今日已更新 353 条资讯 | 累计 21219 条内容
关于我们

标签:#EV

找到 3098 篇相关文章

开发者

26 Free Online Developer Tools — No Signup, No Install (2026)

Most "free developer tools" lists link to GitHub repos you need Node.js to run locally, or SaaS products with a login wall. Everything below runs in a browser tab, handles your data client-side or deletes it from the server within 30 minutes, and requires no account of any kind. All 26 tools are at at-use.com . Grouped by what you are actually trying to do. Encoding & Decoding Base64 Encoder/Decoder — Encode text or binary to Base64, or decode it back. UTF-8 text and binary file payloads both work. Runs in your browser — nothing sent to a server. URL Encoder/Decoder — Percent-encode strings for safe URL inclusion, or decode percent-encoded URLs back to readable text. Handles both application/x-www-form-urlencoded and RFC 3986 encoding modes. HTML Entity Encoder/Decoder — Convert special characters to named HTML entities ( < → &lt; , & → &amp; ) or decode entities back to characters. Useful when building template strings or sanitizing output for display. Binary Translator — Text to binary, binary to text, or translate between binary, decimal, hex, and octal. Useful for low-level debugging and learning number representations. Number Base Converter — Convert integers between binary (base 2), octal (base 8), decimal (base 10), and hexadecimal (base 16). All four outputs shown simultaneously. JWT Decoder — Paste a JWT token to decode and inspect the header and payload. Runs entirely in the browser — your token never leaves your machine. JSON & Text JSON Formatter & Validator — Format, validate, and minify JSON in one click. Toggle between pretty-print and compact output. Syntax errors include the exact line and column number. Uses browser-native JSON.parse() — no data sent anywhere. Text Diff — Side-by-side text comparison with no character limit (diffchecker.com caps at 25,000 characters on the free tier). JSON-aware mode auto-formats both inputs before diffing so whitespace differences do not pollute the output. Case Converter — 12 text case

2026-06-23 原文 →
AI 资讯

Why IT Training Matters More Than Ever in Nepal

A look at what's actually changing in Nepal's job market, what it means for students and working professionals, and what separates training that gets you hired from training that just gives you something to print on a resume. Nepal is at an interesting crossroads right now. On one side, the country still carries the weight of a job market that hasn't kept up with its graduates. Every year, more than 500,000 young people enter the workforce. The economy, for all its resilience, simply does not generate enough traditional jobs to absorb that number. The result is familiar to most Nepali families: children who studied hard, passed their exams, collected their certificates, and then spent months, sometimes years, waiting for something to happen. On the other side, something genuinely different is building. Nepal's IT exports crossed $1 billion in 2025, according to NASIT's estimates. Software and BPO exports grew over 20% in the first seven months of fiscal year 2024/25 alone. The government's 16th development plan has set a target of 250,000 new IT jobs and a 5% GDP contribution from the sector by 2029. International companies, from Indian IT majors to US-based outsourcing firms, are paying attention to Nepal in ways they weren't a decade ago. These two realities exist at the same time, in the same country, often in the same family. A brother driving a taxi while his younger sister lands a remote software development contract earning more than their father ever did in a government job. The difference between those two outcomes, more often than not, comes down to whether someone made the decision to learn something the market actually needs, and found a way to learn it properly. That's what this piece is about. The Skills Gap Problem Nobody Talks About Enough Nepal's IT sector is growing, but that growth comes with a problem attached: a persistent, widening mismatch between what employers need and what most fresh graduates can actually do on day one. Companies like Deer

