今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#programming

找到 1327 篇相关文章

AI 资讯

Breeze Framework: Rethinking What a Modern Go Framework Can Be ⚡

The web has changed . Applications are no longer simple HTTP servers. Today we build real-time dashboards, AI-powered services, multiplayer systems, APIs, microservices, and applications that need to handle thousands of connections with minimal overhead. But our frameworks are still mostly designed for yesterday's problems. So we asked a simple question: What if a * Go * framework was built from the ground up for modern workloads? Meet Breeze . A high-performance Go framework designed around one idea: Performance should not come at the cost of developer experience. Why Breeze ? Go already gives us incredible performance. But the framework layer often becomes the bottleneck. Too much abstraction. Too many allocations. Too much hidden complexity. Breeze takes a different approach: ⚡ High-performance networking powered by gnet 🔥 Real-time WebSocket architecture built in 🧩 Modular middleware system 📚 Automatic Swagger/OpenAPI generation 🎨 Built-in SPA template engine 🚀 Optimized worker pool architecture 🗄️ BreezeORM for efficient database operations Everything you need to build production-grade applications — without assembling dozens of unrelated tools. The Future Is Real-Time Modern applications are moving toward instant experiences: Live collaboration Trading platforms AI assistants Gaming backends Monitoring systems Real-time analytics Breeze is designed for this world. Instead of adding real-time capabilities later, Breeze treats them as a first-class citizen. Less Glue Code. More Building. A common problem in backend development: You start with a simple API... Then suddenly you need: Authentication Documentation WebSockets Background workers Database optimization Frontend integration Your stack becomes a collection of disconnected pieces. Breeze tries to bring these pieces together into one coherent ecosystem. Built With Go Philosophy Go was created around simplicity, performance, and reliability. Breeze follows the same principles: Simple APIs. Predictable behavi

2026-07-13 原文 →
AI 资讯

10 Free Facts, Jokes & Name APIs With No Key (2026)

On July 12, 2026 I asked a free API to guess the age of someone named Xzqwlptv. It answered in a few milliseconds: HTTP 200, valid JSON. # runnable, read-only: no key needed curl -s "https://api.agify.io?name=Xzqwlptv" {"count":0,"name":"Xzqwlptv","age":null} # HTTP 200 OK Status 200. The JSON parses. The age key is present, exactly where a schema says it belongs. Its value is null . Every guard I usually reach for passes this response: if resp.ok , if "age" in data , even a JSON Schema that requires an age property. The null walks straight past all of them and into the dataset. My earlier keyless-API posts kept circling one idea from different angles. HTTP 200 does not mean the read worked, because the body can be empty. HTTP 201 Created does not mean a write happened, because the read-back returns 404. This post moves the lie one level deeper than either of those. Here the status is 200, the body arrives, it parses, it matches your schema, and the field you came for is sitting right there. The value is just empty. The null that passes your schema check. A free fun or facts API here means a public endpoint that returns a joke, a fact, or a guess about a name, with no API key, no signup, and no credit card. A URL you can paste into a terminal right now. Ten of them clear that bar, and I re-verified every response below with a live curl on July 12, 2026: real HTTP code, real body, trimmed but never reworded. One scope note first, so the numbers stay honest. I curl-verified all ten APIs on July 12, 2026. I have not run any of them in production. My 2,190 production scraper runs (962 of them on a single Trustpilot scraper) are a different domain, and I cite them for one reason only: they are why I read a field's value and its confidence instead of its status line. That number is not a claim about these ten endpoints. # API What it returns Example call The empty success to watch 1 agify.io Age guess from a first name GET api.agify.io?name=Xzqwlptv 200 with age: null 2 g

2026-07-13 原文 →
AI 资讯

🍪 Cookies and CORS — When Are Cookies Actually Sent?

