Announcing TypeScript 7.0
submitted by /u/DanielRosenwasser [link] [留言]
找到 1410 篇相关文章
submitted by /u/DanielRosenwasser [link] [留言]
This post is about Hyperbole's HyWiki package for knowledge management. I've been doing a deep dive into knowledge management and PKMSs, and in my research I've found that HyWiki offers the best of all worlds. It has a truly unique behavior compared to other PKMSs that allows it to obviate the bookkeeping involved with linking your notes together, and allows your curated knowledge to propagate into the rest of your Emacs, not just your siloed notes vault. submitted by /u/misterchiply [link] [留言]
Every junior developer or solo software engineer falls into the exact same engineering trap: They conflate writing code with building a business. They spend their initial excitement phase setting up intricate user database authentication schemas, writing custom cron jobs for automated subscription reminders, or building heavy background pipelines just to resize a user’s uploaded logo image. By the time their local environment is "infrastructure perfect," weeks have passed. The momentum is gone, burnout sets in, and the repository is abandoned before ever tasting real production traffic. In 2026, computing power has completely shifted to specialized edge layers. Infrastructure has become commoditized. If you are wasting creative bandwidth trying to compete on backend pipelines instead of focusing entirely on your unique value proposition, you are systematically killing your startup. Here is the architectural matrix to decouple your operational infrastructure and shift to a lean, hyper-scalable API-first codebase. Part 1: The Production Infrastructure Decoupling Layer The golden rule of modern systems design is clear: Your application should only maintain two core pillars internally—your proprietary business logic and your core user state database. Everything else—from security to user tracking—is a solved problem that should be offloaded to third-party micro-services. Let’s look at the financial and time trade-offs of building versus outsourcing across critical technical vectors: Microservice Vector The Native Way (High Friction) The 2026 API Standard Launch Velocity Impact Merchant of Record Raw Stripe API + Custom Tax Calculators Lemon Squeezy / Paddle Saves 5 days of legal & accounting setup Feature Rollouts Custom Postgres feature-flag logic loops GrowthBook / LaunchDarkly Zero deployment overhead for major pivots Customer Feedback Manual tables + Admin CRUD boards Featurebase API Instant roadmaps directly inside frontend Media Compression AWS S3 triggers + Edge
submitted by /u/mitousa [link] [留言]
submitted by /u/eqrion [link] [留言]
🎯 Learning Objectives Understand the interface boundary between Terminal Emulators and Shell Interpreters (including Windows Terminal vs. PowerShell vs. CMD). Master File System path tracking, hidden dotfiles, and essential CLI utilities. Map system execution paths via global and local environment configurations. 1. Terminal vs. Shell (The Windows Architecture) Terminal: The visual GUI wrapper. A window application that captures keyboard strokes, handles GPU text rendering, and manages tabs/panes. Examples: Windows Terminal, iTerm2, Alacritty. Shell: The command interpreter engine running inside the terminal. It evaluates text strings, processes scripts, issues system calls ( syscalls ), and interacts with the OS Kernel. Examples: PowerShell, Bash, Zsh, Command Prompt (CMD). ┌────────────────────────────────────────────────────────┐ │ WINDOWS TERMINAL GUI (The Visual Interface Window) │ │ │ │ │ ├───► Tab 1: [ PowerShell Core Engine (Modern) ] │ │ ├───► Tab 2: [ Command Prompt Engine (Legacy) ] │ │ └───► Tab 3: [ WSL Ubuntu Linux Bash (Core) ] │ └───────────────────────────┬────────────────────────────┘ │ Raw Text & Input Streams ▼ ┌────────────────────────────────────────────────────────┐ │ SHELL INTERPRETER (e.g., PowerShell / CMD) │ │ └───► Parses input string commands into system tasks │ └───────────────────────────┬────────────────────────────┘ │ System Call (Syscall) ▼ ┌────────────────────────────────────────────────────────┐ │ OPERATING SYSTEM KERNEL │ │ └───► Interacts directly with underlying hardware │ └────────────────────────────────────────────────────────┘ 2. Deep Dive: PowerShell vs. Command Prompt (CMD) While both are Windows shells hosted inside Windows Terminal, they belong to entirely different computing eras: Command Prompt ( cmd.exe ): A legacy text shell maintained purely for backwards compatibility with 1980s MS-DOS. It pipelines data as Plain Text Only , meaning outputs must be manually string-filtered. PowerShell ( pwsh.exe ): A modern, cros
You start the morning with four Claude Code agents running, each in its own git worktree, each on a separate task. By mid-afternoon something is off. One agent has re-implemented a helper another already wrote. A second built against an interface that a third changed an hour ago. A fourth made a naming choice that contradicts a decision you made — out loud, to yourself — at 9am. Every diff is reasonable on its own. The system they add up to is not. This is the failure mode that shows up the moment you go from one agent to several. The code each agent produces is fine. What drifts is everything between the agents: the decisions, the conventions, the current shape of the interfaces they all depend on. Running the agents in parallel is the easy part. Keeping them coherent is the hard part, and it's a different problem. Why parallel agents drift An agent's context is per-session. Each Claude Code instance has its own context