Cloudflare宣布赞助两个开源项目:Ladybird 和 Omarchy。 Ladybird 是一个从头开始构建的独立浏览器项目,旨在打破目前浏览器市场由少数几个 Chromium 内核浏览器主导的局面,它包含 LibWeb 渲染引擎和 LibJS JavaScript 引擎,目标是提供隐私、安全和性能方面的新选择。Omarchy 是一个 opinionated Arch Linux 发行版,旨在为开发者提供一个开箱即用的现代开发环境,降低 Linux 的使用门槛,并提供 Neovim, Docker, Git 等常用工具。Cloudflare 表示,赞助这两个项目是为了支持一个更加开放和自由的互联网,没有任何附加条件。
"}},{"node":{"frontmatter":{"title":"Cloudflare 宣布推出 Email Service 的私有 Beta 版本","publish":true,"cover":"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1ekIsDppJhAU4ktpHPSC2v/9c94c6383d3e759cc9c0eb588191c39a/unnamed__31_.png","showCover":null,"date":"2025-10-04","category":"devops","url":"https://blog.cloudflare.com/email-service/","author":"Thomas Gauvin, Celso Martinho","translator":"","tags":["other"],"priority":1},"html":""}},{"node":{"frontmatter":{"title":"AWS S3 如何在慢速 HDD 的基础上提供每秒 1 PB 的服务","publish":true,"cover":"https://substackcdn.com/image/fetch/$s_!_3mc!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbc4c1972-7acd-447e-af5b-582ac99172f4_1600x1100.png","showCover":null,"date":"2025-10-04","category":"devops","url":"https://bigdata.2minutestreaming.com/p/how-aws-s3-scales-with-tens-of-millions-of-hard-drives","author":"Stanislav Kozlovski","translator":"","tags":["aws"],"priority":1},"html":"核心是靠 “擦除编码” 将文件拆成 9 份(5 份原始 + 4 份备份)分散存到不同硬盘,实现多硬盘并行读写以突破单硬盘速度瓶颈,同时从用户上传下载(分块并行)、前端服务器(分散请求)到硬盘层面(多盘协同)全链路优化并行效率,还通过 “随机放置数据 + 定期再平衡负载” 避免硬盘过热,再加上规模扩大后用户请求 “错峰” 带来的负载平稳性,最终用普通硬件达成了 “存得多、成本低、读得快、高稳定” 的效果,成为支撑现代互联网的核心存储服务。
"}},{"node":{"frontmatter":{"title":"Deno如何解决 npm 生态里的安全问题","publish":true,"cover":"https://deno.com/blog/deno-protects-npm-exploits/jsr_provenance.webp","showCover":null,"date":"2025-10-04","category":"javascript","url":"https://deno.com/blog/deno-protects-npm-exploits","author":"Andy Jiang","translator":"","tags":["other"],"priority":1},"html":"Deno 以安全为核心设计,默认将代码置于无权限 “沙盒” 中,需手动通过权限命令 / 配置赋予细分权限(如指定可读文件、可连网络),且默认不执行安装脚本(需指定才允许),还能记录权限使用便于审计,同时自带标准库减少依赖风险、推出更安全的 JSR 包仓库(含账号验证、溯源记录),目前已在 AI 生成代码运行等场景应用,虽无法完全消除风险,但大幅提升了 JavaScript/TypeScript 代码运行的安全性。
"}},{"node":{"frontmatter":{"title":"Obsidian 如何通过 “少用外部依赖” 的核心思路,降低被 “供应链攻击” 的风险","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"nodejs","url":"https://www.robinlinacre.com/fault_tolerant_trie/","author":"Licat","translator":"","tags":["npm"],"priority":1},"html":"核心思路是 “少用外部依赖”,具体通过 5 个办法实现:一是尽量自己开发功能(如 Canvas、基础模块),小工具也优先重写而非用第三方代码,完全控制软件内容;二是仅让核心必要代码(如 Electron 框架)随软件发给用户,开发用的工具不打包进去;三是锁定第三方代码版本,用 “锁定文件” 确保每次用相同代码,且禁止安装后自动执行脚本;四是升级依赖时逐行查日志、验新依赖、做多轮测试,确认无误才更新;五是升级后故意延迟发布,等社区排查出可能的恶意版本,最终通过这套组合拳大幅降低安全风险,保障用户数据安全。
