AI 资讯
Fix Your "Developer Slouch": Building a Real-time AI Posture Monitor with MediaPipe and Electron
We’ve all been there. You start your morning feeling like a Productivity God, sitting straight and typing at 120 WPM. Fast forward four hours, and you've morphed into a literal shrimp, face inches away from the monitor, hunting for a missing semicolon. 🦐 In this era of remote work, real-time posture correction and computer vision for health have become more than just "cool projects"—they are spinal lifesavers. Today, we’re going to build a desktop application using MediaPipe , WebRTC , and Electron that monitors your neck angle and sends a desktop notification the moment you start slouching. By leveraging MediaPipe Pose and TensorFlow.js , we can calculate the Forward Head Posture (FHP) ratio with surgical precision directly in the browser environment. The Architecture 🏗️ Before we dive into the code, let’s look at how the data flows from your webcam to that "Sit up straight!" notification. graph TD A[Webcam Feed] -->|MediaStream| B(WebRTC API) B -->|Video Frames| C[MediaPipe Pose Model] C -->|Landmarks| D{Geometry Engine} D -->|Calculate Ear-Shoulder Angle| E{Threshold Check} E -->|Angle > 30°| F[Electron Main Process] F -->|Trigger| G[System Desktop Notification] E -->|Healthy| H[Continue Monitoring] style G fill:#f96,stroke:#333,stroke-width:2px Prerequisites 🛠️ To follow along, you'll need the following tech stack: MediaPipe Pose : For high-fidelity body tracking. WebRTC : To capture the video stream from your webcam. Electron : To wrap our logic into a desktop app that runs in the background. TensorFlow.js : The backbone for running ML models in JavaScript. Step 1: Setting up the Video Stream (WebRTC) First, we need to grab the camera feed. In a modern browser environment (or Electron's Chromium), we use navigator.mediaDevices.getUserMedia . async function setupCamera () { const videoElement = document . getElementById ( ' input_video ' ); const stream = await navigator . mediaDevices . getUserMedia ({ video : { width : 640 , height : 480 }, audio : false }); v
AI 资讯
Scrape Google Trends Without an API Key (Including the Scraper Flag Google Hands You)
Google Trends has no official API, and most wrapper libraries rot within months. But the Trends site itself runs on a keyless JSON API that anyone can call, and it serves the exact numbers you see in the UI. Here is the full recipe, including one gotcha where Google quietly labels your session a scraper. The two step flow Trends works in two steps. First you call explore , which returns a list of widgets, one per chart on the page, each with a signed token: GET https://trends.google.com/trends/api/explore ?hl=en-US&tz=0 &req={"comparisonItem":[{"keyword":"web scraping","geo":"US","time":"today 12-m"}],"category":0,"property":""} Then you call a widget data endpoint with that widget's request and token : GET https://trends.google.com/trends/api/widgetdata/multiline?hl=en-US&tz=0&req=<widget.request>&token=<widget.token> The widget kinds map to endpoints: TIMESERIES uses multiline , GEO_MAP uses comparedgeo , and both RELATED_QUERIES and RELATED_TOPICS use relatedsearches . The cookie trick Call explore cold and you get a 429. The API wants a NID cookie, and here is the counterintuitive part: you get it by requesting the public explore page first, and that page may itself respond 429 while still setting the cookie you need. const res = await fetch ( ' https://trends.google.com/trends/explore?geo=US&q=test ' ); // res.status may be 429. The Set-Cookie header is still there. const cookies = res . headers . getSetCookie (); Grab the cookie from the 429 response, retry explore , and everything works. Strip the anti JSON prefix Every Trends response starts with a junk line like )]}' to break naive JSON.parse calls. Drop everything up to the first newline: const body = await res . text (); const data = JSON . parse ( body . slice ( body . indexOf ( ' \n ' ) + 1 )); The scraper flag Here is the part I have not seen documented. Look inside the widget request object that explore returns to a keyless session: "userConfig" : { "userType" : "USER_TYPE_SCRAPER" } Google knows. And
AI 资讯
Who's Online on the Site, Without Tidio: Live Presence and Visitor History with Firebase
