OpenResty

Recently I tried using Claude Cowork to organize complex tax materials, and it felt quite convenient, but there were a few problems: 1. Opus 4.6 easily exhausts the entire Plan's token quota at once. 2. Even Opus 4.6 is prone to making basic mistakes, for example, it wrote my company's tax ID incorrectly, and the company's establishment date incorrectly, easily hallucinating and disregarding the information from the materials I provided... 3. Automatic filling in complex PDFs is also prone to misalignment. I can only hope it gets more accurate in the future. But manual review is absolutely necessary. AI review is not that reliable either, failing to identify many problems. #Cladue #Antrophic #Opus #LLMs

Before AI conquers major diseases and aging, we still need to exercise well... we must not perish before the breakthrough arrives...

Today I swam one more set than usual. Usually, I only swim a little over 4 sets. Each set is 5 laps of a standard swimming lane. Bouldering indeed makes muscles stronger and more enduring, but my arms still have a dull ache often.

These past two days Apple released new products. I bought a 14-inch top-configuration M5 Pro MacBook Pro to replace my aging late-2015 15-inch MBP, to make it easier to work outside. More computing power, better screen, lighter weight, longer battery life. ​​​​Can't wait for an OLED screen. #macbook #apple

Currently, white-collar jobs are bearing the brunt of AI's impact, but with the rapid advancement of humanoid robots, blue-collar workers will undoubtedly be the next group to be replaced by AI... In the future, we can expect humanoid robots to operate and maintain specialized industrial robots. And what about humanoid robots driving autonomous vehicles for food delivery? This year's Spring Festival Gala's performing robots were indeed chilling to watch, a significant leap forward compared to the previous year's, which merely spun red cloth. How will the employment challenges for ordinary people be addressed in the future? Will the dehumanizing aspect observed in the Spring Festival Gala performances also extend to industrial production and even society as a whole? #AI #LLM #Antrophic #claude #OpenAI

I just saw that Anthropic is offering perks to open-source project maintainers! If a repository has over 5,000 stars, they're eligible for a free 6-month subscription to Claude Code Max 20x. That's awesome! I just checked the lua-nginx-module repository for my OpenResty open-source project, and it already has nearly 12,000 stars, more than enough! claude.com/contact-sales/…

The perceived suitability of large language models for various role-playing scenarios might just be an illusion. A recent study revealed that large language models from different providers can, through role-playing or extended discussions on unusual topics, unleash their internal dark personas, significantly deviating from their intended aligned, friendly assistant roles. The AI, through its role-playing, effectively becomes what it simulates. Perhaps AI inherently possesses a multifaceted nature, having, after all, absorbed the full spectrum of human history's darker aspects. #LLMSecurity #OpenAI #Claude

@mrtsoft We'll set up a new debian repository in the next few weeks

@OpenResty when is the debian sha1 key problem solved?

After months of dedicated work by the team, we are thrilled to announce the major release of the new open-source version, OpenResty 1.29.2.1! Key highlights include: • Core upgraded to Nginx 1.29.2 • Upgraded to OpenSSL 3.5.5 • Upgraded to PCRE 10.47 • New `proxy_ssl_verify_by_lua` directive for enhanced SSL proxy verification • New `lua_ssl_key_log` directive for Wireshark-compatible SSL key logging • Added support for TCP/UDP binding and socket file descriptor retrieval Thank you for your continued support and interest in OpenResty! Full Announcement: openresty.org/en/ann-1029002… Downloads: openresty.org/en/download.ht… Binary Packages: openresty.org/en/linux-packa… #OpenResty #WebServer #Nginx #LuaJIT

A while ago, RAM prices skyrocketed, making entire workstations prohibitively expensive. After negotiating with the HP salesperson for a long time, I finally secured nearly 50% off. What a great deal! #HP #RAM

The evaluation test set recently developed by Yao Shunyu from Tencent, which assesses large models' in-context learning capabilities, is quite intriguing. In their tests, GPT-5.1 secured the first position, followed by Claude Opus 4.5 in second place. This test specifically challenges large models' ability to learn and apply knowledge within a given context, ensuring the content has not been encountered during the pre-training phase, thus making it very difficult to game the system. However, even the top performer, GPT-5.1, only achieved a success rate of just over 23%. In contrast, GPT-5.2 showed a noticeable decline in performance. #LLMs #Claude #OpenAI

