My Thoughts on the Bun Rust Rewrite
submitted by /u/simon_o [link] [留言]
找到 1338 篇相关文章
submitted by /u/simon_o [link] [留言]
submitted by /u/Successful_Bowl2564 [link] [留言]
submitted by /u/mostaptname [link] [留言]
On July 8, 2026 I looked up a barcode that does not exist. Eight zeros. I sent them to Open Food Facts, the largest open nutrition database on the web, and it answered HTTP 200. Green light. Then I read the body: "status":0 , "status_verbose":"no code or invalid code" . A success code wrapped around a total miss. Ten seconds of trusting the status line and I would have written that empty result into a calorie tracker as if it were food. That is the whole post. The list of APIs is the easy part. The hard part is that a keyless food API hands you a clean 200 and a wrong answer, and it does it a slightly different way on almost every endpoint. A free food API here means a public nutrition, ingredient, or recipe endpoint that returns JSON with no API key, no signup, and no card. Not a CSV dump, not a partner form, not a portal from 2012. A real REST call you can paste into a terminal right now. I found eight that clear that bar, plus three worth knowing that quietly lean on a shared key. I re-verified every one with a live curl on July 8, 2026 (real HTTP code, real body, trimmed but never paraphrased). If you build calorie trackers, meal planners, grocery tools, or an AI agent that answers "how much sugar is in this," these are the lookups you reach for. Every one of them can lie to you with a 200. Here is the uncomfortable finding before the list. Keyless nutrition data in 2026 is mostly one project. Open Food Facts and its sibling databases (Pet Food, Products, Beauty, Prices) are six of the eight entries below: five distinct databases on one shared engine, with Open Food Facts itself showing up twice because it fails two different ways. Only two entries, Fruityvice and Wger, are independent, and Wger re-imports its data from Open Food Facts anyway. That concentration is not a weakness of the roundup. It is the point. Because it is one engine, the data-quality traps below are systemic, not one-offs. Learn them once and they repeat across the whole family. Let me be st
The biggest losses in software history were, with one deliberate exception, not attacks. They were silent, correlated, self-inflicted — and they teach the exact risk autonomous AI agents are about to make expensive again. At 9:30 in the morning on August 1, 2012, Knight Capital Group was one of the largest trading firms in the United States, executing a sixth of all the volume on the New York Stock Exchange. By 10:15 it was, for practical purposes, finished. In those forty-five minutes a piece of its own trading software (not a hacker's, its own) fired more than four million unwanted orders into the market, accumulating roughly $7 billion in positions the firm never meant to hold and a loss of about $440 million by the time humans understood what their machine was doing. The cause, documented in the SEC's administrative proceeding, was almost insultingly small: a deployment that updated seven of eight servers. The eighth still carried a dormant piece of code called Power Peg, retired years earlier, and the new release reused the old feature flag that woke it up. No one attacked Knight Capital. The market data was accurate, the exchange functioned perfectly, and every system reported itself healthy while the company bled ten million dollars a minute. That shape (no adversary, no alarm, one change propagating everywhere at once) turns out to be the shape of almost every entry on the list below. We've written before about the biggest bug-bounty payouts in history , the ledger of what it costs when someone does attack. This is the other ledger, the bigger one: what software has cost when nobody attacked at all. Every figure below states what it counts, and comes from a primary or authoritative source (inquiry boards, SEC filings, statutory inquiries) linked at the end. The ledger 1. CrowdStrike outage (2024) — roughly $5.4 billion in direct losses to Fortune 500 companies alone (estimate). One faulty content update to the Falcon Sensor security agent blue-screened Windo
Everyone talks about the build. Nobody talks about what happens the week after, when you go to actually tell people it exists and discover every distribution channel has its own quiet gatekeeping you didn't know about until you hit it. Hacker News flagged my Show HN before it ever reached the front page. Not rejected — flagged, silently, likely because the account posting it was brand new with a self-promotional link and zero history. No warning, no explanation, just gone from /newest for anyone not specifically looking. Reddit was worse in a different way. r/webdev's AutoMod rejects any submission from an account under three months old with low karma — a hard gate, not a soft one, and it doesn't care which day you post or how you phrase it. r/SideProject let the post through technically, but Reddit's own spam filter quietly removed it minutes later, invisible to everyone except me looking at my own profile. X was just silence. Zero followers means the algorithm has no graph to push the post into. Four views, three of which were probably me refreshing. The one channel that actually worked was the one with the lowest bar to entry: writing. dev.to doesn't gate you behind account age or karma. You write something, it's live, and if it's genuinely useful, people find it — slowly, but for real. That's where actual engagement happened. The pattern underneath all of this: almost every high-leverage distribution channel is, by design, hostile to accounts with no history. That's not a bug — it's the exact mechanism that keeps those platforms usable, and it exists specifically to stop people doing exactly what I was trying to do: show up once with a link and leave. The system is working as intended. It just doesn't feel that way when you're the one hitting the wall. What's actually working, three weeks in, isn't a growth hack — it's writing things people search for, verbatim, and being patient about everything else building account history the boring way: showing up, commenti
