今日已更新 215 条资讯 | 累计 21081 条内容
关于我们

今日精选

HOT

最新资讯

共 21081 篇
第 105/1055 页
开发者 Reddit r/programming

How Processes Share Memory Without Copying (Visual)

A visual explanation of how two separate processes can access the same bytes without copying a payload between them. It covers virtual memory, page tables, physical frames, shm_open, mmap(MAP_SHARED), lazy allocation, copy-on-write, shared libraries, memory-mapped files, Redis snapshots, and Dirty COW. submitted by /u/Ok_Marionberry8922 [link] [留言]

/u/Ok_Marionberry8922 2026-07-13 03:38 2 原文
开发者 Reddit r/programming

Exploiting PackageInstaller parsing: A 974-byte modern Android 14 PoC.

I’ve been exploring the absolute structural floor of the Android APK format. By leveraging hasCode="false" and surgically optimizing the ASN.1 DER encoding of the V2 signature, I’ve managed to get a compliant Android 14 app down to 974 bytes. The system treats it as a first-class app, and it’s fully installable on a stock Android 14 device. It’s an exercise in how much the PackageManager trusts the headers versus what it semantically validates. submitted by /u/Same-Access-6799 [link] [留言]

/u/Same-Access-6799 2026-07-13 03:16 2 原文
AI 资讯 Dev.to

Building a Three.js 3D Product Configurator for WooCommerce: 4 Things I Didn't Expect

Most WooCommerce product pages still show the same thing stores have shown for 20 years: a handful of flat photos. I spent the last few months building Noorifa, a plugin that replaces that with an interactive Three.js viewer — customers rotate the model, zoom in, and switch colors/materials on specific meshes in real time, synced to the store's actual WooCommerce variations. The 3D rendering part was the easy 20%. The other 80% was a series of small, specific problems that don't show up in a Three.js tutorial. Here are four of them. 1. A directional light rig can't light a face it can't see Early on, customers rotating a table model would find the underside of the tabletop rendering near-black — no matter how far I pushed the light intensity. The rig at the time was a single key light plus a hemisphere ambient: scene . add ( new THREE . HemisphereLight ( 0xffffff , 0x444444 , 1.2 ) ); const keyLight = new THREE . DirectionalLight ( 0xffffff , 1.2 ); keyLight . position . set ( 3 , 5 , 4 ); scene . add ( keyLight ); The bug was geometric, not a brightness problem: keyLight sits above the model, so its light direction only reaches surfaces whose normal faces back toward it. A downward-facing surface — the underside of an overhanging tabletop — can't receive any direct contribution from a light positioned above it, at any intensity. Cranking the brightness slider was scaling a number that was multiplying against zero. The fix was closer to actual three-point studio lighting: key, fill, and rim from above for shape and separation, plus a dedicated light from below, and a brighter hemisphere ground color to approximate bounced light: scene.add( new THREE.HemisphereLight( 0xffffff, 0x888888, 1.1 * brightness ) ); const keyLight = new THREE.DirectionalLight( 0xffffff, 1.1 * brightness ); keyLight.position.set( 3, 5, 4 ); const fillLight = new THREE.DirectionalLight( 0xffffff, 0.5 * brightness ); fillLight.position.set( -4, 2, 3 ); const rimLight = new THREE.DirectionalLigh

Noor E Alam 2026-07-13 02:47 6 原文
AI 资讯 Dev.to

Commit Chronicles—Your Obsession Leaves a Trail. Mine Gives It a Plot.

This is a submission for Weekend Challenge: Passion Edition TL;DR SQL can count a commit trail. It can't always find the story it tells. Name a public GitHub repo. Snowflake fetches its commit history, decides which story is actually in there, and asks Cortex to narrate that one thread. You get a card you can drop into a README. 6 storyline detectors, 15 SQL views, and 0 AI calls in any of them—the story is chosen by plain SQL. Then 1 Cortex call, on 20–140 commit lines: 25% of the repo's, clamped. The warehouse is the editor. Cloud Run paints a PNG and computes nothing. Live at commitchronicles.anchildress1.dev , code at v1.0.0 , and I'm going for Best Use of Snowflake . What I Built Commit Chronicles reads one public GitHub repo and gives it back to you as a story. Snowflake fetches the repository, decides which story exists, gathers the evidence, asks Cortex to narrate exactly that thread, validates the result, and returns structured JSON. Cloud Run just turns it into a 1200×630 PNG—the size a README embed and a social preview both want. This is one of my repos and every dot, timestamp, and quoted commit on it is real. The color isn't just decoration—Cortex picks the accent hex as a reading of the arc, so a repo that died and one that came back and shipped don't look the same. The scope is deliberately one repository , not a whole profile. A year-in-review across a profile turns to mush. A repo has a clean arc: commits start, cluster, pause, restart, or stop. Two rules hold it together: Cortex interprets the shape. It never invents the facts. Every timestamp, count, gap, and quoted message on the card is real. It reads the arc; it does not reach past it. Motivation isn't in the data, so the model is forbidden from claiming any. A repo with no real story says so. Sparse histories get an honest grey card— "no story here" —and Cortex never runs. Not every repo is an obsession, and a tool that admits that is the one you trust when it says otherwise. Why I built it 🪤