A client wanted to know who was on their site and on which page, the way Tidio's widget showed them — but without paying for a Tidio subscription, on an external WordPress site that doesn't use Firebase. The result: an external tracker hooked to an independent Firebase project, live presence via onDisconnect , persistent history in Firestore with IP geolocation — and a final debugging session where a browser CORS error was masking a server crash caused by an empty string instead of null . The context The client already had a third-party live-chat script installed on their site, and that's where the idea came from: "can we see who's on the site and on which page, without using that service?" Two constraints made the request less trivial than usual: the site hadn't been migrated to my usual stack yet — it was still running on WordPress, on different hosting — and there was no intention of introducing Firebase on the WordPress side. Step 1 — understanding what a live-chat widget actually does Before building anything, it was worth looking at what the already-installed script actually did. The tag pasted into the site was just a small loader: it creates a hidden iframe, loads the widget's real "brain" inside it from the provider's servers, which then connects via websocket to their backend to stream presence, current page and events in real time. The interesting part — "see who's on the site and on which page" — isn't in the public script: it all lives server-side at the provider, behind authentication, a proprietary dashboard and a subscription. There was nothing to "detach" from that service: it's client code tied to someone else's backend by design. But the pattern itself — a script tag hooking into an external backend — is exactly what's needed to build the same feature independently, and it fits well with Firebase, which has a native presence mechanism built for precisely this. Step 2 — live presence with Firebase Realtime Database Firebase Realtime Database has a
AI 资讯
How I Built a Free AI Image Tool That Runs 100% in the Browser (No Server Needed)
I recently built a free online image processing tool that runs entirely in the browser. No uploads, no servers, no sign-ups. Here's how it works under the hood. https://img.aixiaot.com The Problem Most online image tools require uploading your photos to someone else's server. This raises privacy concerns and limits file sizes. I wanted to build something that processes everything locally. Tech Stack - Next.js for the frontend - TensorFlow.js + Real-ESRGAN for AI upscaling - @imgly/background-removal for AI background removal - Tesseract.js for OCR - Canvas API for compression, resizing, format conversion Features • AI Background Removal - one click, works for portraits, products, animals • Image Compression - reduce file size up to 96% • Format Conversion - JPG, PNG, WebP • ID Photo Maker - passport and visa photos with customizable backgrounds • AI Image Upscaler - 2x to 8x with Real-ESRGAN • OCR - extract text from images, 20+ languages • Image Resizer - enlarge or shrink Architecture All processing happens client-side using WebAssembly and the Canvas API. When you upload an image, it never leaves your device. The AI models (background removal, upscaling) run locally in your browser using TensorFlow.js and ONNX Runtime Web. Open Source The entire project is open source under AGPL v3. You can find it on GitHub: https://github.com/haizeigh/ai-image-tools Try It https://img.aixiaot.com I'd love to hear your feedback! What features would you add?
AI 资讯
When (and when not) to inline images as Base64
Base64 image data URIs are one of those web techniques that look like a magic shortcut the first time you use them. Instead of referencing an external file: <img src= "/logo.png" alt= "Logo" > you can put the image bytes directly in the document as text: <img src= "data:image/png;base64,iVBORw0KGgoAAAANSUhEUg..." alt= "Logo" > That can be useful. It can also make a page slower, harder to cache, and more annoying to maintain. Here is the practical rule: inline images as Base64 when self-containment matters more than caching. Keep normal image files when the browser should be able to cache, resize, lazy-load, or optimize them independently. What a Base64 image actually is An image file is binary data. Base64 rewrites that binary data as plain text using a limited character set. To make the browser treat the text as an image, you wrap it in a data URI: data:image/png;base64,iVBORw0KGgoAAAANSUhEUg... The first part tells the browser the MIME type. The second part tells it the data is Base64 encoded. The long tail is the image itself. Base64 is not compression. It is not encryption. It is just a text representation of the same bytes. When inlining an image is worth it 1. Tiny icons and UI assets For very small images, removing an extra HTTP request can be worth the extra bytes. This is especially true for small icons, logos, placeholders, simple UI sprites, or tiny transparent PNGs. Modern HTTP/2 and HTTP/3 make extra requests cheaper than they used to be, so this is not an automatic win. But for a one-off tiny asset inside a small page or widget, a data URI can still be a clean choice. 2. Single-file deliverables Sometimes the point is not raw page speed. Sometimes you need one file that carries everything with it: an HTML report an email template a CodePen or demo snippet a CMS block where you cannot upload assets a test fixture that should not depend on external hosting In those cases, Base64 is useful because the image travels with the HTML, CSS, JSON, or JavaScript.