After deploying a CDN or Layer 4 load balancer, many teams encounter a common problem: the client IP address received by the gateway is actually the address of the proxy server. At this layer, source IP-based rate limiting rules, access control policies, and audit logs all become ineffective because the original client IP is not properly propagated through the network path. There are several common solutions: Proxy Protocol, X-Forwarded-For, X-Real-IP, and custom headers. Each approach is suitable for different proxy topologies and has distinct security implications. Choosing the wrong solution or having a lax trust chain configuration can lead to either information loss or IP spoofing vulnerabilities. For a truly complete solution, it's also crucial to consider the upstream direction: Is the real client IP also consistently passed to the backend origin server? The problem is only genuinely resolved when both inbound and outbound directions are correctly configured. We have compiled these configuration principles into a comprehensive guide on OpenResty Edge, covering solution selection, configuration steps, and security considerations: blog.openresty.com/en/edge-proxy-… #OpenRestyEdge #OpenResty #proxyprotocol

What if, in the future, the amount of manually written code diminishes? Would the source code corpus available for training new AI models also decrease, potentially causing AI's programming capabilities to stagnate? Similarly, if human-written articles become scarce, would AI's writing proficiency also cease to advance? #Claude #OpenAI #LLMs

Anthropic, the company behind the Claude large language model, recently published an AI user report that is quite interesting. One major finding was that AI adapts itself to the user's level of expertise. For instance, when experts interact with AI, the AI responds very professionally. Conversely, when beginners converse with it, it automatically simplifies its responses. This certainly offers great benefits for beginners using AI to learn new fields. However, it also implies that if beginners do not actively strive for progress, the value they derive from AI will be significantly diminished. As the saying goes, "it rises to the occasion for experts and dumbs down for novices." When encountering someone less knowledgeable, one might even resort to "baby talk." So, in the AI era, do humans really no longer need to seriously learn various subjects? Quite the opposite. They need to exert even more effort to learn and improve, striving to become experts in their respective fields. Only by knowing how to ask the right questions can the profound knowledge and capabilities hidden within LLMs be unlocked. #Anthropic #OpenAI #LLM

Anthropic's latest Claude Opus/Sonnet 4.5/4.6 models finally support a 1M token context window, bringing them on par with Google's Gemini models. However, these Claude models still default to a 200K token context window. However, OpenAI's latest GPT-5.2 models are still limited to a 400K token context window, which is clearly outdated. #Claude #OpenAI #GPT

Multi-cloud and microservices didn't eliminate complexity. They moved it — from the application layer to the traffic management layer. Teams now wrestle with provisioning SSL certificates across thousands of domains, waiting through slow CDN cache purges, absorbing WAF performance penalties, and wiring up routing logic across container clusters by hand. OpenResty Edge was built to solve this directly: one control plane for ingress, routing, security, caching, and observability. - Deep integration with ACME services: like Let's Encrypt and ZeroSSL automates the provisioning and renewal of certificates at scale, letting your machines handle tedious configuration maintenance. - Native integration with Kubernetes: automatically discovers service changes, eliminating the need for manual configuration synchronization. - Native support for complex container clusters: allows for sophisticated traffic management and intelligent routing. Cross-cluster load balancing, canary releases, and more can be configured effortlessly within the control plane. - Build your own private CDN, deeply integrating compute and cache. This enables "edge computing" by executing business logic for millisecond response times closest to your users. Purge your entire network cache in seconds and manage edge nodes like microservices, all while balancing security, compliance, and cost. - A built-in, high-performance WAF engine: reduces performance overhead by an order of magnitude, proving that robust security protection doesn't have to come at the expense of application latency. - Support for request-level hot updates: for both rule adjustments and logic changes ensures zero-downtime deployments and no service interruptions. OpenResty Edge is more than just a universal gateway; it represents a modern architectural approach to traffic management. It integrates the core capabilities of the traffic ingress into a unified platform to address the complexities of distributed applications and containerized deployments, ultimately delivering a holistic optimization of performance, security, cost, and efficiency. Link: blog.openresty.com/en/what-is-ope… #OpenRestyEdge #UniversalGateway #OpenResty #Kubernetes

