今日已更新 386 条资讯 | 累计 20358 条内容
关于我们

标签:#X

找到 677 篇相关文章

创业投融资

Xbox is closing down Hellblade creator Ninja Theory

Xbox is closing down Ninja Theory, the studio behind the Hellblade series, a source tells The Verge. Staffers were told on a call on Monday about the closure, but they are hoping the studio will find a buyer. The closure comes as "several" Xbox studios at Microsoft, including Compulsion Games and Double Fine, are in […]

2026-06-16 原文 →
AI 资讯

Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses

A data export endpoint dumps system diagnostics when it hits an invalid field. Feed it garbage, read the debug output, grab the flag. A data export feature lets you pick which profile fields to download. The UI only offers valid fields through checkboxes, so everything looks locked down. But the API behind it accepts arbitrary field names -- send it one it doesn't recognize, and instead of a clean error, it dumps full system diagnostics including internal feature flags. That's where the flag is. You'll bypass the frontend, hit the endpoint directly, and read what comes back. Lab setup Start the lab: npx create-oss-store@latest Or with Docker (no Node.js required): docker run -p 3000:3000 leogra/oss-oopssec-store The app runs at http://localhost:3000 . What you're targeting The app has a profile page at /profile with a Data Export tab. It lets users download their own data in JSON or CSV by selecting fields through checkboxes ( User ID , Email , Role , Address ID ) and clicking "Export Data". The UI looks safe -- you can only pick from a fixed set of valid fields, so there's no way to submit an invalid one through the browser. But that's just client-side validation. The endpoint behind it is POST /api/user/export , and it accepts a JSON body with two parameters: { "format" : "json" , "fields" : [ "id" , "email" , "role" ] } The fields value is an array of strings. The API checks each field against an allowlist. Valid fields? You get your data back. Invalid fields? The API throws an error -- and that error says way too much. Step-by-step exploitation 1. Log in You need an authenticated session. Use one of the seeded accounts: Email: alice@example.com Password: iloveduck Log in through the UI at /login , or grab a session cookie via curl: curl -c cookies.txt -X POST http://localhost:3000/api/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"alice@example.com","password":"iloveduck"}' 2. Explore the Data Export tab Go to /profile and click the Data Export

2026-06-16 原文 →
AI 资讯

arabinum|the search engine that turns results into social feed

Have you ever felt that browsing the web has become "tiring"? We open a browser, search, close a page, then move to another... a dizzying cycle of distracted navigation between sites, while we are essentially looking for "knowledge," not "links." I asked myself: What if browsing was as fluid as scrolling through Facebook, but with the power and accuracy of search engines like Google? I finally decided to turn this idea into reality through my new project, Arabinum. What does Arabinum do? Turning websites into posts: The browser reformats the web so that content appears as fluid feeds, eliminating visual distraction. Smart categorization: No more getting lost; I have divided content into specialized sections like "Videos" and "Research Papers," so you can find what you need in one place. Browsing as a social activity: I added interactive features (Like, Comment, Repost) to make content consumption a collaborative experience rather than a rigid, individual process. I believe the web needs an interface that restores the user's focus, and this project is my attempt to merge the best of the worlds of "Search" and "Social Media." Notes: This is a beta version I launched just to see your thoughts on the idea. This version might not be compatible with small screens yet. This version includes Google Search, YouTube, and scientific papers from arXiv. I look forward to hearing your opinions. The site is free and ad-free, but I need your support to continue due to API and domain costs. I am sixteen years old and a high school student. Finally, I present to you my browser, Arabinum: https://arabinum.amrzlabs.com