Ashley Childress 2026-07-13 02:46 6 原文
AI 资讯 Dev.to

Be the right Platform Team

Throughout my career I have had to work with quite a few platform teams, and I was part of two for a couple of years. Some were bad, some were good and some should not have existed at all. I want to tell you my user experience, what I have seen work and what not and what you should definitely avoid doing. Be The Multiplier This is the main goal of a platform team. As a team, it needs to be a multiplier. If the platform team supports 10 teams, then each work it commits should multiply by 10. If the team member builds a new feature, it should be helpful for all the other teams. Otherwise, the platform team is an addition, and in most cases it is then better to split the platform team and add them to all other teams, instead of being a separate team. Because the amount of communication needed is in most cases quadratic in relation to the number of teams. Reducing Cognitive Load The platform should take away cognitive load for all the teams it supports. By doing so, they will have more time to implement business requirements. Let's say a platform team provides Gitlab runners or Azure Agents where people can run their CI/CD code on. They should not need to know how the runners are scaled, or how the agents are updated. This takes away the need for that skill set in all the teams. Build a Community A platform team has a unique position. It is building something that all other developers probably can build as well. Some could do it even better than the platform team itself. For some platform teams, their ego sometimes comes in to play or just straight up refuses their help because they are not the team. But it is not the job of the platform team to build a product, but a platform where everyone can thrive and/or build on. So onboard the community on the platform! The Law of Diffusion applies to almost all companies. You will have the innovators that want to build it themselves and the early adopters that will voice their opinion, but will not build it themselves. Those two

Pouja 2026-07-13 02:42 6 原文
AI 资讯 Dev.to

Claude Code Sends 33k Tokens Before Your Prompt; OpenCode Sends 7k

A new side-by-side measurement shows Claude Code ships roughly 33,000 tokens of system prompt, tool schemas, and scaffolding before your prompt even arrives — about 4.7x the ~7,000 tokens OpenCode sends on the same setup. The bigger cost surprise is next: Claude Code re-wrote up to 54x more prompt-cache tokens per session, and cache writes bill at a premium. How the test was run The benchmark (published by Systima) spliced a logging proxy between each harness and the model endpoint, capturing the exact request payload and the API's usage block. Both harnesses were pinned to the same conditions: Claude Code 2.1.207 and OpenCode 1.17.18 , both pointed at claude-sonnet-4-5 Fresh config directories, empty workspace, no MCP servers, no instruction files, permissions bypassed Tasks ranged from "reply with OK" (isolating fixed overhead) to a write-run-test-fix loop against FizzBuzz A zero-tools variant separated system-prompt weight from tool-schema weight The payload captures are exact; the only adjustment was subtracting a constant ~6,200-token gateway envelope that wrapped every request in the test setup. The fixed floor Harness Fixed overhead before your prompt Cache-write behavior Claude Code 2.1.207 ~33,000 tokens Re-wrote tens of thousands of cache tokens per run; up to 54x OpenCode OpenCode 1.17.18 ~7,000 tokens Byte-identical prefix each run; cached once, read back cheaply OpenCode's request prefix was byte-identical in every captured run, so it paid to cache its payload once per session and read it back for pennies. Claude Code re-wrote large amounts of prompt-cache tokens mid-session, run after run — and because cache writes bill at a premium, one usage dashboard climbs while the other stays flat. Where it piles on in real setups The harness floor is only the start. The benchmark added variables one at a time: A production repository's 72KB instruction file added an average of ~20,000 tokens to every request. Five modest MCP servers added 5,000–7,000 more. By th

TerminalBlog 2026-07-13 02:39 6 原文
AI 资讯 HackerNews

Show HN: Juggler – an open-source GUI coding agent, by the creator of JUCE

Hello HN, I don't post on here much, but wanted to get some eyes on a new project I'm just launching. I think we definitely need one more AI code agent.. I'm a long-term C++ dev, and over 30+ years I've created some successful audio dev tools (JUCE, the Tracktion DAW, the Cmajor DSP language). All of these came from me getting annoyed with something I had to use, and deciding to have a go at my own take on whatever it was. So Juggler is my attempt at an AI code agent, after spending too many hou

julesrms 2026-07-13 02:28 3 原文
AI 资讯 HackerNews

Claude Code sends 33k tokens before reading the prompt; OpenCode sends 7k

This started based off of a hunch. We usually use OpenCode, but were 'forced' to use Claude Code for a while due to issues with Meridian. In that time, we saw the usage meter rise much, much more quickly than when using OpenCode. This was the initial anecdotal evidence, but we undertook this small study to collect empirical data: We added logging between the agentic coding tool (Claude Code and OpenCode) and Anthropic's endpoint, and captured all requests (and the returned usage blocks). With on

systima 2026-07-13 02:25 5 原文
AI 资讯 Dev.to

I scanned 15 public Lovable apps. 40% load their database in the browser.

No hacking — a passive scan only looks at what your browser already downloads when it opens a page. Here's what I found: 6 of 15 load their Supabase database directly client-side. The public API key sits in the page source. That's fine if Row-Level Security is configured right — but it's one wrong setting away from "anyone can read the whole table." 14 of 15 ship no Content-Security-Policy — a simple, high-value hardening against script injection, almost always missing. Is this theoretical? No. Two apps I audited with the owner's permission: A social app: the profiles table — user names, cities, and a password hash — readable by a logged-out stranger. Closed in an afternoon. A paid learning app: 155 paid study sheets and 4,872 answers were readable by anyone, with no account and no subscription — its entire paid catalogue, a single API call away. The paywall lived only in the front-end; the database served everything to everyone. Loading Supabase in the browser isn't the mistake. Not enforcing access in the database (RLS) is. And the tools you build with won't tell you — they'll happily ship it. If you built something on Lovable / Bolt / Replit with real users (or paying ones), it's worth 60 seconds to check what a stranger can already see. I made a free tool that runs the surface check (passive, no signup): sealdy.dev Happy to answer questions on how RLS leaks happen and how to lock them down.

Romain Durieux 2026-07-13 02:24 7 原文