AI 资讯
Block Google's AI Overviews at the Network Layer, Not the DOM
TL;DR: Most extensions block Google's AI Overviews by hiding the panel with a content script after it renders — fragile, flickery, and always a step behind Google's markup changes. A better approach: force udm=14 at the network layer with declarativeNetRequest , so the AI Overview never loads. The content script becomes a backstop, not the main mechanism. One Chrome API mystery — AI Mode being invisible to four different extension APIs — shows why the DOM was never the right layer. Google puts an AI Overview at the top of most search results now, and a lot of people would rather it didn't. So there's a whole shelf of Chrome extensions that remove it. Almost all of them work the same way, and I think that way is a mistake. The obvious approach, and why it's a trap The default move is DOM-hiding: inject a content script, wait for the AI Overview panel to render, find it by class name or attribute, and set display: none . It's the first thing anyone reaches for, and it works — until it doesn't. The problems are all baked into the approach. You're reacting after the render, so there's a flash of AI content before your script catches it. You're matching against Google's markup, which is obfuscated and reshuffled constantly, so every layout change is a silent breakage. And you're paying for DOM churn on a page you don't control. You end up in a permanent game of catch-up against a page that changes whenever Google feels like it. The deeper issue is that you're operating one layer too high. The panel is a symptom . By the time it's in the DOM, the work is already done — the server decided to send it, the page rendered it, and now you're scrambling to un-render it. If you can move the decision earlier, none of that scramble has to happen. The thesis: prevent it at the network layer Google Search takes a parameter, udm , that selects which result vertical you get. udm=14 is the plain "Web" results view — the classic list of links, no AI Overview, no AI Mode. It's Google's ow
AI 资讯
The Hugging Face Hub Is a Free JSON API: Rank Trending AI Models Without a Key
Everyone reads the Hugging Face trending page in a browser. Almost nobody knows the whole Hub sits behind a plain JSON API with no key, no login, and cursor pagination. If you want a weekly report of what the AI community is actually adopting, you can build it with fetch . The endpoints GET https://huggingface.co/api/models GET https://huggingface.co/api/datasets GET https://huggingface.co/api/spaces Useful parameters, same across all three: sort ranks results: trendingScore , downloads , likes , createdAt , lastModified direction=-1 for descending search matches names, author restricts to one org like meta-llama filter matches Hub tags: text-generation , license:mit , even arxiv:2606.23050 limit up to 100 per page So the top trending models right now: https://huggingface.co/api/models?sort=trendingScore&direction=-1&limit=100 trendingScore is the interesting one. Downloads and likes rank all time popularity, which is dominated by the same old models. Trending score is Hugging Face's own measure of current momentum, and it moves daily. Today it puts a four day old OCR model from Baidu at the top, which no downloads sort would surface for weeks. Slim payloads with expand By default the models endpoint returns a siblings array listing every file in the repo, which bloats a 100 item page. Ask for exactly the fields you want instead: const fields = [ ' downloads ' , ' likes ' , ' trendingScore ' , ' pipeline_tag ' , ' tags ' , ' createdAt ' ]; const params = new URLSearchParams ({ sort : ' trendingScore ' , direction : ' -1 ' , limit : ' 100 ' }); for ( const f of fields ) params . append ( ' expand[] ' , f ); const res = await fetch ( `https://huggingface.co/api/models? ${ params } ` ); const models = await res . json (); Pagination is a Link header There is no page parameter. Each response carries a Link header with a cursor for the next page, GitHub style: function nextUrl ( res ) { const m = ( res . headers . get ( ' link ' ) || '' ). match ( /< ([^ > ] + ) >; \s *r
AI 资讯
I Launched an AI-Built Board Game — Here's What Happened Next