2026-06-15 原文 →
AI 资讯

How to Use Claude to Troubleshoot Linux Servers

Claude is genuinely useful for production Linux troubleshooting — when you use it right. Here's the workflow that works, after a year of using it on real incidents across Ubuntu, RHEL, and Rocky. The mental model: Claude is a senior pair, not an oracle The mistake most engineers make on day one: they paste a 5-line error message and expect a fix. Claude can do better than that — but only if you give it the same context you'd give a senior engineer joining your incident bridge. A senior engineer would want: What OS and version? What does this server do? What changed recently? What's the actual symptom? What command output have you already gathered? Give Claude that, and the quality of analysis changes completely. The workflow Step 1: Establish context with a system prompt Use our Linux Server Troubleshooting Prompt as your system prompt, or paraphrase: "You are a senior Linux sysadmin. Rank root-cause hypotheses by probability. Recommend safe diagnostics first. Label destructive commands as DANGEROUS." Step 2: Paste structured context, not noise Good: OS: Ubuntu 22.04, kernel 5.15 Role: production MySQL replica, 64GB RAM, 16 cores Recent changes: kernel upgrade 6 hours ago Symptom: server load average 40+, MySQL replication lag growing, queries timing out $ uptime 14:22:01 up 6:02, 4 users, load average: 41.23, 38.51, 35.04 $ free -h total used free shared buff/cache available Mem: 62Gi 58Gi 1.2Gi 128Mi 3.1Gi 1.8Gi $ iostat -xz 2 3 [...] Bad: my server is slow can you help Step 3: Let it ask follow-up questions The good prompts in our library tell Claude to ask for missing data before guessing. When it asks "can you share dmesg | tail -50 and vmstat 1 5 ?" — that's a feature, not a flaw. Give it the data. Step 4: Validate suggested commands before running Claude will sometimes suggest a command with subtly wrong syntax, a destructive flag, or a path that doesn't exist on your distro. Read every suggestion before running. Never paste straight into a root shell. Step 5

2026-06-15 原文 →
AI 资讯

From Mint to NixOS: Why a Long-Time Linux User Made the Switch

Background I started daily driving Linux back in 2019. The start of that journey was rough, and I still deeply appreciate the help I received in those early days from the old guard who kept me moving forward. Early on, I quickly found my home with Linux Mint and its Cinnamon desktop. As the saying goes, "You don't choose a Linux desktop; the desktop chooses you." Built on top of a stable foundation with a rich package infrastructure, Cinnamon provided a familiar experience that bridged the gap from Windows. It also afforded me excellent customization options right out of the box, such as configuring custom keyboard shortcuts or setting up auto-login startup scripts, while always getting out of my way. No adverts, no pop-ups, just a fast and efficient desktop environment. I won't lie, though: I distro-hopped multiple times just to see if the grass was greener. Through those escapades, I quickly realized I am definitely not a GNOME person; I do not like polyfilling my desktop experience with a suite of extensions. And as much as I appreciate KDE Plasma, I learned that with great customization comes great responsibility because it was far too easy for me to break my environment with just a few theme toggles. This is not a dig at those desktop environments; it just means I am not wired for that kind of experience. As I continued my Linux journey, my priorities shifted. I wanted a predictable operating system that could act as a trusted companion, both for my daily life as a software developer and as a casual user wanting to watch Netflix on the weekends. This is what made me appreciate Linux Mint even more. It featured a predictable release cycle, a stable package base built on Ubuntu LTS, and Timeshift to guard against system breakage during upgrades. However, two major friction points always bothered me: Stable but Stale Packages: Linux Mint's software is incredibly stable, but it is rarely fresh. For example, the okular package is consistently several versions behind

2026-06-15 原文 →
AI 资讯

How to Choose the Right Color Palette for UI/UX Design

A beautiful interface isn't created by random colors. The right color palette can increase usability, improve brand recognition, and guide users toward important actions. Here's a simple process I follow when designing products: ✅ 1. Start with Your Brand Personality Ask yourself: • Professional or playful? • Premium or affordable? • Modern or traditional? Examples: 🔵 Blue = Trust, security, professionalism 🟢 Green = Growth, health, sustainability 🟣 Purple = Creativity, innovation 🔴 Red = Energy, urgency, excitement Your primary color should reflect your brand's personality. ━━━━━━━━━━━━━━ ✅ 2. Use the 60-30-10 Rule A balanced interface often follows: • 60% Primary Background Color • 30% Secondary Color • 10% Accent Color This creates visual harmony and prevents color overload. ━━━━━━━━━━━━━━ ✅ 3. Limit Your Palette Many beginners use too many colors. A professional UI usually needs: • 1 Primary Color • 1 Secondary Color • 1 Accent Color • Neutral Colors (White, Gray, Black) Less is often more. ━━━━━━━━━━━━━━ ✅ 4. Think About Accessibility Your design should work for everyone. Check: ✔ Text contrast ✔ Button visibility ✔ Readability on mobile screens If users struggle to read content, even the most beautiful design fails. ━━━━━━━━━━━━━━ ✅ 5. Create a Consistent Color System Instead of random shades: Primary: • 50 • 100 • 200 • 300 • 400 • 500 Secondary: • 50 • 100 • 200 • 300 • 400 • 500 This makes scaling your product much easier. ━━━━━━━━━━━━━━ ✅ 6. Analyze Successful Products Study platforms like: • Airbnb • Spotify • Stripe • Notion Notice how they use color intentionally to guide user attention. ━━━━━━━━━━━━━━ 💡 Quick Formula Primary Color → Brand Identity Secondary Color → Support Content Accent Color → Call-To-Action Buttons Neutral Colors → Layout & Typography Good UI isn't about using more colors. It's about using the right colors in the right places. What's your favorite color palette for modern web applications? UIUX #UIDesign #UXDesign #WebDesign #Produc

