今日精选
HOT最新资讯
共 19865 篇When Is Software Illegal? The History Of Code & Free Speech
submitted by /u/Mynameis__--__ [link] [留言]
Designing a Three Reviewer Consensus Platform for Digital Harm Reporting
The Problem Real411 is a South African platform where citizens report digital harms: misinformation, incitement, hate speech, and harassment. When someone submits a complaint, it needs to be reviewed by multiple people, assessed against legal criteria, and resolved with a public verdict. The process must be transparent, auditable, and fair. I joined this project early and worked on it extensively over a long period. A senior solutions architect consulted on the database schema design. There was a cloud person who helped with parts of the infrastructure. Other coworkers contributed at different stages. I spent most of my time on the API layer and the frontend components. This article covers the architecture decisions I worked with, what I learned from the senior architect's design choices, and how the system evolved. The Status Machine Most applications model status as a column on a table. You update the value and the old state is gone. That works for simple workflows but fails when you need to know not just where a complaint is now, but how it got there and who made each decision. The senior architect who consulted on the database design suggested an append only status log. Instead of a single status column, the complaint_status table records every transition as a separate row. Each row has the status code, the user who made the change, a timestamp, and optional notes. The current status is derived by querying the most recent row. I implemented this pattern across the API layer. Every status transition became an insert operation rather than an update. It took some adjustment to shift from mutable state to event sourced state, but the benefits were immediate. Auditing became straightforward. The state machine also became easier to implement because each transition is a simple insert with a business logic check, not a conditional update. The schema has seventeen status codes covering the full lifecycle: received, claimed, under assessment, pending secretariat review,
Building a Real Time Sports Scoring Engine with WebSockets and DynamoDB Streams
The Problem Sports scoring sounds simple. One team scores a point, the number goes up, everyone sees it. But when you build it as a web application that needs to work on courtside tablets, spectator phones, and wall mounted displays simultaneously, with voice commands and tap controls, the architecture becomes more interesting. The project was Scoring AI, a voice enabled match scoring application for sports courts. Players start a match, share a link, and control the scoreboard from any device. The backend handles real time state synchronization, optimistic locking, idempotent score updates, rate limiting, and WebSocket broadcasting. The team was small. Me and a coworker who handled the CI/CD side. We were at the same level, both full stack, and we designed the system together. He focused on the deployment pipeline and infrastructure automation. I focused on the application layer, the real time system, and the frontend. But the architecture decisions were shared. This article covers the technical decisions we made and how patterns from previous projects influenced them. Why DynamoDB for Live Matches The match scoring data is different from the business data around it. A match lasts about an hour, gets updated frequently, and needs to be read by many viewers at once. After the match is complete, it is archived and rarely accessed. I had seen what happens when you put high frequency state updates into a relational database on a previous project. Row locks, contention, connection pool exhaustion. For Scoring AI, we used DynamoDB for the live match state and PostgreSQL for everything else. The hot path needed fast writes, optimistic locking, and automatic cleanup of abandoned matches. DynamoDB provides all of these. The version field on each match record acts as an optimistic lock. Every score update is a conditional write that checks the version has not changed. The cold path uses PostgreSQL through Kysely for user profiles, subscriptions, pricing plans, payment histor
st – The missing unified installer and runner for Smalltalk
Smalltalk has excellent live environments, but managing the different VMs, images, and installers for Pharo, Cuis, Squeak, Glamorous Toolkit, GNU Smalltalk, etc. is painful. I made st — a lightweight shell-based CLI that gives one consistent interface: st pharo install && st pharo run st gt install , st cuis install , etc. Basic package search/install and eval support where available Works on Linux/macOS/Windows (WSL) Repo: https://github.com/hernanmd/st Happy to answer questions, take feedback, or hear what other Smalltalk pain points you'd like addressed. Contributions welcome (especially adding new dialects)!
Stratagems #14: Leo Found an AI Leak. He Wasn't the First to Find It.
