今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#python

找到 607 篇相关文章

AI 资讯

Python vs C++ for Embedded Systems: When to Use Each

When you first step into the world of embedded systems, one of the earliest and most consequential decisions you will face is choosing a programming language. Two names come up more than any others: Python and C++. Both are powerful, both have passionate communities, and both are genuinely useful — but for very different reasons and in very different contexts. This article is not about declaring a winner. It is about understanding why each language exists in this space, what trade-offs you are actually making, and how to make a confident, informed decision for your next project. Understanding the Fundamental Difference Before comparing features, it helps to understand why these two languages feel so different at a deeper level. C++ is a compiled, statically-typed, systems-level language . When you write C++, you are writing code that gets translated directly into machine instructions. You manage memory manually. You control exactly when objects are created and destroyed. The hardware does precisely what you tell it to, nothing more and nothing less. This directness is both its superpower and its source of complexity. Python, by contrast, is an interpreted, dynamically-typed, high-level language . A Python runtime sits between your code and the hardware, managing memory automatically through garbage collection, resolving types at runtime, and handling a lot of bookkeeping so you don't have to. This makes Python wonderfully expressive and fast to write, but it introduces overhead that matters enormously on constrained hardware. The mental model to hold onto is this: C++ gives you control, Python gives you speed of development . Both are valuable. The question is which one your project needs more. Where C++ Shines in Embedded Systems 1. Bare-Metal and Resource-Constrained Environments If you are programming a microcontroller like an STM32, an AVR ATmega, or an ESP32 running its native SDK, C++ is almost always your primary language. These devices often have kilobytes —

2026-07-10 原文 →
AI 资讯

Pure ReAct is expensive and fragile. Sparsi lowers costs and increases reliability.

If you’ve built AI applications in production recently, you’ve probably hit the "Agent Wall." You build a ReAct agent, give it 10 granular tools (search, extract, route, format), a massive system prompt, and tell it to go to work. It feels like magic...until you look at your latency metrics and token bills. Today’s agents act as interpreters. They re-derive the exact same routines from scratch on every single request . They embed massive tool schemas and reasoning histories into every loop. It's slow, it's incredibly token-hungry, and occasionally, they hallucinate tool calls, drop constraints, or get stuck in endless reasoning loops. In a production environment, even occasional errors can be critical failures that waste time and tokens. The problem isn't the ReAct pattern itself. The problem is that we are forcing the LLM to orchestrate low-level, predictable logic that should be deterministic code. We got tired of paying the "reasoning tax" for sub-routines that don't need it. So, we built Sparsi —a framework for shifting complex logic out of your ReAct agent's prompt and into deterministic "Macro-Tools" built as DAGs (Directed Acyclic Graphs). The Macro-Tool Pattern There are two ways to use Sparsi: as an end-to-end solution for a specific task, or to create higher-level tools that plug into your existing agents. The latter is where the magic happens. Instead of giving your ReAct agent 10 tiny, flaky tools and hoping it chains them correctly, you build one highly reliable, deterministic Sparsi DAG to handle that specific sub-routine. You then expose that DAG to your agent as a single Model Context Protocol (MCP) tool. The overall agent still drives the conversation, but it delegates the heavy lifting to a reliable macro-tool. We chose the DAG architecture for three main reasons: Deterministic & Testable: The graph is made of plain code. You only run AI where natural language understanding is strictly required. Parallel by Architecture: Independent branches run co

