AI 资讯
The Placebo Bug: Why Smart Developers Leave Mistakes in Their Code on Purpose
A few days ago, I was talking to a junior developer who was literally sweating bullets. He had just pushed a feature for a staging website that barely gets 500 users a month. But looking at his senior developer’s reaction? You’d think the guy was managing the infrastructure for Amazon’s Prime Day Sale. “Scale check kiya? What if 10,000 users hit this exact API at 3 AM? Refactor this logic.” The code was perfectly fine for their current requirement. But the senior dev had to find a flaw to justify his hierarchy. This is where the tragedy of modern software engineering begins, and a brilliant, toxic survival hack takes over: The Placebo Bug. What is a Placebo Bug? (The Strategic Distraction) When experienced developers realize that their managers or seniors have a habit of “kami nikalna” (finding faults just for the sake of it), they stop giving them perfect code. Instead, they intentionally leave a very small, harmless, and obvious mistake in the front-end or the script. Maybe an unaligned button. Maybe a funny typo in an error message (like writing “Succesfully” instead of “Successfully”). Maybe a massive padding that makes the UI look slightly weird. When the senior reviews the code, their eyes immediately light up. “Arey! Look at this alignment. Everything else is fine, but fix this button first.” The junior says, “Sorry, my bad. Fixing it right away.” Two minutes later, a new commit is pushed. The senior feels proud that they added value, the junior’s core complex architecture passes without unnecessary refactoring, and everyone goes home happy. It’s not good engineering; it’s human management. This is actually a very old trick in the tech world, famously known as “The Corporate Duck” story. Years ago, a game designer noticed that his manager always forced changes on every project just to prove he was the boss. So, the designer tried a hack: he put a totally random, funny Duck on the main character’s head. The manager reviewed it and said, “Everything looks perfe
开发者
Before I Waste Hundreds of Hours... Is This the Right Roadmap?
Advice for Learning Computer Science the Right Way Hi everyone, I'm feeling a bit lost and would really appreciate some advice. I want to learn programming, but I don't just want to learn HTML, CSS, and JavaScript and call it a day. I want to understand how computers actually work—things like operating systems, computer architecture, networking, memory, and the fundamentals of computer science. After doing a lot of research, I found this roadmap: https://roadmap.sh/computer-science My questions are: Has anyone here completed (or mostly completed) this roadmap? Is it a good path to build a strong computer science foundation? I also want to become a mobile app developer using React Native. Should I finish the entire Computer Science roadmap before I start learning React Native, or is there a better way to balance both? If you could go back to when you first started learning programming, what mistakes would you avoid? Since I'm studying full-time, what's the most effective way to learn? Should I just watch tutorials, take notes, and practice? Or is there a better study method? Finally, where can I find high-quality learning resources? I would prefer Arabic resources at the beginning because my English isn't very strong yet, but I'm okay with English resources if they're significantly better. I'd really appreciate any advice from people who have already gone through this journey. Thanks! submitted by /u/Asleep-Wafer-5665 [link] [留言]
开发者
Announcing TypeScript 7.0
submitted by /u/DanielRosenwasser [link] [留言]
科技前沿
HyWiki: Zero Markup Hypertext
This post is about Hyperbole's HyWiki package for knowledge management. I've been doing a deep dive into knowledge management and PKMSs, and in my research I've found that HyWiki offers the best of all worlds. It has a truly unique behavior compared to other PKMSs that allows it to obviate the bookkeeping involved with linking your notes together, and allows your curated knowledge to propagate into the rest of your Emacs, not just your siloed notes vault. submitted by /u/misterchiply [link] [留言]
AI 资讯
The API-First SaaS Manifesto: How to Architect a Production-Grade Application in 2026 Without Building Microservices