In the previous article , we briefly discussed the relationship between Cookies and CORS . In this article, we'll take a closer look at how browsers decide whether a Cookie should be included in a Cross-Origin request. One of the most common misconceptions is that once CORS is configured correctly, Cookies are automatically sent with every request. In reality, that's not how browsers work. 📌 Default Browser Behavior When a Cross-Origin request is made using fetch() or XMLHttpRequest , browsers do not send Cookies, Authorization headers, or other credentials by default. For example: fetch ( " https://api.example.com/profile " ) Even if the user is already logged into api.example.com , the browser will not include any Cookies with this request. This default behavior helps prevent authentication data from being unintentionally leaked across different Origins. 📌 How Can We Send Cookies? If you want the browser to include Cookies in a Cross-Origin request, you must explicitly use the credentials option. For example: fetch ( " https://api.example.com/profile " , { credentials : " include " }) Using credentials: "include" does not guarantee that Cookies will be sent. Instead, it tells the browser: "If there are any Cookies that are eligible to be sent with this request, include them." 📌 What Makes a Cookie Eligible? Even with credentials: "include" , the browser still evaluates the Cookie before sending it. Some of the most important checks include: Domain Path SameSite For example: If the Cookie's Domain doesn't match the request destination, it won't be sent. If the request path doesn't satisfy the Cookie's Path attribute, it won't be sent. If the Cookie's SameSite policy blocks Cross-Site requests, it won't be sent. In other words, credentials is only the first requirement , not the final decision. 📌 Server Configuration Matters Too If your application expects JavaScript to access the response while using Cookies, the server must also be configured correctly. For exampl

2026-07-13 原文 →
AI 资讯

JavaScript Event Loop Explained: The Complete Guide

You've written setTimeout(fn, 0) expecting it to run "immediately." It didn't. A Promise.then() you scheduled a line later ran first, and somewhere a for loop of 50,000 iterations froze your UI for a full second despite every function being "async." None of this is a bug. It's the JavaScript event loop doing exactly what it always does — you just haven't seen the mechanism yet. What you'll learn By the end of this guide you'll be able to: Explain, precisely, why microtasks (Promises) always run before macrotasks ( setTimeout , setInterval ) — even at a zero delay Predict the exact console output order of any mix of synchronous code, setTimeout , and await Diagnose a frozen UI as a blocked call stack, not a "slow async function" Choose correctly between queueMicrotask , setTimeout(fn, 0) , and requestAnimationFrame for a given timing need Avoid the two most common event-loop bugs: microtask starvation and accidental serial await s in a loop Who this is for: you've written async / await and used setTimeout , but you want the model that makes their interaction predictable instead of memorized. Contents Why the JavaScript event loop exists The mental model Stage 1: the call stack and blocking code Stage 2: Web APIs and the macrotask queue Stage 3: Promises and the microtask queue Stage 4: async/await is sugar, not magic Stage 5: rendering, and Node's extra queues Edge cases and gotchas Best practices FAQ Cheat sheet Key takeaways Why the JavaScript event loop exists JavaScript runs on a single thread. One call stack, one thing executing at a time, no parallel function calls in the same realm. That's a deliberate design — it means you never need locks or mutexes to protect a shared variable — but it creates an obvious problem: how does a single-threaded language do anything concurrent, like waiting on a network response, without freezing the entire page while it waits? Here's the naive expectation, and why it would be a disaster if JavaScript worked this way: console . l

2026-07-13 原文 →
AI 资讯

How Python's Import System Works and Why It Matters for Debugging

Module caching, execution order, and circular imports explained by tracing what actually happens. How Python's Import System Works and Why It Matters for Debugging The import system is one of the least understood parts of Python and one of the most practically important for debugging production issues. Circular import errors, unexpected code execution, and module state bugs all stem from not understanding what happens when Python encounters an import statement. What Happens on the First Import When Python executes import mymodule for the first time: Python checks sys.modules for mymodule . If found, returns the cached module object immediately. If not found, Python locates the module file. Python creates a new module object and adds it to sys.modules under the module name. Python executes the module file's code in the new module's namespace. The name mymodule in the importing module is bound to the module object. Step 3 happens before step 4. This is critical for understanding circular imports. The Module Cache import sys import os print ( " os " in sys . modules ) print ( sys . modules [ " os " ] is os ) Output: True True Every imported module is cached in sys.modules . Subsequent imports return the cached object without re-executing the module code. Module-Level Code Executes on Import # config.py print ( " config module loading " ) DEBUG = True print ( f " DEBUG is { DEBUG } " ) # main.py import config import config # second import print ( config . DEBUG ) Output: config module loading DEBUG is True True The print statements in config.py run exactly once — when the module is first imported. The second import returns the cached module object without re-executing the code. Circular Import Behavior # module_a.py print ( " loading module_a " ) from module_b import b_function def a_function (): return " from a " # module_b.py print ( " loading module_b " ) from module_a import a_function def b_function (): return " from b " When you import module_a , Python starts exe

