今日已更新 215 条资讯 | 累计 21081 条内容
关于我们

标签:#EV

找到 3067 篇相关文章

AI 资讯

Tests Pass, Design Breaks: Why TDD Can't Hold the Line on Design Intent

There is a popular misconception that if you do TDD, your design also stays correct. That if the tests pass, quality is guaranteed. In AI-assisted development, this misconception is the kind that quietly accumulates — the more tests you have, the more invisible damage builds up underneath. All tests passed. The design was still broken. Here is what happened today. A function called safe_post.py had its signature changed. Two arguments — notify_sh and doctor_sh — were removed. The test suite passed in full. But the callers were still using the old signature. They were silently broken. Why did the tests pass? Because the test code itself was using the old signature. The tests had been written (by AI) at a time when the design intent was already misunderstood. The misunderstanding was baked into the tests from the start. Tests passing and the design being correct are two different things. "All tests pass" tells you only one thing: the implementation matches what the tests expect. Whether the tests express the right design intent is a separate question. TDD verifies "implementation against tests" — nothing more Let me restate the TDD definition. Red → Green → Refactor. Write a test. Write the implementation that passes the test. Refactor. In this loop, what the test verifies is whether the implementation meets the test's expectation. That is one verification — and only one. What TDD does not verify is whether the test itself correctly expresses the design intent. The structure looks like this: Design intent → Tests (← this link is not verified) ↓ Implementation (← this link is verified by tests) If the person writing the tests misunderstands the design intent, the tests will pass and the design will still be wrong. Machine learning engineer Hamel Husain calls this the "Gulf of Specification" — the gap between what you intended to measure and what your metric actually measures. Optimize hard against a flawed metric and you optimize hard in the wrong direction. The same d

2026-06-27 原文 →
AI 资讯

Post-Mortem Best Practices That Actually Drive Change

The Post-Mortem Nobody Learns From I've sat through hundreds of post-mortems. Most follow the same pattern: something breaks, someone writes a Google Doc, we have a meeting, we list action items, nobody follows up, the same thing happens again in 3 months. Here's how to break the cycle. The Blameless Culture Trap "Blameless" doesn't mean "actionless." The biggest failure mode I see is teams that use blameless culture as an excuse to avoid accountability. Blameless means: we don't punish the person who pushed the bad deploy. Blameless does NOT mean: nobody is responsible for fixing the systemic issue. My Post-Mortem Template # Incident: [SERVICE] [SYMPTOM] on [DATE] ## Impact - Duration: X minutes - Users affected: N - Revenue impact: $X - SLO budget consumed: X% ## Timeline (UTC) - HH:MM - First alert fired - HH:MM - On-call acknowledged - HH:MM - Root cause identified - HH:MM - Fix deployed - HH:MM - Service recovered - HH:MM - All-clear declared ## Root Cause [2-3 sentences. Technical but readable.] ## Contributing Factors 1. [Factor that made the incident possible] 2. [Factor that made detection slow] 3. [Factor that made resolution slow] ## What Went Well - [Something that worked] - [Something that helped] ## What Went Wrong - [Process failure] - [Technical gap] ## Action Items | Action | Owner | Priority | Due Date | Status | |--------|-------|----------|----------|--------| | ... | ... | P1/P2/P3 | ... | Open | ## Lessons Learned [1-2 paragraphs of genuine insight] The Action Item Problem Action items from post-mortems have a 30% completion rate industry-wide. That's terrible. Here's why: Too many items (I've seen post-mortems with 15 action items) No clear ownership No deadline No follow-up mechanism Competing with feature work The Fix: Three Rules Rule 1: Maximum 3 action items per post-mortem. If you can't narrow it to 3, you haven't identified the real problems. Rule 2: Every action item gets a JIRA ticket linked to the next sprint. Not "someday." Not "bac

