AI 资讯
5 Free Browser-Based Dev Tools: GraphQL Formatter, Docker Compose Validator, Dockerfile Linter, and More
I just shipped 5 new tools to DevNestio — a hub of 172 free, browser-only developer utilities. All tools are zero-signup, zero-upload, and work offline. 1. GraphQL Query Formatter & Minifier https://devnestio.pages.dev/graphql-formatter/ Paste any GraphQL operation and get: Pretty-print — consistent indentation Minify — strips comments and whitespace for smaller request payloads Validation — brace/parenthesis balance check Operation detection — lists all named query , mutation , subscription , fragment Useful for quick query cleanup before pasting into code reviews or API docs. 2. Protobuf (.proto) Formatter & Validator https://devnestio.pages.dev/protobuf-formatter/ Online formatter and validator for Protocol Buffer .proto files: Duplicate field number detection Message and enum structure validation Syntax-highlighted output One-click copy Great for a sanity check before pushing .proto changes in a gRPC service. 3. Docker Compose Validator https://devnestio.pages.dev/docker-compose-validator/ Paste your docker-compose.yml to catch: Missing services section Services without image or build Invalid port mappings ( 80:80 , 127.0.0.1:8080:80 , 53:53/udp , ranges…) depends_on referencing non-existent services Circular dependency detection (A→B→A) Unknown restart policies # This will flag errors: services : web : ports : - " abc:xyz" # invalid port depends_on : - missing_service # unknown service 4. Dockerfile Analyzer & Linter https://devnestio.pages.dev/dockerfile-analyzer/ Analyzes your Dockerfile for best practice violations across three categories: Security sudo usage inside RUN Container running as root (no USER instruction) Secrets baked into ENV / ARG (password, secret, token, key) Image size :latest base image tag apt-get update in a separate RUN (stale cache risk) apt-get install without --no-install-recommends apt cache not cleaned ( rm -rf /var/lib/apt/lists/* ) ADD used for local files instead of COPY Layer optimization Consecutive RUN instructions (suggest c
AI 资讯
Dev Log: 2026-07-04
TL;DR Two Laravel backends started serving Flutter apps on the same day — an events platform (auth, orders, offline check-in) and a helpdesk product (ops mode for agents). gatherhub-web moved to plans-only pricing with a comparison matrix driven by one data file. A hardening pass: payment-safe queues, gateway reconciliation, one heavyweight dependency dropped. Two mobile APIs in one day Coincidence, but a useful one: two products I'm building both needed their Laravel backends to serve mobile apps this week. The events platform got the full foundation — token auth (login/refresh/logout/me), participant orders, mobile payment with status polling, push-device registration, and an offline-first staff check-in flow. That last one is the interesting bit; I wrote it up as its own post. The helpdesk product went the other way: its API was client-only, and today it became role-aware. The same endpoints now serve ops agents working tickets from their phones, with abilities deciding what each role sees. One API surface, two personas, no duplicated /admin routes. The lesson that repeated in both: API Resources are the contract. The moment a mobile dev consumes your endpoint, every field you accidentally leak becomes a field you can't remove. Plans-only pricing (public) gatherhub-web , the Next.js marketing site, dropped à-la-carte feature pricing for three plans and gained a plan comparison matrix. Everything renders from a single plans.ts — the matrix, the pricing cards, the enterprise page — so the marketing site can't drift from what's actually sold. A pricing page is a contract too; it deserves a single source of truth as much as your API does. Hardening pass Change Why Bulk email blasts isolated to their own queue one big send must never delay a payment webhook Reconciliation command for stuck pending orders webhooks fail silently; polling the gateway is the safety net maatwebsite/excel → spatie/simple-excel for exports streams rows instead of building sheets in memory, s
开发者
Offline-First Check-In: A Laravel API That Survives Venue Wi-Fi