AI 资讯
Stop pasting JWTs into random websites
A JWT isn't just JSON you can inspect. It's a live bearer token. Here's a safer way to decode one. A few days ago I was reviewing a bug with a teammate. They wanted to see what was inside an access token, so they copied it into the first JWT decoder Google returned. It wasn't a dummy token. It was a production access token with almost an hour left before it expired. Nobody was trying to do anything risky—it was just the quickest way to inspect a JWT. That's exactly why this keeps happening. The thing people forget A JWT looks like this: header.payload.signature The payload isn't encrypted. It's just Base64URL-encoded JSON. Because of that, people often think: "The payload isn't secret, so the token is probably safe to paste." Those aren't the same thing. The payload may be readable, but the token itself is still your credential . Anyone holding it can usually authenticate as you until it expires. Why online decoders make me nervous Some JWT tools only decode locally in your browser. Others offer things like signature verification, claim validation, or key management. Features like those often require talking to a backend, which means the token gets sent somewhere else. Maybe the site is trustworthy. Maybe it isn't. From the UI alone, you usually can't tell. Even if a decoder claims everything runs client-side, I don't like assuming that's true when I'm holding a production credential. You don't need a website to inspect a JWT Most of the time I'm only interested in the payload anyway. echo " $TOKEN " \ | cut -d '.' -f2 \ | base64 --decode \ | jq Because JWTs use Base64URL encoding, you may need to translate the alphabet and add padding first: decode_jwt () { local payload = $( echo -n " $1 " | cut -d . -f2 | tr '_-' '/+' ) while [ $(( ${# payload } % 4 )) -ne 0 ] ; do payload = " ${ payload } =" done echo " $payload " | base64 --decode | jq } decode_jwt " $TOKEN " That gives you the claims, expiration time, issuer, audience—everything most people open a decoder for.
AI 资讯
Block Google's AI Overviews at the Network Layer, Not the DOM
TL;DR: Most extensions block Google's AI Overviews by hiding the panel with a content script after it renders — fragile, flickery, and always a step behind Google's markup changes. A better approach: force udm=14 at the network layer with declarativeNetRequest , so the AI Overview never loads. The content script becomes a backstop, not the main mechanism. One Chrome API mystery — AI Mode being invisible to four different extension APIs — shows why the DOM was never the right layer. Google puts an AI Overview at the top of most search results now, and a lot of people would rather it didn't. So there's a whole shelf of Chrome extensions that remove it. Almost all of them work the same way, and I think that way is a mistake. The obvious approach, and why it's a trap The default move is DOM-hiding: inject a content script, wait for the AI Overview panel to render, find it by class name or attribute, and set display: none . It's the first thing anyone reaches for, and it works — until it doesn't. The problems are all baked into the approach. You're reacting after the render, so there's a flash of AI content before your script catches it. You're matching against Google's markup, which is obfuscated and reshuffled constantly, so every layout change is a silent breakage. And you're paying for DOM churn on a page you don't control. You end up in a permanent game of catch-up against a page that changes whenever Google feels like it. The deeper issue is that you're operating one layer too high. The panel is a symptom . By the time it's in the DOM, the work is already done — the server decided to send it, the page rendered it, and now you're scrambling to un-render it. If you can move the decision earlier, none of that scramble has to happen. The thesis: prevent it at the network layer Google Search takes a parameter, udm , that selects which result vertical you get. udm=14 is the plain "Web" results view — the classic list of links, no AI Overview, no AI Mode. It's Google's ow
AI 资讯
The Hugging Face Hub Is a Free JSON API: Rank Trending AI Models Without a Key