Not long ago I wrote about how I built a browser-based board game called "Growing City" in three days using AI — and how the hardest part wasn't the code at all. Some time has passed, and I wanted to share what happened next. Layout Bugs While vibe-coding solo, I only tested on my own screen, resolution, and browser. The problem surfaced as soon as real users joined with different setups: some people saw everything misaligned, some things got clipped, some cards overlapped each other. This is how it looked on some screens I had to rewrite the layout to use adaptive sizing so the game looks correct regardless of screen resolution. It should work now — but if something still looks off on your end, let me know and I'll fix it. Bots Started Talking Another change, unrelated to bugs. The service started feeling more alive. Previously, bots just played: rolled dice, bought cards, said nothing. Now they react in the chat to what's happening in the game — if someone's building gets taken, if someone buys an expensive card or runs out of money. It's a small thing, but the game feels noticeably more lively. An empty game with silent bots versus a session where someone's commenting on what's happening in chat — it's a meaningfully different experience, even though the game itself is the same. Thank You to Early Players A special thanks to everyone who tried the game after my first article. And extra thanks to a user with the nickname SHAM, who pointed out that the game rules never said you can't buy multiple purple cards in a row — even though the game itself has that restriction. Fixed! What's Next The project is still going. I'm thinking about ads and other ways to bring in players. Without new users, it's hard to get feedback — and without feedback, it's hard to know what to fix or improve first. The unit economics don't quite work out yet: paid acquisition costs more than I'm willing to invest at this stage. I'll keep figuring it out. If you have ideas on how to find playe
AI 资讯
I Cut My LLM Bill 40x and Rewrote Nothing: A CTO's Migration Story
Here's the thing: i Cut My LLM Bill 40x and Rewrote Nothing: A CTO's Migration Story Six months ago my CFO slid a single line item across the table. OpenAI: $4,800 for the month. I'd like to say I was surprised, but I'd been watching the number climb for two quarters. What actually surprised me was how little it took to bring that number down to under $200 without anyone on my engineering team writing new code, without a single regression, and without telling my customers anything had changed. This is the story of how we did it, what we evaluated, what broke, and what I'd tell any other CTO walking into the same conversation with their finance lead. The Real Cost of Vendor Lock-In I've been a CTO long enough to recognize the pattern. You pick a vendor. The vendor becomes the default. Procurement assumes you're locked. Your engineers build abstractions around their quirks. Six months later nobody can tell you what it would actually cost to switch because the switching cost has become invisible. It's just "how we do things." OpenAI was that vendor for us. GPT-4o handled our summarization pipeline, our customer support copilot, and a few internal tools I'd hacked together on a Saturday. We were paying $2.50 per million input tokens and $10.00 per million output tokens. At our volume, those numbers add up faster than you'd think because the output side balloons in conversational workloads. Here's the arithmetic that should scare every CTO: at $10/M output, every million tokens of generated text costs a dime on the dollar. If your product generates a 1,000-token response for 100,000 users a day, that's 100 million tokens a day, which is $1,000 a day in output alone. That's $30,000 a month. Just for one feature. The 40x claim I keep seeing isn't marketing spin. DeepSeek V4 Flash charges $0.18/M input and $0.25/M output. Do that math against GPT-4o and the comparison is brutal. Multiply your current OpenAI output spend by 0.025 and you'll get the rough number you'd pay for
AI 资讯
I Built a Board Game in 3 Days with AI — and Realized Code Was the Easiest Part
I love board games — especially the kind you can play without leaving home. You just call your friends, drop a link, and you're playing in minutes. At some point, I caught myself wondering: how realistic is it to build a complete game almost entirely with AI? Not a prototype, but something actually playable. I decided to find out. Three days later, I had a working browser-based board game: rooms, multiplayer, bots, chat, full game sessions. But the most interesting thing turned out to have nothing to do with AI writing code. What's the Game? The game is called "Growing City" (Растущий город). It's an economic board game about developing your own city. Each turn, players roll a die, buildings activate, income flows in, and you earn money to buy new structures. Gradually you build up enterprises, construct your economic engine, and race to complete all the key buildings before your opponents. You can play directly in the browser with no registration. I wanted the simplest possible entry: open the site, enter a nickname, create or join a room. If the mechanics seem familiar — you're not imagining it. I was inspired by a well-known city-building board game. Day 1: AI Really Can Write Games I'm not a developer. I work in tech, but I don't code professionally. Over the past few months I've been experimenting heavily with vibe coding, so I decided to build this project the same way. I didn't start with code at all. First, I wrote out the mechanics in detail: what cards exist, how a turn plays out, what should happen in each situation. Once the logic settled, I started gradually converting the description into code using AI. Day 2: Writing the Game Was Just the Beginning When the first playable version appeared, it quickly became clear that the code was far from the hardest part. The biggest problem was balance . If you leave everything as-is, players find the single most profitable strategy within a few games and repeat it endlessly. I had to manually tweak card costs, adj