TL;DR A gate check-in app can't depend on live Wi-Fi: scans must work offline and sync later. Four endpoints do it: manifest download, idempotent batch push, delta pull, online search. Client-generated UUIDs + a unique index make retries safe. Duplicates are a success status, not an error. The problem Physical event, staff scanning tickets at the door, venue Wi-Fi exactly as reliable as you'd expect. If your API sits in the hot path of every scan, the queue at the gate grows at the speed of the worst signal bar in the building. So the design flips the roles: the device owns check-in, the server owns convergence. Like a cashier who keeps a paper ledger when the till goes down — record now, reconcile later. The API surface Endpoint Purpose GET /staff/events/{uuid}/manifest paginated ticket snapshot, downloaded before gates open POST /staff/events/{uuid}/check-ins/batch push queued scans; safe to retry GET /staff/events/{uuid}/check-ins?since=<cursor> pull what other devices did GET /staff/events/{uuid}/participants?q= online fallback search (lost ticket, typo) The sync loop Device Server |--- GET manifest (before event) ------->| | scan offline, queue locally | |--- POST batch [{client_uuid, ts}] ---->| dedupe on client_uuid |<-- 200 {applied | duplicate per item} -| |--- GET check-ins?since=cursor -------->| scans from other devices |<-- delta + next cursor ----------------| Idempotency is the whole trick Every scan gets a UUID generated on the device at scan time . The server puts a unique index on it and inserts-or-ignores: public function batchCheckIn ( BatchCheckInRequest $request , string $uuid ): JsonResponse { $results = collect ( $request -> validated ( 'check_ins' )) -> map ( function ( array $scan ) { $checkIn = CheckIn :: firstOrCreate ( [ 'client_uuid' => $scan [ 'client_uuid' ]], [ 'ticket_id' => /* resolved from scan */ , 'checked_in_at' => $scan [ 'scanned_at' ]], // ... ); return [ 'client_uuid' => $scan [ 'client_uuid' ], 'status' => $checkIn -> wasR
AI 资讯
kubeadm init fails with "the number of available CPUs 1 is less than the required 2" on an Azure B1s VM — how I fixed it
While setting up a self-managed Kubernetes cluster on Azure VMs, I hit this error when running sudo kubeadm init on a Standard_B1s VM (1 vCPU / 1 GB RAM): [ERROR NumCPU]: the number of available CPUs 1 is less than the required 2 After checking Stack Overflow and the official Kubernetes documentation ("Before you begin"), I confirmed that kubeadm requires at least 2 CPUs to install the control plane. The fix: I stopped the VM and resized it from Standard_B1s to Standard_B2s (2 vCPU / 4 GB RAM) from the Azure portal, then ran kubeadm init again — the preflight checks passed and the control plane initialized successfully. Posting this in case it helps someone hitting the same issue on a low-tier cloud VM. Thanks to the community for the answers that pointed me in the right direction!
AI 资讯
I Thought I Understood Containers. Then I Tried Building One.
I had just aced my mentor’s Docker exam, so of course I thought I understood containers. I had said all the right words: namespaces, cgroups, images, layers, PID 1, Kubernetes Pods. Then I typed my first serious command and Linux reminded me that knowing the nouns is not the same thing as building the thing. $ sudo unshare -p 1 test unshare: failed to execute 1: No such file or directory That was the opening scene. I had not even built anything yet. I had typed the flags wrong and accidentally asked unshare to execute a program called 1 . This was going to be less “implement Docker” and more “let the kernel correct my confidence, one error at a time.” v1: namespaces, or the first time PID 1 lied to me The first version was supposed to be easy: run a process in a new PID namespace and prove it sees itself as PID 1. So I ran the command the way I thought it worked: $ sudo unshare --pid bash # echo $$ 25184 That was not PID 1. That was just embarrassing. The rule I had missed is simple: PID namespaces apply to children. The process that calls unshare --pid does not magically become PID 1. You need to fork. The first child born into the new namespace becomes PID 1. So the working version was: $ sudo unshare --pid --fork bash # echo $$ 1 That one line changed the tone. I was inside a different process universe. The shell thought it was process 1. Signals felt different. Orphans came home to it. Then I ran ps , and got humbled again. # ps -o pid,ppid,comm PID PPID COMMAND 25310 25304 bash 25344 25310 ps That made no sense at first. I was PID 1, but ps was showing host-looking PIDs. The next reveal: ps does not ask the kernel some pure “what processes exist?” question. It reads files. If /proc still points at the host procfs, your tools will tell you the host story. So I remounted /proc from inside the namespace: # mount -t proc proc /proc # ps -o pid,ppid,comm PID PPID COMMAND 1 0 bash 7 1 ps That was when it clicked. The namespace did not become real to my eyes until /pr
AI 资讯
Choosing the Right Backend Framework: Django vs. Gin vs. Ruby on Rails.