2026-06-23 原文 →
AI 资讯

The Myth of Specialized Integrations and Why Protocols Win

I’ve been shipping code since before most people even knew what Git was. I've seen entire architectures built around point-to-point API integrations that were beautiful for a quarter, and then became unmaintainable monoliths by the second year. If you spend any time in enterprise software development—especially anything touching customer data or HR pipelines—you run into integration hell. The modern AI agent promises to be this universal connective tissue, right? It sounds simple enough: give it access, and boom, productivity magic. But let’s be real about what that means under the hood. When an LLM is given a tool schema, how does it get data from five wildly different systems—Salesforce for contacts, Workday for employees, Zendesk for tickets, Greenhouse for candidates? The naive approach, and frankly, most teams still take it this way, is to build bespoke orchestration services. You create a microservice that accepts an input query (e.g., 'What did Jane do last month?') and then contains specialized logic: if the name format looks like a CRM record, call salesforce_api ; if it sounds HR-related, hit workday_endpoint , etc. This is debt acceleration disguised as architecture. You are not building an integration layer; you are building a brittle routing table that requires human intervention every time one of the underlying APIs changes its schema or rate limit structure. It’s glue code for glue code's sake, and it has a massive maintenance overhead. The core problem is that most agents see data sources as functional silos , not integrated components of a single operational truth. Your CRM thinks about accounts; your HRIS thinks about job codes; your ATS tracks keywords. They all speak different dialects of 'person' or 'business unit.' When an agent needs to know, say, which employees (HRIS) are currently candidates in the pipeline (ATS) who also have a linked account record (CRM), you hit a wall. The solution isn't more specialized microservices. The solution is s

2026-06-23 原文 →
AI 资讯

How to check whether AI recommends your site — the honest AEO audit I run for clients

Author: Alex Isa (Webappski). This is the dev-tutorial cut of a longer piece on the Webappski blog — terminal-first, fewer words on the why. If a buyer asks ChatGPT "best CDN providers 2026" and your product is not in the answer, you lose the sale before you ever see the lead. The only honest way to know whether that is happening is to ask the engines the questions your buyers ask and read the raw answers — not trust a single dashboard score. Here is the loop we at Webappski run for a client, with the open-source tool aeo-platform (MIT, zero runtime deps). 1. Install and point it at the client's domain npm install -g aeo-platform cd client-audit && aeo-tracker init init writes a .aeo-tracker.json . The three things that matter: { "brand" : "Northwind CDN" , // illustrative, fictional brand "domain" : "northwind.example" , // registrable domain — subdomains count, spoof hosts don't "engines" : [ "openai" , "gemini" , "anthropic" ], // ChatGPT, Gemini, Claude "queries" : [ "best CDN providers 2026" , "best low-latency video streaming CDN 2026" , "alternatives to the market-leading CDN 2026" ] } The questions ARE the audit. A basket of vanity phrases produces a flattering, useless number; a basket of the buyer's real decision questions produces a number that predicts revenue. Freeze it, so next month's run is comparable. 2. Run it — sampled, not one noisy shot AI answers are non-deterministic: ask the same question twice and you can get a different list. A single pass turns that noise into a fake-precise number. So run each cell several times and let the score carry a confidence interval instead of pretending one shot is the truth: # plain single-shot run aeo-tracker run # sample each cell N times — the score comes back with a Wilson confidence interval aeo-tracker run --samples = 5 With --samples=5 , every (query × engine) cell is queried five times; the headline presence rate is then reported as a Wilson interval, and small samples are flagged as small rather than so

2026-06-23 原文 →
AI 资讯

OrderHub Day 4: Bean Validation + Clean DTOs (Spring Boot)

OrderHub Day 4: never trust the client. Today the backend gets proper Bean Validation — bad requests are rejected at the edge with a clear 400, long before they reach the business logic. And it's all declarative. ✅ Try the validating form (see the 400 body): https://dev48v.infy.uk/orderhub/day4-validation.html Three DTOs, three jobs A common beginner mistake is using one class everywhere. OrderHub keeps them separate: Request DTO ( CreateOrderRequest ) — what the client sends, and where validation lives. Domain/Entity ( Order ) — the internal model. Response DTO ( OrderResponse ) — what the API returns, so internal fields never leak. Validation is just annotations public record CreateOrderRequest ( @NotBlank @Size ( max = 120 ) @CleanText String customer , @NotBlank @Size ( max = 200 ) @CleanText String item , @Min ( 1 ) @Max ( 1000 ) int quantity ) {} Add @Valid @RequestBody on the controller and Spring checks every rule before your method runs. Break one and it throws MethodArgumentNotValidException . A custom constraint + clean errors @CleanText is a custom ConstraintValidator (rejects blank-after-trim + a small blocklist) — you can write your own rules, not just the built-ins. A @RestControllerAdvice turns validation failures into a tidy 400 with a field→message map. (Day 5 upgrades this to full RFC-7807 ProblemDetail.) 🔨 Full walkthrough (constraints → @valid → custom validator → 400 handler) on the page: https://dev48v.infy.uk/orderhub/day4-validation.html OrderHub — a production-grade Spring Boot backend, one feature a day. 🌐 https://dev48v.infy.uk · Code: https://github.com/dev48v/order-hub-from-zero