Shared tool configurations drift when developers run local agents. Adding a new MCP server to a team setup usually fails to reach existing local configurations, leaving developers with outdated toolsets. We resolved this in our latest CLI release by introducing stateful configuration back-filling. The update merges new servers into local environments while preserving custom developer adjustments. What's new Angular stack integration : Added frontend domain detection for angular.json and @angular/* packages in the /stack-set command. The oma-frontend skill now includes angular-rules.md to enforce standalone components, OnPush change detection, and signals. API evolution patterns : Added API lifecycle patterns based on the MAP framework to oma-architecture . This includes Sajaniemi's 11 variable-role taxonomy to guide naming rules in oma-refactor . Windows scheduling updates : The schtasks adapter now maps weekly cron ranges like 1-5 or lists like 1,3,5 directly to Windows task scheduler formats. Model validation : Added vendor validation to the schedule:add command. The CLI now rejects unknown models at registration time rather than failing during execution. Keeping local environments synchronized across diverse OS targets requires strict validation. These fixes ensure configuration changes flow correctly without disrupting developer-specific settings. What's fixed MCP server synchronization : Fixed an issue where SSOT servers added to .agents/mcp.json were only copied if .mcp.json was entirely absent. The CLI now reads the source of truth on every run and merges missing entries. Test execution reliability : Restructured the project root resolution tests to mock the filesystem walk. This isolates test runs from ambient files on CI runners and avoids false failures. Market diversity flags : Corrected the --diversity-threshold flag documentation to reflect that the default threshold is not enforced unless the flag is explicitly set. Cleaning up obsolete protocols reduc
Yo! what's up guys 👋🏻 Every developer👩🏻💻 has a different environment where ideas turn into...
Quick note before we dive in — I know I've been off track from the iOS/Swift series lately. I just...
The problem Doc references to a line number or function name break the moment code gets refactored. You write "see line 142 of foo.py " or "see calculateRefund() " in a design doc, then six months later the line has shifted or the function got renamed, and the reference just quietly points at the wrong thing (or nothing). Nobody notices until someone follows it and lands in the wrong place. The fix Anchor Pointing is a tiny text convention that swaps the location for a fixed ID. You drop an ID at the destination you want to be a durable reference target: ap.<21-char-base62-id>.E and reference it from anywhere else, docs, other code, tickets, with: ap.ref.<21-char-base62-id>.E Both are just literal strings, so resolving a reference is a plain text search: grep , ripgrep , GitHub code search, Sourcegraph, your IDE, whatever you already use. The ap.ref. prefix exists specifically so a search for the anchor itself never also matches its own references. Rules One anchor per ID (a single, unambiguous destination) Unlimited references pointing at that ID ID is 21-char base62, making collisions a non-issue with no central coordination Spec: https://github.com/nickolay-kondratyev/anchor-points/blob/main/ANCHOR_POINTS_SPEC.md Feedback welcome, especially if this already exists under another name and I've reinvented something. submitted by /u/ThorgBuilder [link] [留言]
Every API request needs to answer: who is this, and are they allowed? Session auth answers it by having the server remember every login. JWT answers it by making the client carry its own proof — no server memory needed. What's inside a token Header . Payload . Signature. Header and payload are just base64-encoded — readable by anyone, not encrypted. The signature is what matters: a hash of the header + payload, made with a secret key only the server knows. Change one character of the payload, the signature breaks, the server rejects it. Trust comes from the math, not from hiding the data. Client logs in with credentials Server verifies them, signs a token, sends it back Client attaches the token to every future request Server checks the signature — no database lookup Valid + not expired → request proceeds No session table anywhere. The auth state lives inside the token itself. The trade-off Can't instantly revoke a token — it's valid until it expires. Fix: short-lived access tokens + a revocable refresh token. Payload is readable, so never put sensitive data in it. Security comes from HTTPS + safe client-side storage, not secrecy. One-liner to remember it by Session auth: remember who logged in, check memory each time. JWT: remember nothing, verify the proof each time.
