今日已更新 386 条资讯 | 累计 20358 条内容
关于我们

标签:#Web

找到 1678 篇相关文章

开发者

What actually happens when you launch a side project with zero audience

Everyone talks about the build. Nobody talks about what happens the week after, when you go to actually tell people it exists and discover every distribution channel has its own quiet gatekeeping you didn't know about until you hit it. Hacker News flagged my Show HN before it ever reached the front page. Not rejected — flagged, silently, likely because the account posting it was brand new with a self-promotional link and zero history. No warning, no explanation, just gone from /newest for anyone not specifically looking. Reddit was worse in a different way. r/webdev's AutoMod rejects any submission from an account under three months old with low karma — a hard gate, not a soft one, and it doesn't care which day you post or how you phrase it. r/SideProject let the post through technically, but Reddit's own spam filter quietly removed it minutes later, invisible to everyone except me looking at my own profile. X was just silence. Zero followers means the algorithm has no graph to push the post into. Four views, three of which were probably me refreshing. The one channel that actually worked was the one with the lowest bar to entry: writing. dev.to doesn't gate you behind account age or karma. You write something, it's live, and if it's genuinely useful, people find it — slowly, but for real. That's where actual engagement happened. The pattern underneath all of this: almost every high-leverage distribution channel is, by design, hostile to accounts with no history. That's not a bug — it's the exact mechanism that keeps those platforms usable, and it exists specifically to stop people doing exactly what I was trying to do: show up once with a link and leave. The system is working as intended. It just doesn't feel that way when you're the one hitting the wall. What's actually working, three weeks in, isn't a growth hack — it's writing things people search for, verbatim, and being patient about everything else building account history the boring way: showing up, commenti

2026-07-09 原文 →
AI 资讯

oh-my-agent: Angular support and stateful configuration merges

Shared tool configurations drift when developers run local agents. Adding a new MCP server to a team setup usually fails to reach existing local configurations, leaving developers with outdated toolsets. We resolved this in our latest CLI release by introducing stateful configuration back-filling. The update merges new servers into local environments while preserving custom developer adjustments. What's new Angular stack integration : Added frontend domain detection for angular.json and @angular/* packages in the /stack-set command. The oma-frontend skill now includes angular-rules.md to enforce standalone components, OnPush change detection, and signals. API evolution patterns : Added API lifecycle patterns based on the MAP framework to oma-architecture . This includes Sajaniemi's 11 variable-role taxonomy to guide naming rules in oma-refactor . Windows scheduling updates : The schtasks adapter now maps weekly cron ranges like 1-5 or lists like 1,3,5 directly to Windows task scheduler formats. Model validation : Added vendor validation to the schedule:add command. The CLI now rejects unknown models at registration time rather than failing during execution. Keeping local environments synchronized across diverse OS targets requires strict validation. These fixes ensure configuration changes flow correctly without disrupting developer-specific settings. What's fixed MCP server synchronization : Fixed an issue where SSOT servers added to .agents/mcp.json were only copied if .mcp.json was entirely absent. The CLI now reads the source of truth on every run and merges missing entries. Test execution reliability : Restructured the project root resolution tests to mock the filesystem walk. This isolates test runs from ambient files on CI runners and avoids false failures. Market diversity flags : Corrected the --diversity-threshold flag documentation to reflect that the default threshold is not enforced unless the flag is explicitly set. Cleaning up obsolete protocols reduc

