send from?" Suddenly you're staring at noreply-svc-prod2@yourcompany.com realizing that the first thing every recipient sees isn't your prompt engineering. It's the From line. An agent's email address is an interface. Humans parse it before the subject, mail servers judge it before the body, and spam filters score it before any human sees it at all. Once your agent has a real mailbox — which is what Nylas Agent Accounts (currently in beta) provide — address design becomes a product decision with three layers: the local part, the domain, and the disclosure question. The local part: role beats persona beats hash Take three candidate addresses for the same scheduling agent: scheduling@ — a role. Tells recipients what the mailbox does and implies that emailing it is how you use the service. jane.ai@ — a persona. Friendlier in a sidebar avatar, but it invites recipients to treat the sender as a colleague, with all the expectations that carries. bot-7f3a@ — an artifact. Screams "auto-generated," gets mentally filed next to spam, and gives a human nothing to anchor on. The docs consistently model the first pattern — sales-agent@ , support@ , scheduling@ appear throughout the Agent Accounts overview — and I think that's right for a reason deeper than convention. A role address makes an honest promise about capability: scheduling@ claims it can schedule, nothing more. A persona address makes an implicit promise of general competence that current agents can't keep. When jane.ai@ fails to understand a simple request, it reads as a person being obtuse; when scheduling@ fails, it reads as a tool hitting its limits. Same failure, different trust damage. The overview's framing is worth internalizing: an agent identity should be like any other user in your organization — reachable, persistent, accountable. Address design is how that

2026-06-17 原文 →