AI 资讯
I built a detention-pay calculator for truckers in a day — unglamourous niches beat another AI wrapper
Every "what should I build" thread on here is full of AI wrappers fighting over the same five SaaS founders. Meanwhile there's a guy sitting at a loading dock right now, doing arithmetic in his head, who is about to undercharge his broker by a few hundred bucks because nobody built him a 30-second tool. I built that tool. It's a free detention-pay calculator for truck drivers. This is the build log — the niche-selection, the single-file stack, and two decisions (an SVG gauge and a no-mail-service auth scheme) that were more interesting than the app deserves. I'm not a trucker. I build small free web tools for industries other may find unglamourous or not enticing enough. That honesty matters later. The problem (worth $2–6k/yr to one user) Truckers get a "free time" window at a dock — usually 2 hours. Past that, the broker owes detention pay (~$50–100/hr). Drivers leave an estimated $2,000–6,000/year of it unclaimed, mostly because the math + the paperwork is annoying enough to skip. So the spec wrote itself: In/out times + free hours + rate → dollars owed. Export a dispute-ready PDF they can email the broker. Work on a phone, no login, instant. Validating before writing a line The mistake I almost made: assume the niche is empty because I'd never heard of it. I checked. It is not empty — DockClaim ($49/mo, GPS tracking), Detention Buddy, a couple of $9.99/mo App Store apps, even a free email-gated web calculator or two. That killed my first instinct ("be the only one") but clarified the real wedge: everything is a paid app download or email-gated. The opening was a genuinely free, no-signup, instant web version that also generates the claim PDF. Not "the only detention tool" — the one with the least friction. I'll say more on why I'm careful about that claim at the end. Lesson: validate to find your angle , not just a go/no-go. "Crowded but all friction-heavy" is a fine market. The stack: one HTML file No framework. The whole app is a single self-contained .html — m
AI 资讯
5 side projects that would absolutely nail it on .Vegas
Most indie hackers I know spend an embarrassing amount of time on the naming part. We argue with ourselves over the perfect .com, eventually settle for some janky combo of words with random consonants ripped out, and ship a domain we secretly don't love. There's a quieter option a lot of builders haven't seriously considered: .Vegas. It's a geographic TLD, but it does NOT require you to be in Las Vegas or build anything Vegas-related. What it does give you is a TLD that sounds bigger than it costs, reads as memorable, and is still wide open in 2026. I went down a small rabbit hole this week looking at side-project ideas that would have an almost unfair head start on .Vegas. Here are five. 1. A weekend trip planner Domain: weekend.vegas or trip.vegas This is the lowest-hanging fruit and I'm honestly surprised nobody's built it yet. A tiny webapp that takes a Friday-to-Sunday window and spits back a fully booked itinerary: flight, hotel, two restaurant reservations, one show, one activity. Three clicks, done. Why it works on .Vegas: the domain is the elevator pitch. Nobody needs to read your tagline. The URL bar tells you what the product does. That's worth more than most landing-page copy will ever earn. 2. A bachelor/bachelorette party coordinator Domain: bach.vegas , party.vegas , last.vegas Group-trip coordination is genuinely awful. Splitwise + a group chat + a shared Notion doc + that one friend who keeps forgetting to Venmo back. There's room for a niche product here that handles the deposit splits, the "who's in for the cabana" upsells, and the inevitable last-minute flight changes. Why it works on .Vegas: the URL doubles as a tagline. You don't have to explain what kind of trip it's for. 3. A booking aggregator for shows and residencies Domain: shows.vegas , tonight.vegas Caesars, MGM, Live Nation, AXS, Vivid Seats, the venue's own ticketing system — finding a good show on a specific Tuesday night is a pain. A scraper-backed booking aggregator that's honest a
安全
Microsoft under fire for threatening security researcher with criminal investigation
A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.