Every junior developer or solo software engineer falls into the exact same engineering trap: They conflate writing code with building a business. They spend their initial excitement phase setting up intricate user database authentication schemas, writing custom cron jobs for automated subscription reminders, or building heavy background pipelines just to resize a user’s uploaded logo image. By the time their local environment is "infrastructure perfect," weeks have passed. The momentum is gone, burnout sets in, and the repository is abandoned before ever tasting real production traffic. In 2026, computing power has completely shifted to specialized edge layers. Infrastructure has become commoditized. If you are wasting creative bandwidth trying to compete on backend pipelines instead of focusing entirely on your unique value proposition, you are systematically killing your startup. Here is the architectural matrix to decouple your operational infrastructure and shift to a lean, hyper-scalable API-first codebase. Part 1: The Production Infrastructure Decoupling Layer The golden rule of modern systems design is clear: Your application should only maintain two core pillars internally—your proprietary business logic and your core user state database. Everything else—from security to user tracking—is a solved problem that should be offloaded to third-party micro-services. Let’s look at the financial and time trade-offs of building versus outsourcing across critical technical vectors: Microservice Vector The Native Way (High Friction) The 2026 API Standard Launch Velocity Impact Merchant of Record Raw Stripe API + Custom Tax Calculators Lemon Squeezy / Paddle Saves 5 days of legal & accounting setup Feature Rollouts Custom Postgres feature-flag logic loops GrowthBook / LaunchDarkly Zero deployment overhead for major pivots Customer Feedback Manual tables + Admin CRUD boards Featurebase API Instant roadmaps directly inside frontend Media Compression AWS S3 triggers + Edge
开发者
Decoding the obfuscated bash script on a Uniqlo t-shirt
submitted by /u/mitousa [link] [留言]
开发者
Just Keep At It: A Decade at Mozilla
submitted by /u/eqrion [link] [留言]
AI 资讯
Day 02: The Terminal, Shells & File Systems
🎯 Learning Objectives Understand the interface boundary between Terminal Emulators and Shell Interpreters (including Windows Terminal vs. PowerShell vs. CMD). Master File System path tracking, hidden dotfiles, and essential CLI utilities. Map system execution paths via global and local environment configurations. 1. Terminal vs. Shell (The Windows Architecture) Terminal: The visual GUI wrapper. A window application that captures keyboard strokes, handles GPU text rendering, and manages tabs/panes. Examples: Windows Terminal, iTerm2, Alacritty. Shell: The command interpreter engine running inside the terminal. It evaluates text strings, processes scripts, issues system calls ( syscalls ), and interacts with the OS Kernel. Examples: PowerShell, Bash, Zsh, Command Prompt (CMD). ┌────────────────────────────────────────────────────────┐ │ WINDOWS TERMINAL GUI (The Visual Interface Window) │ │ │ │ │ ├───► Tab 1: [ PowerShell Core Engine (Modern) ] │ │ ├───► Tab 2: [ Command Prompt Engine (Legacy) ] │ │ └───► Tab 3: [ WSL Ubuntu Linux Bash (Core) ] │ └───────────────────────────┬────────────────────────────┘ │ Raw Text & Input Streams ▼ ┌────────────────────────────────────────────────────────┐ │ SHELL INTERPRETER (e.g., PowerShell / CMD) │ │ └───► Parses input string commands into system tasks │ └───────────────────────────┬────────────────────────────┘ │ System Call (Syscall) ▼ ┌────────────────────────────────────────────────────────┐ │ OPERATING SYSTEM KERNEL │ │ └───► Interacts directly with underlying hardware │ └────────────────────────────────────────────────────────┘ 2. Deep Dive: PowerShell vs. Command Prompt (CMD) While both are Windows shells hosted inside Windows Terminal, they belong to entirely different computing eras: Command Prompt ( cmd.exe ): A legacy text shell maintained purely for backwards compatibility with 1980s MS-DOS. It pipelines data as Plain Text Only , meaning outputs must be manually string-filtered. PowerShell ( pwsh.exe ): A modern, cros
AI 资讯
Keeping context and decisions consistent across parallel AI agents
You start the morning with four Claude Code agents running, each in its own git worktree, each on a separate task. By mid-afternoon something is off. One agent has re-implemented a helper another already wrote. A second built against an interface that a third changed an hour ago. A fourth made a naming choice that contradicts a decision you made — out loud, to yourself — at 9am. Every diff is reasonable on its own. The system they add up to is not. This is the failure mode that shows up the moment you go from one agent to several. The code each agent produces is fine. What drifts is everything between the agents: the decisions, the conventions, the current shape of the interfaces they all depend on. Running the agents in parallel is the easy part. Keeping them coherent is the hard part, and it's a different