2026-07-09 原文 →
AI 资讯

Chrome Web Store Submission: The Gotchas Nobody Warns You About

I just submitted another Chrome extension to the Chrome Web Store. I have submitted multiple extensions overtime. Mostly for my own tooling and community share or just because idea was fun. The first time took 3 attempts. The second time I got rejected in 12 hours for something completely avoidable. Here's every gotcha I hit — so you don't have to. 1. Manifest description has a 132-character hard limit Not documented prominently anywhere. You'll get a cryptic upload error: "The description field in manifest is too long." Your package.json description or wxt.config.ts description gets baked into manifest.json — check it BEFORE you zip. Fix : Count characters. 132 max. Put the detailed description in the CWS form, not the manifest. 2. Don't put a "Keywords:" line in your description I literally had: Keywords: pinterest seo, pin score, pin quality, pinterest optimizer... Rejected within 12 hours for "Keyword Spam." CWS explicitly bans keyword lists in descriptions — even if they're relevant. Your keywords should be woven naturally into prose. Fix : Write human sentences that include your keywords. "Score your Pinterest pin quality before publishing" contains 3 keywords naturally. 3. upload-artifact@v4 silently skips hidden directories If your build tool outputs to .output/ (like WXT does), GitHub Actions' upload-artifact won't find it. The glob path: .output/*.zip returns nothing because .output starts with a dot. Fix : Add include-hidden-files: true to your upload-artifact step. - uses : actions/upload-artifact@v4 with : path : .output/*.zip include-hidden-files : true 4. optional_permissions need justification too I added sidePanel as an optional permission (reserved for a future feature). CWS asked me to justify it. Optional doesn't mean invisible to reviewers. Fix : Add a justification for EVERY permission — required AND optional. Explain what it'll do and why it's optional. 5. "Support URL" is not your email address The form has separate fields: Support email : yo

2026-07-09 原文 →
AI 资讯

The Complete Redbelly EligibilitySDK Integration Guide: Widget to Backend to On-Chain

The Redbelly Network EligibilitySDK is the compliance backbone for any dApp that needs to verify user eligibility (KYC, KYB, investor accreditation) before letting a wallet in. The official documentation covers each piece well on its own reference page, but there is no single walkthrough connecting the frontend widget to the backend verifier to the on-chain permission check to a production deployment. This guide is that walkthrough. Everything here was verified against the live documentation at https://docs.redbelly.network/ in July 2026: contract addresses, route names, config fields, issuer DIDs and every error string in the reference section. Every code example was then compiled against the published SDK package (v0.0.31) on React 19 with Vite and on Next.js 16 with the App Router, and the backend verifier was booted and exercised for real. Where the docs and reality diverge (a quickstart repo that is not publicly visible, a credential faucet still under development, three undocumented behaviours the builds surfaced), the guide says so and gives you the workaround. What you will build, in order: A mental model of the two verification mechanisms (and why conflating them costs you a day) A working backend verifier with the three routes the widget demands A plain React integration with full loading and error states A production-grade Next.js App Router setup: secure proxy, SIWE sessions, request gating, and both static and dynamic rendering approaches An end-to-end test run on Redbelly Testnet The decision logic for choosing between the three SDK flows, and the pattern for combining them A complete error reference: every documented error, its cause, and its fix A developer following this guide should have the widget running inside an existing dApp within about four hours. 1. Overview and Architecture What the EligibilitySDK actually is The Redbelly "Onboarding and Eligibility Kit" ( @redbellynetwork/eligibility-sdk ) is a set of React components and hooks for provin

2026-07-09 原文 →
开发者

Try out IsItCrashing.com

Hi everyone! I recently launched IsItCrashing.com How often do you deploy a website only to discover later that: ❌ A page is returning a 404 or 500 error ❌ Images or assets aren't loading on some random pages ❌ A route is completely blank ❌ JavaScript crashes are breaking the page ❌ Customers find the problem before you do IsItCrashing.com helps you catch these issues before your users do. Simply enter your website URL, and the tool scans your site to identify: ✅ Broken pages (404/500) ✅ Broken links ✅ Missing assets ✅ Blank pages ✅ JavaScript errors ✅ Website health issues Get a clean, easy-to-read report so you can fix problems quickly and deploy with confidence. Whether you're a developer, QA engineer, agency, or website owner, IsItCrashing.com makes website testing faster and easier. try out here : 🌐 https://isitcrashing.com