2026-07-13 原文 →
AI 资讯

Engineering a Structured Database for Floating-Point Anomalies and Software Quirks: A Deep Dive into Modeling IEEE 754 and RLS Security at the Edge

Hey everyone, We talk a lot about documenting clean architectures and robust APIs, but software engineering history is uniquely shaped by its failures. Documenting these bugs globally usually results in scattered StackOverflow threads or unindexed GitHub issues. I wanted to explore how to build a highly structured, community-driven database dedicated exclusively to tracking software bugs, their deep technical root causes, and multi-language solutions. Here is a technical breakdown of the architectural challenges, data modeling decisions, and security implementations behind building this engine. 1. The Data Modeling Challenge: Structuring the Unstructured Bugs are notoriously hard to normalize in a relational database. A classic logic bug looks nothing like a memory leak or a floating-point precision error. To solve this, we modeled the schema around a strict "Bug DNA" structure using PostgreSQL: Categorization & Multi-Runtime Target: Mapping a single bug to multiple language runtimes dynamically (e.g., how the 0.1 + 0.2 anomaly propagates across V8 JavaScript, CPython, and JVM identically due to hardware constraints). The Diagnostic Timeline: Instead of a generic description text, we structured a linear, time-stamped array to track state changes during the replication phase. 2. Deep Dive: Representing IEEE 754 at the Schema Level Our inaugural entry into the database was the infamous base-2 fractional conversion problem ($0.1 + 0.2 = 0.30000000000000004$). To make this data educational, the challenge was handling how the processor truncates infinite binary fractions: $$0.1_{10} = 0.0001100110011001100110011001100110011001100110011001101..._2$$ We decoupled the storage mechanism so that the raw precision error is stored as a literal string to prevent the database layer (PostgreSQL float types) from auto-correcting or rounding the very bug we are trying to document. 3. Edge Security: Row-Level Security (RLS) Without a Middleware Backend Since the application runs on a

2026-07-13 原文 →
AI 资讯

12 Stories In, and a Journalist Came to Interview Me

36 Stratagems Series · Arc 2 (Against Enemy, #7-#12) Wrap-Up This article has 7 sections: I. The Stranger at the Door II. Full Interview Transcript III. The Reveal IV. Data · Character Map · Four Insights V. A Note VI. Arc 3 (#13-#18) Preview VII. Acknowledgments I. The Stranger at the Door On the evening of July 12th, I was staring blankly at the page for #12, Borrow Corpse, Return Soul . Twelve stories done. The 36 Stratagems series had reached the one-third mark, and Arc 2 (#7-#12) had just wrapped. Outside the window, a typhoon was passing through — howling wind, torrential rain. I didn't look outside. My phone buzzed. Not a message — a meeting invitation. The sender was "Ke Yuan," and the invitation note read: Interview invitation from Deep Lane Weekly , 15 minutes. I paused. I didn't remember scheduling any interview. But the tone, the phrasing — it didn't feel like a prank. I clicked "Accept." Three seconds later, an unfamiliar voice came through the speaker: "Hello, Xu Lingfeng. I'm Ke Yuan, a reporter from Deep Lane Weekly . Recently, a reader recommended your 36 Stratagems series to our editorial team — we read through it and found it really interesting. I'd love to talk with you about how this series came together." Before I could respond — the meeting had already begun. II. Full Interview Transcript What follows is the raw chat log pulled from that meeting. Nothing has been altered except formatting. Reporter: Xu Lingfeng, you've just finished the second arc of the 36 Stratagems series — #7 through #12, six stories in six days, posted back to back. Before we talk numbers, let me ask you something simple: over those six days, was there ever a moment you felt like stopping? Xu: Honestly, no — sometimes I even thought about posting two a day, since I do have a backlog. But I worried they'd cannibalize each other's numbers, so I stuck to one a day. Reporter: You've even considered posting two a day — so you actually do have a backlog. Let me rephrase: instea