window, populated by what it has read and done in that session. Nothing about that window is shared with the agent running in the next worktree. There is no common memory they all write to and read from. So when agent A decides "we use the repository pattern for data access," that decision exists in exactly two places: agent A's context, and your head. Agent B never hears about it. Three kinds of state cause the drift, and they're worth separating because they need different handling: Decisions already made. Architecture, naming, conventions, the approach you settled on for a cross-cutting concern. These are durable — once made, they should bind every agent, including ones you spawn tomorrow. The current contract. The shape of the interfaces, types, and APIs that agents share. This changes during the work: agent A edits a signature, and agents B and C are now building against a version that no longer exists. What's in flight. Who is touching which files right now. Two agents editing the same module in separate worktrees won't see each other until th
submitted by /u/self [link] [留言]
I've been wondering for a while if anything in Unicode could accidentally compute. It turns out that UTS #35 transliteration rules are Turing-complete. I show how to compute Collatz with just 3 rewrite rules running on stock ICU, shipped with every major OS. submitted by /u/Dull_Replacement8890 [link] [留言]
submitted by /u/broken_broken_ [link] [留言]
I recently read some interesting research on GitHub's Verified commit workflow. The issue isn't a break in Git, GPG, or commit signing itself, but rather how the Verified badge can be interpreted in certain edge cases. It's a good reminder that a cryptographically valid signature doesn't automatically establish the provenance or intent of a commit. Here's a technical breakdown covering how the trust model works, the affected scenarios, GitHub's response, and what maintainers can do to avoid relying solely on the Verified badge during code review. submitted by /u/NapierPalm [link] [留言]
submitted by /u/Ordinary_Leader_2971 [link] [留言]
Most web applications contain at least one vulnerability from the OWASP Top 10. A typical security audit takes 2-3 weeks and costs upward of $10,000. An LLM can compress the initial audit down to a few hours because it scans code for patterns rather than specific CVEs. Below are 15 vulnerabilities found while auditing production code with Claude. Each includes the vulnerable code, the fixed version, and a prompt to reproduce the finding. Classification follows OWASP Top 10 (2021). Order reflects frequency of occurrence: most common first. Methodology: how to run an AI security audit The audit consists of three passes. First, a broad scan: the LLM receives the entire project and looks for vulnerability patterns. Second, deep analysis: each identified pattern is verified in context (middleware, ORM, framework). Third, verification: manual review of every finding, because LLMs produce false positives. Prompt for the broad scan: Perform a security audit of this code. For each finding, include: 1. CWE ID and name 2. OWASP Top 10 category 3. Severity (Critical/High/Medium/Low) 4. The vulnerable code snippet 5. Attack vector -- exactly how an attacker would exploit this 6. Fixed code Ignore stylistic comments. Focus on security only. Start with injection attacks, then broken access control, then the rest. This prompt works because it defines the output structure and prioritizes categories. Without explicit instructions, the LLM mixes critical vulnerabilities with remarks about email validation. More on structured AI code review: AI Code Review Checklist . A03:2021 -- Injection 1. SQL Injection via string concatenation The most common finding. Shows up even in projects using an ORM, because developers switch to raw queries for complex filters. Vulnerable code: // API endpoint for user search app . get ( ' /api/users ' , async ( req , res ) => { const { search , sortBy } = req . query ; const query = ` SELECT id, name, email FROM users WHERE name LIKE '% ${ search } %' ORDER
I'm writing a short series of tutorials on FlashAttention, the algorithm that largely powers modern LLMs. The core idea is to spot the associative structure hiding in the loop. Once you see it, you get two things: you can fuse the passes (in the case of attention, it is huge, because it avoids ever materializing the score matrix) and split and recombine the work across GPU threads or any parallel processor. This post is about recognizing that structure. The stable softmax operation on a vector x (part of the attention kernel) is computed as follows: m = max_j x_j softmax(x)_i = exp(x_i - m) / Σ_j exp(x_j - m) Naively, you would write something like: # pass 1 — running max m = -inf for j in 0..N: m = max(m, x[j]) # pass 2 — denominator, needs the final m d = 0 for j in 0..N: d += exp(x[j] - m) # pass 3 — normalize for j in 0..N: y[j] = exp(x[j] - m) / d The trick is not to wait for the final max before accumulating the denominator. Carry both in a small state (m, d) and rescale d whenever the max moves. Here is what the online version of the algorithm above looks like: # one pass — carry (m, d) together m, d = -inf, 0 for j in 0..N: m_new = max(m, x[j]) d = d * exp(m - m_new) + exp(x[j] - m_new) # rescale, then add m = m_new # normalize (unchanged) for j in 0..N: y[j] = exp(x[j] - m) / d It turns out this is not a one-off trick. There is a whole class of "secretly associative" loops that you can parallelize by introducing the right carrier state. The tutorial goes into detail, shows a few examples of secretly associative operations, provides the algebraic formulation for those, and gives some tools to help you recognize secretly associative loops. Overview: Safe softmax, Welford's variance, and FlashAttention belong to the same class of secretly-associative operations The twisted monoid via transport of structure, why the max-rescale coupling doesn't break associativity Third Homomorphism Theorem as a test for whether any loop is secretly associative Numerical analys