"}},{"node":{"frontmatter":{"title":"如何给Nx 单仓项目安全删掉了 120 个没用的依赖包","publish":true,"cover":"https://johnjames.blog/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fgq0n5o36%2Fproduction%2Fabca4bab2dd8d23b288ec84916c6b1cff1f4251f-1536x1024.png%3Frect%3D0%2C224%2C1536%2C576%26w%3D800%26h%3D300%26q%3D80%26auto%3Dformat&w=1920&q=75","showCover":null,"date":"2025-10-04","category":"nodejs","url":"https://johnjames.blog/posts/cleaning-house-in-nx-monorepo-how-i-removed-120-unused-deps-safely","author":"John James","translator":"","tags":["nx"],"priority":1},"html":"放弃适配性差的旧工具 depcheck,改用能识别单仓库结构、通过分析导入与配置找无用依赖的 Knip,先以yarn dlx knip扫描出 “无用依赖”,再通过构建、e2e测试、启动项目验证,将约 40% 的误判依赖(如配置中字符串引用、脚本 / CI 用的工具)加回并记录到 Knip 忽略列表,还针对性配置 Knip 适配仓库;最终成功删除 120 个无用依赖(依赖数降至 390 个),使yarn install提速约 1 分钟、安全提醒减少,清理后通过预览部署和空闲时段合并 PR 确保安全,后续计划将 Knip 接入 CI 防依赖臃肿反弹,同时提及 Knip 还可清理无用文件与类型。
"}},{"node":{"frontmatter":{"title":"libghostty - 旨在让任何应用程序都能嵌入功能齐全、现代且快速的终端模拟器的库","publish":true,"cover":"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6pKzeb9V8OT2HhuCjI982B/cce0fa1a0926d95c4d123f3bfa8c550d/BLOG-2998_1.png","showCover":null,"date":"2025-10-04","category":"other","url":"https://mitchellh.com/writing/libghostty-is-coming","author":"Mitchell Hashimoto","translator":"","tags":["other"],"priority":1},"html":""}},{"node":{"frontmatter":{"title":"QJS 专为 Go设计基于 QuickJS 和 Wazero WebAssembly 的 JavaScript 运行时","publish":true,"cover":"https://deno.com/blog/deno-protects-npm-exploits/jsr_provenance.webp","showCover":null,"date":"2025-10-04","category":"golang","url":"https://github.com/fastschema/qjs","author":"fastschema","translator":"","tags":["runtime"],"priority":1},"html":""}},{"node":{"frontmatter":{"title":"YouTube下载即将要求安装deno","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"javascript","url":"https://github.com/yt-dlp/yt-dlp/issues/14404","author":"yt-dlp","translator":"","tags":["other"],"priority":1},"html":"yt-dlp 即将迎来一项新的要求,为了保证 YouTube 下载功能正常工作,用户需要安装 Deno 或其他支持的 JavaScript 运行时环境。
\n原因:
\nYouTube 近期更改导致 yt-dlp 内置的 JavaScript \"解释器\" 不足以解决 JavaScript 挑战。
\n用户需要做什么:
\npip install -U "yt-dlp[default]"。最终确认是 Electron 框架的兼容性问题 ——Electron 在 macOS 26 上 “错误覆盖了私有 API cornerMask”,导致 WindowServer 进程的 GPU 负载异常升高,进而引发全系统卡顿。
\nissue 已从 “待复现(blocked/need-repro)” 转为 “开发中(Development)”。
"}},{"node":{"frontmatter":{"title":"modern-tar - 无依赖tar格式解析生成.md","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"nodejs","url":"https://github.com/ayuhito/modern-tar","author":"Ayu","translator":"","tags":["tar"],"priority":1},"html":""}},{"node":{"frontmatter":{"title":"谷歌搜索结果的排名不仅取决于产品的质量,还需要付费","publish":true,"cover":"https://substackcdn.com/image/fetch/$s_!nDXu!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fda55367e-de31-4413-9924-755a634e62de_2268x2164.png","showCover":null,"date":"2025-10-04","category":"other","url":"https://bitbytebit.substack.com/p/everything-thats-wrong-with-google","author":"Zarar Siddiqi","translator":"","tags":["other"],"priority":1},"html":"Zarar Siddiqi发表了一篇文章,标题为《一张图说明了谷歌搜索的问题所在》。文章作者想通过谷歌搜索“Midjourney”,但结果列表中,Midjourney的官网排在第五位。作者认为,这表明谷歌搜索结果的排名不仅取决于产品的质量(以获得足够多的反向链接),还需要付费才能让质量较差的产品排在前面,并表达了对此的不满。作者用“SAD!”来表达他的失望。