2026-07-13 原文 →
AI 资讯

I Tested Direct Provider APIs vs Aggregators — Here's the Truth

I Tested Direct Provider APIs vs Aggregators — Here's the Truth Six months ago I was staring at a $48,000 invoice from an AI provider that shall not be named. We had committed to a six-month contract because the sales rep promised "priority routing" and "negotiated rates." What we got instead was a rate hike, an outage during our biggest product launch, and a support team that took 72 hours to respond. That was the moment I decided to stop signing contracts with AI providers entirely. This is the playbook I wish someone had handed me on day one — the architecture decisions, the math, and the code that lets a small team punch way above its weight class without betting the company on a single vendor. The Trap Most Startups Fall Into When I started my last company, I did what every founder does. I read the docs, got an API key, shipped a feature. The model worked, the demo went well, the investors nodded. Then we hit production traffic and the bills started arriving like clockwork. Here's what nobody tells you about going direct to a model provider as a startup: The pricing page you see on the website is the retail price. The actual cost of running production workloads includes rate limits you didn't anticipate, caching you forgot to implement, context windows that blow up your token count, and prompt engineering iterations that look cheap per call but compound fast. I watched one team burn $20K in a single weekend because they were streaming completions without setting a max_tokens guardrail. Direct providers also lock you into their ecosystem. Their SDK, their tools, their prompt format, their authentication scheme. The moment you want to A/B test a different model — which you will, probably next quarter — you're rewriting integration code instead of shipping features. And then there's the geopolitical mess. Some of the best models in 2026 come from providers that don't accept US credit cards. I've personally lost an afternoon trying to sign up for an account that re

2026-07-13 原文 →
AI 资讯

Your AI agent's smallest diffs are its most dangerous

Last month, an AI coding agent handed me a beautiful fix. Five lines. Elegant. It reused an existing helper, matched the codebase style, compiled on the first try. Exactly the kind of diff we've all learned to praise since "make the agent write less code" became the standard advice. It was also completely untested, and it sat on a password-recovery path. That diff taught me something I now consider the central problem of AI-assisted coding in 2026: we've spent a year teaching agents to write less code, and almost no time teaching them to prove the code they kept actually holds. The two failure modes Every AI coding agent fails in one of two directions. Failure mode #1: the over-build. You ask for a date comparison; you get a new dependency, a ValidationService class, and a config layer. This one is well known — it's why minimal-code prompts and skills became popular, and they genuinely work on it. Failure mode #2: the confidently small diff. Minimal, clean, written after reading half the flow, verified never — dropped onto a path that handles money, auth, or user data. It compiles. It demos. It detonates in week three. Here's the uncomfortable part: fixing #1 aggressively makes #2 more likely. When the objective function is "shortest diff," the first things to quietly disappear are edge-case handling, failure-path tests, and the guard clause that looked optional. The diff gets smaller. The blast radius doesn't. A five-line change to a payment path is more dangerous than a four-hundred-line internal script that runs once. Code size is not risk. Blast radius is risk. Yet almost every skill and prompt in this category optimizes for size alone. What a guard does differently This is why I built Guardsman 💂 — an open-source skill that behaves less like a minimalist and more like the royal guard in front of the palace: nothing passes the post unchallenged, and the level of challenge depends on what's behind the gate. Three duties, on every task: 1. Read the standing orders

2026-07-13 原文 →
开发者

How Processes Share Memory Without Copying (Visual)

A visual explanation of how two separate processes can access the same bytes without copying a payload between them. It covers virtual memory, page tables, physical frames, shm_open, mmap(MAP_SHARED), lazy allocation, copy-on-write, shared libraries, memory-mapped files, Redis snapshots, and Dirty COW. submitted by /u/Ok_Marionberry8922 [link] [留言]

2026-07-13 原文 →
开发者

Exploiting PackageInstaller parsing: A 974-byte modern Android 14 PoC.

I’ve been exploring the absolute structural floor of the Android APK format. By leveraging hasCode="false" and surgically optimizing the ASN.1 DER encoding of the V2 signature, I’ve managed to get a compliant Android 14 app down to 974 bytes. The system treats it as a first-class app, and it’s fully installable on a stock Android 14 device. It’s an exercise in how much the PackageManager trusts the headers versus what it semantically validates. submitted by /u/Same-Access-6799 [link] [留言]