Everyone reads the Hugging Face trending page in a browser. Almost nobody knows the whole Hub sits behind a plain JSON API with no key, no login, and cursor pagination. If you want a weekly report of what the AI community is actually adopting, you can build it with fetch . The endpoints GET https://huggingface.co/api/models GET https://huggingface.co/api/datasets GET https://huggingface.co/api/spaces Useful parameters, same across all three: sort ranks results: trendingScore , downloads , likes , createdAt , lastModified direction=-1 for descending search matches names, author restricts to one org like meta-llama filter matches Hub tags: text-generation , license:mit , even arxiv:2606.23050 limit up to 100 per page So the top trending models right now: https://huggingface.co/api/models?sort=trendingScore&direction=-1&limit=100 trendingScore is the interesting one. Downloads and likes rank all time popularity, which is dominated by the same old models. Trending score is Hugging Face's own measure of current momentum, and it moves daily. Today it puts a four day old OCR model from Baidu at the top, which no downloads sort would surface for weeks. Slim payloads with expand By default the models endpoint returns a siblings array listing every file in the repo, which bloats a 100 item page. Ask for exactly the fields you want instead: const fields = [ ' downloads ' , ' likes ' , ' trendingScore ' , ' pipeline_tag ' , ' tags ' , ' createdAt ' ]; const params = new URLSearchParams ({ sort : ' trendingScore ' , direction : ' -1 ' , limit : ' 100 ' }); for ( const f of fields ) params . append ( ' expand[] ' , f ); const res = await fetch ( `https://huggingface.co/api/models? ${ params } ` ); const models = await res . json (); Pagination is a Link header There is no page parameter. Each response carries a Link header with a cursor for the next page, GitHub style: function nextUrl ( res ) { const m = ( res . headers . get ( ' link ' ) || '' ). match ( /< ([^ > ] + ) >; \s *r
AI 资讯
How Turborepo Makes Large JavaScript Projects Fast
Introduction Most projects start with a single repository. Imagine you're building an e-commerce platform: a Next.js storefront for customers, a React Native mobile app, and a NestJS backend API. Splitting these into three repositories feels like the obvious, clean solution. ecommerce-web ecommerce-mobile ecommerce-api For the first few months, this works fine. Then the project grows, and the cracks start to show: You copy utility functions between repositories instead of importing them. You duplicate TypeScript interfaces across the frontend, mobile app, and API. Your frontend and backend drift apart because each repo defines its own version of the same models. Updating one shared component means editing it in three different places. Eventually, maintaining the project becomes harder than building new features. If that sounds familiar, you're not alone — it's exactly the problem monorepos were designed to solve. In this article, we'll cover: What a monorepo actually is, and how it differs from a multi-repo (polyrepo) setup Why engineering teams choose it How Turborepo makes monorepos fast instead of slow A practical, production-ready structure for a Next.js + React Native + NestJS monorepo Common mistakes and best practices Whether you work with React, Next.js, React Native, or NestJS, these concepts will help you build projects that scale without becoming a maintenance burden. The Problem With Multiple Repositories A typical multi-repo setup looks like this: web-app/ mobile-app/ backend-api/ shared-components/ Each repository has its own package.json , dependencies, CI/CD pipeline, Git history, and versioning strategy. It looks clean at first — but as the project grows, several problems appear. 1. Code duplication You write a helper function once: export function formatPrice ( price : number ) { return `$ ${ price . toFixed ( 2 )} ` ; } Both the web app and the mobile app need it, so instead of importing it, someone copies it. Now there are two versions. When one
开发者
GlintCode: A Beginner-Friendly Language That Runs in the Browser
Introducing GlintCode ✨ I've been building GlintCode , a lightweight scripting language for the browser that runs on top of JavaScript. The goal is simple: make building browser apps easier with a clean, beginner-friendly API while still using the power of JavaScript under the hood. Features 🚀 Runs directly in the browser 📝 Uses <script type="glint"> 🌐 Built-in DOM helpers 🎨 Simple UI creation functions 🔁 Built-in loop helpers 📦 Optional module system ⚡ No build tools or compilation required Hello, World <script src= "https://fast4word.github.io/glintcode/glint.js" ></script> <script type= "glint" > page ( " Hello " ) heading ( " Welcome to GlintCode " , 1 ) paragraph ( " Your first Glint app! " ) button ( " Click Me " , () => { print ( " Hello from Glint! " ) }) </script> Why GlintCode? JavaScript is incredibly powerful, but for beginners or small browser projects it can sometimes feel more verbose than necessary. GlintCode provides a set of simple, readable functions that make creating interfaces and interacting with the page easier, while still letting you use JavaScript features whenever you need them. Because GlintCode runs on top of JavaScript, you can gradually learn the underlying language without giving up access to the browser's APIs. What's next? I'm continuing to expand GlintCode with new functions, modules, examples, and documentation. Future plans include additional built-in libraries, a richer module ecosystem, and more developer tools. I'd love to hear your feedback, suggestions, or ideas for features you'd like to see! GitHub: https://github.com/Fast4word/glintcode