AI 资讯
How I designed a Premium Dark Mode Hotel PMS Dashboard (HTML/CSS)
When looking for a Property Management System (PMS) dashboard for a hotel project, I noticed most existing solutions look like they were built in 1998. I decided to code a modern, premium dashboard from scratch using pure HTML and vanilla CSS. I focused on two main design trends: Dark Mode and Glassmorphism. Here is a breakdown of how I approached the design, along with some CSS snippets you can use in your own projects. The Dark Mode Color Palette Instead of using pure black (#000000), I used a deep slate blue for the background. This reduces eye strain for hotel staff working night shifts and feels much more premium. `css :root { --bg-dark: #0f172a; /* Deep slate / --surface-dark: #1e293b; / Slightly lighter surface / --accent-gold: #facc15; / Premium gold for CTAs */ --text-main: #f8fafc; } body { background-color: var(--bg-dark); color: var(--text-main); }` The Glassmorphism Effect For the statistics cards (like Revenue and Occupancy Rate), I used a subtle glass effect to make them pop off the dark background without looking flat. `css .stat-card { background: rgba(30, 41, 59, 0.7); backdrop-filter: blur(12px); -webkit-backdrop-filter: blur(12px); border: 1px solid rgba(255, 255, 255, 0.08); border-radius: 16px; padding: 24px; transition: transform 0.3s ease; } .stat-card:hover { transform: translateY(-5px); }` The Result By combining these modern design tokens with a clean CSS Grid layout, the dashboard feels incredibly sleek. It tracks live bookings, room statuses, and RevPAR seamlessly. Want the full code? If you are a developer, agency, or freelancer building a SaaS or a booking system, you don't have to start from scratch. I've packaged the complete, fully responsive HTML/CSS template. You can see the design and grab the source code here to save yourself 20 hours of coding: 👉 Download the Lumina PMS Template Happy coding! Let me know if you have any questions about the CSS architecture in the comments.
AI 资讯
The Hidden Cost of Unplanned Work (And How to Protect Your Sprint)
Every sprint starts with optimism. The board is clean, the story points are perfectly balanced, and the team is ready to ship. Then, Tuesday happens. The CEO wants a "quick favor." A major client finds a critical bug in production. The marketing team urgently needs a landing page tweak. By Thursday, your pristine sprint board is buried under a mountain of "urgent" tickets that were never discussed in planning. This is Unplanned Work , and it is the silent killer of engineering velocity. Why Unplanned Work is So Dangerous It’s not just that unplanned work takes time. The real damage comes from context switching . When a developer is deeply focused on building a new feature, forcing them to stop, spin up a local environment for a different repository, debug a legacy issue, and then try to return to their original task destroys their flow state. A "10-minute quick fix" actually costs the company an hour of lost productivity. When this happens multiple times a week: Deadlines Slip: The tasks you actually committed to get pushed back. Burnout Increases: Developers feel like they are working hard but accomplishing nothing. Trust Erodes: Management wonders why the team can't stick to a timeline. How to Protect Your Team You cannot eliminate unplanned work completely. Bugs will happen, and production will break. But you can manage it. 1. The "Firefighter" Rotation Instead of letting unplanned work disrupt the entire team, assign one developer per sprint to be the "Firefighter" (or Batman/Support). Their only job for that sprint is to handle urgent bugs, ad-hoc requests, and unblock others. The rest of the team is completely shielded. 2. The 20% Buffer Rule If you have 100 hours of developer capacity, never plan 100 hours of feature work. Always leave a 20% buffer specifically for unplanned tasks. If no fires start, you can pull from the backlog. If fires do start, your deadline isn't destroyed. 3. Track the "Ghost" Tickets The worst kind of unplanned work is the kind that h
AI 资讯
Every Requirement Gets a Verdict. I Had Been Reviewing Without One.
