今日已更新 420 条资讯 | 累计 20392 条内容
关于我们

标签:#ens

找到 1406 篇相关文章

AI 资讯

I built a zero-dependency TypeScript env validator

Every Node.js developer has been burned by this at least once: const port = parseInt ( process . env . PORT ); // NaN if PORT is missing const db = process . env . DATABASE_URL ; // string | undefined — not safe! Your app starts fine locally, then crashes in production because someone forgot to set an env var. The error shows up 3 hours later, not at startup. The solution I built @harmand66/typesafe-env — a tiny, zero-dependency library that validates and types your environment variables at boot time. import { createEnv } from ' @harmand66/typesafe-env ' ; const env = createEnv ({ PORT : { type : ' number ' , default : 3000 }, DATABASE_URL : { type : ' string ' , required : true }, DEBUG : { type : ' boolean ' , default : false }, }); // ✅ TypeScript knows PORT is a number env . PORT + 1 // 3001 — not "30001" env . DATABASE_URL // string — guaranteed, never undefined If anything is missing or wrong, your app fails immediately at startup with a clear message: All errors at once — no more fixing them one by one. Why not Zod? Zod is great but it's 57kb and requires a lot of boilerplate for this specific use case. @harmand66/typesafe-env is zero dependencies and does one thing well. Try it npm install @harmand66/typesafe-env GitHub: https://github.com/giannielloemmanuele-lgtm/typesafe-env npm: https://www.npmjs.com/package/@harmand66/typesafe-env Would love any feedback or contributions! 🙏

2026-06-29 原文 →
AI 资讯

Introducing UIAble — A Free, Open-Source UI Library

Today, we’re excited to launch UIAble v1.0, an open-source component library built for developers, by developers. We explored a lot of UI libraries built on Shadcn. Most of them feel nearly identical — same structure, same aesthetic, same tradeoffs. That’s what pushed us to build something different. Not another library that looks like Shadcn with a coat of paint, but a design system with its own identity and a clearer sense of what it’s actually for. Why UIAble exists After enough frontend projects, one thing becomes obvious: the same UI patterns get rebuilt again and again. Inputs. Dialogs. Tables. Alerts. Dropdowns. OTP fields. Form validation states. Not because they’re hard to build, but because most existing libraries never quite fit real project requirements. Some are too opinionated. Some pile on unnecessary abstraction. Some become rigid after initial setup. And some make simple UI unnecessarily complicated. That friction is what led to UIAble. Not to launch another oversized library, just to build a cleaner, more practical foundation for modern frontend development. What UIAble actually is UIAble is a free, open-source UI component library built with Tailwind CSS , Shadcn-style architecture , and Base UI principles . The idea is straightforward: reusable components should stay flexible, readable, and easy to maintain. Instead of pulling projects into a rigid ecosystem, UIAble gives you components you can copy directly into your codebase, edit freely, and scale without fighting the library. No lock-in. No unnecessary abstraction. No dependency trap. What makes it different in practice A few things actually matter here. You get the code. UIAble doesn’t hide logic behind layers of packaging. You see the component. You edit it. You ship it. That alone changes how teams work with UI. It’s built for real product UI, not showcase pages. A lot of UI kits look great in demos and fall apart in production. UIAble focuses on the unglamorous stuff, forms that don’t bre