2026-06-23 原文 →
AI 资讯

I built a developer portfolio template with React, Vite & Tailwind — here's what I learned

As a systems engineering student and frontend dev, I wanted a portfolio that looked professional without spending days fighting with design. So I built one — and ended up turning it into a reusable template. Here's what I focused on while building it: 1. Customization from a single file The biggest pain with most templates is digging through components to change your info. I put everything — name, bio, projects, skills, social links — into ONE config file. Edit that, and the whole site updates. 2. Light & dark mode Developers love dark mode, so I made it the default, with a smooth toggle for light mode. Both are fully themed. 3. Mobile-first & responsive Most people will view a portfolio on their phone, so I built it mobile-first and tested it down to small screens. 4. Easy deployment It works out of the box with Vercel or any static host, with a beginner-friendly setup guide in the README. The stack React + Vite Tailwind CSS Formspree-ready contact form You can see the live demo here: devfolio-template-vercel-app.vercel.app I also made it available as a template if it's useful to anyone: https://payhip.com/b/t1VUk Would love to hear your feedback — what do you look for in a developer portfolio? react #webdev #tailwindcss #showdev

2026-06-23 原文 →
AI 资讯

Python for Beginners — Part 6: Functions

Part 6 of a beginner-friendly series on learning Python from scratch. In Part 5 , we learned to organize data with lists, dictionaries, and other collections. Now it's time to organize our code itself. A function is a reusable block of code that performs a specific task. Instead of writing the same code multiple times, you write it once in a function, then call that function whenever you need it. This is the foundation of writing clean, maintainable programs. Defining and Calling Functions The basics def greet (): print ( " Hello, World! " ) greet () # Call the function Use def to define a function. The function name is followed by parentheses and a colon. The indented block below is the function's body. When you call the function (by typing its name with parentheses), Python runs the code inside it. Functions with parameters Most functions need information to work with. That's what parameters are for: def greet ( name ): print ( f " Hello, { name } ! " ) greet ( " Ramesh " ) # Hello, Ramesh! greet ( " Priya " ) # Hello, Priya! name is a parameter (placeholder). When you call greet("Ramesh") , name becomes "Ramesh" inside the function. Multiple parameters: def add ( x , y ): print ( x + y ) add ( 5 , 3 ) # 8 add ( 10 , 20 ) # 30 Return values A function can calculate something and give the result back to you with return : def add ( x , y ): return x + y result = add ( 5 , 3 ) print ( result ) # 8 The return statement stops the function and sends a value back. The caller can then use that value. def greet ( name ): message = f " Hello, { name } ! " return message greeting = greet ( " Ramesh " ) print ( greeting ) # Hello, Ramesh! A function can return multiple values as a tuple: def get_user_info (): return " Ramesh " , 25 , " Chennai " name , age , city = get_user_info () print ( name , age , city ) # Ramesh 25 Chennai Arguments: Positional vs Keyword There are two ways to pass values to a function: Positional arguments Arguments are matched by position: def describ

2026-06-23 原文 →
AI 资讯

We Scanned 10 Shopify Agency Websites. Here Is What We Found.

Last night I ran external security scans on the public websites of 10 leading Shopify and Shopify Plus agencies — the same scan any browser or attacker would see. No credentials, no special access. One agency scored an A. Three scored C- or below. The most common finding appeared on 9 of 10 sites. TL;DR 1 agency scored an A. 3 scored C- or below. 1 scored a D. The most common finding — missing security headers — appeared on 9 of 10 sites. 6 of 10 agencies have no HSTS at all. One agency has a session cookie without the Secure flag. That is the most concrete finding in the set. What was scanned Five categories per domain: TLS (HSTS presence and max-age), security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy), cookie flags, DNS hardening (DNSSEC and CAA) and sensitive exposure paths. All scans run on 23 June 2026. This covers the agencies' own marketing sites — not the client stores they build. Results Agency Domain Score Grade 1Digital Agency 1digitalagency.com 94 A Acidgreen acidgreen.com.au 77 B 30 Acres 30acres.com.au 76 B Fourmeta fourmeta.com 76 B Blend Commerce blendcommerce.com 76 B Elkfox elkfox.com 76 B Charle Agency charleagency.com 62 C Fyresite fyresite.com 62 C Eastside Co eastsideco.com 58 C- Swanky Agency swankyagency.com 55 C- Blubolt blubolt.com 54 D Per-agency notes 1Digital Agency — A (94) HSTS at two years, X-Content-Type-Options and Referrer-Policy set correctly, Permissions-Policy restricting camera, microphone and geolocation, CSP frame-ancestors in place of X-Frame-Options. Only gap is HSTS missing includeSubDomains. Acidgreen — B (77) HSTS with two-year max-age, includeSubDomains and preload — the strongest TLS config in the set. But CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy are all absent. Worth noting Acidgreen is multi-platform (Shopify Plus, Adobe Commerce, Magento) rather than Shopify-only. 30 Acres — B (76) A Shopify Plus Partner agency based in Byr