You merge the PR. The build passes. The code does what you expected it to do. You move on. That is review for most engineers. A final read. A feeling that things looked right before the branch closed. I did it the same way for years. Three phases had already run before this one. Think had scoped the work, Plan had written the requirements, Build had shipped a diff that matched the plan exactly. I trusted that the chain held. I had never actually checked. Then I ran the Review phase, and checking turned out to mean something specific: not does this work, but does this requirement hold up, and what is my evidence. I went in expecting to approve it or send it back. The phase gave me three answers instead: covered, partial, missing. I found out what they meant one requirement at a time, starting with the one I almost got wrong. I had been giving impressions, not verdicts The notification scheduler used a queue to manage dispatch. Every call to the external provider went through it. The provider was never exposed directly. The requirement said the provider must be notified. It was notified, exactly the way I had pictured it. I almost called it covered and moved to the next line. The Review phase stopped me there. But the requirement said must be notified , not how. The queue had introduced a call order and a timing the requirement never anticipated. Nothing was broken. Something had changed shape, quietly, and nobody had written that shape down. I sat with that for longer than I expected to. Not because the code was wrong. Because I could not immediately tell you whether the change mattered. The same pass gave the shim from Plan a different verdict on the same page: covered. Mapped to the requirement it existed to satisfy, no gap between what was promised and what was in the diff. One requirement held exactly the shape it was given. The other had quietly grown a new one. Same review. Same pass. Two verdicts. Partial is not a softer word for broken. It is the verdict for
AI 资讯
Can FlutterFlow Build a Better Dev.to App?
We have all been riding the massive vibe coding wave lately. It feels like pure magic to sit back, tell an AI assistant what to build, and watch a full application appear out of thin air. But if you have ever tried to take that exact same web workflow and deploy a smooth, native app onto an iPhone or Android, you know exactly where the frustration sets in. Are you a vibecoder who loves to build applications and you have built many websites? You have built and deployed many websites. Now you really want to make a mobile application that could disrupt the market and go really viral. Have you heard of FlutterFlow ? Have you tried using it? If the answer is no, then I will tell you about FlutterFlow and then you can decide whether you want to check it out and vibe code mobile applications. I will share the app that I created as well. What is FlutterFlow anyway? Have you ever tried building mobile applications and heard of Flutter and Dart? If you haven't, you should definitely check them out. When I was in college looking for a path to choose whether to pursue app development or web development. I explored both options. While exploring app development, I used and built applications using Flutter, an open-source framework created by Google, which uses a programming language called Dart. While Flutter itself is built by Google, FlutterFlow is an independent, visual low-code platform founded by ex-Google engineers. Today, many of us are familiar with AI vibe-coding tools like Cursor and Claude, which allow us to generate code for websites using conversational prompts. FlutterFlow, however, operates differently than vibe-coding: instead of writing code through chat prompts, it provides a visual, drag-and-drop canvas where you can build and design native mobile applications visually while it automatically generates clean Flutter code in the background. I recently had the opportunity to attend a workshop held by the FlutterFlow team and there, I was blown away by the magic of
开发者
You're Writing Paper Commands Wrong