Take the opportunity to pilfer a goat. — The 36 Stratagems, Take the Opportunity to Pilfer a Goat Previously on this series: #5: Leo Walked Into a Burning House. He Walked Out With a Client. — At 1 AM, Leo received an anonymous message and drove across town to fix a competitor's outage. A second message followed — a screenshot with a name: Automated Compliance Lab. He didn't remember the acronym. He didn't delete the screenshot. #10: Lena Watched a Team Adopt Her AI Template. Leo Didn't Know the Knife Was in the Contract. — Lena joined CoreStack as a consultant and built Leo a reporting template. Leo thought she was there to help. Five weeks later the template went live. Six months later the data baseline was locked. He only then realized he'd been inside her palm the whole time. Taken down by a smile. This was a few months later. The Archive Cleanup SOC 2 Type II renewal had just passed. The auditors were gone. CoreStack's compliance team was doing the post-audit archive — classifying every record produced during the audit and tagging them with retention periods. Leo got the cleanup part. The training pipeline's cache directory. The cleanup cron job hadn't run for a week — nobody noticed. When he looked inside, the output folder had a few records with train_ prefixes mixed in among inference outputs. One of them had a model_version that wasn't CoreStack's own. model_version : " acl-train-2026q2-v3" Leo copied that line out. Didn't delete it. Didn't report it. Dropped it into a folder called _misc/ .Set a quiet keyword alert for "acl-train" before closing the terminal. He noticed the naming convention wasn't FinOptima's — FinOptima used fin-model- plus timestamps. acl- — he'd seen that prefix somewhere before. Couldn't place it. He didn't let himself try. He filed it away. Went back to archiving. The Trace Not every CTO digs through cache write logs during archive cleanup. He did. He spent two hours cross-referencing FinOptima's API call records against CoreStack's
Seven things to check before a WordPress major upgrade — before "patch what breaks after" becomes a disaster
WordPress major version upgrades (5.x → 6.x, and eventually 6.x → 7.x) are a different animal from minor releases. Minor releases (like 6.4.1 → 6.4.2) are mostly bug fixes with low compatibility risk. Majors land API deprecations, raised PHP minimum requirements, and core block replacements all at once — and those things hit operations hard. The " just hit Update in the admin and patch whatever breaks " workflow can survive on a single personal site, but it tends to fall apart under multi-site maintenance — simultaneous failures across sites overwhelm root-cause triage. This post collects the things worth verifying before you run a major upgrade, as a seven-item checklist . 1. Has the minimum PHP version been raised? Major WordPress releases sometimes raise the minimum supported PHP version (6.6 lifted it to PHP 7.2.24, and a future 7.0 will very likely require PHP 8.x). What matters operationally isn't just the server's PHP version and WordPress's stated minimum — it's the intersection with the PHP versions your plugins and themes actually run on . You can usually upgrade your server's PHP, but older themes and plugins not running on new PHP isn't rare. A subtle failure mode here: traps like PHP 8.2+ deprecated warnings leaking into older WP-CLI JSON output , where nothing visibly errors but your operational tooling silently breaks. Before upgrading, run wp plugin list --format=json on the production PHP environment and verify you're getting clean JSON. That one check catches a lot of post-upgrade pain. 2. Audit "Tested up to" for every plugin Each plugin's readme.txt carries a Tested up to: X.X line — the developer's declaration of the highest WordPress version they've actually tested against . It's the first signal for major-upgrade compatibility audits. WP-CLI gives you the inventory in one shot: wp plugin list --fields = name,version,update_version,update --format = table Plugins where "Tested up to" is old AND no updates in the last year deserve scrutiny. Acti
From Dubai to Thailand: How I Landed a Remote Role at a South African Company