2026-07-09 原文 →
开发者

Decoding JWT: It's Not Encryption, It's a Signature

Every API request needs to answer: who is this, and are they allowed? Session auth answers it by having the server remember every login. JWT answers it by making the client carry its own proof — no server memory needed. What's inside a token Header . Payload . Signature. Header and payload are just base64-encoded — readable by anyone, not encrypted. The signature is what matters: a hash of the header + payload, made with a secret key only the server knows. Change one character of the payload, the signature breaks, the server rejects it. Trust comes from the math, not from hiding the data. Client logs in with credentials Server verifies them, signs a token, sends it back Client attaches the token to every future request Server checks the signature — no database lookup Valid + not expired → request proceeds No session table anywhere. The auth state lives inside the token itself. The trade-off Can't instantly revoke a token — it's valid until it expires. Fix: short-lived access tokens + a revocable refresh token. Payload is readable, so never put sensitive data in it. Security comes from HTTPS + safe client-side storage, not secrecy. One-liner to remember it by Session auth: remember who logged in, check memory each time. JWT: remember nothing, verify the proof each time.

2026-07-09 原文 →
AI 资讯

Building an E-commerce Backend: Auth, Cart, and Transactional Orders with Prisma

This is the second stage of my CodeAlpha Full Stack internship — two projects, built in a deliberate order so the patterns from the first carry forward. First was a project management tool (auth + real-time updates with Socket.io). This one is a store: products, cart, orders. Same stack — Express, Prisma, PostgreSQL, JWT — but the interesting part isn't the CRUD, it's the order-placement flow, which is the first genuinely transactional piece of logic in the whole internship. I'll walk through the schema decisions, the auth changes from project one, and then spend most of the time on the part that actually matters: making sure an order can never be created without correctly and atomically updating stock and clearing the cart. The schema model User { id String @id @default(cuid()) name String email String @unique password String role String @default("USER") createdAt DateTime @default(now()) orders Order[] cartItems CartItem[] } model Product { id String @id @default(cuid()) name String description String price Float image String? stock Int @default(0) category String createdAt DateTime @default(now()) cartItems CartItem[] orderItems OrderItem[] } model CartItem { id String @id @default(cuid()) quantity Int @default(1) user User @relation(fields: [userId], references: [id]) userId String product Product @relation(fields: [productId], references: [id]) productId String @@unique([userId, productId]) } model Order { id String @id @default(cuid()) status String @default("PENDING") total Float createdAt DateTime @default(now()) user User @relation(fields: [userId], references: [id]) userId String items OrderItem[] } model OrderItem { id String @id @default(cuid()) quantity Int price Float order Order @relation(fields: [orderId], references: [id]) orderId String product Product @relation(fields: [productId], references: [id]) productId String } Two decisions worth explaining, because they're easy to get wrong if you're building this for the first time. OrderItem.price is a

2026-07-09 原文 →
AI 资讯

The Internet's First Message Was 'LO'

The first message ever sent across the network that became the internet was not a grand declaration. It was two letters: "LO" . Not a word anyone chose, not a slogan, just the first half of a login command that never finished because the system crashed. More than fifty years later, that accidental fragment is one of the best origin stories in computing, and it still has something to teach anyone building connected devices today. The night of 29 October 1969 At around 10:30 in the evening on 29 October 1969, a student programmer named Charley Kline sat at a computer in Leonard Kleinrock's lab at UCLA. His job was to log in to a second machine roughly 350 miles away at the Stanford Research Institute (SRI) in Menlo Park, California. The two computers were among the first nodes of ARPANET, the U.S. Defense Department research network that would eventually grow into the internet. Kline started typing the command LOGIN . To make sure the letters were arriving, he had a colleague at SRI on the phone confirming each keystroke. He typed L , and Stanford confirmed the L. He typed O , and Stanford confirmed the O. Then he typed G , and the SRI machine crashed. So the very first message transmitted over ARPANET was the truncated, unintentional "LO" . Kleinrock has enjoyed pointing out for decades that they could not have scripted anything better: the first word on the internet was "lo," as in "lo and behold." A little over an hour later, after the bug was fixed, Kline completed a full login, but the accidental version is the one history remembers. Why a crash matters more than a clean success It is tempting to treat "LO" as a cute footnote, but the crash is the useful part. ARPANET was not built to be reliable on day one. It was built to discover how to be reliable. Everything we now take for granted about networking, error handling, retransmission, acknowledgements, graceful recovery, exists because early links failed constantly and engineers had to design around failure rath