2026-06-27 原文 →
AI 资讯

OTP Verification in Playwright Without Regex

Most guides to OTP testing in Playwright include a function that looks something like this: function extractOtp ( emailBody : string ): string { const patterns = [ / \b(\d{6})\b / , /code [ : \s] + (\d{4,8}) /i , /verification [ : \s] + (\d{4,8}) /i , /OTP [ : \s] + (\d{4,8}) /i , ]; for ( const pattern of patterns ) { const match = emailBody . match ( pattern ); if ( match ) return match [ 1 ]; } throw new Error ( ' OTP not found in email body ' ); } This function is fragile. It breaks when the email template changes. It returns false positives when the email body contains order IDs or timestamps. It requires you to maintain regex patterns for every email provider your app might use. There is a better way. The Problem with Regex OTP Extraction When your app sends a verification email, the OTP is buried somewhere in the HTML body. To extract it you need to: Fetch the raw email body Parse HTML or plain text Apply regex patterns that match your specific email format Handle edge cases — 4-digit vs 6-digit codes, codes in tables, codes in buttons Every time your email provider changes their template, your regex breaks. Every time you add a new auth provider, you write new patterns. It is maintenance overhead that compounds forever. The right place to extract the OTP is at the infrastructure layer — before the email even reaches your test suite. How ZeroDrop Extracts OTPs at the Edge ZeroDrop catches emails at Cloudflare's edge before storing them. When an email arrives, the worker runs OTP detection on the body and stores the result as a structured field alongside the raw email. By the time your test calls waitForLatest() , the OTP is already extracted and sitting in email.otp . No regex. No HTML parsing. No maintenance. const email = await mail . waitForLatest ( inbox ); email . otp // "847291" — already extracted Setup npm install zerodrop-client No API key. No signup. No environment variables. Basic OTP Test import { test , expect } from ' @playwright/test ' ; import

2026-06-27 原文 →
AI 资讯

When Old Things Take On New Meaning in the Age of AI (Bite-size Article)

Introduction — On What I've Been Writing for Years This is a follow-up to my previous post on Claude and MCP . Just sharing some recent thoughts. Personally, I've always enjoyed keeping records and analyzing my own work. So for years, I've been logging my daily tasks, jotting down thoughts, hesitations, and impressions in notes. I've drawn on these records for reviews, analysis, and decisions on various projects. The tools have shifted over time — Evernote, Notion, Logseq, Taskuma, and so on — but the habit itself, of writing notes into some app or tool, has stayed with me for years. What Happened with MCP I recently wrote about connecting Notion and Google Docs through MCP, and the results have surprised even me. I won't repeat the details here since they're in that post, but ever since I introduced MCP, the flow of information has accelerated dramatically. In particular, I'd been accumulating reviews, task management notes, and brainstorms in Notion for years, and letting Claude read all of this has shifted the meaning of what I'd previously written. When I first started recording in Notion, it never occurred to me that it might be useful to AI. Of course — I had no way to imagine a time when AI would become this close to everyday life, used in this way. I was just writing for plain, analog reasons — "so I could look back later," "so I could organize my own thinking." But the moment MCP made it all readable, the feeling shifted. It's as if my past self comes forward to help my current self. Claude answers my current questions while drawing on the reasoning behind old project decisions, or on impressions I'd noted at the time. I've had moments like that more than once now. Thinking about it: the human brain's memory has limits — even the person who wrote something forgets it quickly. That's why I kept taking notes, leaving behind my thoughts and conclusions at each point in time as a record. And now, in the flow of conversation, AI reads from those records, distill

