今日已更新 328 条资讯 | 累计 20300 条内容
关于我们

标签:#pens

找到 1353 篇相关文章

AI 资讯

Why Serverpod? One Language for Your Entire Stack

Why this series I love writing clean architecture . Not because it looks nice in a diagram, but because it survives change — new requirements, new team members, and now, AI-assisted development , where you want boundaries an AI can respect and tests that catch it when it wanders. The problem in most Flutter stacks is the seam between app and backend. You write Dart on the client, then switch to a different language, a hand-written REST layer, DTOs that drift out of sync, and serialization bugs nobody notices until production. Serverpod removes that seam. You write Dart on the server too, and the client-server communication code is generated for you — type-safe, end to end. What is Serverpod? Serverpod is an open-source backend framework that lets you build the entire stack in Dart. Instead of context-switching between languages, your models, your API, and your database logic all live in one language. What you get out of the box: Endpoints — server methods your Flutter client calls directly. The communication code is generated, so there's no hand-written REST/JSON glue. An ORM — type-safe, statically analyzed database access with migrations and relationships. No raw SQL required. Code generation — define a model once; get serialization and client bindings on both sides automatically. Real-time data — streaming over WebSockets, managed for you. Auth — integrations for Google, Apple, and Firebase. The extras enterprises actually need — file uploads, task scheduling, caching, logging, and error monitoring. And on the "is this serious enough for production?" question: Serverpod says it's battle-tested in real-world apps and secured by over 5,000 automated tests, scaling from hobby projects to millions of users without code changes. That's exactly the property you want in an enterprise foundation. The architecture at a glance Here's how the pieces fit. A Serverpod project is generated as three packages: myapp_server → your backend: endpoints, models, business logic, DB my

2026-07-08 原文 →
AI 资讯

Routing Down Is Easy. Knowing When Not To Is Hard: Why Cheap Models Break Your Coding Agent

Disclosure: I maintain Lynkr , an open-source router whose design decisions this post explains. The failure modes described are patterns widely reported across router issue trackers and local-LLM forums — the examples are representative reconstructions, not captured transcripts. The problem is real either way; ask anyone who's routed a coding agent to a 7B model. Everyone who gets their first LLM router working does the same thing within the hour: point the expensive coding agent at a free local model and watch the bill drop to zero. Then the agent tries to edit a file. The graveyard of downgraded sessions If you browse the issue tracker of any Claude Code router — or r/LocalLLaMA on any given week — you'll find the same story in a hundred variations. The routing works perfectly. The session dies anyway. The killers, in rough order of frequency: 1. Malformed tool arguments. The agent decides to call Edit , and the model produces arguments that are almost JSON: { "file_path" : "src/auth.js" , "old_string" : "if (token) {" , "new_string" : "if (token && !expired) {" One missing brace. The harness rejects the call, the model retries, produces a different malformation, and you're three turns deep into fixing nothing. Frontier models emit structurally valid tool calls with boring reliability; sub-10B models do it most of the time — and "most of the time," at 30 tool calls per session, means every session breaks. 2. Stale string matching. Edit -style tools require the old_string to match the file exactly. Small models paraphrase from memory instead of quoting — they'll "remember" the line as if (token) { when the file says if (accessToken) { . The edit fails, the model re-reads the file, burns 2,000 tokens, tries again with a different paraphrase. This is the single most reported failure, because it looks like the router's fault and is actually a capability cliff. 3. Hallucinated context. Ask a small model to run tests and it may confidently call Bash with npm test -- --g

2026-07-08 原文 →
开源项目

🔥 langbot-app / LangBot - Production-grade platform for building agentic IM bots - 生产级

GitHub热门项目 | Production-grade platform for building agentic IM bots - 生产级多平台智能机器人开发平台/ Agent、知识库编排、插件系统 / Bots for Discord / Slack / LINE / Telegram / WeChat(企业微信, 企微智能机器人, 公众号) / 飞书 / 钉钉 / QQ / Matrix e.g. Integrated with ChatGPT(GPT), DeepSeek, Dify, n8n, Langflow, Coze, Claude, Gemini, GLM, Ollama, SiliconFlow, Moonshot, openclaw / hermes agent, deerflow | Stars: 16,733 | 33 stars today | 语言: Python