The Next Chapter When I left the waiter job and returned to engineering, I knew I wanted something different. Not just a different job, but a different way of working. The kind where your location does not limit the problems you can solve. I found that in Thailand, working for a South African company called Exonic. Why Bangkok After Dubai, I wanted somewhere with a lower cost of living where I could build runway while working remotely. Bangkok checks that box. The city is a hub for remote engineers. The internet is fast. The infrastructure works. The street food is better than any restaurant I have ever worked in. I arrived with a laptop and a clear goal: find a remote role where I could work on meaningful projects without being tied to a physical office. Landing the Role at Exonic Exonic is a technology consulting company based in South Africa. They serve clients across multiple industries and geographies. When I found the opening, it matched exactly what I was looking for: full time remote, exposure to diverse projects, and the chance to work across the full stack. The interview process was practical. System design discussions, technical assessments focused on AWS and modern frontend frameworks, and conversations about how I approach end to end delivery. I got the offer and accepted it immediately. As a full time remote employee, I was embedded in Exonic's engineering team. My day to day involved building cloud native solutions for their clients, designing architectures on AWS, and shipping production systems across the entire stack. The team was distributed, and the work required communicating clearly across time zones. Three Continents Through One Company Exonic's client base spans the globe. Over my time there, I built production systems touching three different continents. One project was Scoring AI , a voice enabled match scoring application for sports courts. Players start a match, share a link, and control the scoreboard using voice commands. I worked on th
OpenAI researcher Miles Wang in talks to launch AI drug discovery startup valued at $2B
The funding discussions point to investor interest in applying AI to make breakthroughs in life sciences.
I Spent 12 Hours Submitting My Product to Directories. Here's What I Built to Never Do That Again.
Every founder who's launched a product knows the drill. You've built something you're proud of. You're ready to share it with the world. And then you discover you need to submit it to Product Hunt, BetaList, Peerlist, and about fifty other directories if you want any chance of getting noticed. So you open your first submission form. You copy your tagline from your notes app. You paste it. You upload your logo. You fill in your description. Then you open the next directory. And you do it all again. And again. And again. After my last launch, I calculated that I'd spent nearly twelve hours just on directory submissions. Twelve hours of copying the same tagline, pasting the same description, uploading the same screenshots. It was mind-numbing work that pulled me away from the things that actually mattered, like talking to users and iterating on feedback. I knew there had to be a better way. That's why I built AutoSubmit.to. It's a simple idea: save your launch information once, and let it autofill everywhere you need to submit. The problem with product launches isn't the strategy or the timing or even the product itself. It's the operational overhead. Most founders underestimate how tedious the submission process becomes when you're trying to maximize visibility. Each directory has slightly different fields. Some want a short description, others want a long one. Some ask for your Twitter handle, others want your LinkedIn. Some require specific image dimensions. This variability means you can't just copy and paste blindly. You need to adjust your content for each platform, which adds cognitive load to an already repetitive task. By the tenth submission, you're making mistakes. By the twentieth, you're wondering if any of this is even worth it. AutoSubmit.to approaches this problem with a two-part system that's designed to be both simple and powerful. First, you create a launch profile on the platform. This is your single source of truth. You enter your product name, tag
Dependabot learns to wait: version-update PRs now sit for three days by default
Every time your bot merges a two-hour-old release into main, you are trusting a stranger's freshly published tarball to be the same one everyone else is looking at. Sometimes that release is a real bugfix. Sometimes it is a maintainer who fat-fingered a token, or an attacker who did not, and either way your CI cheerfully rebases against it before anyone had a chance to notice. On 2026-07-14, GitHub added a pause. Not a big one. But a real one. The actual change Dependabot version updates now sit on their hands for three days after a package is published. According to the GitHub Changelog, a release has to have been available on its registry for at least that long before Dependabot will open a version-update pull request against your repository. The cooldown is on by default and requires no configuration. It applies across every ecosystem Dependabot supports on github.com, and GitHub Enterprise Server picks it up in GHES 3.23. Security updates are exempt. If a fix for a known vulnerability lands, Dependabot will still open the PR the moment it can, because a three-day delay on the patch defeats the entire point of shipping the patch. That single carve-out is the whole design. Why three