This is the second stage of my CodeAlpha Full Stack internship — two projects, built in a deliberate order so the patterns from the first carry forward. First was a project management tool (auth + real-time updates with Socket.io). This one is a store: products, cart, orders. Same stack — Express, Prisma, PostgreSQL, JWT — but the interesting part isn't the CRUD, it's the order-placement flow, which is the first genuinely transactional piece of logic in the whole internship. I'll walk through the schema decisions, the auth changes from project one, and then spend most of the time on the part that actually matters: making sure an order can never be created without correctly and atomically updating stock and clearing the cart. The schema model User { id String @id @default(cuid()) name String email String @unique password String role String @default("USER") createdAt DateTime @default(now()) orders Order[] cartItems CartItem[] } model Product { id String @id @default(cuid()) name String description String price Float image String? stock Int @default(0) category String createdAt DateTime @default(now()) cartItems CartItem[] orderItems OrderItem[] } model CartItem { id String @id @default(cuid()) quantity Int @default(1) user User @relation(fields: [userId], references: [id]) userId String product Product @relation(fields: [productId], references: [id]) productId String @@unique([userId, productId]) } model Order { id String @id @default(cuid()) status String @default("PENDING") total Float createdAt DateTime @default(now()) user User @relation(fields: [userId], references: [id]) userId String items OrderItem[] } model OrderItem { id String @id @default(cuid()) quantity Int price Float order Order @relation(fields: [orderId], references: [id]) orderId String product Product @relation(fields: [productId], references: [id]) productId String } Two decisions worth explaining, because they're easy to get wrong if you're building this for the first time. OrderItem.price is a
The first message ever sent across the network that became the internet was not a grand declaration. It was two letters: "LO" . Not a word anyone chose, not a slogan, just the first half of a login command that never finished because the system crashed. More than fifty years later, that accidental fragment is one of the best origin stories in computing, and it still has something to teach anyone building connected devices today. The night of 29 October 1969 At around 10:30 in the evening on 29 October 1969, a student programmer named Charley Kline sat at a computer in Leonard Kleinrock's lab at UCLA. His job was to log in to a second machine roughly 350 miles away at the Stanford Research Institute (SRI) in Menlo Park, California. The two computers were among the first nodes of ARPANET, the U.S. Defense Department research network that would eventually grow into the internet. Kline started typing the command LOGIN . To make sure the letters were arriving, he had a colleague at SRI on the phone confirming each keystroke. He typed L , and Stanford confirmed the L. He typed O , and Stanford confirmed the O. Then he typed G , and the SRI machine crashed. So the very first message transmitted over ARPANET was the truncated, unintentional "LO" . Kleinrock has enjoyed pointing out for decades that they could not have scripted anything better: the first word on the internet was "lo," as in "lo and behold." A little over an hour later, after the bug was fixed, Kline completed a full login, but the accidental version is the one history remembers. Why a crash matters more than a clean success It is tempting to treat "LO" as a cute footnote, but the crash is the useful part. ARPANET was not built to be reliable on day one. It was built to discover how to be reliable. Everything we now take for granted about networking, error handling, retransmission, acknowledgements, graceful recovery, exists because early links failed constantly and engineers had to design around failure rath
submitted by /u/Happycodeine [link] [留言]
submitted by /u/fagnerbrack [link] [留言]
Watch the fires burning on the far shore. Don't cross until they've burned themselves out. — The 36...