2026-07-10 原文 →
AI 资讯

Progress Bar Is Not an API

When a CLI becomes useful, someone eventually tries to automate it. That is where a progress bar can quietly become a problem. For a person, this kind of output is helpful: Translating markdown files 12/40 30% docs/intro.md It tells me that the command is alive, how far it has moved, and which file it is working on. But when another system starts reading that same output, the progress bar stops being only a user interface. It becomes an accidental contract. That was the real problem behind one of the changes in Co-op Translator v0.20.0. The release added a Rich-powered CLI progress UI, but it also added structured translation events. At first, those may look like two separate improvements. They are really two surfaces for the same state: Rich output gives a person something readable, while structured events give integrations something stable. This article is about three things: First, why console output is tempting to parse. Second, how Co-op Translator separated the Rich UI from the event stream. Third, why that separation matters for CLI, Python API, MCP, and product integrations such as Localizeflow. The problem appears when logs become state Console output is written for people. When I run a translation command, I want a quick answer to a few practical questions: Is the command still running? Which stage is active? Which file is being processed? How much work is left? Did anything fail? A progress bar is good for that. It compresses the state of the run into something I can scan quickly. But a product integration needs a different kind of information. Imagine Localizeflow running Co-op Translator as part of a larger workflow. It does not only need to know that text was printed. It needs durable state: Which translation job started Which target language is active Which stage is running Which file completed Which file failed How many items are done Whether the run succeeded If all of that only exists inside console text, the integration has to parse human language

2026-07-10 原文 →
AI 资讯

Visualizing maintenance status on the site list — blue pulsing border for running, green solid for done

When you're running maintenance across several WordPress sites in sequence, a list view with text-only status doesn't make "which site is being processed now" or "which ones are already done" easy to spot at a glance. A client put it plainly: " Make it visually obvious in the list which sites are in maintenance and which are finished. " A colored border is the obvious move, but there are real choices to make. What colors? Where do we get the state from? When does the "done" mark go away? And — can we ship this without touching the backend? This post walks through those four calls and the minimal frontend-only implementation we landed on. Color picking — "red flashing" was the first thing we ruled out How do you make the running site stand out? The intuitive answer is "blinking red," but that got cut early. Multi-site maintenance runs are long . Having something blink red somewhere on screen the whole time is a fatigue source. We went with "a gentle blue pulse + a solid green border" instead: Running : blue #2563eb border + a soft pulsing box-shadow (2.2s ease-in-out) Done (within 24h) : green #10b981 solid border + a faint inset shadow @keyframes site-running-pulse { 0 %, 100 % { box-shadow : 0 0 0 0 rgba ( 37 , 99 , 235 , 0.4 ); } 50 % { box-shadow : 0 0 0 6px rgba ( 37 , 99 , 235 , 0 ); } } .site-running { border-color : #2563eb !important ; animation : site-running-pulse 2.2s ease-in-out infinite ; } @media ( prefers-reduced-motion : reduce ) { .site-running { animation : none ; } /* respect OS-level reduced motion */ } .site-completed { border-color : #10b981 !important ; box-shadow : inset 0 0 0 1px rgba ( 16 , 185 , 129 , 0.25 ); } The prefers-reduced-motion: reduce rule stops the pulse for users who have reduced-motion enabled at the OS level (often people with vestibular sensitivity). If you're adding motion to grab attention, this is essentially required. Zero backend changes — reuse the existing log stream To tell the list UI "this site is being processed