2026-06-23 原文 →
AI 资讯

My code reviewer kept asking for JSDoc — so I built a zero-dep CLI that catches it first

I kept running eslint and thinking my codebase was fine — then someone opened a PR and the first comment was "this function needs JSDoc." The problem: linters check your syntax . Nobody checks whether your exported API is actually documented. Those are two very different things. So I built jsdocscan — a zero-dependency CLI that walks your JS/TS files and flags every exported function or class that is missing JSDoc, or has undocumented parameters. What it catches Errors — exported function or class with no /** … */ block at all: ✗ src/api.js:12 fetchUser missing JSDoc ✗ src/utils.js:34 formatDate missing JSDoc Warnings — JSDoc exists but a parameter has no @param tag: ! src/render.js:7 renderCard undocumented params: opts Exit codes are 0 (all clean), 1 (issues found), 2 (usage error) — pipe-friendly. How to use it # scan a directory npx jsdocscan src/ # Python version pip install jsdocscan jsdocscan src/ # skip @param checks — just verify JSDoc exists npx jsdocscan --no-params src/ # machine-readable output npx jsdocscan --json src/ | jq '.[].findings' # summary line only npx jsdocscan --quiet src/ # custom extensions npx jsdocscan --ext .js,.ts src/ What it skips (intentionally) Non-exported functions and internal helpers — these are implementation details Destructured params ({ a, b }) — too many valid @param opts patterns TypeScript type annotations on params — name: string is stripped, @param name is still required Zero dependencies No parsers, no AST, no require("typescript") . It uses a line-by-line scanner that: Detects export function/const/class patterns via regexes Walks backwards to find a preceding /** */ block Compares @param names in the JSDoc against the actual parameter list npx jsdocscan works with zero install time. pip install jsdocscan brings in nothing extra. Links npm: npmjs.com/package/jsdocscan PyPI: pypi.org/project/jsdocscan GitHub (Node): jjdoor/jsdocscan GitHub (Python): jjdoor/jsdocscan-py Both versions pass the same 38-test suite. Same

2026-06-23 原文 →
AI 资讯

How We Built Safe LinkedIn Automation at Scale — Technical Breakdown

LinkedIn automation has a trust problem. Not with users — with LinkedIn itself. Most automation tools treat LinkedIn's API like an obstacle to route around. They send at fixed intervals, ignore behavioral limits, and optimize purely for volume. The result: accounts flagged within weeks, connection limits imposed, and in the worst cases — permanent bans. When we built SendCopy.ai, we approached this differently. Here is the technical breakdown of how we built LinkedIn outreach automation that actually protects accounts while scaling pipeline. The Core Problem: Behavioral Fingerprinting LinkedIn does not just monitor what you do — it monitors how you do it. Fixed-interval automation is trivially detectable. If your tool sends a connection request every 90 seconds with clockwork precision, LinkedIn's behavioral monitoring picks that up immediately. Human beings do not operate on fixed intervals. We get distracted, context-switch, move between tabs, have conversations in between tasks. The solution is not to slow down automation — it is to make it genuinely human-like. At SendCopy.ai, every action in a sequence uses variable timing — randomized within human-realistic ranges, distributed across natural working hours, and calibrated to each sender's historical activity patterns. Architecture: How We Handle Timing Variation The timing engine works on three levels: Level 1 — Action Delay Each individual action (send connection, send message, view profile) has a randomized delay pulled from a probability distribution weighted toward human behavior. Not a simple random range — a distribution that mirrors actual human activity patterns. Level 2 — Daily Activity Window Each sender account operates within a configurable activity window — typically 8–10 hours per day. Actions are distributed across this window with natural clustering around peak activity periods. Level 3 — Volume Ramp New sender accounts start with lower daily volumes and ramp up gradually over 2–4 weeks. This mi