Every application we use today—from banking apps to social media platforms—has something working behind the scenes. That hidden engine is called the backend. The backend is responsible for processing requests, storing data, handling authentication, enforcing business rules, and ensuring everything works as expected when users interact with an application. One of the first decisions backend developers make is choosing a framework. A framework provides the tools, structure, and best practices needed to build applications faster and more securely. Today, let's look at three popular backend frameworks: Django, Gin, and Ruby on Rails. Django (Python) Django is one of the most mature and feature-rich backend frameworks available. Built using Python, it follows the philosophy of "batteries included." This means many features developers need are already built into the framework, including: User authentication Admin dashboard Database ORM Security protections URL routing Form validation Because so much comes ready to use, developers can spend more time solving business problems instead of rebuilding common features. Best for: Content management systems E-learning platforms Business applications APIs Startups building products quickly Advantages: Fast development Excellent security features Large community Extensive documentation Scales well for many applications Trade-offs: The framework includes many components, so it can feel heavier than minimalist frameworks. Gin (Go) Gin is a lightweight web framework built for the Go programming language. Unlike Django, Gin keeps things minimal. It gives developers speed and flexibility while letting them choose many of the additional tools they want to use. One reason many developers enjoy Gin is its impressive performance. Since Go is a compiled language designed for concurrency, Gin can efficiently handle many requests simultaneously while using relatively few system resources. Best for: REST APIs Microservices High-performance syst
AI 资讯
Building a real-time gold & FX price ticker with WebSocket (Socket.IO)
If you build apps for jewelers, fintech dashboards, or e-commerce price automation, you eventually need one thing: reliable, low-latency gold and currency prices . Scraping fragile sources breaks constantly. A dedicated price API solves this. In this post I'll show how to consume real-time gold (gram, quarter, coin) and FX rates over both REST and WebSocket (Socket.IO) using the Hasfiyat Gold & Currency API . Why a price API instead of scraping? Stability — a documented contract instead of HTML that changes without notice. Low latency — prices are pushed as the market moves, not on a slow cron. Multiple sources with failover — if one provider drops, the feed keeps flowing. 1. Polling with REST The simplest integration: request the prices you need with your API key. curl -X GET \ 'https://api.hasfiyat.com/api/prices?symbols=HAS,GRAM,CEYREK' \ -H 'Authorization: Bearer YOUR_API_KEY' \ -H 'Accept: application/json' // Node.js const res = await fetch ( " https://api.hasfiyat.com/api/prices?symbols=HAS,GRAM,CEYREK " , { headers : { Authorization : " Bearer YOUR_API_KEY " } } ); const data = await res . json (); console . log ( data ); REST is ideal for periodic reporting, server-side jobs, and updating e-commerce product prices. 2. Live updates with Socket.IO For price screens, signage, and mobile apps where every tick matters, keep a connection open and let the server push changes: import { io } from " socket.io-client " ; const socket = io ( " https://api.hasfiyat.com " , { auth : { token : " YOUR_API_KEY " } }); socket . on ( " gold_prices " , ( data ) => { // { symbol: "HAS", type: "Has Altın", buy: 2450.85, sell: 2455.10, timestamp: "14:32:01.045" } console . log ( data ); }); No polling, no hammering the server — each market move arrives instantly. 3. A minimal live ticker in the browser <div id= "gold" ></div> <script src= "https://cdn.socket.io/4.7.5/socket.io.min.js" ></script> <script> const socket = io ( " https://api.hasfiyat.com " , { auth : { token : " YOUR
开发者
Automating Security in Python: A Hands-On Guide to SAST with Bandit and GitHub Actions
Introduction In today's fast-paced development cycles, security can no longer be an...