2026-07-09 原文 →
AI 资讯

I built a free tool to scan your package.json for API deprecations

While researching API changes I noticed something — Google Maps removed DirectionsService on May 1 2026 with no soft fallback. Calls just throw runtime errors after the deadline. Most developers won't know until something breaks. So I built DepRadar — paste your package.json, it checks your exact stack against known deprecations and shows only the ones affecting you, with severity, sunset dates, and migration links. Currently tracks 13 real deprecations across: Google Maps (DirectionsService, DistanceMatrixService removed) OpenAI (Realtime API Beta sunset) AWS SDK v2 (maintenance mode) Microsoft Actionable Messages (retired) moment.js, request package And more Free → depradar.netlify.app Open source → github.com/Ahmed889-code/depradar What deprecations am I missing from your stack?

2026-07-09 原文 →
AI 资讯

How I Structure Large Next.js Projects — Folder Architecture Guide

Bad nextjs folder structure does not show up on day one. It shows up at month six when three developers search for the checkout form hook and find four copies. I reorganised a client dashboard after exactly that — this guide is the tree I use now on large App Router projects, why each folder exists, mistakes from my first Next.js apps, and the 10-second findability rule . Real folder tree — production-shaped layout my-app/ ├── app/ # routes only — thin pages │ ├── (marketing)/ # route group — shared layout, no URL segment │ │ ├── layout.tsx │ │ ├── page.tsx │ │ └── pricing/page.tsx │ ├── (dashboard)/ │ │ ├── layout.tsx │ │ └── orders/page.tsx │ ├── api/ # route handlers │ │ └── webhooks/stripe/route.ts │ ├── layout.tsx # root layout │ └── globals.css ├── components/ # shared UI — buttons, cards, shell │ ├── ui/ │ └── layout/ ├── features/ # business domains — colocated logic │ ├── auth/ │ │ ├── components/ │ │ ├── hooks/ │ │ └── actions.ts │ └── orders/ │ ├── components/ │ ├── api.ts │ └── types.ts ├── lib/ # server + shared utilities │ ├── db.ts │ └── env.ts ├── hooks/ # truly global client hooks ├── types/ # global TS types ├── data/ # static data, blog posts list └── public/ Routes live in app/ . Business logic lives in features/ . Generic design system pieces live in components/ui . That separation is the whole game. Why each folder exists Folder Purpose Do not put here app/ URLs, layouts, loading.tsx Fat business logic features/ Domain modules (orders, auth) Generic Button components/ui Reusable primitives Order-specific tables lib/ DB clients, env validation React components app/api Webhooks, REST edge cases Every form POST (prefer actions) Thin pages — route files under 40 lines // app/(dashboard)/orders/page.tsx — orchestration only import { OrderTable } from "@/features/orders/components/OrderTable"; import { getOrders } from "@/features/orders/api"; export default async function OrdersPage() { const orders = await getOrders(); return ( <section> <h1>Orders