2026-07-10 原文 →
AI 资讯

Build an AI Changelog Generator in Python

Writing changelogs is one of those developer tasks that sounds simple until you are staring at a messy commit history. Some commits matter to users. Some are internal cleanup. Some are merge commits. Some are meaningful only if you already know the codebase. I built a small Python example that turns commit messages or git diffs into structured changelog JSON using Telnyx AI Inference. Code: https://github.com/team-telnyx/telnyx-code-examples/tree/main/changelog-generator-python What it does The Flask app exposes: POST /generate POST /generate/from-diff GET /changelogs GET /changelogs/<id> GET /health POST /generate accepts a list of commit messages: { "version" : "v1.4.0" , "repo_name" : "billing-service" , "commits" : [ "feat: add Stripe webhook retry with exponential backoff" , "fix: correct tax calculation for EU VAT exemption" , "docs: update API reference for invoice endpoint" ] } The app asks Telnyx AI Inference to return grouped changelog JSON with sections like: Features Bug Fixes Improvements Breaking Changes Documentation Other There is also a POST /generate/from-diff endpoint if you want to summarize a git diff instead of commit messages. Why structured output matters For a changelog tool, plain text is useful, but structured output is more flexible. If the response comes back as JSON, you can: render it in a docs site save it in a release database post it into a PR comment send it to Slack open a release-note review workflow let a human approve it before publishing The example stores generated changelogs in memory and gives each one an ID, so you can list recent changelogs or retrieve a specific one. Run it Clone the examples repo: git clone https://github.com/team-telnyx/telnyx-code-examples.git cd telnyx-code-examples/changelog-generator-python Create your .env file: cp .env.example .env Add your Telnyx API key: TELNYX_API_KEY=your_telnyx_api_key AI_MODEL=moonshotai/Kimi-K2.6 HOST=127.0.0.1 Install and run: pip install -r requirements.txt python app.py

2026-07-10 原文 →
AI 资讯

Ingeniería de Datos aplicada a la Biodescodificación: Presentando Bio-Mapping Engine 🧬

Ingeniería de Datos aplicada a la Biodescodificación: Presentando Bio-Mapping Engine 🧬 ¿Es posible aplicar ingeniería de datos de alta fidelidad a campos de conocimiento no estructurados? La respuesta es un rotundo sí. Hoy quiero presentarles Bio-Mapping Engine , un framework diseñado para resolver un problema clásico de la extracción de información: convertir literatura densa y desorganizada en una base de conocimientos semántica, estructurada y totalmente navegable. El Problema: El caos de la información no estructurada En campos como la Biodescodificación , la información suele residir en libros o archivos PDF donde los conceptos (síntomas, emociones, zonas anatómicas) están entrelazados de forma narrativa. Para un investigador o un desarrollador de herramientas de salud alternativa, extraer relaciones precisas entre un síntoma físico y su conflicto emocional mediante métodos tradicionales es una tarea manual, lenta y extremadamente propensa a errores. La Solución: Bio-Mapping Engine Bio-Mapping Engine no es un simple scraper . Es un motor de segmentación semántica y mapeo topológico. Su propósito es transformar un PDF bruto en un grafo de conocimiento estructurado en formato JSON, permitiendo realizar consultas multidimensionales con precisión quirúrgica. 🚀 Características Principales Segmentación Semántica Avanzada: Implementa un parsing topológico que distingue inteligentemente entre encabezados de síntomas, contenido emocional y el "ruido" estructural (como índices o números de página). Mapeo Relacional Multidimensional: Realiza una extracción de alta fidelidad a través de tres vectores fundamentales: Síntomas Canónicos: Estandarización de la nomenclatura de síntomas y condiciones. Jerarquía Anatómica: Mapeo inteligente que escala desde Sistemas $\rightarrow$ Regiones $\rightarrow$ Órganos. Arquetipos Emocionales: Extracción estructurada de modelos mentales y conflictos (ej. "Causa probable" , "Bloqueo emocional" ). Consultas Multi-Eje (CLI): Una potente inte