You've probably written a CommandExecutor before. Everyone who's touched Bukkit has. Declare the command in plugin.yml , implement onCommand , cast args[0] to whatever you need, hope nobody fat-fingers the input. It compiles. It runs. It's confusing to debug. And it's the wrong way to do it in 2026. # plugin.yml commands : punish : description : Opens the punishment GUI usage : /punish <player> public class PunishCommand implements CommandExecutor { @Override public boolean onCommand ( CommandSender sender , Command command , String label , String [] args ) { if (!( sender instanceof Player staff )) return true ; if ( args . length < 1 ) return true ; Player target = Bukkit . getPlayer ( args [ 0 ]); if ( target == null ) { sender . sendMessage ( "Player not found." ); return true ; } // ... open the GUI return true ; } } Tie it together in onEnable() with getCommand("punish").setExecutor(new PunishCommand()) , add a separate TabCompleter implementation to handle suggestions, and you're done. Seems perfectly fine... totally not confusing at all... (if you understood any of that, you're doing better than I am :P) This implementation has many issues... like Bukkit.getPlayer(args[0]) only matching an exact, currently-online name. No selectors. No partial matching. You write all of that yourself or not at all. Tab completion lives in a second method you keep in sync with parsing by hand. Change one, forget the other, and tab completion starts "lying" to your players (a problem that has taken me HOURS to solve in the past... i'm getting flashbacks ;-;). And the tree itself is static, fixed in plugin.yml . Want /report to take a severity argument only when severities are configured? You can't say that in plugin.yml and you end up with a tangled mess that is almost never clean (either to you, or the players). Paper ships Mojang's Brigadier (the same framework vanilla Minecraft uses for everything) through a lifecycle hook: LifecycleEvents.COMMANDS . You register a tree of
AI 资讯
Puppet Enterprise Introduces Database-Backed CA Storage in 2025.11 release
The latest Puppet Enterprise releases are out and this one has a huge load of improvements, fixes, and security patches included! Puppet Enterprise (PE) 2025.11 released! The full PE 2025.11 release notes are always the best way to get a full detail on what has changed, but here are some highlights of PE 2025.11! Certificate Authority (CA): Database-backed Storage This new optional feature adds support for storing CA data in a PostgreSQL database instead of the file system. This improves performance and reliability and introduces API-driven capabilities and enhanced backup and recovery handling. PostgreSQL 17 Supported PE-managed installations will automatically upgrade from verson 14 to 17 as part of the upgrade process, or you can update yourself before upgrading to PE 2025.11 Infra Assistant Goes GPT-5 GPT-5 series models are now running under the hood of Infra Assistant, improving the quality of responses and the consistency for queries. Advanced Patching Enhancements The advanced patching feature now has improvements across a variety of areas New puppet_run_concurrency setting allows you to get better performance out of patch group enrollment Improved validation of scheduled and immediate jobs to reduce risk of unintended or skipped executions. Cron scheduling has better user experience and improved validation across features. New configurable option to enable Puppet to run after patch jobs to refresh pe_patch facts New Endpoints for Classifier and Activity Service APIs The Classifier API introduced new tags , add-tags and remove-tags endpoints to manage node group tags. The Activity service API now has subscriptions endpoints to create subscriptions, list subscriptions, or fetch/delete a specific subscription. Agent Platform Updates, Resolved Issues, and Security Fixes The macOS 26 platform is now supported for both ARM and x86_64, while support has been removed for Ubuntu 18.04 and Ubuntu 20.04. Nearly 60 CVEs were addressed in this release, along with many r
开源项目
Congrats to the GitHub Finish-Up-A-Thon Challenge Winners!
We are so excited to finally announce the winners of the GitHub Finish-Up-A-Thon Challenge, our...
