今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#c

找到 15793 篇相关文章

AI 资讯

Bypassing AMM Slippage: How Typelex Uses On-Chain Atomic Swaps for MEV-Proof OTC Trading

If you’ve ever built or interacted with DeFi protocols, you know the mathematical limitations of Constant Product Market Makers ($x \times y = k$). While AMMs are great for retail liquidity, executing a large transaction (e.g., $100,000+) directly against a liquidity pool triggers two major issues: Severe Slippage: The marginal price of the asset degrades exponentially relative to the trade size. MEV Exploitation (Sandwich Attacks): Public mempool transactions are highly vulnerable. Front-running bots will buy the asset ahead of your execution block, push the price up to your maximum slippage limit, and dump it immediately after. To solve this without relying on centralized, custodial desks or risky off-chain escrow setups, we built Typelex —a decentralized, non-custodial P2P OTC protocol. Here is a look at how we bypassed the AMM bonding curve entirely using on-chain atomic swaps. The Architecture of an On-Chain Atomic Swap Instead of routing trades through active liquidity pools, Typelex utilizes isolated smart contracts to execute peer-to-peer trades. The entire swap happens atomically : either all conditions are met within a single block execution, or the entire transaction reverts. Conceptual Smart Contract Logic (Solidity-based) To understand how the trustless escrow works under the hood, here is a simplified mental model of the swap execution logic: struct Order { address maker; address taker; // address(0) if public address tokenA; uint256 amountA; address tokenB; uint256 amountB; bool active; } mapping(uint256 => Order) public orders; function takeOrder(uint256 orderId) external { Order storage order = orders[orderId]; require(order.active, "Order not active"); if (order.taker != address(0)) { require(msg.sender == order.taker, "Unauthorized taker"); } order.active = false; // Pull Token B from Taker to Maker IERC20(order.tokenB).transferFrom(msg.sender, order.maker, order.amountB); // Push Token A from Contract Escrow to Taker IERC20(order.tokenA).transfer

2026-07-15 原文 →
AI 资讯

My MCP Server Only Talks to APIs I Trust. That Doesn't Mean the Data Coming Back Is Trustworthy.

I built a small MCP server a while back — developer-presence , seven tools wrapping the GitHub REST API and the DEV.to API so an agent can check my repo stats, list my articles, or draft a new post without me leaving the chat. It's mine, I wrote every line, there's no third-party package doing anything sketchy under the hood. By the usual "vet your MCP servers before installing them" checklist, it passes clean. I've written that checklist article before. What I hadn't thought carefully about until recently is that vetting the server doesn't vet the data. Two of its tools go straight to the point: @mcp.tool () def get_repo_stats ( repo : str ) -> dict : """ Get stars, forks, watchers, open issues for enjoykumawat/<repo>. """ r = _gh ( f " /repos/ { GITHUB_USERNAME } / { repo } " ) return { " name " : r [ " name " ], " stars " : r [ " stargazers_count " ], " forks " : r [ " forks_count " ], " watchers " : r [ " watchers_count " ], " open_issues " : r [ " open_issues_count " ], " language " : r . get ( " language " ), " description " : r . get ( " description " ), } description is free text. Any repo owner can put anything in it. If I ever point this tool at a repo I don't control — someone else's fork, a dependency, anything — that field lands in my agent's context exactly the same way a trusted instruction would: as text in a tool result, with no marker distinguishing "this came from GitHub's database, unfiltered" from "this is something I told the agent to do." The server is safe. The channel is safe. The payload was never vetted at all, because there was nothing to vet — it's just whatever a stranger typed into a form. I only really felt this because of a task I run on a schedule: check dev.to for trending posts in a few tags, score them, and use the highest scorers as source material for what to write about next. Step one of that job is a loop over tag pages: for tag in [ " ai " , " llm " , " mcp " , " claudecode " , " agents " , " productivity " ]: url = f " http

2026-07-15 原文 →
AI 资讯

The Biggest Misconception About React Reconciliation (Render vs. Paint)