days is doing so much work Three days is not enough time to audit a package. Nobody is pretending otherwise. What three days is enough for is someone else to notice. Most malicious releases that end up on a public registry get pulled quickly once security researchers, downstream maintainers, or the registry's own scanners spot the pattern. The typosquats, the hijacked accounts, the crypto miners buried in a postinstall script: they all rely on being pulled into build automation before the pattern is visible. Dependabot's old default was to be that automation. Its new default is to let the pattern show up first. You can read this change as GitHub quietly admitting that "always up to date" was the wrong marketing promise for a supply-chain tool. The knob, and what shifted about it Cooldo
Laptop Memory Leak Story
I found a slow, insidious memory leak in a Node.js API gateway caused by lingering event listeners; I fixed it by scoping emitters per request, enforcing cleanup in finally blocks, and adding leak‑aware tests and runtime safeguards—memory usage flattened and OOM restarts stopped. The Incident The gateway handled TLS termination, auth, and request fan‑out for many microservices. Over weeks its resident set size climbed in a staircase pattern until Kubernetes began OOM‑killing pods under load. The failure was gradual —light traffic ran for days, peak traffic crashed in hours—so it escaped casual monitoring. Investigation Heap snapshots and allocation profiles showed growing counts of small objects —closures, request metadata, and event listeners—rather than one giant allocation. Tracing revealed an internal event bus where request‑scoped listeners were attached but not always removed: an early‑exit authentication path returned before the cleanup function ran, leaving listeners that held references to request state. The GC saw those objects as live and never reclaimed them. The Fix (technical details) 1. Scoped emitters per request. Replace global emitters for request‑local concerns with a short‑lived EventEmitter created at request start. When the request ends, the emitter goes out of scope and the whole closure graph becomes collectible. 2. Guaranteed teardown via try/finally . Wrap the entire request pipeline so cleanup runs on success, error, or early return; the finally detaches any remaining listeners, clears timers, and releases caches. 3. Leak‑aware CI tests and runtime metrics. A harness simulated thousands of requests across code paths, captured heap snapshots, and asserted bounded object counts. Production metrics tracked listener counts and emitted alerts when thresholds were exceeded. 4. Operational safeguards. Added backpressure on accept queues, a soft memory threshold that disabled nonessential tracing, and rollout halting on excessive crash loops. Thes
Vision drift: why agentic workflows need workflow auditing
How a distributed, event-sourced issue tracker built with developer ergonomics in mind may have a role to play in the next generation of agentic workflows Vision drift Harness engineering has recently popularized the idea of containing architectural drift in agentic workflows. What might be missing in the discussion is a similar issue on a higher level - vision drift . By vision drift I mean that the implementation no longer drifts only from the architecture - it drifts from the original product intent. And it seems like the risk may be obscured by restricted tooling. As long as the project management tools only present a snapshot rather than a traceable story, there is an increased risk of undetected drift. Drift is detected via specification audits over time. However, while code history easily can be traversed via Git, issue tracking essentially lacks this capability. Issue trackers tend to be excellent at answering the question “what is going on right now?”, but fail at answering the question “how did our work in this area evolve last month?” or “what went on this time last year?”, or “how did we get from there to there?”. Workflow audits When I set off to build Epiq, this was not a concern on my radar. Agentic coding was something I had heard distant rumors of, and in fact I was just pursuing the ideal developer experience . This pursuit did however lead me down a path of unorthodox architecture, which in turn resulted in an issue tracker with some uncommon properties. One of these is the ability to inspect historical state by time-traveling, and replay sequences. I have not yet encountered another issue tracker with these capabilities. Initially I thought of it as a gimmick feature. Imagine the wow-factor of replaying the entire sprint in a retro, visualizing the past 2 weeks as a short movie. I thought it would help out with reflection of how much (or little) work had been accomplished. Not until I set out to do my own first fully agent-implemented feature did