AI 资讯
Why rour AI agent struggles with full-stack apps
Why Our AI Agent Still Stumbles on Full-Stack Apps We've all been there. You're riding high on the AI hype, picturing your agent effortlessly spinning up features, leaving you free for higher-level architectural decisions. You feed it a prompt like, "Build me a simple user profile page with authentication, connected to a database, using Next.js and TypeScript." You hit enter, grab a coffee, and expect magic. More often than not, what you get back is… well, it's something . It might be syntactically correct, perhaps even impressive in parts. But when you try to integrate it, to make the pieces talk to each other harmoniously, it often feels like trying to connect a square peg to a round hole. The agent struggles, and frankly, so do we trying to fix its output. The Seams, Not Just the Parts: Why Full-Stack is More Than Sum of Its Halves In my experience, AI agents, especially Large Language Models, are fantastic at generating code for isolated problems. Need a React component? A SQL query? A utility function? They'll often nail it. But a full-stack application isn't just a collection of frontend, backend, and database parts. It's the intricate, often implicit, contracts between them. Think about a modern Next.js application. It’s a beautifully complex dance: Server Components vs. Client Components: This paradigm shift fundamentally changes where state lives, where data is fetched, and how interactivity is handled. An AI might generate a useState hook inside a Server Component, completely missing the architectural intent. Data Fetching Strategies: getServerSideProps , getStaticProps , route handlers , fetch directly in Server Components – each has specific implications for caching, performance, and where your data lives at runtime. An AI might pick an inefficient or incorrect strategy based on a simplified prompt. Type Safety Across Boundaries: TypeScript is a lifesaver, but defining types that perfectly mirror your database schema, API responses, and frontend state re
AI 资讯
Stop Treating Databases Like Dumb Storage!
Stop Treating Databases Like Dumb Storage! A Modern Approach to Data Layer Optimization Introduction In the rapidly evolving landscape of cloud-native applications, the database often remains the last bastion of outdated architectural thinking. Too many development teams, even in 2026, treat their databases as little more than dumb storage – a simple receptacle for data. This oversight invariably leads to an insidious problem: what was once perceived as a cost-saving cloud server rapidly transforms into an expensive, resource-hungry bottleneck that devours compute cycles, memory, and, most critically, developer sanity. The knee-jerk reaction to performance woes—throwing more hardware at an unoptimized SQL database or poorly designed NoSQL schema—is not scalable backend design; it's procrastination. This approach might temporarily mask symptoms, but it fundamentally ignores the root cause, leading to spiraling costs and increasing technical debt. Modern backend design demands a paradigm shift: treating your data layer as a strategic, highly optimized component rather than a generic storage utility. The path to true scalability, resilience, and cost-efficiency begins with intelligent data management from day one. Architectural Walkthrough: Embracing Smart Data Strategies Instead of "sharding your problems" through reactive, unguided horizontal scaling, embrace smart data partitioning . This isn't just about distributing data; it's about strategically organizing it to align with your application's access patterns and business domains. 1. Smart Data Partitioning & Query Patterns: Imagine an e-commerce application. Instead of sharding all orders data uniformly, consider partitioning by a natural business key, like customer_id or product_category . This ensures that common queries (e.g., "get all orders for customer X") are localized to a single partition, minimizing cross-partition operations. // Conceptual Service for Order Management class OrderService { private final
AI 资讯
How Much Autonomy Should Your AI Agent Have?