2026-06-27 原文 →
AI 资讯

Your cloud keys should not exist

Most cloud platforms that need access to your infrastructure start with the same onboarding step: paste in a service account key. Or an access key and secret. Or a JSON blob you downloaded from the console and definitely should not be emailing to yourself. You paste it in. The platform stores it. You hope they encrypted it. You hope they rotate it. You hope nobody on their team can read it. You move on with your day and try not to think about it. We built Zero — b0gy's platform for engineering truth — around a different premise. For cloud infrastructure access — GCP and AWS — we don't store credentials at all. The platform connects to your projects and accounts using short-lived, federated identity tokens that are minted on demand and expire in minutes. There is nothing to leak because there is nothing stored. Not every integration can work this way. GitHub, Slack, and Jira use OAuth, which means we do hold tokens for those services. But for the highest-risk connections — the ones with read access to your entire cloud infrastructure — keyless was a hard requirement. This is the first post in a three-part series about building Zero. We're starting here because the connector model shaped everything else. Why stored secrets are the wrong default The argument for storing a service account key is convenience. You paste it once, the platform can access your cloud whenever it needs to. Simple. The argument against it is longer. A stored secret is a liability that compounds over time. The moment you paste a GCP service account key into a third-party platform, you've created a credential that is valid indefinitely, scoped to whatever permissions you granted, and stored in a system you don't control. If that platform gets breached — or if an employee with database access gets curious — that key works until someone revokes it. And nobody revokes it, because nobody remembers it exists. This isn't theoretical. The GitGuardian 2026 report found 28.65 million hardcoded secrets pus

2026-06-27 原文 →
AI 资讯

Manage Sensitive Data In Application Code | 🏗️ Build A Secure Configuration Service

Exam Guide: Developer - Associate 🏗️ Domain 2: Security 📘 Task 3: Manage Sensitive Data In Application Code Managing Sensitive Data In Application Code is about keeping secrets out of your code, classifying data properly, and building applications that handle sensitive data safely. You need to know when to use Secrets Manager vs Parameter Store, how to mask PII in API responses and logs, and how to isolate data in multi-tenant applications. The ability to choose the right secret management service, implement data sanitization, and enforce tenant-level data boundaries, is vital. 📘Concepts Data Classification Understand data sensitivity levels and how each should be handled: Classification Examples Handling Requirements PII (Personally Identifiable Information) Name, email, SSN, phone number, address Encrypt at rest and in transit, mask in logs and API responses, restrict access PHI (Protected Health Information) Medical records, insurance IDs, lab results HIPAA compliance, encryption required, audit trail mandatory Financial Credit card numbers, bank accounts, transaction data PCI DSS compliance, tokenization, never store full card numbers Public Marketing content, public API docs No special handling needed 💡 If a scenario mentions compliance or audit trail , think encryption with KMS (for CloudTrail logging) and Secrets Manager (for automatic rotation). If it mentions PII in logs , think data masking and sanitization. Secrets Manager vs SSM Parameter Store Both store configuration and secrets. Feature Secrets Manager SSM Parameter Store Automatic rotation Yes (built-in for RDS, Redshift, DocumentDB) No (you build it yourself with Lambda) Cost $0.40/secret/month + $0.05 per 10,000 API calls Free (Standard tier), $0.05/advanced parameter/month Cross-account access Yes (via resource policy) Yes (advanced parameters only) Max size 64 KB 4 KB (Standard) / 8 KB (Advanced) Versioning Automatic (AWSCURRENT, AWSPREVIOUS labels) Yes (version history) Encryption Always encrypt