APM budgets grow. MTTR doesn't. The problem isn't spending, it's strategy. Cloud-native systems fail across distributed processes in seconds. Traditional tools respond with agent sprawl and blanket data collection. This mismatch, static tools chasing dynamic failures, creates data floods that bury the critical context you need. OpenResty XRay flips the model: dynamic post-mortem analysis. Instead of collecting everything, we capture high-fidelity snapshots automatically when failures occur: 1. Fully Dynamic Post-Mortem Analysis: Abandon the resource consumption of 24/7 full data collection. Only when abnormal fluctuations occur in CPU, memory, or I/O, the system will automatically trigger analysis, precisely recording the stack and context when the failure occurred. This allows developers to conduct reviews based on real "black box" data, rather than relying on guesswork to reconstruct the scene. 2. Thorough Zero-Intrusion: Utilizing dynamic tracing technology, no need to modify a single line of code, no need for restarts, and not even needing Debug Symbols, directly see through the operational details of the production environment. 3. De-Sidecar-ization: In a K8s environment, directly cut in from the host machine side, avoiding complex Sidecar maintenance costs and intrusion into container images. 4. Binary-Level Security Compliance: Vulnerability scanning driven by binary evidence, directly seeing through running processes, completely getting rid of the false positive traps of version number matching. Whether it's LTS Backport patches or compiler optimization trimming, it can be accurately identified, allowing security teams to say goodbye to "interpretive compliance" and return to high-value work. The future of observability should not be more expensive storage bills, but deeper, lower-level system insight. Regarding how OpenResty XRay achieves fully dynamic post-mortem diagnosis, you can check out this in-depth analysis: blog.openresty.com/en/what-is-ope… #OpenResty #Observability #DynamicTracing

Granting large language models excessive permissions is still far too dangerous. I remember two years ago, my own agent managed to autonomously create tools to bypass the network isolation I had pre-configured. It then proceeded to gain root access to my machine, modified the system configuration, and initiated a reboot all on its own. When I saw the machine reboot by itself, I initially thought it had crashed. What's next, stealing my credit card information to go on an online shopping spree? Ultimately, these kinds of autonomous agents pose a massive security vulnerability. #openclaw

In many enterprises' high-concurrency gateway scenarios, whether based on OpenResty or directly built on the Nginx ecosystem, we consistently encounter a common challenge: business events need to enter the message system as early as possible, yet the request ingress path has extremely low tolerance for latency jitter and stability issues. Many teams aim to complete high-frequency data collection or real-time decision event reporting right at the request entry point. However, on this critical path, if Kafka writes lack clear timing constraints, their overhead can often escalate under high concurrency, becoming a significant instability factor for the entire processing chain. In practice, while some general open-source implementations perform well under normal load or in background processing scenarios, when deployed at the gateway ingress, continuously handling high concurrency or sudden traffic, they are prone to problems such as magnified latency fluctuations and unpredictable behavior, thereby limiting their applicability. Against this backdrop, our team developed a proprietary library, `lua-resty-kafka-fast`. Its primary goal is not to achieve peak single-node performance, but rather to provide stable and predictable Kafka writing capabilities at the OpenResty / Nginx-based gateway ingress. By decoupling the write operation from the critical request processing path, it maintains clear time boundaries even in high-pressure situations, preventing adverse amplification effects on the main processing flow. In our tests and actual usage, the additional overhead introduced by Kafka writes has consistently remained within a controllable and predictable range. This enables the gateway to capture event data earlier, without disrupting its original processing cadence, for real-time decision-making, behavior analysis, and comprehensive observability. For developers, it still presents a clear, straightforward Lua API, while offering more explicit system-level stability guarantees. If you are also grappling with the trade-offs between stability and controllability at the ingress layer, we hope this article offers valuable engineering insights: blog.openresty.com/en/lua-resty-k… #Kafka #APIGateway #OpenResty #Nginx