开发者
ANSI Color Code Generator: Build Terminal Escape Sequences Visually
Stop memorizing ANSI escape sequences. I built a browser tool to generate them visually — pick colors, styles, and get the code ready to paste. Try it 🔗 ANSI Color Code Generator — DevNestio Features 3 color modes : 8-color, 256-color palette, RGB truecolor (24-bit) 8 text styles : Bold, Dim, Italic, Underline, Blink, Reverse, Hidden, Strikethrough Separate FG/BG : Set foreground and background colors independently 3 output formats : Shell ( echo -e ), Python ( print ), Raw escape sequence Live preview in a simulated terminal box How ANSI sequences work ESC [ <codes> m Multiple codes are separated by ; . Reset is ESC[0m . 8-color : codes 30-37 (FG), 40-47 (BG), 90-97 (bright FG) 256-color : ESC[38;5;<0-255>m for FG, ESC[48;5;<0-255>m for BG RGB truecolor : ESC[38;2;<R>;<G>;<B>m 256-color palette calculation function get256Color ( i ) { if ( i < 16 ) return standardColors [ i ]. hex ; if ( i < 232 ) { const n = i - 16 ; const r = Math . floor ( n / 36 ) * 51 ; // 255/5 = 51 const g = Math . floor (( n % 36 ) / 6 ) * 51 ; const b = ( n % 6 ) * 51 ; return `rgb( ${ r } , ${ g } , ${ b } )` ; } const v = ( i - 232 ) * 10 + 8 ; // 24 grayscale steps return `rgb( ${ v } , ${ v } , ${ v } )` ; } Output examples # Bold red text on black echo -e " \e [1;31mHello, Terminal! \e [0m" # RGB orange (Python) print ( " \0 33[38;2;255;128;0mOrange text \0 33[0m" ) Tested with 128 assertions covering code generation, color math, and format strings. Part of DevNestio — 115 free browser-only developer tools.
开发者
Bitwise Calculator: Visual 32-bit AND/OR/XOR/NOT/Shifts in Your Browser
I built a browser-based bitwise calculator that performs AND, OR, XOR, NOT, NAND, NOR, XNOR, arithmetic/logical shifts, and rotate operations on 32-bit integers — with a live clickable bit grid. Try it 🔗 Bitwise Calculator — DevNestio Features 13 operations : AND, OR, XOR, NOT A/B, NAND, NOR, XNOR, SHL, SHR, SHRA, ROTL, ROTR Visual 32-bit grid : Click any bit to toggle Operand A on the fly Multi-base input : Auto-detect 0xFF , 0b1010 , 0o17 , or decimal 4 output formats : Hex, decimal, binary (grouped), octal — all with copy buttons No server, no upload — everything runs in-browser The JavaScript integer trap Bitwise ops in JS coerce values to signed 32-bit integers. To get unsigned results you need >>> 0 : case NOT_A : return ( ~ a ) >>> 0 ; // without >>> 0, ~0 shows as -1 case XNOR : return ( ~ ( a ^ b )) >>> 0 ; case ROTL : return (( a << s ) | ( a >>> ( 32 - s ))) >>> 0 ; Rotate without a dedicated instruction JavaScript has no ROL/ROR, so combine two shifts: // Rotate left by s bits (( a << s ) | ( a >>> ( 32 - s ))) >>> 0 Tested with 99 assertions All core logic — parsing, computing, edge cases like XNOR with ~0xFF = 0xFFFFFF00 — covered in a Node.js test file using assert . Part of DevNestio — a growing collection of 115 free browser-only developer tools.
开发者
How I Built a Zero-Friction Browser Gaming Platform (Zero Sign-Ups, Zero Downloads)
I built GameDeck — a gaming platform where you pick a badge, type a name, and play. That's it. No accounts, no launcher downloads, no tracking. Here's how I built it and what I learned. The stack Frontend : Pure browser-based, vanilla JS Deployment : Google Cloud Run i18n : 3 languages (EN, 简体中文, 繁體中文) with instant switching Identity : Emoji badge system — no usernames, no passwords The architecture The entire app is a single-page browser app. No backend for user auth (because there is no auth). Sessions are ephemeral — nothing is stored. Multi-language i18n Adding 3 languages was the #1 feature request within 24 hours of launch. Simple key-value translation maps, no framework needed. The badge identity system Instead of usernames, users pick an emoji badge (🎮 ⚡ 🦊 🐉 🐼 🚀 🐱 🐯 🌟 🍿). This turned out to be the most talked-about feature. It's fun, zero-friction, and surprisingly expressive. Privacy by default No data collected. No cookies. No analytics. Just the game. Privacy isn't a feature — it's the absence of features that invade privacy. What I'd do differently Multi-language from day 1 More game variety before launch Better mobile responsiveness Try it : https://gamedeck-804028808308.us-west2.run.app Source : Built solo, open to questions! Would love feedback from the dev community — especially on the browser game architecture and i18n approach.