2026-06-27 原文 →
AI 资讯

TMX: The open standard AI agent memory has been waiting for

TMX: The open standard AI agent memory has been waiting for The problem no one talks about: your agent's memories are prisoners. If you build an AI agent today using Mem0, your memories are locked in Mem0. Switch to Zep? You lose everything. Move to a new framework? Start from zero. This is exactly the problem email had in 1970. Every system had its own format. You couldn't send an email from one system to another. Then SMTP was invented. And email became universal. Today I'm publishing TMX v0.1 — the SMTP of AI agent memory. What is TMX? TMX (Truvem Memory eXchange) is an open, model-agnostic JSON format for storing, exporting, and importing AI agent memories across any platform, framework, or provider. It looks like this: { "tmx_version" : "0.1" , "exported_at" : "2026-06-26T20:00:00Z" , "source" : "truvem" , "agent_id" : "my-agent" , "memories" : [ { "id" : "550e8400-e29b-41d4-a716-446655440000" , "content" : "User prefers dark mode and concise responses" , "created_at" : "2026-06-01T08:30:00Z" , "updated_at" : "2026-06-01T08:30:00Z" , "expires_at" : null , "tags" : [ "preference" , "ui" ], "source_model" : "gpt-4o" , "metadata" : {} } ] } That's it. Plain JSON. Human-readable. Portable. Why this matters Right now, the AI agent ecosystem is exploding. Every week there's a new memory provider, a new framework, a new cloud service. But every one of them uses a proprietary format. This means: Developers are locked to their first choice forever Agent memories can't travel between clouds Switching providers = losing everything your agent learned This is the biggest hidden tax in the agentic AI stack. TMX fixes it with a single open spec that anyone can implement — for free, with no approval needed. The 5 core principles 1. Open — No license required. Implement TMX in any product, commercial or otherwise. 2. Model-agnostic — Works with GPT-4, Claude, Gemini, Mistral, Llama, or any future model. 3. Framework-agnostic — LangChain, CrewAI, Mastra, AutoGen — doesn't matter

2026-06-27 原文 →
AI 资讯

AI Automations for Local Service Businesses: What Actually Works

Everyone is selling AI to small businesses right now. Most of it is hype. But some of it is genuinely useful — and knowing the difference can save you thousands in wasted tooling. I run a small agency in Stuttgart that builds websites and automations for local service businesses: coaches, doctors, beauty studios, consultants. Here's what actually moves the needle for them in 2025. What "AI Automation" Actually Means for Small Businesses Forget the generic pitch. For a local service business, AI automation is useful in exactly three places: Client communication at scale — responding to inquiries 24/7 without hiring a receptionist Reducing admin time — intake forms, follow-ups, reminders, invoicing triggers Content creation — but only as a speed boost, not a replacement for your voice Anything beyond that is usually overkill for a business under 10 employees. The One Automation Every Service Business Should Have Automated follow-up after initial contact. Here's the typical flow without automation: Client fills out contact form You see it 4 hours later You write a reply If you're busy, it takes a day Client has already booked elsewhere With automation: Client fills out form Immediate confirmation email ("Got your message, here's how to book a slot") Link to booking calendar You're notified. If they don't book in 48h, a follow-up email goes out automatically This alone converts 20-40% more inquiries into booked clients. No AI model needed — just a simple workflow in n8n, Make, or Zapier. Where LLMs Actually Help Language models (ChatGPT, Claude, etc.) are genuinely useful for small businesses in these areas: Intake Forms → Personalized Responses A coaching client fills out a detailed intake form. Normally, you'd spend 20 minutes reading it and writing a personalized welcome email. With a simple LLM integration: Intake form submitted Webhook fires to n8n LLM reads the form, generates a personalized summary + welcome You review it in 30 seconds and hit send Same personal