AI 资讯
I analyzed 292 open Forward Deployed Engineer jobs. Here is the data.
"Forward Deployed Engineer" went from a Palantir-specific title to one of the hottest roles in AI in about eighteen months. But nobody had actually counted the market, so I did. I pulled every open FDE role I could find from public ATS job boards (Greenhouse, Lever, Ashby) across 11 companies and analyzed all 292 of them. Here is what the data says. Who is hiring Three companies account for 250 of the 292 openings: Palantir: 95 (they coined the title, and still call many of these roles "Deployment Strategist") Databricks: 85 OpenAI: 70 Then a long tail: Cohere and Scale AI (13 each), Sierra, Writer, Modal, Baseten, Ramp, and Sardine. What it pays Of the 40 roles that disclosed a US pay band, the median ran $197K to $294K , topping out at $390K plus equity at OpenAI and Sierra, with a floor around $137K. That is senior-software-engineer money for a role a lot of engineers have never heard of. International and most Palantir roles did not publish bands, so the true market is likely even broader. Three things that surprised me 1. 98% of these roles are customer-facing. This is the defining trait. It is not a backend role with occasional meetings. It is an engineer who lives in the customer's world, and if that sounds terrible to you, this is not a role you would enjoy occasionally. It is the whole job. 2. The title is chaos. The same role goes by at least four names: Forward Deployed Engineer (152), Forward Deployed Software Engineer (58), AI or Deployment Engineer (43), and Deployment Strategist (36). If you only search one term, you miss most of the market. 3. The job descriptions undersell the technical bar. JDs emphasize customer-facing work, cloud (AWS/GCP/Azure), Python, and integrations. But SQL and algorithms show up in only about a third of them, even though every FDE loop I have seen tests live coding and SQL under time pressure. The description sells the breadth. The interview tests the depth. The other details Geography: about 48% USA, but genuinely global
AI 资讯
Stop Creating a React Project Just to Preview a JSX File
If you're using AI coding assistants like ChatGPT, Claude, Cursor, or Lovable, you've probably accumulated dozens of JSX components. Generating them is incredibly fast. Previewing them? Not so much. The Typical Workflow Every time I received a JSX component, I found myself repeating the same process. Create a React project (or open an existing one) Copy the JSX file Install dependencies Fix missing imports Run the development server Wait for everything to compile All of that... just to see one component. It felt like unnecessary overhead. There Had to Be a Better Way I asked myself a simple question: Why can't I just double-click a JSX file and preview it? We can instantly open images, PDFs, videos, and text files. Why should JSX files require an entire development environment? That's what inspired me to build PreviewKit . What is PreviewKit ? PreviewKit is a lightweight Windows application that lets you preview frontend components instantly. Supported file types include: ✅ JSX ✅ Vue ✅ HTML No project setup. No dependency installation. No terminal commands. Just open the file and see the result. Why I Built It AI has dramatically changed frontend development. We're no longer spending most of our time writing components—we're reviewing, comparing, and refining them. That means fast visual feedback is more important than ever. I wanted a tool that removed the repetitive setup process so I could focus on building better interfaces instead of preparing a preview environment. Who Is It For? PreviewKit is useful if you: Build React applications Work with Vue components Test standalone HTML files Generate UI with AI tools Review components from teammates Prototype interfaces quickly If opening frontend files feels slower than it should, PreviewKit was built for you. The Goal Isn't to Replace Your Framework You'll still use React. You'll still use Vue. You'll still use Vite or Next.js. PreviewKit isn't trying to replace your existing workflow. It simply removes one frustrat
AI 资讯
The Beginner App Idea Checklist Before You Ask AI To Code In 2026