I'll preface to say I'm not at all a programmer, so pardon me for saying anything stupid The increasing amount of slop is no secret, and but software as a whole, be it plugins or apps or even whole operating systems, has become increasing plagued by a set of kinda-unrelated problems that feel like they fall under the same umbrella. I'll keep it short, so practical issues of efficiency, privacy, security, and long-term support, and then ethical issues of being human-made. I personally believe that we're in need of novel, widespread terms to be able to describe the kind of software that in principle does not have certain traits. I attached the link because I believe the term "open source" is analagous to what I'm talking about here. Everybody has an idea of what it means and entails, but it also doesn't mean that everything has to strictly follow it to a T, because it's just a word at the end of the day. It's a pledge to the user to abide by principles of being "Open Source," and I'm saying that we need new words that similarly serve as principles such as that of, optimization, long-term support, being human-made, etc. (It's kind of like how we have terms like organic, free-run eggs, free range eggs, and of course you would end up with having a bunch of terms that dont mean anything at all, but i'm confident that a few will emerge as "standards" in the same way the term open source is.) This could go hand-in-hand with maybe making it common practice to at least disclose the development process when publishing software. In (science) research, we're beginning to see the implementation of "AI Disclosures" to detail all such usage, to be published with the paper. surely practices like these should be encouraged in software development as well. I'm sure there are (smaller) discussions on what exactly should constitute as "best practices" to the people that care about such things, but I've yet to see mainstream terms that go beyond only vaguely describing what we dont like
How is it going for you all working on projects for this platform? I’ve read that sometimes they ban you without even giving you a heads up, is that true? Also, I’d like to ask about the tests they give you for software projects before accepting you; are they actually very difficult? Do I need to have AI level problem solving skills or something similar to get accepted? How is the hourly pay working out? Is it truly hourly, and are deposits made weekly? Thanks for reading, everyone; I’m curious about remote work and want to get started. submitted by /u/ClarkKennedy929 [link] [留言]
submitted by /u/lood9phee2Ri [link] [留言]
As part of Meta’s Muse Image model rollout, Instagram users with public accounts need to opt out to block AI generations of their content.
Two weeks ago one of my outdoor cats bit me. She's fine — healthy, pregnant, and deeply offended that I picked her up, but she needed flea medicine and I needed to confirm the pregnancy. (If anyone wants a kitten, I know a grumpy lady who has some.) My pinky swelled up, and typing went from "mildly error-prone" to "not happening." So I dictated this post. If you've ever looked at raw voice transcription, you know what that produces: one giant unpunctuated block with half the words wrong. My transcript literally claims "AI needed to put flea medicine on her." It was me. That's the kind of thing the AI is cleaning up. The ideas are mine. The argument is mine. The punctuation and clarification belongs to the machine, because the machine is better at punctuation than a transcript is. By the rules of the current discourse, you're now supposed to stop reading. That's the game, right? "Not reading this if it's AI-generated." "It has em dashes — slop." Let's deal with the em dash first, since it's apparently forensic evidence now. You can type one. Shift-Option-hyphen on a Mac. Windows-Shift-hypen on Windows. Writers were littering pages with them for a century before the first transformer shipped. Its little brother the en dash is everywhere too, and nobody has ever accused an en dash of being a robot. The em dash gets singled out for exactly one reason: it's a fast, cheap way to judge a piece of writing without engaging with a single idea in it. Zero effort, instant superiority. Remember that phrase — zero effort. It's coming back. Because real AI slop absolutely exists. Someone fires off one prompt, ships whatever falls out, never reads it, then farms for stars and upvotes. That's slop — not because a model was involved, but because no human was. Effort is the variable. The tool never was. Here's what the other end of the spectrum looks like. Hundreds of hours on a single project. I decide the architecture, the language, how it compiles, how it deploys. I fork the output
I rebuilt aesencryption.net so text AES (128/192/256) runs fully in the browser - the key and plaintext never leave the page. The hard part is staying byte-compatible with common server-side AES libraries (mode, IV, padding, base64 output), so I ship copy-paste equivalents in PHP, Java, Python, Go, Rust, Kotlin and JS. Live tool (mine, free): https://aesencryption.net - feedback on the crypto choices welcome. My own site.