2026-06-23 原文 →
AI 资讯

I Revived My React/Redux App with Turtle AI and Learned Where AI Guardrails Can Go Too Far

Nine years ago, I built two versions of Highlander: an original jQuery application and a React/Redux version that used the same backend concepts. After successfully reviving and deploying the jQuery version, I turned to Highlander-react-redux. The goal was not simply to make an old repository run again. I wanted to improve the product, modernize its architecture without rewriting everything, and deploy something people could actually explore. This time, I used Turtle AI: a plan-driven engineering workflow built around Codex. It gave the AI explicit phases for planning, implementation, verification, testing, documentation, security review, and performance review. The process worked—but it also taught me that more guardrails do not automatically create a more efficient workflow. The Problem: More Than an Old React App The application had the typical problems of a nine-year-old project: Legacy React class components Complicated Redux connections Hardcoded localhost API URLs Authentication state disappearing after refresh Unprotected client routes Large Express route files mixing routing and business logic Inconsistent API errors No API versioning Limited filtering and pagination Outdated deployment assumptions UX gaps for demo users The app also had useful product ideas that had never been fully developed. Coaches could manage teams, players, and stats, but the experience needed stronger analytics, season support, collaboration, and more reliable workflows. I did not want to throw away the existing application and replace it with a new stack. The challenge was to preserve its original value while making targeted improvements. The Approach: Plan-Driven Product Engineering My previous Highlander revival prioritized: Get the app running locally Stabilize authentication and data Improve the demo experience Harden security Deploy For the React/Redux version, I followed a more structured workflow: Analyze the repository Create an implementation plan for one feature Implement

2026-06-23 原文 →
AI 资讯

The Silent Ledger Leak: Measuring Causality Violations in Async Payment Pipelines

I spent the last few months trying to understand why reconciliation errors keep appearing in high-throughput pipelines. Here is what I found. In the race to process millions of transactions daily, modern fintech ecosystems have achieved a genuine miracle of scale. But beneath the surface of that velocity lies a structural problem most engineering teams aren't measuring: causality violations in async event pipelines. Most teams assume that if a transaction shows "Success" in the database, the job is done. At high concurrency levels, that assumption breaks quietly. When "Eventual Consistency" Becomes "Eventual Loss" In distributed systems, Kafka partitions and database shards experience micro-millisecond timing gaps. When a network retry delays a validation webhook, the downstream ledger can commit a wallet update before the validation that should have preceded it completes. To the user, the app glitches. To the engineering team, it's a reconciliation ticket. To the CFO, it's untracked operational cost. The Reconciliation Tax I built a simulation modelling this exact failure mode across 5,000 concurrent transactions. With an 8% network retry probability, conservative for high-traffic payment rails, the causality violation rate was 8.3%. At one million daily transactions, that's over 80,000 unvalidated commits every day requiring manual review. The operational cost compounds across three dimensions: engineering hours spent patching database state, fraud model accuracy degrading on out-of-order training data, and audit trails that cannot demonstrate strict causal sequence to regulators. The Fix The solution is enforcing strict event ordering at the ingestion layer before state commits happen, not better monitoring after the fact. When safeguards including partition-aware routing, exponential backoff, and idempotency controls were added to the same simulation, the violation rate dropped to 0%. Full simulation code and methodology: github.com/yakuburoseline1-gif/cif-simul

2026-06-23 原文 →
AI 资讯

FocusKit launches on Google Play tomorrow. Here's what the AI agent built.