2026-07-07 原文 →
AI 资讯

The Session ID That Wouldn't Stop Changing

I was implementing a feature where the session container would track a lastActivity timestamp, updated on every authenticated request. Standard stuff. I wrote it, tested it locally with curl, and noticed something odd: I kept getting a new Set-Cookie header value on every response. Not occasionally. On every single one. A week later I was sending a pull request to mezzio/mezzio-session-cache . The Setup: Two Backends, One Session Our system had a constraint: two backend applications, written in different languages, sharing a single user session. One was the main PHP/Mezzio app. The other was a service in a different stack that needed to read from, and update the lastActivity timestamp on, the same session container. There are a few ways to make polyglot session sharing work. We landed on a shared cache backend (Redis) with a well-defined session structure. Both apps could read and write through their own libraries, as long as they agreed on the storage format and the cookie name. The session ID was the contract. That contract is the part that quietly broke. A Missing Escape Hatch My first instinct was the usual list of suspects. Was something calling regenerateId() in a middleware I didn't know about? Was there a logout being triggered somehow? Was a misconfigured cache layer evicting and recreating sessions? After a bit of digging through the call stack, I ended up in the library itself. And there it was: CacheSessionPersistence was regenerating the session ID whenever the session data changed . Not on login. Not on privilege escalation. On every write . That's when the real question hit me: why on earth would a library do that by default? Reading Code Before Changing It When you find behavior that surprises you in someone else's code, the wrong move is to immediately label it broken. The right move is to assume the maintainers had a reason, and find out what it was. The reason, in this case, is session fixation . Session fixation is a class of attack where an atta

2026-07-07 原文 →
AI 资讯

Validate Before You Build: The MVP Lessons I Learned the Hard Way

This is part of my work with 01MVP on OpenNomos — a project that helps founders validate ideas before building. The $0 Launch I once spent three months building a product. It had everything: authentication, payments, a polished UI, dark mode. I was proud of it. Launch day: 27 visitors. Zero signups. I had spent 90 days building and precisely zero days asking anyone if they wanted what I was building. I was solving a problem that existed only in my head. The Hardest Lesson The product wasn't bad. The code was fine. The UI was clean. The problem was that I never validated the core assumption: does anyone actually have this problem, and would they pay to solve it? This is the most common failure mode in indie hacking. You build something you think is cool, polish it to perfection, and launch to silence. The code was never the bottleneck. The validation was. What I Do Differently Now Talk to 10 people before writing code. Not surveys. Not landing page analytics. Actual conversations. "Would you use this? Would you pay for it? Why or why not?" Build a mockup, not a product. A Figma prototype or even a Google Form that simulates the core workflow is enough to test willingness to engage. Charge from day one. Free users will tell you nice things. Paying users will tell you the truth. If nobody will pay, the idea isn't ready. Kill fast. Most ideas fail. The goal isn't to make every idea succeed — it's to fail the bad ones quickly so you can find the good ones. Why This Matters More in 2026 In 2016, building a product was hard. You needed to know how to code, set up servers, handle deployments. The barrier to building kept bad ideas from being built. In 2026, Cursor writes your code, v0 generates your UI, and Replit deploys it. The barrier to building has collapsed to near zero. But here's the problem: AI can help you build anything. It cannot help you figure out what's worth building. The result is a flood of well-built products that nobody wants. The bottleneck shifted from

2026-07-07 原文 →
AI 资讯

"Swipe Cleaner: A Technical Deep Dive into On-Device Photo Privacy"

Disclosure: I write about projects in the OpenNomos ecosystem, including Swipe Cleaner. The Problem With Photo Cleaners Most photo cleaning apps have a dirty secret: your photos leave your device. They get uploaded to some server for "AI processing," "cloud analysis," or just because the developer didn't think about it. Swipe Cleaner takes the opposite approach. Everything happens on your iPhone. Not a single pixel leaves your device. Let me break down why that matters, and how it actually works under the hood. The Architecture Swipe Cleaner is built on three principles: 1. On-device processing, always. Image analysis, duplicate detection, and similarity matching all run locally using Apple's Core ML and Vision frameworks. No cloud roundtrips, no server costs, no privacy policy loopholes. 2. Tinder-style UX for decisions. You don't manage a grid of thumbnails and checkboxes. You swipe. Right to keep, left to delete. This isn't just a UI gimmick — it's a deliberate choice to reduce decision fatigue. When you have 3,000 photos to clean, you need flow, not friction. 3. Sandboxed storage access. The app requests permission for exactly what it needs. It doesn't ask for your entire photo library if you only want to clean screenshots. This is iOS privacy-by-design done right. Why On-Device Matters Now We're in a weird moment. AI capabilities are exploding, which means the temptation to "send it to the cloud for better results" is stronger than ever. But at the same time, Apple is pushing hard in the opposite direction — Private Cloud Compute, on-device ML, differential privacy. Swipe Cleaner aligns with where the platform is going, not where the industry has been. The Technical Trade-offs Local-first isn't free. Here's what you give up: Model size constraints. You can't run a 70B parameter vision model on an iPhone. The models need to be small, optimized, and ruthlessly efficient. No cross-device sync. Your cleaning decisions stay on one device. No cloud means no sync. For

2026-07-07 原文 →