"}},{"node":{"frontmatter":{"title":"亨廷顿舞蹈症首次得到治疗","publish":true,"cover":"https://ichef.bbci.co.uk/news/1536/cpsprodpb/f556/live/0ca1b1e0-98a3-11f0-928c-71dbb8619e94.png.webp","showCover":null,"date":"2025-10-04","category":"medicine","url":"https://www.bbc.com/news/articles/cevz13xkxpro","author":"James Gallagher","translator":"","tags":["other"],"priority":2},"html":"科学家们首次成功治疗了亨廷顿舞蹈症。这种疾病是一种遗传性疾病,会导致脑细胞死亡,类似于痴呆症、帕金森症和运动神经元疾病的结合。研究数据显示,新的基因疗法治疗可以减缓疾病进展 75%。这种疗法通过脑部手术进行,旨在降低患者大脑中突变亨廷顿蛋白的水平。临床试验结果显示,治疗不仅减缓了疾病的进展,还保护了脑细胞。虽然治疗费用可能很高,但对于这种严重影响患者及其家庭的疾病来说,这是一个充满希望的时刻。目前uniQure公司计划在美国申请该药物的许可,并计划于当年晚些时候上市。
"}},{"node":{"frontmatter":{"title":"npx使用指南","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"nodejs","url":"https://github.com/ayuhito/modern-tar","author":"Liran Tal","translator":"","tags":["npx"],"priority":1},"html":"如果用了 nvm、fnm 这类管理多个 Node.js 版本的工具,想知道 npx 是从哪跑某个包的,就用 “npx -p 包名 which 可执行文件名”,比如查 shellcheck 在哪,就输 “npx -p shellcheck which shellcheck”;
\n测试不同 Node 版本兼容性时能用,比如 “npx -p node@14 要跑的命令”,就能用 Node 14 版本来运行;
"}},{"node":{"frontmatter":{"title":"一款在微型星球上投递消息的WebGL游戏","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"javascript","url":"https://messenger.abeto.co/","author":"abeto.co","translator":"","tags":["game"],"priority":1},"html":""}},{"node":{"frontmatter":{"title":"容错前缀树(fault tolerant trie)解决 “地址匹配” 的问题 ","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"python","url":"https://www.robinlinacre.com/fault_tolerant_trie/","author":"Robin","translator":"","tags":["address"],"priority":1},"html":"前缀树适合存地址的原因 —— 能按地址 “从笼统到具体” 的层级结构存储,且节点会记录是否为完整地址结尾、可匹配地址数量等信息;接着指出普通前缀树无法应对 “多字、少字、错字” 的混乱地址,因此加入容错规则(如忽略地址末尾 / 开头多余字符、跳过中间不匹配字符),让混乱地址能匹配到标准地址;最后提到作者已将该结构做成 DuckDB 的 splinkudfs 扩展插件,给出了具体代码示例(按邮编分组建前缀树、用混乱地址查询标准地址编号),还计划整合进 [ukaddressmatcher](https://github.com/moj-analytical-services/ukaddress_matcher) 工具以优化英国地址匹配。
"}},{"node":{"frontmatter":{"title":"压缩算法 -(如 GZIP、Snappy、LZ4、ZSTD)的工作原理","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"math","url":"https://cefboud.com/posts/compression/","author":"Moncef Abboud","translator":"","tags":["compression"],"priority":1},"html":"GZIP 依托 DEFLATE 算法结合 LZ77 与霍夫曼编码,支持不同压缩块类型,可通过调整级别平衡效果与速度;Snappy 属 LZ 家族,主打高速(压缩 250MB+/ 秒、解压 500MB+/ 秒),但压缩效果稍弱,仅记录最近重复位置;LZ4 比 Snappy 更快(压缩 780MB+/ 秒、解压近 5GB / 秒),压缩效果相近,还支持跨块引用,其 HC 版本可调级别提升效果;ZSTD 作为 LZ4 进阶版,兼顾高压缩比(接近 GZIP)与高速(压缩 510MB+/ 秒、解压 1.5GB+/ 秒),融入 FSE 编码并支持训练字典优化小文件压缩,最后还简要提及算术编码(省位但复杂)与 FSE(高效平衡省位与速度)
"}},{"node":{"frontmatter":{"title":"您现在可以用 JavaScript 制作 PS2 游戏","publish":true,"cover":"https://substackcdn.com/image/fetch/$s_!6ls2!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6b6320-8b56-4c1b-a34d-66c900dd9c2f_1912x976.png","showCover":null,"date":"2025-10-04","category":"javascript","url":"https://jslegenddev.substack.com/p/you-can-now-make-ps2-games-in-javascript","author":"JSLegendDev","translator":"","tags":["game"],"priority":2},"html":""}},{"node":{"frontmatter":{"title":"幽默:一个初级开发者如何阅读一个开发者写的教程","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"database","url":"https://anniemueller.com/posts/how-i-a-non-developer-read-the-tutorial-you-a-developer-wrote-for-me-a-beginner","author":"PIKA","translator":"","tags":["other"],"priority":1},"html":"这篇文章以一个初学者的视角,幽默地吐槽了开发者写的教程通常难以理解。