The most dangerous moment in an AI-built app project is not when the code breaks. It is earlier. It is the moment where your idea is still blurry, the AI coding tool is sitting there politely, and you type: Build me an app that... That sentence feels productive. It also gives the tool permission to make a pile of decisions you have not made yet. Who is the app for? What is version one? Which workflow matters first? What data has to exist? What should not be built yet? What would make the first version successful? If those answers are missing, AI has to guess. And AI guessing at product shape is how beginners end up with a login system, dashboard, profile editor, notifications panel, admin area, billing flow, and settings page before one real user problem has been solved. That is not momentum. That is software confetti. I like AI coding tools. I use them heavily in real app work. But the tool gets much better when the project has boundaries before code starts changing. So before you ask AI to code your first app, run the idea through a checklist. Not a giant business plan. Not a pitch deck. Not a 47-tab spreadsheet that makes you feel like you joined a corporate strategy retreat by accident. A practical beginner checklist. The goal is simple: turn a rough app idea into something AI can help you build without inventing the whole product for you. 1. Can You Name The Person? Do not start with "users." Start with one person you can picture. Bad: This app is for people who want to be more productive. Better: This app is for freelance designers who need one place to track client feedback, revision status, and final file delivery. Bad: This app is for musicians. Better: This app is for guitarists who want to capture riff ideas quickly on their phone without opening a full mobile studio app. Bad: This app is for students. Better: This app is for college students who want to scan textbook chapters and turn them into study notes before an exam. When you name the person, the ap
开发者
"Four Remote Job Boards Have Free Public APIs. Here Is One Schema for All of Them"
If you want remote job data, you do not need to scrape HTML or sign up for anything. Four of the bigger remote job boards publish keyless public feeds. The catch is that they all speak different dialects, so the real work is normalization. Here are the endpoints and the traps. The four feeds RemoteOK returns its whole current board as one JSON array: GET https://remoteok.com/api The first element is a legal notice, not a job: they ask for a link back with attribution as a condition of using the feed. Skip element zero, and honor the attribution if you republish. Jobs carry salary_min and salary_max as numbers, tags, and ISO dates. Remotive has the friendliest API of the four, including server side search: GET https://remotive.com/api/remote-jobs?search=python&limit=100 Salary here is free text ( "$120k - $160k" ), so do not expect numbers. Attribution with a link back is required here too. WeWorkRemotely publishes RSS: GET https://weworkremotely.com/remote-jobs.rss Two quirks: the company name is not a field, it is baked into the title as Company: Role , so split on the first colon. And useful data hides in nonstandard tags like <region> , <skills> , and <category> that generic RSS parsers drop on the floor. Himalayas has a proper paginated API with a surprisingly deep catalog (100k+ listings): GET https://himalayas.app/jobs/api?limit=100&offset=0 It gives structured minSalary / maxSalary with a currency and period, seniority arrays, location restrictions, and even timezone restrictions as UTC offsets. Dates are epoch seconds, not ISO strings. The normalization layer The row schema that survived contact with all four sources: { "source" : "Remotive" , "title" : "Senior Backend Engineer" , "company" : "Acme Corp" , "tags" : [ "python" , "aws" ], "salaryMin" : null , "salaryMax" : null , "salaryText" : "$120k - $160k" , "location" : "Worldwide" , "postedAt" : "2026-07-03T20:01:13.000Z" , "applyUrl" : "https://..." } Rules that mattered in practice: Keep both salary sh
科技前沿
Tesla expands robotaxi service to small section of Miami
The company's robotaxi roadmap mentions future expansions to Orlando and Tampa.
开发者
Review: Supergirl is not the disaster its low box office suggests
It’s a pretty good movie, but it needed to be a great movie to thrive in an oversaturated superhero market.
AI 资讯
What is Mistral AI? Everything to know about the OpenAI competitor
Mistral AI, which offers some open source AI models, has raised significant funding since its creation in 2023, with the ambition to “put frontier AI in the hands of everyone.”
科技前沿
Tesla driver charged with manslaughter for Texas crash that killed a woman in her home
The incident is also being investigated by the National Highway Traffic Safety Administration.