2026-06-27 原文 →
AI 资讯

How We Actually Measure Whether an LLM's Output Is Good - BLEU, COMET and BLEURT

Hello, I'm Shrijith Venkatramana. I'm building git-lrc, an AI code reviewer that runs on every commit. Star Us to help devs discover the project. Do give it a try and share your feedback for improving the product. An AI model writes a paragraph. It sounds fluent. It looks convincing. But how do you know whether it's actually good? This deceptively simple question has occupied researchers for more than two decades. Long before ChatGPT, machine translation researchers faced exactly the same problem. Human evaluation was expensive, inconsistent, and painfully slow. If every new model required thousands of humans to compare translations, research would crawl. That necessity gave rise to BLEU , one of the most influential evaluation metrics in AI history. Years later, as language models became better at paraphrasing and reasoning, BLEU started to show its age. Researchers responded with learned metrics like BLEURT and COMET , which use neural networks to judge language much more like humans do. Interestingly, this mirrors software engineering itself. We first wrote simple unit tests, then integration tests, and today we increasingly rely on sophisticated observability systems. Evaluation metrics for LLMs have undergone a similar evolution. Let's see why. Before BLEU: The Evaluation Bottleneck Imagine you're building Google Translate in 2001. Every time your team improves the model, someone has to read thousands of translated sentences and score them. Suppose a single sentence pair takes only 20 seconds to judge. Evaluating 50,000 sentences would require nearly 280 human-hours . Now imagine dozens of experiments every week. Evaluation—not training—quickly becomes the bottleneck. Researchers at IBM, led by Kishore Papineni , introduced BLEU (Bilingual Evaluation Understudy) in 2002 to automate this process. Their idea was surprisingly simple: If a machine translation resembles what professional translators write, it's probably good. This became one of the most cited papers

2026-06-27 原文 →
产品设计

System Design for Working Engineers, Not Interview Prep

Originally published at malaymehta.com The Interview Trap If you look at most system design tutorials, you get an extreme use case. Design Twitter. Design YouTube. Scale it to a billion users. Draw boxes on a whiteboard for 45 minutes. Do you think your app will be used by a billion users on day one? The answer is almost always no. But the tutorials don't teach you what to do when you have 500 users, unclear requirements, a team of four, and a quarter to ship something that works. Real system design is nothing like a whiteboard interview. You don't get clean requirements, you don't design from scratch, and nobody asks you to handle a billion requests per second on day one. Real System Design Starts with Questions, Not Diagrams The very first thing that matters in system design is something most tutorials skip entirely: unclear and chaotic requirements. In the real world, requirements don't come as a clean problem statement. They come from non-technical business teams, and you need to navigate through cross-questions to get all the clarity you need. Ask as many questions as possible. Understand your functional and non-functional requirements. Which features need to be synchronous and which can be async? What are the read and write load patterns? What is the maximum and average number of concurrent users right now? What does authentication look like? Do you need role-based access control? These questions drive your choices. You don't always need an axe where a knife will do. Being minimalist with a reasonable growth prediction and a 3, 6, 9 month plan will take you in the right direction. There will be things the situation demands immediately but would take more time than expected. Taking a predictable hit now and fixing it at the right future time without missing that balance is truly important. Weighing what will be expensive to change later, in terms of dollar cost or human effort, is how real architectural decisions get made. Pushing Back on Bad Requirements Many

2026-06-27 原文 →
开发者

Malware Unpacking & Anti-Analysis Bypass: A Deep Dive into Real-World Techniques

Malware authors don't make our job easy. Every time we think we've figured out their tricks, they layer on another obfuscation technique, another anti-debugging check, another sandbox evasion. Over the past few weeks, I've been deep in the trenches with some particularly stubborn samples — the kind that detect your debugger, hide their strings behind XOR encoding, and hollow out legitimate processes to hide their payload. This article walks through my hands-on exploration of these techniques. We'll look at how malware detects analysis tools, how it obfuscates its strings, how it unpacks itself in memory, and most importantly — how we can bypass these defenses to see what the malware is actually trying to do. The tools we'll use: x64dbg/x32dbg for dynamic analysis and patching IDA Pro for static disassembly REMnux (Linux toolkit) for string deobfuscation FLOSS, XORSearch, bbcrack for automated string decoding Scylla & OllyDumpEx for dumping unpacked payloads Process Hacker for memory forensics Problem Statement Modern malware is rarely "what you see is what you get." A single executable might be: Packed — the actual malicious code is compressed/encrypted and only revealed at runtime Anti-debug aware — it checks for debuggers and changes behavior or terminates Sandbox-aware — it detects virtualized environments and refuses to execute its payload String-obfuscated — URLs, registry keys, and IOCs are encoded to evade signature detection Process-injecting — it hollows out a legitimate process (like explorer.exe ) and runs its code there Our goal: peel back these layers and extract the real payload for analysis. Exercise 1: Bypassing Debugger Detection in getdown.exe What I Found The first sample, getdown.exe , refused to show any network activity when run inside a debugger. Outside the debugger, it connected to 1.234.27.146:80 . Classic anti-debugging behavior. The Detection Mechanism Using x64dbg, I searched for intermodular calls and immediately spotted IsDebuggerPrese