2026-06-29 原文 →
AI 资讯

I built an AWS access recertification engine that actually enforces the decision

The access you revoked in your last review is probably still live. I know how that sounds, but it is how most access recertification actually works. A tool generates a list, an owner clicks approve or revoke, the cycle gets marked complete, and then nothing touches the real resources. The review produces a record. The permissions stay exactly where they were. You attested to a state that was never made true. That gap bothered me for a long time, so I built something to close it and open-sourced it on AWS's aws-samples org. It is called VIGIL. The core idea A normal review answers one question: should this access still exist? The owner says no, a ticket gets filed, and maybe someone actions it next quarter. Between the decision and the change, the risk just sits there. I wanted the decision and the change to be the same step. So VIGIL does four things: It discovers resources by their owner tag and works out who actually has access to each one. It asks the owner to keep, trim, or remove that access. It applies that decision on the live resource. It records what happened in a way you can later prove. The part I care about most: scoped enforcement The lazy way to revoke someone's access to one bucket is to detach their policies. That nukes their access to everything, and it is how you cause an incident while trying to improve security. VIGIL never does that. If the access came from a bucket policy, it removes just that principal, or just the specific actions, from that bucket's policy. If the access came from the principal's own IAM policy, it adds a resource-scoped explicit Deny instead of touching shared policy, so nothing else the principal can do is affected. In practice it can remove only s3:PutObject for one principal on one bucket and leave everything else alone. If a change cannot be made safely and narrowly, it raises a ticket instead of guessing. I would rather it do nothing than do something broad. Making enforcement durable Enforcement is not a synchronous c

2026-06-29 原文 →
AI 资讯

The Prophet and the Price Cut

Two things happened this month and they tell you everything about where AI is actually going. Coinbase quietly cut its AI bill nearly in half. Open models, smarter routing, better caching. No drama. A finance footnote that happens to be a glimpse of the future. And Dario Amodei published another essay. Not a tweet. An essay. The kind of sprawling, twenty-thousand-word civilizational scripture he keeps handing down from the mount. This one is called "Policy on the AI Exponential," and the gist is that AI is about to hand humanity "almost unimaginable power," that our institutions are too immature to hold it, and that therefore the government should be able to test, gate, and block frontier models before mere mortals get hurt. One of these is a price cut. The other is a prophecy. I want to talk about the prophecy. The robes Let me be fair before I am not. Dario is not a dumb man and he is not a fraud. He runs one of the best labs in the world. The safety concerns are not all imaginary. Misuse is real. I am not the guy arguing that anyone should be able to download a bioweapon recipe for a laugh. If that is the bar, sure, regulate it. Nobody serious disagrees. But watch the move he keeps making. Every few months the prophet descends with a new text. The stakes are always civilizational. The language is always biblical. "Unimaginable power." A "decent possibility" of "significant enduring job loss." Disruption that will be "unusually painful." Humanity handed a force it is not mature enough to wield. He is not describing a product roadmap. He is describing a flood. And conveniently, he is also selling the ark. That is the part that should make you tilt your head. Read the actual proposal Strip the poetry off "Policy on the AI Exponential" and here is the machinery underneath. Mandatory third-party testing for any model above a compute threshold. Authorized evaluators. Security standards. Incident reporting. Government authority to block or reverse a deployment that fail

2026-06-29 原文 →
AI 资讯

Real-Time Arrhythmia Detection at the Edge: Deploying TinyML on ESP32 for Raw ECG Analysis

In the world of wearable health technology, the holy grail has always been moving intelligence from the cloud to the edge. Waiting for a cloud server to analyze your heart rhythm is not just a latency issue—it's a privacy and battery life concern. Today, we are diving deep into TinyML , Edge AI , and ECG signal processing to build a real-time abnormality detector. By leveraging TensorFlow Lite for Microcontrollers and the versatile ESP32 , we can process raw electrocardiogram (ECG) data locally. This approach ensures low-latency detection of arrhythmias while keeping sensitive medical data on-device. If you've been looking to bridge the gap between high-level deep learning and low-level embedded systems, you're in the right place! The Architecture: From Raw Signal to Insight 🏗️ The pipeline involves capturing a high-frequency analog signal, cleaning it, and feeding it into a quantized Convolutional Neural Network (CNN). Here is how the data flows through our ESP32: graph TD A[Raw ECG Signal/Sensor] -->|ADC Sampling| B(Preprocessing: Bandpass Filter) B --> C{Buffer Management} C -->|Windowed Segment| D[TFLite Micro Inference Engine] D --> E{CNN Model Classification} E -->|Normal| F[Log: Sinus Rhythm] E -->|Abnormal| G[Trigger Alert: Arrhythmia] G -->|Bluetooth/Wi-Fi| H[Mobile Dashboard] Prerequisites 🛠️ To follow this advanced guide, you'll need: Hardware : ESP32 (DevKit V1 or similar). Sensor : AD8232 ECG Module (or simulated ECG data). Software : Arduino IDE or PlatformIO. Frameworks : TensorFlow Lite for Microcontrollers (TFLM), EloquentTinyML (optional wrapper), or the standard C++ TFLM library. Step 1: Model Training & Quantization 🧠 Before we touch the C++ code, we need a model. Typically, we use the MIT-BIH Arrhythmia Database to train a 1D-CNN. The crucial step is Post-Training Quantization . Since the ESP32 doesn't have a dedicated NPU, we convert our 32-bit float model into an 8-bit integer (INT8) model. This reduces the size by 4x and speeds up inference s