2026-06-15 原文 →
AI 资讯

The Only Productivity Hack That Actually Worked for Me

The Only Productivity Hack That Actually Worked for Me I've tried every website blocker in existence. They all have the same flaw: one click and they're off. That settings toggle might as well not exist when the urge to procrastinate hits. I needed something I couldn't override. So I built the opposite. The Problem Every blocker follows the same pattern: it blocks, you unblock, you procrastinate. The issue isn't discipline — it's that your future self and your present self want different things. And that future self will happily undo anything you set up. What I needed was a system where both selves agreed on the rules upfront and then neither could break them. The Solution kblocker is a Linux kernel module that hooks into netfilter and drops TCP connections to whatever sites I configure. The key feature isn't the blocking — it's how you turn it off. When blocking is enabled, kblocker generates a 128-bit key. With PGP mode, it automatically encrypts that key to people I trust and then erases it from kernel memory. The raw key no longer exists anywhere on my system. To disable the blocker, one of those people has to decrypt it and send it back to me. I outsourced my willpower. When I want to focus, I run: sudo kblockerctl enable 120 Two hours of blocked distractions. If I feel the urge to procrastinate, I can't — I'd have to text a friend, explain why, wait for them to decrypt it, and paste the result. By then the urge is gone. The Result I've gone from losing entire afternoons to YouTube to actually finishing things. The blocker has caught me mid-reflex to type youtube.com more times than I can count. It's free if anyone wants it: github.com/Dan-J-D/kblocker If you keep breaking your own focus tools, this is for you.

2026-06-14 原文 →
开发者

I Built a 4-Sided Plot Area Calculator with 2D & 3D Visualization

I Built a 4-Sided Plot Area Calculator with 2D & 3D Visualization Most online plot calculators only work for simple rectangular plots. However, many real-world properties have four sides with different measurements, making area estimation much more difficult. That's why I built a 4-Sided Plot Area Calculator that allows users to enter the North, South, East, and West dimensions and instantly calculate the approximate plot area. 🔗 https://www.premiumconverters.com/plot-area-calculator Features 📐 Supports irregular 4-sided plots 🏠 Calculates area in Marla, Kanal, Acres, and more 🖼️ Interactive 2D top-down visualization 🏗️ Isometric 3D plot rendering 📏 Feet & inches input support 📱 Mobile-friendly experience Why I Built It In many countries, especially in South Asia, property dimensions are often recorded as side measurements rather than perfect geometric shapes. Existing tools rarely address this use case properly. I wanted to create a simple solution that homeowners, buyers, real estate professionals, and developers could use without needing complex surveying software. The Result The calculator transforms four side lengths into a practical estimate while providing visual feedback that helps users better understand their property's shape. Building tools that solve real-world problems is one of the most rewarding parts of software engineering. Have you ever built a niche tool that unexpectedly helped thousands of users?

2026-06-14 原文 →
AI 资讯

Le SDK Stripe nous a menti en 9 millisecondes : 4 tests pour confondre un bug d'environnement avant de le patcher

La trahison du chiffre Vendredi 15 mai, 16 h 13. L'alerte Sentry remonte sur le téléphone. La première réinscrite Phase 1 attend devant l'écran de paiement, son nom est en haut de mon onglet. Je pose la canette, je rouvre l'écran. La tasse à tête de Françoise, sur le poste d'à côté, capte un reflet jaune que je remarque sans le regarder. La stack trace tient en plein écran. Le stack trace s'ouvre, neuf champs sur dix à null , et un chiffre que je n'ai pas vu venir. type = "StripeConnectionError" message = "An error occurred with our connection to Stripe." code = null statusCode = null requestId = null duration = 9 ms Neuf millisecondes. Sur une route Vercel en région Paris, un DNS résout en quarante millisecondes, un handshake TLS coûte cent à deux cents. Neuf millisecondes, ce n'est pas un appel réseau qui a échoué. C'est un appel réseau qui n'a jamais eu lieu. Le SDK n'est pas arrivé jusqu'à la fibre. L'instinct propose immédiatement trois patchs. Timeout serverless Vercel — j'ajoute maxDuration , je redéploie. Clé révoquée — je vais la rouler. Compte Stripe restreint après le passage en mode live — j'ouvre un ticket support. Ces trois hypothèses sont plausibles. Aucune des trois n'est falsifiable par le symptôme seul, et c'est précisément ce qui les rend dangereuses : chacune ouvre un cycle de quinze à trente minutes avec rollback à la fin si elle se trompe. Multiplié par trois, on tient une demi-journée perdue avec la cliente toujours en train de cliquer. Je n'ai pas le temps. Une réinscrite attend. Quatre tests, dans l'ordre Je connais la classe d'incident — « preview marche, prod casse » , ou son symétrique. La règle, pour cette classe, c'est qu'on ne corrige rien tant qu'on n'a pas discriminé les couches. Quatre tests, exécutés dans l'ordre. Chacun élimine une famille d'hypothèses, pas une hypothèse isolée. Et chacun est conçu pour réfuter ce qu'il vient interroger — parce qu'un test qui cherche à confirmer trouve toujours, par sélection, ce qu'il cherche. Te