Hey everyone, I recently had an "aha!" moment regarding how React handles updates under the hood, and I wanted to share it because I realize a ton of developers (including myself, until recently) trip over this exact concept. The common mental model is that React Reconciliation compares the Virtual DOM directly to the Real Browser DOM and surgically updates only what changed. But that’s fundamentally incorrect. React never reads or directly compares the real DOM during the diffing process. It actually splits the process into two entirely separate phases —The Render Phase and The Commit Phase —which creates a massive distinction between Re-rendering and Re-painting. Here is the exact breakdown of what happens when a single state change affects just 1 out of 100 divs in a component: The Render Phase (Pure JavaScript) When state changes, React calls your component function. It doesn't know which of your 100 divs changed yet, so it has to evaluate the entire JSX block. The Scope: React re-renders all 100 virtual divs in memory. The Process: It builds a brand-new Virtual DOM tree and compares it to the previous Virtual DOM tree (JavaScript object vs. JavaScript object). The Outcome: It spots that 99divs are identical, but 1 div has an update. It flags that single virtual node with an "Update" tag. Because this happens purely in-memory as JavaScript, it is incredibly fast and cheap. The Commit Phase (The Real DOM Update) This is where Reconciliation does its primary job. It acts as a shield to protect the browser from doing unnecessary work. The Scope: React completely ignores the 99 unchanged elements. The Process: It surgically targets the single real browser div associated with the flagged Virtual DOM element and updates only its modified property (e.g., element.textContent = "New Value"). The Outcome: The browser repaints only 1 single div on the screen. The Conclusion: Reconciliation isn't about stopping React from re-rendering (re-running JS to calculate the UI). It

2026-07-15 原文 →
产品设计

Dual role of * in C

Prerequisites Let's create a variable. int myNum = 5 ; Now, myNum refers to the value 5 . However, we can get its memory address using the & operator like this: &myNum . Role 1: Creating pointers A pointer holds a memory address. int * pointerToMyNum = & myNum ; Role 2: Modifying values using a pointer In this case, * works as the dereference operator. * pointerToMyNum = 10 ; Now, if we print myNum , the output will be 10 . Understanding that they are different in each context makes things much easier ✨ Note Both int ptr and int ptr are functionally identical in C.

2026-07-15 原文 →
AI 资讯

Why I Prefer Browser-Local Image Resizing for Small Files

When a form asks for an image under 100KB, the obvious reaction is to search for an online compressor and upload the file. That works, but it also adds an unnecessary privacy decision: does this image need to leave the device at all? A simpler workflow For ID photos, screenshots, receipts, and other personal images, I prefer tools that do the work locally in the browser. The browser reads the file, resizes or recompresses it, and gives the result back without sending the original to a remote server. My practical process is: Start with the original JPG, PNG, or WebP. Set the required maximum size rather than guessing a quality percentage. Keep the aspect ratio unless the destination specifies exact dimensions. Preview the result at normal size, especially around text and faces. Save the new file under a different name so the original remains untouched. Why target size matters A generic “compress” button may produce a smaller file, but not necessarily one that meets a strict upload limit. A target-size workflow is more useful because it can adjust dimensions and quality together. For many document portals, a visually clean 80–95KB result is safer than a 99.9KB result that may fail after metadata is added. PNG is excellent for flat graphics and screenshots, while JPG is often better for photos. WebP can be efficient, but some older upload forms still accept only JPG or PNG. The destination's rules should decide the output format. The tool I use I built Resize Image around this browser-local approach. It is useful when I need a quick image under a specific size and do not want the original uploaded as part of the resizing process. The link is included for context and disclosure: I am the maker. Local processing does not remove every privacy concern—you should still review the downloaded result and the site where you eventually upload it—but it reduces one unnecessary transfer. The larger lesson is simple: for lightweight image work, the browser is already capable enough

2026-07-15 原文 →
开发者

The Motorola Edge 70 Max is all about power

Motorola has launched the Edge 70 Max, its latest flagship phone that's designed for power intensive tasks like streaming video and mobile gaming. Alongside having a huge battery and rapid wired charging support, the Motorola Edge 70 Max is the first Android phone to support full 25W wireless Qi2 charging since Google launched the Pixel […]

2026-07-15 原文 →
AI 资讯

Show HN: Leet Robotics: Learn robotics and ROS2 with hands-on courses

Hi all, I've just launched Leet Robotics: a platform to learn robotics hands-on, with a full ROS2 workspace that runs in the browser (Jazzy, Gazebo Harmonic, Foxglove, VS Code) - no install required. The platform also has room for sharing projects and simulation assets as it grows. Our first course is live now: Intro to ROS2 (free to read). The course teaches skills ranging from building your first node to a capstone project of a robot touring a museum world, with every lesson runnable in the on

2026-07-15 原文 →
AI 资讯

Home Depot’s 12-foot viral skeleton now talks

The Home Depot is once again upgrading its 12-foot-tall skeleton to help keep the viral piece of Halloween decor popular as spooky season creeps closer. Skelly is borrowing some of the tech introduced in the smaller 6.5-foot Ultra Skelly last year, including letting you speak through the skeleton's moving mouth using a mobile app. The […]

2026-07-15 原文 →