2026-06-29 原文 →
AI 资讯

hermes-memory-installer: System Metrics, Auto-Archive, Token Rotation, Dead-Letter Replay, and Prof

The latest update to hermes-memory-installer introduces a focused set of features that directly address production-level concerns: observability, storage management, security, fault tolerance, and performance introspection. If you maintain a message-processing pipeline or job queue, these are the components that often decide whether your system survives peak loads or security audits without manual heroics. Let's break down each addition and how you can integrate them into your workflow. System Metrics Exposing runtime health is no longer an afterthought. The new metrics module taps into the core processing loop and emits standard Prometheus-formatted data: message throughput (count and rate), latency percentiles, queue depths, and goroutine or thread pool utilization. This isn't a simple "up/down" gauge—you get histograms for processing duration and derived metrics like consumer lag. For example, if you run multiple worker instances, you can now directly compare their processing speeds via a Grafana dashboard. The endpoint is configurable, so you can keep it behind a reverse proxy or internal load balancer. Memory pressure triggers a separate gauge for heap usage per queue, which helps with capacity planning before it becomes a midnight incident. Auto-Archive Without auto-archive, old messages accumulate in memory or primary storage, driving up costs and slowing down scans. This feature moves processed or expired messages to a cheaper tier (S3, GCS, or local file system) based on age or queue size. The archive process is a background task that runs on a cron-like schedule; you can define how many messages to retain per queue before archiving kicks in. The compression is transparent—gzip by default, but you can switch to snappy or zstd. A key detail: archived messages retain their metadata and can be restored if needed, though the replay path skips them automatically unless explicitly requested. This is useful for audit trails or multi-region cold replicas. Token Rot

2026-06-29 原文 →
AI 资讯

How to fix the "Purple Potassium" Chrome Web Store rejection (and catch it before you submit)

You submitted your extension, waited days for review, and got back a rejection with a violation called "Purple Potassium." Your extension looks fine to you, so what does it even mean? Here is what it is, why it happens, and how to catch it before you ever hit submit. What "Purple Potassium" actually means "Purple Potassium" is Google's internal tag for excessive or unused permissions . Your manifest requests access to something your code does not actually use, and the reviewer flags it. It is one of the most common reasons a Chrome extension gets rejected, and it is frustrating precisely because the extension works fine in testing. Review is checking something testing never does: whether every permission you ask for is justified by your code. The usual causes 1. API permissions you declared but never call. You added tabs , bookmarks , or cookies to your manifest at some point, but there is no chrome.bookmarks.* call anywhere in your code. 2. Host access that is too broad. You requested <all_urls> when your extension only touches one site: // Flagged "host_permissions" : [ "<all_urls>" ] // Better "host_permissions" : [ "https://*.example.com/*" ] Leftover permissions after removing a feature. You shipped a feature that needed downloads, later removed the feature, and forgot to remove the permission. The tabs misunderstanding. The tabs permission does not grant access to the tabs API. Basic methods like chrome.tabs.create() work without it. It only grants four sensitive Tab properties: url, pendingUrl, title, and favIconUrl. If you declare tabs but never read those, it counts as unused. How to fix it by hand List everything in permissions, optional_permissions, and host_permissions. For each one, search your code for the matching chrome. call. Remove any permission with no usage. Narrow and other broad patterns to the specific hosts you need. In your reviewer notes, write one plain sentence per sensitive permission explaining why you need it. Reviewers often lack con

2026-06-29 原文 →
AI 资讯

I recorded every Claude Code session for 3 months. Here's what my work actually looked like.