\n文章主要讲述了开发者写了一个关于Snarfus的教程,目的是教读者如何用它来做一件“非常简单的事情”。但开发者在介绍背景时使用了大量专业术语和缩写,比如Hoobijag, jabbernocks, ABCDE++++, Shoobababoo, kleptomitrons, Snarfus, chromus, pintafore, quagmire, hoobastank, fisterfunk, shamrock portal, gramelions, Klingon troglodyte emulater, GewGawGamma, ometer2.7等,对初学者来说非常晦涩难懂。
\n教程的具体步骤也充满了技术细节和指令,例如各种命令行操作、文件路径以及神秘的代码片段,初学者根本无法理解其含义和目的。
"}},{"node":{"frontmatter":{"title":"现在是不是该放弃 Sass,回归原生 CSS 了.md","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"frontend","url":"https://css-tricks.com/is-it-time-to-un-sass/","author":"Jeff Bridgforth","translator":"","tags":["css"],"priority":1},"html":"如今原生 CSS 已具备 Sass 的多项核心功能:一是有类似 Sass 变量的 “自定义属性”,且更灵活,能在网页运行时动态改值(如切换明暗主题),而 Sass 变量编译后固定;二是支持与 Sass 写法几乎一致的 “嵌套”,可将子元素样式写在父元素内,减少重复代码;三是有color-mix()函数,能像 Sass 的颜色调整功能一样,轻松实现颜色明暗变化(如按钮 hover 时变暗);四是可通过calc()函数完成 Sass 中需专门函数才能实现的单位计算(如像素转 em)。同时作者也提及原生 CSS 暂缺 Sass 的混合器功能(但正推进),且无法像 Sass 那样拼合选择器,还提到因 Sass 需额外工具处理、易遇版本兼容问题,自己对其工具感到厌烦,最终认为是否弃用 Sass 需看项目情况,小项目可弃用享原生 CSS 便捷,大项目若已大量用 Sass 则无需折腾。
"}},{"node":{"frontmatter":{"title":"欧盟希望扫描包含加密应用中所有私人消息","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"mobile","url":"https://metalhearf.fr/posts/chatcontrol-wants-your-private-messages/","author":"Metalhearf","translator":"","tags":["other"],"priority":1},"html":"这篇文章主要讲述了欧盟提出的“ChatControl”提案,该提案旨在强制科技公司扫描用户的私人信息和图片,包括加密应用如Signal、WhatsApp和Telegram上的信息。
"}},{"node":{"frontmatter":{"title":"超声波厨师刀","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"other","url":"https://seattleultrasonics.com/","author":"Seattle Ultrasonics","translator":"","tags":["other"],"priority":1},"html":"这篇文章介绍了一款名为C-200的超声波厨师刀,由Seattle Ultrasonics公司生产,号称是“世界第一把超声波厨师刀”。该刀的特点是:使用超声波技术,能减少高达50%的切割力度,具有更好的食物分离性和清洁性,并且刀刃比实际更锋利。刀的长度为200mm,钢材为日本三枚钢AUS-10,支持USB-C和无线充电。目前该刀正在预售,预计2026年1月发货(第一批)。单刀售价399美元,刀和充电器的套装售价499美元。文章还提供了包括额外电池、刀鞘等其他产品,以及关于预售、公司信息、退款政策等信息。
"}},{"node":{"frontmatter":{"title":"节日快乐","publish":true,"cover":"/imgs/happyholiday.png","showCover":true,"date":"2025-10-04","category":"topic","url":"","author":"周e信","translator":"","tags":["holiday"],"priority":1},"html":""}},{"node":{"frontmatter":{"title":"一直邀请安娜","publish":true,"cover":"","showCover":null,"date":"2025-10-04","category":"other","url":"https://sharif.io/anna-alexei","author":"Sharif Shameem","translator":"","tags":["other"],"priority":1},"html":"文章讲述了作者大学第一学期与朋友们的故事。朋友们周末经常一起出去聚会,但性格内向、害羞且用功的Anna总是拒绝。最终,大家都不再邀请Anna,只有Alexei坚持每次都邀请她。作者问Alexei为什么明知Anna会拒绝还要邀请她,Alexei回答说,他是为了让Anna感受到自己被集体接纳。多年后,作者与Anna重逢,Anna表示她很感激那个短暂的朋友圈,因为她感觉自己有了远离家乡的家人,即使她从未和大家一起聚会,但她总是感到被接纳,因为大家会来她的房间邀请她。文章强调了邀请的重要性,即使对方总是拒绝,也要坚持邀请,因为这能让对方感受到被包容和接纳。
"}}]}}