WebCraft

Welcome to WebCraft

Crafting the Future of
Web Development

Discover what's possible on the web.
Technical deep dives, industry updates, and lessons from the field.

Articles

Long-form writing

Cover image for How AI Works: Guide It, Don't Pray to It

How AI Works: Guide It, Don't Pray to It

You use ChatGPT every day—but what actually happens when AI reads, thinks, and writes? From tokens and context windows to attention, KV cache, generation, and prompts, this is a full causal map for engineers who want to guide AI, not just hope for good answers.
Cover image for Tokens: How AI Turns the World into Numbers

Tokens: How AI Turns the World into Numbers

June 15, 2026
Cover image for Getting Started with AI (Without the Hype)

Getting Started with AI (Without the Hype)

March 15, 2026
Cover image for Frontend Engineer Roadmap: Skills, Tasks, and Learning Resources

Frontend Engineer Roadmap: Skills, Tasks, and Learning Resources

July 1, 2025
Cover image for Cross-Origin Requests and CORS: A 2026 Review and Update

Cross-Origin Requests and CORS: A 2026 Review and Update

June 10, 2026
Cover image for AI Terms Explained (April 2026)

AI Terms Explained (April 2026)

April 6, 2026
View all →

Reposts

Worth reading elsewhere

View all →

Node.js security releases for 26.x, 24.x, and 22.x

The Node.js project announced security releases for the 26.x, 24.x, and 22.x release lines on or shortly after June 17, 2026. The updates address one or more security issues with a highest severity of HIGH, and End-of-Life versions should be treated as affected when a security release occurs.

Node.js Blog2026-06-17

GCP Security Bulletin: Cloud Service Mesh vulnerability GCP-2026-035

Google Cloud published a security patch for Cloud Service Mesh affecting GKE clusters using Gateway API (GCP-2026-035). Proxy version csm_mesh_proxy.20260423_RC03 is rolling out across all Managed Cloud Service Mesh release channels, superseding the June 3 announcement with additional fixes.

Google Cloud2026-06-10

Oracle Security Alert Advisory - CVE-2026-35273

A critical unauthenticated remote code execution vulnerability (CVSS 9.8) in PeopleSoft Enterprise PeopleTools 8.61 and 8.62 is being actively exploited in the wild. Oracle published out-of-band mitigations while a patch is pending.

Oracle2026-06-10

Anthropic releases Claude Fable 5 and Claude Mythos 5

Anthropic released Claude Fable 5, the first Mythos-tier model available to the public, alongside a restricted Claude Mythos 5 for government and cybersecurity use. Fable 5 leads benchmarks in software engineering, knowledge work, vision, scientific research, and autonomous tasks. It is included at no extra cost on Pro, Max, Team, and Enterprise plans until June 22, 2026; from June 23 onward it consumes usage credits.

Anthropic2026-06-09

Working Notes

Shorter thoughts from the field

View all →

Git 常用命令

October 27, 2025

這篇文章分享 Git 版本控制系統的實用筆記,包含常用指令、工作流程和最佳實踐,適合開發者學習和參考。...

如何取消訂閱 ChatGPT (2025年9月更新)

September 3, 2025

在取消 ChatGPT 訂閱的時候遇到重重困難嗎?這篇文章跟你分享我的解決辦法,相信能幫助到你。...

認識字體的分類與用途

August 15, 2025

前幾天設計部落格時發現 Figma 字體選單超級多選項,完全不知道怎麼選。深入研究後才發現字體分類大有學問!從 Serif、Sans-serif 到中文的明體、黑體,每種都有特定用途。這篇筆記分享我的研究心得,希望能幫助你告別選字困難症。...

什麼是 TC39?JavaScript 標準制定流程完整解析

July 30, 2025

TC39 是負責制定 JavaScript(ECMAScript)標準的技術委員會。本文詳細介紹 TC39 的組織架構、五階段提案流程(Stage 0-4),並以 Optional Chaining 為例說明新功能的誕生過程。文章還包含如何追蹤最新提案、參與社群討論的實用建議,是前端開發者了解 JavaScript 演進的完整指南。...

Meta廣告境外稅逾期申報怎麼辦?

May 20, 2025

這次 Meta 廣告報稅好不順,同時遇到金額算錯、逾期、繳款證明和稅單遺失,各種問題。這篇分享我怎麼處理每個問題,也整理補繳流程、憑證遺失怎麼補、給付總額和應扣繳稅額怎麼算。...

Newsletter

Thoughts on tech, development, and building for the web.
No spam, ever.

Subscribe →