The conversation around Agentic AI often focuses on one goal: making agents more autonomous. More tools. More reasoning. More planning. More independence. It sounds like progress. But is more autonomy always the right answer? As software engineers, we rarely optimize for "more." We don't build distributed systems when a monolith is sufficient. We don't introduce microservices because they're fashionable. We choose architectures that balance capability with complexity. The same principle applies to AI agents. The question isn't "How autonomous can my agent be?" It's "How autonomous should my agent be?" Autonomy Is a Design Decision When people talk about autonomy, they often think of it as a feature that an agent either has or doesn't have. In reality, autonomy is a design decision. Every time we allow an agent to make another decision on its own, we are increasing its responsibility. That responsibility comes with benefits, but it also introduces new engineering challenges. More autonomy means the agent can adapt to situations that weren't anticipated during development. It can make progress toward a goal without being guided through every step. At the same time, it becomes harder to predict, validate, debug, and trust. Autonomy isn't free. Thinking in Terms of an Autonomy Spectrum Instead of treating autonomy as a binary concept, it helps to think of it as a spectrum. At one end are systems that simply generate responses. They have no authority to take action. As autonomy increases, agents begin suggesting actions, invoking tools, planning multiple steps, and eventually deciding how to achieve a goal with minimal human involvement. The important observation is that every step along this spectrum increases both capability and complexity. That's why the objective shouldn't be to reach the highest level. It should be to stop at the level your problem actually requires. More Autonomy Isn't Always Better Imagine building an internal HR assistant. Its primary responsibil
AI 资讯
How to Automate OG Image Generation for Your Blog Using a Screenshot API
Every blog post needs an OG image. Without one, your links look blank on Twitter, LinkedIn, and Slack — just a plain URL that nobody clicks. Most developers solve this by spinning up a headless browser, loading an HTML template, taking a screenshot, and uploading it somewhere. It works, but now you're maintaining a Puppeteer instance, dealing with font rendering quirks, and burning server resources on something that should be simple. There's a faster approach: design your OG images as HTML templates and let a screenshot API handle the rendering. The Idea: HTML Templates as OG Images Think of your OG image as a tiny webpage. You already know HTML and CSS. Build a 1200×630 template with your blog title, author name, maybe a gradient background — whatever fits your brand. Host it or pass it as raw HTML. Then call an API to screenshot it. Done. A basic template might look like this: <div style= "width:1200px;height:630px;display:flex;align-items:center; justify-content:center;background:linear-gradient(135deg,#1a1a2e,#16213e); font-family:Inter,sans-serif;padding:60px" > <div style= "color:#fff;text-align:center" > <h1 style= "font-size:48px;margin:0" > {{title}} </h1> <p style= "font-size:24px;color:#8892b0;margin-top:20px" > {{author}} · {{date}} </p> </div> </div> Replace the placeholders on your server, then send the resulting HTML (or a URL pointing to it) to the API. Calling the API With ScreenshotRun , a single curl request captures the rendered template as a PNG: curl -X POST "https://api.screenshotrun.com/v1/screenshot" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "url": "https://yourblog.com/og-template?title=My+Post+Title", "viewport_width": 1200, "viewport_height": 630, "format": "png" }' The response gives you the image file. Save it to your CDN, set the og:image meta tag, and you're done. No browser to manage, no Chrome binary eating RAM on your CI server. Wiring It Into Your Build If you publish with a static sit
AI 资讯
Stop Your LLM From Getting Owned
Hello, I'm Maneshwar. I'm building git-lrc, a Micro AI code reviewer that runs on every commit. It is...
AI 资讯
We thought our devs were using AI. We were wrong.