AI 资讯
CAI.com — a custodial @cai.com email, multi-chain stablecoin wallet, and MCP-installable agent API
CAI.com — a custodial @cai .com email, multi-chain stablecoin wallet, and MCP-installable agent API A custodial email, a stablecoin wallet, a credential vault, and an agent-ready API — all at one @cai.com address. This post walks through what CAI is, what you get when you sign up, and how to wire the agent side into any MCP-compatible host. What you get at cai.com/app A free @cai.com email comes with four product surfaces, all under one account: A real inbox at @cai.com . Send and receive mail like any other address. The signup gives you the address; the dashboard gives you the SMTP/IMAP credentials if you want to use a desktop client. A custodial multi-chain stablecoin wallet. Built in. Six chains. External wallets supported. MoonPay for fiat on-ramp (partial-live, third-party KYC and region limits apply — see cai.com/capabilities.html ). A user vault for site credentials. Store website logins and passwords. The agent you build retrieves them when needed, with your explicit confirmation. The vault is for your site credentials, not the agent's API key. An API key for the agent you build or use. Free tier covers read scopes; pay and full scopes may require verification. The key is in the account dashboard. How the signup works The signup at cai.com/app is four steps. About 2 minutes. Go to cai.com/app . Pick "Apply for @cai.com email." Enter your name. That's the only field on the first screen. CAI emails a 6-digit verification code to the address you provide. The code expires in 15 minutes. The email has a one-time link, not the code — copy the code from the email and paste it into the form. Enter the code, create a password, and you're done. At the end you have: A @cai.com email address. A custodial multi-chain stablecoin wallet. A user vault for site credentials. An API key for the agent you build or use. No card. The email is free. The agent side (for the technical reader) For the technical reader, the agent side is the reason to look at CAI. The install is one c
AI 资讯
I Spent 20+ Years in Industrial Maintenance. Now I’m Learning to Build Software.
I spent over 20 years working in industrial maintenance as a boilermaker. Most of that time was in refinery shutdowns and turnarounds—high-pressure environments where systems either hold or fail. There is no “mostly working” in that world. That experience has shaped how I approach software development. ⸻ I’m not just “learning to code.” I’m building systems. I’m currently working on transitioning into web development, but I’m not approaching it as a tutorial exercise I’m building real projects from day one—and documenting the process as I go. Not theory. Not exercises. Actual systems that are meant to run. ⸻ What I’m building right now A portfolio site that behaves like a system (kmwebdev.me) This isn’t a “personal website” in the usual sense. It’s a live system under controlled change. I treat it like industrial maintenance work: versioned updates instead of redesigns small, controlled changes only tracking what changed and why stability over aesthetics Nothing gets changed without intent. ⸻ A production-focused email framework (Skeleton Framework) Alongside the portfolio work, I’m building a separate system for HTML email development. Email is one of the most constrained environments in web development. Rendering is inconsistent, standards are partial, and modern CSS support is unreliable across many clients. So instead of fighting those constraints, I’m building a framework specifically designed around them. The focus is simple: predictable rendering in real-world email clients It’s still early, but it’s being developed with production use in mind—not experimentation. ⸻ The way I work hasn’t changed—only the tools have In industrial maintenance, you learn a few hard rules: don’t assume—verify don’t scale chaos don’t change more than you can test document everything that matters So I carry that directly into development: versioned releases (v1.0, v1.3.6, etc.) controlled incremental changes explicit documentation of limitations real-world testing across environmen
AI 资讯
Hey number pad lovers, this is a keyboard we can finally agree on
I know a vocal group of people who swear by the number pad on their keyboard. And yet, for years I haven't cared about using one - until I put my hands on the Epomaker RT98. It's a mechanical keyboard with a charming retro aesthetic, a fun CRT-like screen, VIA compatibility, a nice typing feel, […]
产品设计
The square-ish phone that I wanted to love
The Ikko MindOne Pro is delightfully small. I keep calling it a square phone, which isn't quite right; the screen is square, but the phone itself is slightly rectangular. The camera flips up so you can use it for selfies - you can even open it partway to use as a stand or a kind […]