problem. Why parallel agents drift An agent's context is per-session. Each Claude Code instance has its own context window, populated by what it has read and done in that session. Nothing about that window is shared with the agent running in the next worktree. There is no common memory they all write to and read from. So when agent A decides "we use the repository pattern for data access," that decision exists in exactly two places: agent A's context, and your head. Agent B never hears about it. Three kinds of state cause the drift, and they're worth separating because they need different handling: Decisions already made. Architecture, naming, conventions, the approach you settled on for a cross-cutting concern. These are durable — once made, they should bind every agent, including ones you spawn tomorrow. The current contract. The shape of the interfaces, types, and APIs that agents share. This changes during the work: agent A edits a signature, and agents B and C are now building against a version that no longer exists. What's in flight. Who is touching which files right now. Two agents editing the same module in separate worktrees won't see each other until th
开发者
Approximating Floating-Point Addition Using The Geometric Mean [PDF]
submitted by /u/self [link] [留言]
开发者
Unicode's Transliteration Rules Are Turing-Complete
I've been wondering for a while if anything in Unicode could accidentally compute. It turns out that UTS #35 transliteration rules are Turing-complete. I show how to compute Collatz with just 3 rewrite rules running on stock ICU, shipped with every major OS. submitted by /u/Dull_Replacement8890 [link] [留言]
开发者
Optimization tales with CockroachDB: the slow list of users (part 4)
submitted by /u/broken_broken_ [link] [留言]
AI 资讯
GitHub's "Verified" commit badge isn't always the trust signal developers think it is
I recently read some interesting research on GitHub's Verified commit workflow. The issue isn't a break in Git, GPG, or commit signing itself, but rather how the Verified badge can be interpreted in certain edge cases. It's a good reminder that a cryptographically valid signature doesn't automatically establish the provenance or intent of a commit. Here's a technical breakdown covering how the trust model works, the affected scenarios, GitHub's response, and what maintainers can do to avoid relying solely on the Verified badge during code review. submitted by /u/NapierPalm [link] [留言]
开发者
How's Linear so fast? A technical breakdown
submitted by /u/Ordinary_Leader_2971 [link] [留言]
AI 资讯
AI Security Audit Checklist: 15 Vulnerabilities Claude Found in Production Code
Most web applications contain at least one vulnerability from the OWASP Top 10. A typical security audit takes 2-3 weeks and costs upward of $10,000. An LLM can compress the initial audit down to a few hours because it scans code for patterns rather than specific CVEs. Below are 15 vulnerabilities found while auditing production code with Claude. Each includes the vulnerable code, the fixed version, and a prompt to reproduce the finding. Classification follows OWASP Top 10 (2021). Order reflects frequency of occurrence: most common first. Methodology: how to run an AI security audit The audit consists of three passes. First, a broad scan: the LLM receives the entire project and looks for vulnerability patterns. Second, deep analysis: each identified pattern is verified in context (middleware, ORM, framework). Third, verification: manual review of every finding, because LLMs produce false positives. Prompt for the broad scan: Perform a security audit of this code. For each finding, include: 1. CWE ID and name 2. OWASP Top 10 category 3. Severity (Critical/High/Medium/Low) 4. The vulnerable code snippet 5. Attack vector -- exactly how an attacker would exploit this 6. Fixed code Ignore stylistic comments. Focus on security only. Start with injection attacks, then broken access control, then the rest. This prompt works because it defines the output structure and prioritizes categories. Without explicit instructions, the LLM mixes critical vulnerabilities with remarks about email validation. More on structured AI code review: AI Code Review Checklist . A03:2021 -- Injection 1. SQL Injection via string concatenation The most common finding. Shows up even in projects using an ORM, because developers switch to raw queries for complex filters. Vulnerable code: // API endpoint for user search app . get ( ' /api/users ' , async ( req , res ) => { const { search , sortBy } = req . query ; const query = ` SELECT id, name, email FROM users WHERE name LIKE '% ${ search } %' ORDER
AI 资讯
Article. Learning FlashAttention the hard way. When a loop is secretly associative?