We did what most engineering teams do. Bought an OpenAI API key. Shared it on Slack. Told everyone to start using AI in their workflow. It felt like the right move. Productivity went up. Developers were happy. Managers were impressed. Then the invoice arrived. Nobody could explain it. We could not tell which team spent what, which model was being used, or whether anyone had accidentally sent customer data to an external provider. We had full AI adoption and zero visibility. That is when we realized we had confused access with governance. The problem is not the AI. It is the missing layer between your team and the API. Most teams operate with raw provider keys floating around in .env files, Slack messages, and IDE configs. When someone leaves, you hope they did not take the key with them. When a pipeline misbehaves overnight, you find out from the billing alert, not from your own monitoring. We started asking ourselves some uncomfortable questions: Who on the team is using GPT-4o versus a cheaper model? Is anyone sending PII to an external provider without knowing it? What happens if our OpenAI key gets exposed in a public repo? Can we switch to Anthropic without rewriting half our tooling? None of these are exotic concerns. They are the natural consequences of scaling AI access without an infrastructure layer to govern it. What actually helped We needed something that sat between our developers and every AI provider, handling authentication, enforcing limits, logging every request, and letting us swap providers without touching application code. Think of it the way an API gateway manages microservices. Same idea, but for LLM traffic. Developers point their tools like Cursor, Continue.dev,...at a single endpoint. Two environment variables. Nothing else changes. Behind the scenes, every request is logged, every token counted, every provider key protected. Governance without friction. That is the only kind developers will actually tolerate. If your team is using AI wit
AI 资讯
How to Fix Mixed Content & "Not Secure" SSL Errors in WordPress
Originally published on wp-nota.com . You installed an SSL certificate and moved your WordPress site to HTTPS — but the browser still shows "Not Secure" in the address bar, or a padlock with a warning. This is the classic mixed content problem: your pages load over secure HTTPS, but some resources on them — images, scripts, or stylesheets — are still being requested over insecure HTTP. Browsers flag the whole page as not fully secure until every resource is served over HTTPS. Here's how to fix it for good. What "Mixed Content" Actually Means When a single page mixes secure (HTTPS) and insecure (HTTP) resources, that's mixed content. The page itself may be secure, but if it pulls in an image or script over http:// , the browser can't guarantee the whole page is safe — so it drops the padlock or shows a warning. The cause is almost always old http:// URLs still saved in your database or hardcoded in your theme. Step 1: Confirm the Certificate and Site URLs First, make sure the foundation is right. Your host must have a valid SSL certificate installed (most offer free Let's Encrypt certificates). Then, in WordPress, go to Settings → General and confirm both WordPress Address (URL) and Site Address (URL) start with https:// . If they still say http:// , update them, save, and log back in. Step 2: Find What's Loading Over HTTP To see exactly which resources are insecure, open the problem page in your browser, right-click and choose Inspect , and look at the Console tab. Mixed content warnings list each http:// resource by URL — often images in old posts, a hardcoded logo, or an asset from a plugin or theme. This tells you precisely what needs fixing. Step 3: Update Old HTTP URLs in the Database The most common fix is a database search-and-replace that swaps every http://yourdomain.com for https://yourdomain.com . Two safe ways to do it: The easy way — the free Really Simple SSL plugin detects insecure URLs and rewrites them to HTTPS automatically, which resolves most mix
AI 资讯
I Finally Read Designing Data-Intensive Applications (2nd Edition) - Here's Why Every Backend Engineer Should
If you've spent any time exploring backend engineering, distributed systems, or system design, you've almost certainly seen one book recommended more than any other: Designing Data-Intensive Applications , or DDIA for short. For years, I've heard experienced engineers describe it as the book that completely changed the way they think about software architecture. When the second edition was released with updated content covering modern distributed systems and cloud-native architectures, I decided it was finally time to see whether it deserved the hype. After reading it from beginning to end, I understand why this book has become a classic. It isn't another programming book that teaches a framework, a database, or a cloud platform. Instead, it teaches something much more valuable: how to think about building systems that continue working when data grows, traffic increases, and failures become inevitable. If you're a backend engineer—or want to become one—this is probably one of the best technical books you can read. This Isn't Really a Database Book The title can be a little misleading. Before opening DDIA, I assumed it would spend hundreds of pages comparing databases or discussing storage engines. Databases are certainly a major part of the discussion, but they're really just one piece of a much larger picture. The book is about designing systems that process enormous amounts of data while remaining reliable, scalable, and maintainable. Those systems happen to rely on databases, but they also involve replication, partitioning, distributed communication, stream processing, fault tolerance, consistency, messaging, and dozens of other architectural concepts that appear in modern software systems. By the end of the first few chapters, it becomes clear that the authors aren't trying to teach products. They're teaching engineering principles that remain useful no matter which technologies you're using. It Explains Why , Not Just How One of my favorite things about DDIA is