It launches tomorrow — Wednesday June 24. FocusKit — the ADHD focus app built by an autonomous AI agent from r/ADHD community feedback — goes live on Google Play tomorrow. Free to start. No account required. No ads. (Play Store link will be added here Wednesday when the listing goes live.) Landing page: costder.github.io/FocusKit · Source: github.com/Costder/FocusKit What an AI agent built in ~24 hours pre-launch This is post 4 in the nyx_software build-in-public series. The previous posts covered the build and the pre-launch marketing sprint. This one covers what the marketing agent actually shipped before launch day. In the 24 hours before launch, the marketing agent: Assets shipped: A Nyx-branded landing page with an animated visual timer mockup 3 SEO articles: body doubling for ADHD, time blindness for ADHD, and a genuine comparison against Focusmate, Forest, and Tiimo An ASO-optimized Play Store listing — including switching the title from "ADHD Focus Timer" to "Body Doubling Timer" (the more differentiated, lower-competition keyword) 3 Play Store screenshots and 2 feature graphic options at the exact 1024x500 Play Console spec A LAUNCH.md in the repo with the Show HN draft, r/ADHD post copy, and a submission checklist An optimized GitHub README with hero image and structured feature sections Distribution established: 2 dofollow directory listings: backlinks.fyi (#1226) and LaunchFree.io (pending review) 4 build-in-public posts on this account A 4-page ADHD content hub in the GitHub Pages docs folder What the agent couldn't do The honest accounting: Every revenue-critical last step required a human: bank account for Play Store payout, the Google Play developer account itself, the r/ADHD post (established Reddit account needed), the Show HN post (established HN account needed). The agent also couldn't enable GitHub Pages — one toggle in repo Settings, 30 seconds, but only a human can flip it. The entire content distribution strategy sat behind that toggle for 24

2026-06-23 原文 →
AI 资讯

A Cron Job Took Our Server to Load 41 by Attacking Itself

A */1 rsync took our staging box to a load average of 41 one afternoon, and it took me longer than I want to admit to work out why. The sync normally finished in about twenty seconds. That day the backup target's NFS mount went sluggish, the sync started taking ninety seconds, and cron — which does not know or care whether the last run is still going — launched a fresh copy every single minute on top of it. Inside ten minutes there were a half-dozen rsyncs all reading the same tree off the same slow disk, each one making the disk slower, each new minute adding another. The box wasn't under attack. It was attacking itself, one polite copy at a time. The thing that stung was that nothing was broken — every individual rsync was correct, the disk eventually recovered on its own, and the only reason it became an outage is that cron has no concept of "the last one is still running." That's the trap with scheduled jobs: a command that's perfectly fine when you run it by hand can take down a server the first time it runs longer than its interval with nobody watching. The fix everyone reaches for first is the wrong one The instinct is a PID file: write $$ to /var/run/job.pid on start, check whether that file exists on the next run, bail if it does. It almost works. Then one run gets kill -9 'd, or the box reboots mid-job, and the PID file is left behind pointing at a process that died on Tuesday. Now every future run sees a "lock" owned by a PID that no longer exists, and the job never runs again — the opposite failure, just as silent. There's also a race between the check and the write, and the times you most need the lock to be clean are exactly the times cleanup didn't happen, because the process died before it could clean up. flock has none of that. The lock isn't a file you create and delete — it's a lock the kernel holds on an open file descriptor , and the kernel releases it automatically the instant that descriptor closes. The process exiting closes it. So does crash

2026-06-23 原文 →
AI 资讯

Manage email drafts with the Nylas API and CLI

Sometimes an email shouldn't go out the instant your code runs. A human needs to review it first, or the user wants to compose now and hit send later, or an AI agent proposes a reply that a person approves before it ships. The mechanism for all three is the same: a draft. Build that against providers directly and you're juggling Gmail's draft resource, Microsoft Graph's, and an IMAP APPEND to the Drafts folder, each with its own shape and quirks. The Nylas Email API collapses that into one draft resource. You create a draft on the user's account, it lands in their real Drafts folder, and you send it later with a single request, the same way across Gmail, Microsoft 365, Yahoo, iCloud, IMAP, and Exchange. This post walks the full draft lifecycle from two angles: the HTTP API for your backend, and the nylas CLI for the terminal. I work on the CLI, so the terminal commands below are the ones I reach for. One draft resource across every provider A draft in the Nylas model is a real object in the user's mailbox, not a staging area on the side. When you create one, it saves to the user's own Drafts folder on their provider, so it shows up in their normal mail client exactly like a draft they started themselves. That's the property that makes drafts useful for review workflows: a person can open the mailbox and see the pending message before it sends. Because drafts are real provider objects, edits flow both ways. A draft you create through the API appears in the user's mail client within the provider's sync window, and a change the user makes there alters the same draft you'd fetch back through the API. The operations split across two paths: create and list live on /v3/grants/{grant_id}/drafts , while fetch, update, send, and delete act on a specific draft at /v3/grants/{grant_id}/drafts/{draft_id} . They behave the same across all six providers, so you write the integration once. Create a draft Creating a draft is a POST /v3/grants/{grant_id}/drafts with the same message