2026-07-09 原文 →
AI 资讯

10 Useless NPM Packages You Didn't Know You Needed

We have all been there. You are staring at your screen late at night, trying to optimize a bundle size, or debugging an enterprise pipeline that has been failing for three hours straight. The mainstream development community constantly tells us to only install packages that are high performance, audited for security, and strictly necessary for production. But where is the fun in a perfectly clean node_modules folder? Sometimes, the ultimate way to level up your engineering workflow is to inject some absolute chaos into your dependencies. Why spend hours writing robust logic when you can install a library that brings pure irony to your terminal? Let us dive into ten packages that might look completely useless on the surface but are actually the most important modules you will ever encounter in your developer journey. 1. emoji-poop This NPM package lets you use the poop emoji in your output. The emoji is well required in most of the websites as the real fun begins when the site crashes and you can use this poop emoji to showcase the errors with an emoji. This will help the clients get a bit calm after seeing the emoji and the errors. Think about it from a psychological perspective: traditional red stack traces cause immediate client panic, but a well-placed graphical poop emoji introduces a masterclass in modern error mitigation. javascript // npm i emoji-poop const emoji = require('emoji-poop'); console.log(emoji) // 💩 2. thanos-js Who doesn't love Marvel, and Thanos being the strongest villain in the MCU? This package lets you delete files in Thanos fashion. Once you install and run it, it deletes 50% of your files, reducing your stress and giving you less codebase to work with. Yes, it deletes the files for those who are confused about what this package does. It uses fs.unlinkSync to delete the files. Deleting random files from .git would be absolutely evil, and Thanos would love to do it. Exactly half of the files are deleted. Each file is given a chance at random

2026-07-09 原文 →
AI 资讯

How Secure is Your Password? Calculating Shannon Entropy in the Browser

We've all seen password strength meters on sign-up forms. Most of them rely on simplistic, static rules: "Must contain at least 8 characters, one number, and one special character." But from a mathematical standpoint, these rules are a poor proxy for actual password security. A password like Tr0ub4dor&3 conforms to these rules but is far easier to compromise than a randomly generated four-word passphrase like correct-horse-battery-staple . To truly measure password security, we have to look at information theory and compute its Shannon Entropy . Here is how password entropy works, the math behind it, and how you can calculate it directly in the browser with 100% client-side privacy. What is Password Entropy? In cryptography, entropy is a measure of the unpredictability or randomness of a password. It is expressed in bits . An entropy of $N$ bits means there are $2^N$ possible combinations that an attacker would have to guess in a worst-case brute-force search. < 28 bits: Very weak (easily guessed in milliseconds). 28 to 35 bits: Weak (cracked in minutes or hours). 36 to 59 bits: Reasonable protection (days to months). 60 to 127 bits: Very strong (takes years to decades to crack). 128+ bits: Extremely secure (mathematically unfeasible to crack). The Mathematical Formula To calculate the entropy ($E$) of a password, we use the following equation: $$E = L \times \log_2(R)$$ Where: $L$ is the length of the password (number of characters). $R$ is the size of the pool of unique characters from which the password is drawn. $\log_2(R)$ is the binary logarithm of the pool size, representing the amount of information carried by each character. Determining Pool Size ($R$) To find $R$, we analyze which character sets are present in the password string: Lowercase letters ( a-z ): 26 characters Uppercase letters ( A-Z ): 26 characters Numbers ( 0-9 ): 10 characters Common special characters/punctuation: 33 characters (e.g., !@#$%^&*()-_=+[]{}|;:',.<>/? etc.) If a password uses ch

2026-07-08 原文 →
开发者

MarkDown - что это?

MarkDown - что это? [[Markdown]] — это язык разметки, с упрощенным до человекочитаемости синтаксисом. Markdown — создан Джоном Грубером ( John Gruber ) в 2004 году. Markdown — это фактически "микро" язык для трансляции "текста markdown"в подмножество языка XHTML. Markdown - итоговая презентация текста всегда документ HTML , и только потом если нужно следующим шагом PDF, др. стандарты документации. Markdown принципиально не может задействовать весь потенциал XHTML, результатом его работы всегда является ограниченный набор элементов. Markdown — это транслятор который при анализе интегрированного в "текст" markdown HTML/XHTML кода обязан по стандарту просто его транслировать в итоговый образ документа. Markdown — это, если цитировать автора > «Markdown — это инструмент преобразования текста в HTML для веб-писателей. Markdown позволяет писать в легко читаемом и удобном для написания текстовом формате, а затем преобразовывать его в структурно корректный HTML. ║ John Gruber » Примечание Термин транслятор , не обходимо понимать как сущность алгоритм Я не нашел программу реализующая концепт MarkDown по принципам John Gruber. Ни одна программа не умеет делать из Markdown валидный по John Gruber HTML. Все проверенные мною программы Obsidian, MarkText, Typora, на выходе из 10 строк генерируют портянку HTML в несколько тысяч строк!!! Причина Obsidian, Typora и MarkText используют Markdown не для веб-писателей и блогеров, а как формат хранения баз знаний (Knowledge Management)**. John Gruber - Wikipedia