AI 资讯
Hackers are trying to steal Signal users’ backups in new wave of phishing attacks
A new hacking campaign is trying to trick Signal users to give up their secret recovery key, which can be used to access online backups containing past messages.
AI 资讯
Stop Building AI Assistants. Build AI Firewalls.
Every week another "AI agent for X" launches. Email triage. Calendar coordination. Sales follow-up. PR reviewer. Slack monitor. Meeting summarizer. I've installed enough of them to see the pattern. Here's the dirty secret nobody mentions in the launch posts: These tools don't reduce your work. They multiply your notifications. Each AI tool is configured to be helpful by default. "Helpful" means: "I noticed this thing — here's a notification." Stack a dozen of those, and instead of one inbox to ignore you have twelve. The signal-to-noise ratio gets worse every time you add an AI to your workflow. The mainstream answer is "just configure each one." Sure. Spend four hours tuning notification settings every time you add a tool, and another four hours when one of them ships a "smarter notifications" update. That's not productivity. That's notification janitorial work disguised as setup. This is a structural problem. Not a configuration problem. The wrong question Every AI tool asks the same thing: "Is this important?" Wrong question. There is no objective "important." Importance depends on you, right now. A Stripe webhook is important when you're debugging a checkout flow. The same webhook is pure noise during a deep work block. A Slack message from your cofounder is critical at 11am Tuesday and irrelevant at 11pm Friday. The right question is: Is this urgent enough to interrupt me, right now, given what I'm doing? That's not a question any individual AI agent can answer. It's a layer above all your AI agents. None of them have the context. None of them know what the others are doing. None of them know how you're spending the next hour. So they all default to "I'll just send you a notification, you decide." Which is exactly the experience you have right now: drowning. What an AI firewall actually looks like I'm building that layer. It's called Klorn . Here's how it works in practice. Every signal — email, calendar invite, agent action, webhook, push from another tool — g
AI 资讯
Building a Japanese-First Read-Later PWA: From Pocket Shutdown to Launch
When Mozilla shut down Pocket in July 2025, I lost my favorite tool. Worse, none of the English alternatives (Instapaper, Readwise, Matter, Raindrop) had Japanese UI, and their article extraction was mediocre on Japanese pages. So I built one. It's called Readbox — Japanese-first, English-too, read-later as a PWA. Here's what I learned shipping it. The stack Next.js 15 App Router + TypeScript strict (no any ) Supabase (Postgres + Auth + RLS) Stripe (JPY + USD prices, locale-routed) Tailwind CSS Service Worker for PWA install + offline read Three things that bit me 1. Article extraction on Vercel serverless First attempt: Mozilla Readability + jsdom. Doesn't bundle on Vercel because of ESM compatibility issues and the 50MB serverless function size limit. I tried 6 approaches — Webpack externals, dynamic imports, edge runtime — none worked cleanly. Ended up using Jina Reader , which returns clean Markdown/HTML from any URL. Trade-off: third-party dependency, rate limits at scale. But it works today, and it's free. 2. Storing article body on-device I didn't want to host millions of articles' worth of HTML on Supabase (cost + privacy). Solution: extracted HTML lives in the browser's IndexedDB only (via Dexie); only metadata (URL, title, tags, read status) syncs to the server. Trade-off: cross-device sync of body content doesn't work seamlessly. Acceptable for a "read it later" workflow where you usually read on the device you saved on. 3. i18n routing — the silent sitemap killer For Japanese + English from one codebase: app/[locale]/ segment with /en prefix for English (default Japanese has no prefix, to preserve old URLs). Middleware detects cookie / Accept-Language and redirects accordingly. The gotcha (cost me a launch-day hour): middleware matcher excludes _next , api , image extensions — but if you forget .xml/.txt/.webmanifest , sitemap.xml and robots.txt get rewritten to /ja/sitemap.xml (which doesn't exist as a route → 404). Fix: export const config = { matcher
开发者
CrowdStrike and Google take down botnet used by hackers to target open source software developers
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.