2026-06-23 原文 →
AI 资讯

CVE & CVSS Scores: Strategic Integration in Vulnerability Management

Risk-Based Prioritization: The Context Factor Most companies only look at the standard (Base) score of a CVE. However, a real risk model should consider 3 key parameters: Base Metrics : The intrinsic, unchanging characteristics of the vulnerability (e.g., is it exposed to the internet or not). Temporal Metrics : The current state of the threat (e.g., is there a ready-made exploit code that is actively used by hackers?). Environmental Metrics : The context of your infrastructure. The Golden Rule: A 7.5 (High) vulnerability on a company’s main website serving customers is a greater threat to the business and should be patched first than a 9.8 (Critical) vulnerability on an internal test server that has no access to the internet. Integrating CVE Data into the Security Lifecycle 3 key ways to incorporate CVE data into processes to improve your organization’s defenses: Asset-Aware Triage: The severity of a CVE is correlated with the importance of the asset (server, database) in which the vulnerability was found. Critical vulnerabilities are closed immediately, while vulnerabilities on the local computer are closed in a staggered manner. DevSecOps (Shift-Left) Integration: Don’t leave the scanning process until after the software is complete. By adding SCA (Software Composition Analysis) tools to your CI/CD pipeline, automatically stop the system when third-party libraries with dangerous CVEs are detected in the code being written and direct programmers to fix the error. Threat Intelligence Alignment: Compare your internal scan reports with live cyber-threat data (e.g., CISA’s catalog of actively exploited vulnerabilities). If you find that hacking groups or ransomware are actively exploiting any Medium CVE, immediately raise the status of that vulnerability to "Urgent". Conclusion Proper use of CVE and CVSS is a matter of context, not quantity. When you align universal vulnerability information with your business assets and the real-world threat landscape, you can focus

2026-06-23 原文 →
AI 资讯

I built a fully local AI assistant at 16 — no cloud, no API keys, runs on your GPU

I'm 16, from Pune, India. For the past couple of years I've been building O-AI — a fully local AI desktop assistant. No cloud. No API keys. No data leaving your machine. Everything runs on your own GPU. Why I built it Every AI assistant I tried sent data somewhere. ChatGPT, Copilot, Gemini — all cloud. I wanted something that felt like JARVIS from Iron Man: smart, fast, personal, and private. So I built it from scratch. What O-AI can do Core engine: Runs LLMs fully on-device via llama.cpp / Ollama (zero internet required) Self-learning core — extracts facts from every conversation and stores them permanently Fine-tuning pipeline — train the model on your own data, locally Voice & language: Voice control in English, Hindi, and Marathi via Whisper (running locally) Responds in whatever language you speak Modes: JARVIS mode — arc-reactor HUD, 4 reactive states, British-male voice, "sir" persona Take Over PC mode — full desktop automation Animated floating desktop pet (4 types, draggable, reacts to voice) 30+ automation fast-paths: open apps, search the web, control media, screen vision, run code, edit files, cursor control, social media steps, clipboard ops... Multi-step agent system: plan → execute → verify loop with 14+ step types (web_search, fetch_url, read_screen, run_code, edit_file, open_social, and more) Stack Backend: Python (Flask IPC + agent core) Frontend: Electron + vanilla JS LLM: llama.cpp / Ollama Voice: Whisper (local) + Edge TTS / neural voice Vision: PIL + screen capture The hardest bugs "Says done but isn't" — Early versions reported success even when an agent step failed. Fixed by building a proper outcome verifier that reads the actual result, not the plan. The "opens a random video" bug — Asking the agent to play something would open random YouTube videos. Root cause: the plan validator wasn't catching placeholder URLs like [video_url] . Fixed with a universal content guard on all plans. GPU offloading on Windows — Getting all 32 layers onto the

2026-06-23 原文 →
开发者

Ever had a renamed column quietly break a CSV export? csv-pipe makes it a compile error, reads and writes both ways, and parses several times faster than papaparse. Live playground in the post to try your own data.

csv-pipe: read and write CSV in TypeScript, several times faster than papaparse Myroslav Martsin Myroslav Martsin Myroslav Martsin Follow Jun 22 csv-pipe: read and write CSV in TypeScript, several times faster than papaparse # javascript # typescript # webdev # node 1 reaction Add Comment 2 min read

2026-06-23 原文 →