Replace Xray + Proxifier + wireguard-tools on macOS with sing-box TUN mode: one config for global proxy, multi-WireGuard VPN traffic splitting, split DNS, and auto-start via brew services.

A guide to integrating Claude Code into GitLab CI on self-hosted GitLab CE for automated AI code review, covering Docker image building, OAuth Token management, and pipeline configuration.

Guide to configuring LACP link aggregation, VLAN isolation, and bridge networking on bare metal servers with systemd-networkd, solving NFS bandwidth bottlenecks and enabling virtualization.

A deep dive into wireguard-go: Noise Protocol handshake, ChaCha20-Poly1305 encryption pipeline, RFC 6479 anti-replay, cookie-based DoS protection, and keypair rotation for forward secrecy.

Use WireGuard with a public relay server to let remote developers access office LAN services (GitLab, CI, K8s), covering NAT traversal, IP forwarding, MASQUERADE, and firewall hardening.

Explains how to use WireGuard and Linux IP forwarding to replace physical leased lines, relaying through a public server to interconnect cross-city LANs behind NAT without public IPs.

Build a debug-symbol-enabled Linux kernel, set up a QEMU VM as the debugging environment, and use GDB with VSCode for remote breakpoint debugging of the WireGuard kernel module.

WireGuard’s forward secrecy (key rotation every 120s) makes decryption hard. Learn to recompile the kernel, extract ephemeral keys via Kprobe, and use Wireshark for real-time decryption.

Synchronize the clipboard between Windows 11 and a remote Linux server using WSL with SSH X11 Forwarding, enabling cross-platform copy-paste in Vim, Tmux, VSCode, and Emacs.

Notes from reading the Miniflux open-source RSS reader, covering how to build a SaaS app with Go and Vanilla JS, including database abstraction, CSRF, OIDC, WebAuthn, and session management.