2026-06-27 原文 →
开发者

I made a small RF Online Next guide site

Hey everyone 👋 Is anyone here playing RF Online Next? I recently built a fan guide website for it: 👉 https://rf-online-next.net RF Online Next Guide — Starter Finder & Beginner Tips New to RF Online Next? Answer 3 questions to get your starter Biosuit, faction lean, and first-day checklist — personalized for your playstyle. rfonlinenextguide.com The idea is pretty simple. When a new MMO launches, information is usually all over the place — Discord messages, random posts, outdated guides, fake code pages, and long videos when you only need one quick answer. So I wanted to make a cleaner guide hub for players who just want to know: how to download and play which faction to pick what Biosuits/classes are good whether there are any real codes how to fix server full/login issues how Mining War / Chip War works what Sacred Weapons do The site focuses a lot on Mining War, the big 450-player faction war between Bellato, Cora, and Accretia. I also tried to keep the content honest. For example, the codes page doesn’t list fake “working codes” just for clicks. If there are no confirmed codes, it says that clearly. From the dev side, I structured the site around search intent instead of a normal blog feed. So the homepage points players directly to the guide they probably need. It also has multilingual sections for different regions, since RF Online Next has players from many countries. Would love to hear feedback from other devs, especially on: site structure SEO approach guide layout content clarity anything that feels confusing If you’re into MMOs, gaming websites, or niche SEO projects, feel free to check it out: 👉 https://rf-online-next.net RF Online Next Guide — Starter Finder & Beginner Tips New to RF Online Next? Answer 3 questions to get your starter Biosuit, faction lean, and first-day checklist — personalized for your playstyle. rfonlinenextguide.com

2026-06-26 原文 →
产品设计

I Rebuilt Instagram Stories' Segmented Progress Bars

Instagram/WhatsApp Stories have a signature UI: those segmented bars across the top, one filling at a time. It looks fancy but it's a simple pattern. Here's a live, tappable rebuild in vanilla JS + CSS. 📸 Try it (tap left/right, hold to pause): https://dev48v.infy.uk/design/day17-instagram-stories.html The segmented bar One bar per story. The rule: only the active segment animates its width 0→100%; segments before it are full, segments after are empty. When the active one completes, advance to the next and reset the rule. Driving the fill A single requestAnimationFrame loop tracks elapsed time vs the per-story duration (~4s) and sets the active bar's width. On completion → next story. The interactions that sell it Tap the right half = next, left half = previous (split the screen into two zones). Press-and-hold = pause ( pointerdown pauses the timer, pointerup resumes) — so users can actually read. Reset past/future segment states whenever you jump. Why rAF over CSS animation A timer loop makes pause/resume and tap-to-skip trivial — you control the clock. Pure CSS animations are harder to interrupt mid-fill. 🔨 Full build (segments → animate active → advance → tap zones → hold-to-pause) on the page: https://dev48v.infy.uk/design/day17-instagram-stories.html Part of DesignFromZero. 🌐 https://dev48v.infy.uk