2026-07-10 原文 →
AI 资讯

Monitoring Python RQ jobs: what to watch and how to get alerted

RQ (Redis Queue) is a delightfully simple way to run background jobs in Python. That simplicity is also why teams under-monitor it: it just works, until a downstream API gets slow or a bad deploy ships, and jobs start failing in bulk — quietly. Here's what to watch and how to get alerted before a customer tells you. RQ failures don't announce themselves When a job raises, RQ moves it to the FailedJobRegistry and moves on. The worker keeps running; nothing crashes. If you're not looking at that registry, the failure is invisible — the same trap BullMQ, Celery, and every robust queue share. So the job is to reach into the queue's state and turn it into a signal. The four signals that matter for RQ Failure count / rate — jobs landing in the FailedJobRegistry over a window. Backlog — how many jobs are queued vs. being worked; is the worker keeping up? Latency — how long jobs take, and how long they wait before a worker picks them up. Worker liveness — are your workers actually alive and heartbeating? Where to read them RQ exposes queue and registry state directly: from redis import Redis from rq import Queue from rq.registry import FailedJobRegistry , StartedJobRegistry redis = Redis () q = Queue ( " default " , connection = redis ) queued = len ( q ) # backlog failed = FailedJobRegistry ( queue = q ) # failures started = StartedJobRegistry ( queue = q ) # in-flight print ( " queued: " , queued ) print ( " failed: " , len ( failed )) print ( " started: " , len ( started )) Poll this on an interval and store the series — a single snapshot hides the trend , which is the part that matters. For failures specifically, walk the registry to get the actual exceptions: for job_id in failed . get_job_ids (): job = q . fetch_job ( job_id ) print ( job . id , job . exc_info . splitlines ()[ - 1 ] if job . exc_info else "" ) Two gotchas: Group by exception, not by job. A thousand jobs failing with the same traceback is one incident. Normalize the message (strip IDs, timestamps, host

2026-07-10 原文 →
AI 资讯

Stop Using Raw WebDriver in Robot Framework

A lot of Robot Framework projects still look like plain Selenium scripts with .robot file extensions. Someone imports webdriver , creates driver = webdriver.Chrome() , then calls find_element and send_keys in Python helpers. Robot Framework runs the suite, but readable keywords, shared libraries, and consistent waits never show up in the tests. If you already use Robot Framework with SeleniumLibrary , you do not need the raw WebDriver API. SeleniumLibrary gives you high-level keywords. The Page Object Model gives you structure. Together they keep tests short and UI changes localized. We published a small MIT template that shows the layout: rf-seleniumlibrary-pageobject-template . It targets Sauce Demo — clone it, run four tests, fork the folder structure. What breaks when you mix in raw WebDriver driver = webdriver . Chrome () driver . find_element ( By . ID , " user-name " ). send_keys ( " standard_user " ) driver . find_element ( By . ID , " password " ). send_keys ( " secret_sauce " ) driver . find_element ( By . ID , " login-button " ). click () Fine for a script. Painful in a growing suite. Locators spread across helpers and test files. Waits become time.sleep(2) in one place and missing in another. You end up maintaining SeleniumLibrary and a parallel WebDriver stack. CI fails on a Tuesday night and you are not sure which path opened the browser. Before and after Before After driver.find_element(...).send_keys(...) Login With Valid Credentials ${VALID_USER} ${VALID_PASSWORD} Locators in every file LoginLocators.USERNAME in one module Ad-hoc sleeps wait_until_element_is_visible in BasePage.click() Two browser stacks One SeleniumLibrary instance per suite Four layers Layer Job Example Locators Selectors per screen login_locators.py BasePage Shared waits and actions click() , enter_text() Page library Screen keywords LoginPage.login() Robot test Scenario only Inventory Should Be Visible Folder layout in the repo: resources/locators/ → selectors pages/ → Python pa

2026-07-10 原文 →
开源项目

🔥 BigBodyCobain / Shadowbroker - Open-source intelligence for the global theater. Track every

GitHub热门项目 | Open-source intelligence for the global theater. Track everything from the corporate/private jets of the wealthy, and spy satellites, to seismic events in one unified interface. Hook an AI agent up to have it parse through data and find previously unseen correlations. The knowledge is available to all but rarely aggregated in the open, until now. | Stars: 9,650 | 30 stars today | 语言: Python