2026-07-08 原文 →
AI 资讯

The API-First SaaS Manifesto: How to Architect a Production-Grade Application in 2026 Without Building Microservices

Every junior developer or solo software engineer falls into the exact same engineering trap: They conflate writing code with building a business. They spend their initial excitement phase setting up intricate user database authentication schemas, writing custom cron jobs for automated subscription reminders, or building heavy background pipelines just to resize a user’s uploaded logo image. By the time their local environment is "infrastructure perfect," weeks have passed. The momentum is gone, burnout sets in, and the repository is abandoned before ever tasting real production traffic. In 2026, computing power has completely shifted to specialized edge layers. Infrastructure has become commoditized. If you are wasting creative bandwidth trying to compete on backend pipelines instead of focusing entirely on your unique value proposition, you are systematically killing your startup. Here is the architectural matrix to decouple your operational infrastructure and shift to a lean, hyper-scalable API-first codebase. Part 1: The Production Infrastructure Decoupling Layer The golden rule of modern systems design is clear: Your application should only maintain two core pillars internally—your proprietary business logic and your core user state database. Everything else—from security to user tracking—is a solved problem that should be offloaded to third-party micro-services. Let’s look at the financial and time trade-offs of building versus outsourcing across critical technical vectors: Microservice Vector The Native Way (High Friction) The 2026 API Standard Launch Velocity Impact Merchant of Record Raw Stripe API + Custom Tax Calculators Lemon Squeezy / Paddle Saves 5 days of legal & accounting setup Feature Rollouts Custom Postgres feature-flag logic loops GrowthBook / LaunchDarkly Zero deployment overhead for major pivots Customer Feedback Manual tables + Admin CRUD boards Featurebase API Instant roadmaps directly inside frontend Media Compression AWS S3 triggers + Edge

2026-07-08 原文 →
AI 资讯

Why I Choose Lovable for Building Full-Stack Applications with AI

Why I Choose Lovable for Building Full-Stack Applications with AI Over the last year, AI-assisted software development has evolved from generating code snippets to building complete web applications. We've all seen tools like Cursor, Claude Code, GitHub Copilot, Replit Agent, Bolt, and many others enter the market. Each has its strengths, but after experimenting with several of them, I keep coming back to Lovable whenever I want to build a new web application from scratch. This isn't a sponsored post—it's simply the workflow that has worked well for me. If you're interested in trying Lovable, you can use my referral link below. Disclosure: new users receive additional signup credits, and I receive referral credits if you sign up through it. Referral: https://lovable.dev/invite/AQ02SOZ Why Lovable Stands Out Most AI coding assistants help you write code. Lovable helps you build an application. Instead of focusing on individual functions or files, it takes a higher-level approach where you describe what you want, and it generates a complete full-stack application that you can continue refining. A typical workflow looks like this: Idea │ ▼ Describe the application │ ▼ Lovable generates • Frontend • Backend • Database • Authentication • API integration │ ▼ Preview instantly │ ▼ Connect GitHub │ ▼ Iterate and Deploy Unlike traditional no-code platforms, you're not locked into a proprietary editor. Lovable supports GitHub synchronization, native Supabase integration for authentication and PostgreSQL-backed data, and deployment options ranging from Lovable-hosted apps to your own infrastructure. Why I Keep Choosing Lovable After building several side projects, these are the reasons I continue to use it. 1. Rapid idea-to-production workflow The biggest productivity gain isn't AI-generated code. It's reducing the number of decisions needed before users can interact with your application. Instead of spending hours creating project structure, authentication, routing, database