2026-06-26 原文 →
AI 资讯

On-premises AI coding tools - safeguarding data privacy in software development

Check how on-premises AI solutions empower enterprises to safeguard sensitive code, ensure data residency, and maintain full compliance without compromising performance. Why privacy and security matter in AI-powered development? As enterprises increasingly adopt AI to automate code reviews, testing, and vulnerability scanning, ensuring data privacy becomes paramount. Cloud-based AI tools may expose sensitive source code, customer data, or intellectual property to external risks. By contrast, on-premise AI tools allow organizations to keep data within their controlled environments by aligning with data sovereignty and compliance requirements like GDPR and CCPA. According to Gartner, by 2026, 75% of organizations will demand AI solutions that guarantee strong data residency and compliance assurances. What are on-premise AI tools for software development On-premise AI tools are artificial intelligence solutions that are deployed and operated within an organization’s own infrastructure, rather than relying on external cloud services. In the context of software development, on-premise AI allows teams to leverage advanced AI capabilities such as code analysis, automated testing, and security scanning while keeping all data and processes within their own controlled environment. Core components of on-premise AI infrastructure include: Hardware: servers, GPUs, and storage devices physically located on-site or in a private data center. Software: AI models, orchestration tools, and management platforms installed and maintained by the organization. Security Measures: firewalls, access controls, and monitoring systems tailored to the organization’s specific needs. Examples of on-premise AI tools in software development: AI-powered code review platforms installed on internal servers automated vulnerability scanners running within the company’s network machine learning models for test automation, hosted locally. Primary connection to data privacy: on-premise AI ensures that sensit

2026-06-26 原文 →
AI 资讯

Seu código de validação de CPF tá gritando por socorro (e você nem percebeu)

Deixa eu adivinhar. Você tá com um projeto Laravel rodando, tem uns 5, 10, talvez 15 formulários que recebem CPF. Cadastro de cliente, cadastro de fornecedor, atualização de perfil, checkout, área administrativa… e em cada um desses lugares tem aquela mesma lógica de validação de CPF. Copiada. Colada. Com pequenas variações. E tá tudo bem. Até o dia em que o cliente pede pra mudar uma regra. Ou um bug aparece em um formulário e funciona normal no outro. Aí você abre o projeto, dá um Ctrl+Shift+F procurando "cpf" e… surpresa: tem oito lugares diferentes com a mesma validação. Com mensagens de erro escritas de oito jeitos. Uma delas até com erro de digitação. Já passou por isso? Então senta que essa conversa é pra você. O crime acontecendo em câmera lenta Olha esse cenário aqui, que eu garanto que você já viu (ou escreveu): // app/Http/Requests/StoreClienteRequest.php public function rules () { return [ 'cpf' => [ 'required' , function ( $attribute , $value , $fail ) { $cpf = preg_replace ( '/[^0-9]/' , '' , $value ); if ( strlen ( $cpf ) !== 11 ) { $fail ( 'CPF inválido.' ); return ; } // ... mais 20 linhas do algoritmo }], ]; } E aí, três dias depois, no outro Form Request: // app/Http/Requests/StoreFornecedorRequest.php public function rules () { return [ 'cpf' => [ 'required' , function ( $attribute , $value , $fail ) { $cpf = preg_replace ( '/[^0-9]/' , '' , $value ); if ( strlen ( $cpf ) !== 11 ) { $fail ( 'O CPF informado não é válido!' ); // mensagem diferente, claro return ; } // ... mais 20 linhas quase iguais, mas não exatamente }], ]; } Multiplica isso por 8 telas. Agora imagina o seu "eu do futuro" tentando manter isso. Dá pra sentir a dor daqui. DRY: a sigla que vai salvar seu projeto (e sua sanidade) DRY significa Don't Repeat Yourself . Em bom português: não se repita, caramba. A ideia é simples: cada pedaço de conhecimento (uma regra de negócio, um cálculo, uma validação) deve existir em um único lugar no seu sistema. Se precisar mudar, você muda em u