2026-07-09 原文 →
AI 资讯

Query SEC filings from inside Claude Desktop — Filingrail is now MCP-enabled

Filingrail now ships a first-party MCP server on PyPI: pip install filingrail-mcp . One install, one config block, and Claude Desktop — or Cursor, or Continue, or any MCP-compatible client — can query SEC filings as tools. No glue code. That's worth naming directly. Most SEC-data APIs ship a REST endpoint and stop. You write the agent integration yourself: parse the response, wire up the tool schema, handle auth headers. Filingrail ships the integration as a maintained package with the same update cadence as the underlying REST API. This post covers the setup, what you can ask once it's wired in, and the honest limits. I built both the API and the MCP server — I'll be upfront about that throughout. This post covers a data API that returns SEC-registered financial information. Nothing here is investment advice. Two ways to wire it in Option 1 — pip install filingrail-mcp (recommended) Install the package, add one block to your Claude Desktop config, restart. Filingrail's endpoints appear as tools. No separate service to run, no background daemon. Option 2 — RapidAPI MCP Playground tab (no local install) The Filingrail listing on RapidAPI has an MCP tab that generates a ready-to-paste config block. Same endpoints, same auth, zero install step. Either path gives Claude the same tools. Pick the one that fits your setup. Setup — the pip install path You'll need Python 3.10+ and a RapidAPI key. 1. Subscribe to Filingrail Go to the Filingrail RapidAPI listing and subscribe. Free tier is 50 calls/day, no credit card. Copy your X-RapidAPI-Key from the RapidAPI dashboard. 2. Install the server pip install filingrail-mcp 3. Add Filingrail to your Claude Desktop config On macOS: ~/Library/Application Support/Claude/claude_desktop_config.json On Windows: %APPDATA%\Claude\claude_desktop_config.json { "mcpServers" : { "filingrail" : { "command" : "filingrail-mcp" , "env" : { "RAPIDAPI_KEY" : "your_rapidapi_key_here" } } } } 4. Restart Claude Desktop Filingrail's endpoints appear a

2026-07-09 原文 →
AI 资讯

用 FROST 五维元模型构建可治理的多 Agent 系统:从零到一的代码教程

用 FROST 五维元模型构建可治理的多 Agent 系统:从零到一的代码教程 作者 :FROST Team 日期 :2026-07-09 主题 :代码教程 | 周四轮换 项目 :FROST + FROST-SOP 前言 2026 年,Agent 框架百花齐放——LangChain、CrewAI、AutoGen 各有各的好。但它们都有一个共同的盲区: 治理能力 。 当你的 Agent 系统从 1 个变成 10 个,从跑 Demo 变成跑生产,你会发现: 谁有权做什么?没有答案 这个决策是谁做的?无法追溯 Agent 越权了怎么办?事后才能发现 FROST(Fractal Runtime of Orchestrated Skills & Tasks)的 五维元模型 就是为解决这些问题而设计的。 今天这篇教程,我们用代码从零构建一个完整的多 Agent 治理系统。 FROST (教学框架)提供理论基础 → Gitee 仓库 FROST-SOP (工程平台)提供工程落地 → Gitee 仓库 一、五维元模型是什么? FROST V4.0 引入了五个核心维度,每个维度解决 Agent 治理的一个关键问题: 维度 模块 解决的问题 类比 武器 Armory Agent 有哪些能力? 武器库清单 任务 TaskRegistry 工作如何编排? 作战计划 事件 EventCatalog 发生了什么? 战场态势 平台 PlatformRegistry 外部资源在哪? 后勤补给 规则 RuleRegistry 什么能做/不能做? 交战规则 五个维度 各自独立又相互咬合 ——就像五角星的五个角,缺一个就不完整。 二、环境搭建 # 克隆 FROST 教学框架 git clone https://gitee.com/liao_liang_7514/frost.git cd frost # 安装依赖 pip install -r requirements.txt # 验证环境 python -m pytest test_core.py -v FROST 的设计哲学是 零外部依赖 ——核心只需要 Python 标准库。五维元模型的模块也遵循这个原则。 三、维度一:Armory(武器注册表) Armory 管理 Agent 所有能力的元数据。不是简单的方法注册,而是带元信息的 能力目录 。 from core.armory import Armory , SkillMetadata # 创建武器库 armory = Armory () # 注册一个技能(带完整元数据) armory . register ( SkillMetadata ( name = " summarize_text " , category = " nlp " , description = " 将长文本压缩为摘要 " , input_schema = { " text " : " string " , " max_length " : " int " }, output_schema = { " summary " : " string " }, cost_estimate = 0.002 , # 每次调用预估成本 latency_ms = 500 , # 预估延迟 tags = [ " summarization " , " compression " ] ) ) armory . register ( SkillMetadata ( name = " search_web " , category = " retrieval " , description = " 联网搜索获取最新信息 " , input_schema = { " query " : " string " , " top_k " : " int " }, output_schema = { " results " : " list[dict] " }, cost_estimate = 0.01 , latency_ms = 2000 , tags = [ " search " , " real-time " ] ) ) # 发现可用技能 nlp_skills = armory . discover ( category = " nlp " ) print ( f " NLP 技能: { [ s . name for s in nlp_skills ] } " ) # 输出: NLP 技能: ['summarize_text'] # 按标签发现 search_skills = armory . discover ( tags = [ " real-time " ]) print ( f " 实时技能: { [ s