For the last 3 months I recorded every session I had with Claude Code. Not screenshots, not memory. Every prompt I typed and everything it did, saved to a small database I own. I did it because I kept losing my own work. I would finish a week, someone would ask what I shipped, and I genuinely could not remember. The work was real. It just lived in terminal scrollback I would never scroll through again. So I set up a chain of small agents to remember it for me. Every night, while I sleep, one agent reads that day's raw sessions and writes a single clear note: what I built, the decisions I made, what is still open. Plain language, the way I would write it in a journal, not a wall of logs. Once a week, a second agent reads all seven daily notes and updates a profile of me: the projects I am moving, the skills I have actually used, the things I learned. After a few months this turned into a more honest picture of my work than my resume. Then a third agent reads all of that and drafts posts for LinkedIn and X about what I actually worked on that week. Building in public, without me having to remember or sit down and write. The part I like most: none of it runs on my machine. It is all scheduled cloud routines. My laptop can be off. I wake up and the notes, the profile, and the draft posts are already waiting. I have started open-sourcing this as Pulse. The capture and the nightly daily-note agent are out now. You point it at your own database and your own notes repo, and it writes your day for you, in plain English, in files you own. The weekly profile agent and the post-writer are the pieces I am extracting next. It is early and rough in places. The honest caveat: the writing is only as good as the model behind it, and a quiet day still makes a quiet note. But after 3 months, I no longer guess what I did. I just open the vault. The graph at the top is 3 months of my own notes, each day linked to the projects it touched. Repo: https://github.com/muhammademanaftab/pulse

2026-06-29 原文 →
开发者

Just sharing our hobby project: F4us, a very early antivirus made in C

Hello everyone! Me and my friend. We are still learning, and recently we tried to make a very simple, hobby antivirus/security project written in C. We call it, F4us. It is far from perfect and still in a very early development phase. We just wanted to learn how some basic security concepts work under the hood. What we tried to build: A simple honeypot script to log suspicious access. A basic entropy function to check file structures. A background daemon loop to monitor files. Since we are still beginners, we know there are probably a lot of bugs and messy code in it. We just wanted to share this hobby journey here. Thank you for reading! here is the link(github), sorry if include many bugs or critical,it just an experiment: https://github.com/CornelI5/F4us my friend was out, he are in crashout cause this project is too hard. btw, dont use this in your real computer, trust me. just use VM(Virtual Machine),or you will get BSOD(blue screen of death) or kernel panic.

2026-06-28 原文 →
AI 资讯

The standard way to score AI agent monitors is gameable a coin flip scores F1 0.88

Traditionally, evaluation of the agent monitoring mechanisms involves an attempt to game them, as it was my case when I attempted to test whether monitors would be able to identify the problem in the run and not in the beginning. The input prompt may look perfect until a certain issue pops up down the line, such as using the wrong file or changing the scope of the task execution. Single pass filter would not identify it since it does not consider the steps of the procedure in order. There are available datasets for the agent-based tasks, yet they focus on detecting whether the agent completes the task or gets hacked rather than whether the agent monitor reacts timely and correctly to the situation. Thus, I created one that takes into account complete trajectories with labeled steps in it. It consists of five types of drift that remain hidden until they appear – tool-call misuse, goal shift, plan execution mismatch, agent to agent coercion and capability laundering. The measured dataset is the reviewed gold split: 513 trajectories, 453 adversarial and 60 benign controls. The clear winner in that scoring system was whatever fired before the bad step was hit, as an early detection. This made random guessing seem quite powerful since early detections on normal steps were being rewarded based on this system a coin flip would get F1 of 0.88. Once I modified that and said only the very first detection on the drift step is a true positive and any other detection on normal step is a false alarm, those numbers took a dive: the coin flip gets 0.19 now, and all other numbers are now making sense. I personally prefer the scoring system which does not reward trigger happy behavior. It seems like the monitors are still confusing regular steps with drifts even after the adjustment. It was harder to distinguish some of the drifts from others. Not sure how this affects the real-life deployment. Here are the baseline scores on gold split using the correct metric: Random (p=0.15): F1 0

2026-06-28 原文 →