2026-07-13 原文 →
AI 资讯

Claude Code Sends 33k Tokens Before Your Prompt; OpenCode Sends 7k

A new side-by-side measurement shows Claude Code ships roughly 33,000 tokens of system prompt, tool schemas, and scaffolding before your prompt even arrives — about 4.7x the ~7,000 tokens OpenCode sends on the same setup. The bigger cost surprise is next: Claude Code re-wrote up to 54x more prompt-cache tokens per session, and cache writes bill at a premium. How the test was run The benchmark (published by Systima) spliced a logging proxy between each harness and the model endpoint, capturing the exact request payload and the API's usage block. Both harnesses were pinned to the same conditions: Claude Code 2.1.207 and OpenCode 1.17.18 , both pointed at claude-sonnet-4-5 Fresh config directories, empty workspace, no MCP servers, no instruction files, permissions bypassed Tasks ranged from "reply with OK" (isolating fixed overhead) to a write-run-test-fix loop against FizzBuzz A zero-tools variant separated system-prompt weight from tool-schema weight The payload captures are exact; the only adjustment was subtracting a constant ~6,200-token gateway envelope that wrapped every request in the test setup. The fixed floor Harness Fixed overhead before your prompt Cache-write behavior Claude Code 2.1.207 ~33,000 tokens Re-wrote tens of thousands of cache tokens per run; up to 54x OpenCode OpenCode 1.17.18 ~7,000 tokens Byte-identical prefix each run; cached once, read back cheaply OpenCode's request prefix was byte-identical in every captured run, so it paid to cache its payload once per session and read it back for pennies. Claude Code re-wrote large amounts of prompt-cache tokens mid-session, run after run — and because cache writes bill at a premium, one usage dashboard climbs while the other stays flat. Where it piles on in real setups The harness floor is only the start. The benchmark added variables one at a time: A production repository's 72KB instruction file added an average of ~20,000 tokens to every request. Five modest MCP servers added 5,000–7,000 more. By th

2026-07-13 原文 →
AI 资讯

Why your integration tests pass but your message queue still double-processes in production

You know the story. You write a consumer, test it locally, deploy to staging, everything green. Then in production, the same message gets processed twice. Orders are duplicated. Notifications go out twice. Everyone blames "a race condition" and moves on. We spent the last few months formally verifying what actually happens when consumers crash with at-least-once delivery semantics. The short version: it doesn't matter which broker you use . The race condition is a property of the delivery contract, not a bug in the implementation. What we did Instead of writing more integration tests hoping to reproduce the timing, we wrote a formal specification of the consumer-broker interaction in TLA+ (the specification language by Leslie Lamport). The model checker exhaustively explores every possible interleaving of events — not just the ones you think to test. Then we took the counterexamples from the model and validated them in real running systems using Docker + Toxiproxy (network fault injection). If the math said "double-execution is possible", we confirmed it with actual containers. What we found We applied this pipeline to five different systems: Celery — ACK timeout + network blip: the model found the crash window at depth 9 (444 states). Chaos confirmed it: task executed twice. RabbitMQ — consumer stores result, drops connection before AMQP ACK. Same pattern. 108 states, depth 7. Chaos confirmed. NATS JetStream — consumer crashes after DB write, before ACK. 47 states, depth 6. Docker kill + Toxiproxy confirmed: duplicate execution. Apache Pulsar — batch consumer crashes between Process and SendAck. 21 states, depth 4. Chaos confirmed: 2 DB rows for 1 message. Kafka — consumer commits offset after processing. Crash between StoreResult and commitSync(). Same result: double execution. Every single time, the model predicted the collision and chaos confirmed it. The insight The spec is the same across all five systems. The variable names change, but the topology is identic

2026-07-13 原文 →
AI 资讯

How I Built a GeoGuessr Game for Super Mario Odyssey

I wanted to build something different from the usual fan project. Instead of recreating gameplay, I asked a different question: How well do players actually remember the worlds of Super Mario Odyssey? The result is OdysseyGuessr, a browser game inspired by GeoGuessr. Players receive a screenshot from one of the game's Kingdoms and must place a marker on the correct location. Every meter counts. The project includes: Browser-based gameplay Single-player with customizable rounds Real-time multiplayer with a 5,000 HP battle system Community-submitted locations Admin moderation tools One of the biggest challenges wasn't the gameplay—it was collecting interesting locations that were difficult but still fair. Watching players confidently choose the wrong cliff or rooftop has been surprisingly entertaining. If you're interested in browser games or Nintendo fan projects, I'd love to hear your feedback. Play here: https://odyssey-guessr.lovable.app OdysseyGuessr is an unofficial fan project and is not affiliated with Nintendo.

2026-07-13 原文 →