2026-06-14 原文 →
AI 资讯

The 4-test protocol that isolated a 9 ms Stripe SDK crash on Next 16

The number that lied Friday May 15, 4:13 PM. The Sentry alert pings on my phone. The first Phase 1 re-enrolling student waits in front of the payment screen, her name at the top of my tab. I put down the can, I reopen the screen. The mug with Françoise's face on it, on the desk next door, catches a yellow reflection I notice without looking at. The stack trace fills the screen. The stack trace opens, nine fields out of ten at null , and a number I didn't see coming. type = "StripeConnectionError" message = "An error occurred with our connection to Stripe." code = null statusCode = null requestId = null duration = 9 ms Nine milliseconds. On a Vercel route in Paris region, DNS resolves in forty ms, a TLS handshake costs one to two hundred. Nine milliseconds isn't a network call that failed. It's a network call that never happened. The SDK didn't reach the wire. Instinct immediately offers three patches. Vercel serverless timeout — I add maxDuration , redeploy. Revoked key — I'll rotate it. Stripe account restricted after the live switch — I open a support ticket. These three hypotheses are plausible. None of the three is falsifiable from the symptom alone, and that's precisely what makes them dangerous: each opens a fifteen-to-thirty-minute cycle with rollback at the end if it's wrong. Multiplied by three, half a day lost with the customer still clicking. I don't have time. A student is waiting. Four tests, in order I know the incident class — "preview works, prod breaks" , or its mirror. The rule for this class is that you fix nothing until you've discriminated the layers. Four tests, executed in order. Each eliminates a family of hypotheses, not an isolated hypothesis. And each is designed to refute what it interrogates — because a test that seeks to confirm always finds, by selection, what it's looking for. Test 1 — reproduce in the witness environment. I rerun the same funnel in preview, with the sk_test_ key. Checkout opens in three hundred fourteen milliseconds,

2026-06-14 原文 →
AI 资讯

How I built an automated SBOM scanner to secure my supply chain 🛡️

Supply chain security is terrifying right now. With new vulnerabilities popping up daily and governments mandating compliance (like the EU CRA and US Executive Orders), I realized my open-source projects were completely flying blind. I needed a Software Bill of Materials (SBOM) to track exactly what dependencies I was shipping. But every tool I found was either a massive enterprise platform or a clunky CLI tool that took forever to set up. So, I built my own. It's called Deptic . 🏗️ The Architecture I wanted the developer experience to be completely frictionless: you paste a GitHub URL, and it instantly spits out a compliant SBOM and highlights any critical CVEs. Here is the tech stack I went with: Next.js 14 (App Router): For a lightning-fast React frontend and seamless API routes. Go (Golang): The backend scanning engine. Go's incredible concurrency allows it to parse massive dependency trees in milliseconds. Supabase: For database management and instant authentication. Tailwind CSS: Because writing raw CSS is pain. 🧩 The Hardest Part: Dependency Resolution Building the UI was easy. Parsing package.json or go.mod files? Also easy. The hardest part was recursively walking down the dependency tree to find transitive dependencies (the dependencies of your dependencies). I had to write custom parsers that could speak to the NPM registry, PyPI, and Maven Central simultaneously to map out the entire tree and cross-reference them with global CVE databases in real-time. 🚀 The Result What started as a weekend script turned into a full platform. Deptic now supports: Instant scanning of public GitHub repos. Generating perfectly compliant CycloneDX (1.5) and SPDX (2.3) JSON files. Live CVE vulnerability detection. Try it out! If you want to see exactly what dependencies are hiding in your codebase, you can run a free scan here: 👉 deptic.netlify.app It's completely free for developers. I would love to get your brutal feedback on the UI, the scanning speed, or any feature reque

2026-06-14 原文 →