AI 资讯
How I Built an Ultra-Fast Bilingual Dictionary Handling 293,000+ Words on the Edge
Every developer has that one project. The passion build that sits in the back of your mind for months—or even years—before you finally sit down, crack your knuckles, and make it a reality. For me, that project was building a modern, open-access bilingual digital lexicon bridging English and Assamese: AssameseDictionary.org . While it started as a personal milestone dream, it quickly turned into a massive data engineering and architecture challenge. Here is how I tackled parsing a massive vocabulary database and serving it globally with near-zero latency. 🏗️ The Core Challenge: Scale vs. Speed A dictionary isn't like a standard SaaS app or landing page. It lives and dies by its database depth. To make this a truly definitive tool, I compiled, cleaned, and programmatically validated an extensive vocabulary index mapping over 293,000 words . The dataset doesn't just hold simple translations; it maps complex bidirectional lookups, phonetic transliterations, advanced English definitions, context usage examples, and cross-linked synonym tokens. If I threw this massive dataset into a traditional relational database hooked up to a standard server setup, I ran into immediate roadblocks: Latency: Heavy search queries on a dataset this size can cause noticeable lag. Cost/Overhead: Maintaining and scaling database servers for unpredictable public traffic gets expensive fast. I wanted the search utility to snap back instantly. To achieve that, I had to ditch traditional server paradigms entirely. ⚡ The Architecture: Serverless Edge Caching To keep things ultra-lightweight, highly cost-effective, and blazing fast, I built the platform around an edge-computing topology: The Runtime: I offloaded the backend logic entirely to Cloudflare Workers . Instead of routing traffic to a centralized origin server, queries are intercepted and executed at serverless edge locations physically closest to the user. The Data Layer: Instead of an active SQL database bottleneck, I mapped the data mat
AI 资讯
I built a browser-only HTTP Cookie Inspector — parse Set-Cookie, security score, XSS/CSRF flags, 84 tests
HTTP cookies are everywhere in authentication, sessions, and tracking — but reading Set-Cookie headers manually is tedious. I built a free, browser-only HTTP Cookie Inspector that parses cookie strings and gives you a security analysis. Live Tool 👉 https://devnestio.pages.dev/cookie-inspector/ What it does Parse Set-Cookie strings — extract all attributes at a glance Attribute cards — name, value, expires/max-age, domain, path, Secure, HttpOnly, SameSite Security score (0–100) — +25 for Secure, +25 for HttpOnly, +25 for SameSite≠None, +25 for expiry XSS/CSRF risk flags — warns when HttpOnly or SameSite is missing Syntax highlighted raw header — color-coded by attribute type Presets — session, persistent, secure+httponly, SameSite=Strict, minimal 100% client-side — no data leaves your browser Cookie security flags explained Flag Missing risk Present benefit Secure Cookie sent over HTTP Only sent over HTTPS HttpOnly JS can steal it (XSS) Inaccessible via document.cookie SameSite=Strict CSRF attacks possible Never sent on cross-site requests SameSite=Lax Partial CSRF risk Sent on top-level nav only SameSite=None Always cross-site Requires Secure flag SameSite values Set-Cookie: session=abc123; SameSite=Strict; HttpOnly; Secure # Best practice for auth cookies Set-Cookie: prefs=dark; SameSite=Lax # OK for non-sensitive preferences Set-Cookie: embed=true; SameSite=None; Secure # Cross-site embeds (e.g. payment widgets) Testing 84 tests, all passing ✅ Tests cover: Parsing all standard attributes Boolean flags (Secure, HttpOnly) detection SameSite value classification Max-Age duration calculation Security score computation XSS/CSRF warning logic All preset templates HTML escaping in output UI elements and copy functionality All tools at devnestio.pages.dev — free browser-only developer utilities.