2026-06-26 原文 →
AI 资讯

Rust Ate the JavaScript Toolchain. Then Cloudflare Bought It

I run Vite on almost everything. Astro sites, Nuxt projects, a small group of libraries I maintain on the side. The build tool is the part of the stack I think about least, because it just works. So when the thing under all of that changes twice in three months, I read the release notes properly. Here is what actually changed, what breaks, and the part that made developers argue for a week straight. For Five Years, Vite Ran on Two Bundlers When Vite launched, it made a pragmatic bet. esbuild for the dev server, because it is fast. Rollup for production, because its output is well optimized. Two tools, two jobs. It worked. But it had a cost. Two bundlers meant two configs, two sets of quirks, and output that could drift between dev and prod. You tuned one, and the other behaved slightly differently. Vite 8 ends the split. It shipped on March 12 with a single bundler called Rolldown, written in Rust, with the Rollup plugin API on top. Under Rolldown sits Oxc, a Rust parser and transformer that does the TypeScript and JSX work Babel used to do. One language. One pipeline. Dev and prod finally agree. This Is a Pattern, Not a One-Off esbuild (Go) made webpack look slow. Bun did the same to Node for some workloads. Biome replaced Prettier and ESLint and runs many times faster. Now Rolldown does it to Rollup and esbuild at the same time. Every time a core JavaScript tool gets rewritten in a compiled language, the same thing happens. The speed jump is large enough to make the old version look broken. The interesting part is not the speed. It is the compatibility. These Rust tools do not ask you to relearn your stack. Rolldown speaks the Rollup plugin API. Biome follows ESLint and Prettier conventions. The migration is designed to be boring, and boring is the point. The Numbers, With a Grain of Salt The headline figure is real. Linear cut its production build from 46 seconds to 6 . Vite reports builds 10 to 30 times faster than the old Rollup path. Other large projects repor

2026-06-26 原文 →
AI 资讯

Making of Aantraa

Making of Aantraa aantraa.site — AI audio & video translation, caption generator, and viral shorts cutter. Under the Hood I run a small YouTube channel. I'm not a full-time content creator, but YouTube is a solid platform to gain traffic for your online work, business, project, or idea. Aantraa is what I built in a week. The main concept is simple: Video translation into multiple languages Audio translation — including text-to-audio, with MP3 output for Premiere Pro Long-form to shorts — convert YouTube long-form video into short clips At that time, only three features were needed, so website development wasn't the heavy lift. The real work was building APIs, backend infrastructure to integrate AI into video, and dealing with heavy storage. Breaking the execution into steps: How I made Aantraa AI LLM layering and provider Aantraa is heavily dependent on AI APIs — we need reliable infrastructure for LLM providers. OpenRouter, Portkey, Vercel AI SDK labs, and individual APIs for Anthropic, Deepseek, and OpenAI are solid options. I prefer OpenRouter for Aantraa for one reason: multiple model support — it's easy to pick the cheapest capable model for each job. Easy to integrate, strong community support, free model access, and more. AI LLM APIs are needed at almost every stage in the backend: Understanding video context and creating a script Translating the script into target languages Recording the script into MP3 or WAV format Summarising the video Generating captions Cutting videos into shorts Building APIs and servers Each layer needs heavy AI context and prompt engineering. Loop engineering is the trend here — and it's required for aantraa. For example, video translation works in multiple connected steps: Video translation API breakdown AI understands the video, fed into the LLM via the ffmpeg module AI generates a script/caption from the video AI translates the script into the desired language AI generates audio (MP3 or WAV) of the new translation AI glues audio a

2026-06-26 原文 →
AI 资讯

Presentation: AI Works, Pull Requests Don’t: How AI Is Breaking the SDLC and What To Do About It

Michael Webster discusses the rise of headless AI agents and their impact on software delivery pipelines. He shares how massive, AI-generated pull requests create a severe bottleneck for human reviewers and introduce persistent technical debt. Learn how engineering leaders can leverage test impact analysis and automated validation pipelines to verify agentic output without sacrificing stability. By Michael Webster

2026-06-26 原文 →