submitted by /u/Apprehensive_Knee502 [link] [留言]
Bad nextjs folder structure does not show up on day one. It shows up at month six when three developers search for the checkout form hook and find four copies. I reorganised a client dashboard after exactly that — this guide is the tree I use now on large App Router projects, why each folder exists, mistakes from my first Next.js apps, and the 10-second findability rule . Real folder tree — production-shaped layout my-app/ ├── app/ # routes only — thin pages │ ├── (marketing)/ # route group — shared layout, no URL segment │ │ ├── layout.tsx │ │ ├── page.tsx │ │ └── pricing/page.tsx │ ├── (dashboard)/ │ │ ├── layout.tsx │ │ └── orders/page.tsx │ ├── api/ # route handlers │ │ └── webhooks/stripe/route.ts │ ├── layout.tsx # root layout │ └── globals.css ├── components/ # shared UI — buttons, cards, shell │ ├── ui/ │ └── layout/ ├── features/ # business domains — colocated logic │ ├── auth/ │ │ ├── components/ │ │ ├── hooks/ │ │ └── actions.ts │ └── orders/ │ ├── components/ │ ├── api.ts │ └── types.ts ├── lib/ # server + shared utilities │ ├── db.ts │ └── env.ts ├── hooks/ # truly global client hooks ├── types/ # global TS types ├── data/ # static data, blog posts list └── public/ Routes live in app/ . Business logic lives in features/ . Generic design system pieces live in components/ui . That separation is the whole game. Why each folder exists Folder Purpose Do not put here app/ URLs, layouts, loading.tsx Fat business logic features/ Domain modules (orders, auth) Generic Button components/ui Reusable primitives Order-specific tables lib/ DB clients, env validation React components app/api Webhooks, REST edge cases Every form POST (prefer actions) Thin pages — route files under 40 lines // app/(dashboard)/orders/page.tsx — orchestration only import { OrderTable } from "@/features/orders/components/OrderTable"; import { getOrders } from "@/features/orders/api"; export default async function OrdersPage() { const orders = await getOrders(); return ( <section> <h1>Orders
A few days ago, I was talking to a junior developer who was literally sweating bullets. He had just pushed a feature for a staging website that barely gets 500 users a month. But looking at his senior developer’s reaction? You’d think the guy was managing the infrastructure for Amazon’s Prime Day Sale. “Scale check kiya? What if 10,000 users hit this exact API at 3 AM? Refactor this logic.” The code was perfectly fine for their current requirement. But the senior dev had to find a flaw to justify his hierarchy. This is where the tragedy of modern software engineering begins, and a brilliant, toxic survival hack takes over: The Placebo Bug. What is a Placebo Bug? (The Strategic Distraction) When experienced developers realize that their managers or seniors have a habit of “kami nikalna” (finding faults just for the sake of it), they stop giving them perfect code. Instead, they intentionally leave a very small, harmless, and obvious mistake in the front-end or the script. Maybe an unaligned button. Maybe a funny typo in an error message (like writing “Succesfully” instead of “Successfully”). Maybe a massive padding that makes the UI look slightly weird. When the senior reviews the code, their eyes immediately light up. “Arey! Look at this alignment. Everything else is fine, but fix this button first.” The junior says, “Sorry, my bad. Fixing it right away.” Two minutes later, a new commit is pushed. The senior feels proud that they added value, the junior’s core complex architecture passes without unnecessary refactoring, and everyone goes home happy. It’s not good engineering; it’s human management. This is actually a very old trick in the tech world, famously known as “The Corporate Duck” story. Years ago, a game designer noticed that his manager always forced changes on every project just to prove he was the boss. So, the designer tried a hack: he put a totally random, funny Duck on the main character’s head. The manager reviewed it and said, “Everything looks perfe
Advice for Learning Computer Science the Right Way Hi everyone, I'm feeling a bit lost and would really appreciate some advice. I want to learn programming, but I don't just want to learn HTML, CSS, and JavaScript and call it a day. I want to understand how computers actually work—things like operating systems, computer architecture, networking, memory, and the fundamentals of computer science. After doing a lot of research, I found this roadmap: https://roadmap.sh/computer-science My questions are: Has anyone here completed (or mostly completed) this roadmap? Is it a good path to build a strong computer science foundation? I also want to become a mobile app developer using React Native. Should I finish the entire Computer Science roadmap before I start learning React Native, or is there a better way to balance both? If you could go back to when you first started learning programming, what mistakes would you avoid? Since I'm studying full-time, what's the most effective way to learn? Should I just watch tutorials, take notes, and practice? Or is there a better study method? Finally, where can I find high-quality learning resources? I would prefer Arabic resources at the beginning because my English isn't very strong yet, but I'm okay with English resources if they're significantly better. I'd really appreciate any advice from people who have already gone through this journey. Thanks! submitted by /u/Asleep-Wafer-5665 [link] [留言]