2026-07-08 原文 →
开发者

JavaScript Functions: Basic Concepts You Should Know

Introduction When learning JavaScript, one of the first concepts you’ll encounter is functions. Functions are the building blocks of JavaScript. They help you organize code, avoid repetition, and make your programs easier to understand. If variables store data, functions define behavior . You’ll use functions everywhere: handling user input, processing data, calling APIs, and structuring your code. In this article, we’ll cover: What is a function Function declarations Function expressions Parameters vs arguments Return values Arrow Functions Why Functions Matter 1. What is a Function? A function is a reusable block of code designed to perform a specific task. Think of it like a machine: Input → Process → Output function greet () { console . log ( " Hello! " ); } To run the function, you call it: greet (); // Hello! 2. Function Declaration This is the most common way to define a function: function add ( a , b ) { return a + b ; } 💡 Explanation: Defined using the function keyword Can be called before it is declared (because of hoisting) Key parts: function → keyword add → function name a, b → parameters return → output value add (); // ✅ Works! function add ( a , b ) { return a + b ; } 💡 Why does this work? JavaScript reads the code first, and function declarations are stored in memory during the initial phase (hoisting) . That’s why you can call the function even before it’s defined in the code. 3. Function Expressions Functions can also be stored in variables: function add ( a , b ) { return a + b ; } 💡 Explanation: Assigned to a variable Cannot be used before initialization add (); // ❌ Error: Cannot access before initialization const add = function ( a , b ) { return a + b ; }; 💡 Why does this cause an error? Because: const add has not been initialized yet when it is called. The function itself is not in memory at that moment . 4. Parameters vs Arguments This is a common beginner confusion: Parameter: variable in function definition Argument: actual value passed i

2026-07-08 原文 →
AI 资讯

Make your content answer-first so AI models actually cite it

If you want ChatGPT or Google's AI Overviews to quote your pages, structure matters more than volume. Retrieval systems favor passages where the answer is stated plainly and can stand alone. Here's a practical way to test and fix your content. Step 1 — Define the question the page answers Write it as a literal user query. How much does a website cost for a small business in the UK? Step 2 — Extract your current answer passage Copy the first two or three sentences from your page. Paste them somewhere without any extra context. Ask yourself: Does this work as a direct answer? If it only makes sense after reading earlier paragraphs, it doesn’t pass the extraction test. Step 3 — Rewrite answer-first Lead with the conclusion, stated as a fact, then support it. Before: "We get asked about pricing a lot, and honestly it's one of the trickiest questions to answer..." After: "A small-business website in the UK typically costs £1,500–£6,000 for a brochure site and £6,000–£20,000+ for e-commerce. The price depends on three things: page count, payment functionality, and custom vs template design." Step 4 — Test extractability with a model Send the passage to an LLM and check whether it returns a clean, single answer. Use a system prompt that mimics retrieval behavior. System: You are a retrieval system. From the passage below, extract the single most direct answer to the user's question. If no self-contained answer exists, reply "NO_EXTRACTABLE_ANSWER". User question: How much does a website cost for a small business in the UK? Passage: If you get NO_EXTRACTABLE_ANSWER or a vague summary, your structure needs work. Step 5 — Reinforce with structured data Markup question and answer pages with FAQPage schema so the question/answer pairing is machine-readable as well as human-readable. json { " @context ": " https://schema.org ", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "How much does a website cost for a small business in the UK?", "acceptedAnswer": { "@t

2026-07-08 原文 →
AI 资讯

Is True Database Elasticity Still a Myth?