I'm writing a short series of tutorials on FlashAttention, the algorithm that largely powers modern LLMs. The core idea is to spot the associative structure hiding in the loop. Once you see it, you get two things: you can fuse the passes (in the case of attention, it is huge, because it avoids ever materializing the score matrix) and split and recombine the work across GPU threads or any parallel processor. This post is about recognizing that structure. The stable softmax operation on a vector x (part of the attention kernel) is computed as follows: m = max_j x_j softmax(x)_i = exp(x_i - m) / Σ_j exp(x_j - m) Naively, you would write something like: # pass 1 — running max m = -inf for j in 0..N: m = max(m, x[j]) # pass 2 — denominator, needs the final m d = 0 for j in 0..N: d += exp(x[j] - m) # pass 3 — normalize for j in 0..N: y[j] = exp(x[j] - m) / d The trick is not to wait for the final max before accumulating the denominator. Carry both in a small state (m, d) and rescale d whenever the max moves. Here is what the online version of the algorithm above looks like: # one pass — carry (m, d) together m, d = -inf, 0 for j in 0..N: m_new = max(m, x[j]) d = d * exp(m - m_new) + exp(x[j] - m_new) # rescale, then add m = m_new # normalize (unchanged) for j in 0..N: y[j] = exp(x[j] - m) / d It turns out this is not a one-off trick. There is a whole class of "secretly associative" loops that you can parallelize by introducing the right carrier state. The tutorial goes into detail, shows a few examples of secretly associative operations, provides the algebraic formulation for those, and gives some tools to help you recognize secretly associative loops. Overview: Safe softmax, Welford's variance, and FlashAttention belong to the same class of secretly-associative operations The twisted monoid via transport of structure, why the max-rescale coupling doesn't break associativity Third Homomorphism Theorem as a test for whether any loop is secretly associative Numerical analys
AI 资讯
The need for new words/terms as the antidote to bad software
I'll preface to say I'm not at all a programmer, so pardon me for saying anything stupid The increasing amount of slop is no secret, and but software as a whole, be it plugins or apps or even whole operating systems, has become increasing plagued by a set of kinda-unrelated problems that feel like they fall under the same umbrella. I'll keep it short, so practical issues of efficiency, privacy, security, and long-term support, and then ethical issues of being human-made. I personally believe that we're in need of novel, widespread terms to be able to describe the kind of software that in principle does not have certain traits. I attached the link because I believe the term "open source" is analagous to what I'm talking about here. Everybody has an idea of what it means and entails, but it also doesn't mean that everything has to strictly follow it to a T, because it's just a word at the end of the day. It's a pledge to the user to abide by principles of being "Open Source," and I'm saying that we need new words that similarly serve as principles such as that of, optimization, long-term support, being human-made, etc. (It's kind of like how we have terms like organic, free-run eggs, free range eggs, and of course you would end up with having a bunch of terms that dont mean anything at all, but i'm confident that a few will emerge as "standards" in the same way the term open source is.) This could go hand-in-hand with maybe making it common practice to at least disclose the development process when publishing software. In (science) research, we're beginning to see the implementation of "AI Disclosures" to detail all such usage, to be published with the paper. surely practices like these should be encouraged in software development as well. I'm sure there are (smaller) discussions on what exactly should constitute as "best practices" to the people that care about such things, but I've yet to see mainstream terms that go beyond only vaguely describing what we dont like
AI 资讯
Experiences with Outlier
How is it going for you all working on projects for this platform? I’ve read that sometimes they ban you without even giving you a heads up, is that true? Also, I’d like to ask about the tests they give you for software projects before accepting you; are they actually very difficult? Do I need to have AI level problem solving skills or something similar to get accepted? How is the hourly pay working out? Is it truly hourly, and are deposits made weekly? Thanks for reading, everyone; I’m curious about remote work and want to get started. submitted by /u/ClarkKennedy929 [link] [留言]
AI 资讯
Squint Hard Enough: Attacking Perceptual Hashing with Adversarial Machine Learning
submitted by /u/lood9phee2Ri [link] [留言]
AI 资讯
The Em Dash Isn't the Tell — Your Comment Is
Two weeks ago one of my outdoor cats bit me. She's fine — healthy, pregnant, and deeply offended that I picked her up, but she needed flea medicine and I needed to confirm the pregnancy. (If anyone wants a kitten, I know a grumpy lady who has some.) My pinky swelled up, and typing went from "mildly error-prone" to "not happening." So I dictated this post. If you've ever looked at raw voice transcription, you know what that produces: one giant unpunctuated block with half the words wrong. My transcript literally claims "AI needed to put flea medicine on her." It was me. That's the kind of thing the AI is cleaning up. The ideas are mine. The argument is mine. The punctuation and clarification belongs to the machine, because the machine is better at punctuation than a transcript is. By the rules of the current discourse, you're now supposed to stop reading. That's the game, right? "Not reading this if it's AI-generated." "It has em dashes — slop." Let's deal with the em dash first, since it's apparently forensic evidence now. You can type one. Shift-Option-hyphen on a Mac. Windows-Shift-hypen on Windows. Writers were littering pages with them for a century before the first transformer shipped. Its little brother the en dash is everywhere too, and nobody has ever accused an en dash of being a robot. The em dash gets singled out for exactly one reason: it's a fast, cheap way to judge a piece of writing without engaging with a single idea in it. Zero effort, instant superiority. Remember that phrase — zero effort. It's coming back. Because real AI slop absolutely exists. Someone fires off one prompt, ships whatever falls out, never reads it, then farms for stars and upvotes. That's slop — not because a model was involved, but because no human was. Effort is the variable. The tool never was. Here's what the other end of the spectrum looks like. Hundreds of hours on a single project. I decide the architecture, the language, how it compiles, how it deploys. I fork the output