AI 资讯
Working With Massive JSON Responses
Working With Massive JSON Responses Without Losing Performance Every developer eventually encounters it. You make an API request expecting a few hundred objects, and instead receive a response that's tens—or even hundreds—of megabytes. Suddenly your browser freezes, your editor becomes sluggish, and your application consumes gigabytes of memory. Large JSON responses aren't unusual anymore. Analytics platforms, cloud providers, search engines, AI services, ecommerce catalogs, IoT systems, and data export endpoints routinely generate enormous payloads. The good news is that handling massive JSON efficiently is mostly about choosing the right techniques. This guide covers the best practices that help you inspect, process, and optimize large JSON datasets without overwhelming your tools or your users. Understand Why Large JSON Is Expensive Before optimizing, it's helpful to know where the cost comes from. When an application receives JSON, it usually goes through several stages: Download the response. Store it as a string. Parse it into objects. Allocate memory for every property. Traverse the resulting object graph. For a 100 MB JSON file, peak memory usage can easily exceed 300 MB because both the raw string and the parsed objects coexist temporarily. This explains why applications often run out of memory long before reaching the actual file size. Don't Pretty-Print Gigantic Responses Immediately Pretty-printing is useful—but formatting a huge document all at once can consume significant CPU time and memory. Instead: inspect only the sections you need collapse large objects expand nodes on demand search before formatting If you need to examine a large payload in the browser, using a dedicated formatter designed for large documents can make navigation much easier. Tools like JSON Formatter allow you to validate, format, collapse, and inspect JSON without manually editing thousands of lines. Stream Instead of Loading Everything One of the biggest mistakes is reading an
AI 资讯
I built a browser-only JWT Creator & Signer — HS256/384/512, verify, expiry check, 77 tests
Debugging JWT authentication usually means copying tokens between tabs and tools. I built a free, browser-only JWT Creator & Signer — create, sign, and verify JWTs entirely in your browser using the Web Crypto API. Live Tool 👉 https://devnestio.pages.dev/jwt-creator/ What it does Create JWTs — edit header (alg, typ) and payload (any JSON) Sign with HMAC — HS256, HS384, or HS512 Quick claim buttons — insert sub , name , exp (+1h), iss with one click Generate random secrets — 256-bit hex secret via crypto.getRandomValues() Verify existing JWTs — paste any token and verify signature + expiry Color-coded output — header in red, payload in green, signature in blue 100% client-side — Web Crypto API, no server, your secrets stay local How signing works (Web Crypto API) const key = await crypto . subtle . importKey ( " raw " , new TextEncoder (). encode ( secret ), { name : " HMAC " , hash : " SHA-256 " }, false , [ " sign " ] ); const sig = await crypto . subtle . sign ( " HMAC " , key , new TextEncoder (). encode ( header + " . " + payload ) ); The output is base64url-encoded (replacing + → - , / → _ , stripping = padding) to form the final JWT. Why browser-only matters for a JWT tool JWT secrets are sensitive. Any tool that sends your signing secret to a server is a liability. This tool never sends anything — the Web Crypto API runs entirely inside your browser tab. Testing 77 tests, all passing ✅ Tests cover: Base64url encoding edge cases JWT structure (3-part dot-separated) HMAC algorithm mapping (HS256 → SHA-256 etc.) Expiry check (expired vs. valid tokens) Error states: invalid JSON payload, malformed JWT UI: claim insertion, secret toggle, copy, clear Web Crypto API usage verification All tools at devnestio.pages.dev — free browser-only developer utilities. Feedback welcome!
AI 资讯
We benchmarked React data grids with 50,000 rows. The winner was not the whole story.