Is True Database Elasticity Still a Myth? A New Reality Unfolds Introduction For years, the promise of truly elastic, "serverless" databases felt like a mirage in the desert of database management. We were told of systems that could scale to zero during idle periods and burst to handle monumental loads, all while paying only for what we used. The reality, however, often fell short: many solutions were merely cleverly packaged auto-scaling groups, saddling organizations with expensive idle costs and the persistent headache of capacity planning. This bred a healthy skepticism among developers and operations teams alike. Fortunately, that narrative is finally shifting. A new generation of distributed database architectures is emerging, fundamentally redefining what "elasticity" means. These aren't just incremental improvements to connection pooling or replica sets; they represent a paradigm shift towards truly decoupled compute and storage layers, enabling dynamic resource allocation at an unprecedented, granular level – even per query. This tutorial will explore this architectural evolution and demonstrate conceptually how it delivers on the long-awaited promise of genuine pay-as-you-go database services. Understanding the Architecture: A Conceptual Walkthrough The core innovation driving this new wave of elasticity lies in the complete decoupling of compute and storage layers . Traditionally, a database instance (a VM or container) held both its processing power (CPU, RAM) and its local storage. Scaling meant provisioning larger instances or adding more replicas, each with fixed compute and storage capacities, leading to inefficiency. In the modern elastic database, these functions operate independently: Storage Layer: This is a highly distributed, shared storage fabric – often an optimized, resilient object store – that handles data persistence, replication, and durability. It scales automatically based on your data volume, and you typically pay only for the storage

2026-07-08 原文 →
AI 资讯

"KakaoTalk Source Code for Sale" — Anatomy of a Dark-Web Claim, the Real Target, and the Blast Radius If It's True

id CTI-2026-0708-KAKAO title "KakaoTalk Source Code for Sale" — Anatomy of a Dark-Web Claim, the Real Target, and the Blast Radius If It's True subtitle Not a data breach but a leak of intellectual property and infrastructure. Title says KakaoTalk, repo names say ZigZag — an extortion pitch built on a misattributed target author Dennis Kim / HoKwang Kim email gameworker@gmail.com github gameworkerkim date 2026-07-08 classification TLP:GREEN severity HIGH (conditional — CRITICAL if verified) lang en tags Source-Code-Sale · Dark-Web · Extortion · Target-Misattribution · Kakao-Style · ZigZag · Supply-Chain · LLM-Weaponization · DPRK-APT · Secret-Sprawl threat_actors ExtortionLord (unidentified dark-web forum seller) frameworks MITRE ATT&CK · NIST SP 800-207 (Zero Trust) · SLSA / SSDF (SP 800-218) · PIPA Art. 34 (Korea) license CC BY-NC-SA 4.0 "KakaoTalk Source Code for Sale" — Anatomy of a Dark-Web Claim, the Real Target, and the Blast Radius If It's True Report ID CTI-2026-0708-KAKAO · Published 2026-07-08 · Classification TLP:GREEN · Severity 🔴 HIGH (conditional) Author Dennis Kim / HoKwang Kim · gameworker@gmail.com · @gameworkerkim 🌐 한국어 · English (this document) Not a data breach but a leak of intellectual property and infrastructure. The title says KakaoTalk, the repository names say ZigZag — an extortion pitch built on a misattributed target. Table of Contents Executive Summary (TL;DR) Framing — Not "What's Being Sold" but "What's at Stake" The Claim — Anatomy of the Listing The Real Target — Title Says KakaoTalk, Fingerprints Say ZigZag Credibility Assessment — Why We Can't Trust It Yet Blast Radius If True — Why It Exceeds TVING and CU Three-Breach Severity Comparison — Data Leak vs. Code/Infra Leak Korean Context — The Next Stage of the B2C Breach Chain Detection, Mitigation, and Response Recommendations Conclusion References 1. Executive Summary (TL;DR) In early July 2026, a threat actor calling itself "ExtortionLord" posted a dark-web forum listing offering

2026-07-08 原文 →