Every data grid demo looks incredible with twenty rows. The columns line up. The hover state is tasteful. The checkbox has confidence. Someone scrolls three inches and everyone quietly agrees that software has advanced. Then the real product arrives. Fifty thousand rows. Twenty columns. Editable money. A custom status cell. Filters. Sorting. Horizontal scrolling. A user who pastes something suspicious from Excel. A product manager asking whether the total row can stay pinned while the server is slow. That is when a table stops being a table and starts becoming infrastructure. So we built a benchmark. Not a perfect benchmark. Those do not exist. A useful one. What we measured The fixture is intentionally boring: 50,000 deterministic rows 20 fixed-width columns 1,200 by 600 pixel viewport two editable columns sorting filtering virtual scrolling production bundles fresh browser contexts raw samples committed to GitHub No network requests. No paid-only feature tricks. No images. No grouping. No heroic demo code designed to make one library look blessed by destiny. The report measures: JS gzip : reachable JavaScript after gzip Ready median : navigation until the grid adapter mounts and two animation frames pass Scroll settle : one scripted vertical and horizontal jump plus animation frames Mounted cells : body cells in the DOM after the scroll Interaction health : heap, long tasks, estimated FPS, dropped frames Live benchmark: https://vitashev.github.io/react-data-grid-benchmark/ Source and raw samples: https://github.com/Vitashev/react-data-grid-benchmark The part most benchmarks get wrong Not every grid exposes the same surface. For example, MUI X Data Grid Community uses 100-row pagination for this workload. That is a valid product boundary, but it is not the same as continuously virtualizing 50,000 rows. So the ranked tables include only compatible continuous-scroll libraries. MUI remains in the fixture and raw data, but not in the leaderboard. That makes the benchma
AI 资讯
AdaBoost from Scratch: How a Pile of Dumb Rules Becomes a Smart Classifier
Here is a question that sounds like a trick: can you build an accurate classifier out of models that are barely better than flipping a coin? Surprisingly, yes. That is the whole idea behind boosting, and AdaBoost is the algorithm that made it famous. I built it from scratch and dropped it into an interactive demo — here's how it actually works, real math, no hand-waving. Play with the live version: https://dev48v.infy.uk/ml/day21-adaboost.html The weak learner: a decision stump AdaBoost's building block is the simplest classifier you can imagine: a decision stump . It is a decision tree with exactly one split. Look at one feature, compare it to one threshold, and call everything on one side "+1" and everything on the other side "−1". That's it. One line, one cut. def stump_predict ( X , dim , thresh , polarity ): pred = np . ones ( len ( X )) if polarity == 1 : pred [ X [:, dim ] <= thresh ] = - 1 else : pred [ X [:, dim ] > thresh ] = - 1 return pred On anything that isn't trivially separable, a single stump is hopeless — on a checkerboard layout it barely passes 55-60%. That is exactly why it's a "weak learner": a model that only beats random guessing by a hair. The magic is in how we combine hundreds of them. Sample weights: a moving spotlight The engine of AdaBoost is a weight on every training point that says "how much does getting this one right matter?" Everything starts equal: n = len ( X ) w = np . full ( n , 1.0 / n ) # uniform: every point weighs 1/n These weights are a probability distribution — they sum to 1. After each round they change: points we got right get lighter, points we missed get heavier. Since we always pick the next stump to minimise weighted error, the heavy points end up dominating the search. The next stump is effectively forced to stare at whatever the committee keeps blowing. Weighted error, not a plain count When we hunt for the best stump each round, we don't count mistakes — we add up the weight of the mistakes: def weighted_error
AI 资讯
I finally understood cron expressions by building an explainer for them
For years I copied cron expressions off Stack Overflow, pasted them into a config file, crossed my fingers, and moved on. 0 9 * * 1-5 ? Sure, that "looks like weekday morning." */15 * * * * ? "Every 15 minutes, probably." I never actually read them. So I did the thing that always cures this for me: I built a tool that parses a cron expression, explains it in plain English, and shows the next five times it will fire. No library. About 50 lines of real logic. Here's everything I learned. The five fields (and the order that trips everyone up) A standard cron expression is exactly five fields separated by spaces: ┌──────── minute 0 - 59 │ ┌────── hour 0 - 23 │ │ ┌──── day - of - month 1 - 31 │ │ │ ┌── month 1 - 12 │ │ │ │ ┌ day - of - week 0 - 6 ( 0 = Sunday ) * * * * * The order never changes, and the number-one beginner mistake is swapping the first two. Minute comes first. If you write 9 30 * * * thinking "9:30am," you actually get "minute 9, hour 30" — which is invalid, because hours only go to 23. Say it out loud every time: minute, hour, day-of-month, month, day-of-week. Each field answers one question: which values of this unit does the job run on? An * means "every value." Most real schedules pin down a couple of fields and leave the rest as * . Daily at 9am is 0 9 * * * — minute and hour fixed, everything else "every." Lists, ranges, and steps Beyond single numbers, each field understands three operators, and they combine: Comma makes a list: 1,15 in the day field means the 1st and the 15th. Hyphen makes an inclusive range: 1-5 in the day-of-week field means Monday through Friday. Slash makes a step, taking every n-th value: */15 in the minute field means 0, 15, 30, 45 . Steps can apply to a range too, so 0-30/10 means 0, 10, 20, 30 . That's the whole grammar. Number, list, range, step. Once you can expand a field into the concrete set of numbers it matches, you understand cron. Here's the expansion function, which is the heart of the parser: function expandFie