2026-07-09 原文 →
AI 资讯

Pytest Pt1 - Fundamentals for Data Engineers

Pytest Fundamentals for Data Engineers Data engineering code is still software, and software that doesn't have tests is a liability. If you've ever had a production pipeline silently produce wrong numbers because a downstream transformation made an assumption about a column that changed upstream, you know the pain. Testing isn't just about "does the pipeline run" — it's about verifying that every transformation, every branch of logic, and every edge case behaves exactly as you expect. This post lays the groundwork for testing data pipelines with pytest. I'll cover why testing matters, the fundamental pattern every test follows, how to write your first tests and assertions, how to verify that your code raises the right exceptions, and how to mock external dependencies so your tests stay fast and deterministic. By the end, you'll have a solid foundation for writing unit tests that catch regressions before they reach production. Testing 101 for Data Pipelines If you're new to testing or have only ever written a few scripts, the core idea is simple: a test is a small piece of code that exercises another piece of code and checks that the result is what you expected. In pytest, that looks like a function whose name starts with test_ and which contains an assert statement. The Fundamental Pattern: Arrange, Act, Assert Almost every test follows three steps: Arrange – set up the input data and any necessary context. Act – call the function or method you want to test. Assert – verify the output is correct. For a data pipeline transformation, that might be: def test_clean_amount (): # Arrange raw_data = " 1,200.50 " # what you might get from a CSV # Act result = clean_amount ( raw_data ) # Assert assert result == 1200.50 clean_amount is a pure function — no file I/O, no database calls. It just takes an input string and returns a number. That makes it straightforward to test. Assert Raises: Expecting Exceptions Data pipelines often deal with invalid data that should trigger an

2026-07-09 原文 →
AI 资讯

2026 Technical Comparison: Stock & Forex Historical Market Data APIs – Capabilities & Integration Workflows

Introduction Fintech engineers building backtesting engines, live quote dashboards, and algorithmic trading pipelines repeatedly face consistent pain points with market data APIs: limited granularity on free tiers, disjoint real-time and historical endpoints, inconsistent protocol support, and fragmented cross-asset coverage. This neutral technical breakdown compares three widely adopted market data providers, evaluating native functionality and end-to-end integration patterns to streamline API vendor selection for backend and quant teams. Core Evaluation Criteria Data Granularity & Historical Depth: Support for tick, intraday, and daily bars plus long-term archived records across equities and FX Protocol Compatibility: Native REST batch query and WebSocket real-time streaming implementation Developer Operational Overhead: Rate limits, documentation completeness, and production integration complexity Comparative Overview Provider Value Propositions AllTick: All-in-one multi-asset market data API built for quant developers, delivering unified tick/intraday/daily historical archives and dual REST/WebSocket access with balanced pricing for individual builders and small teams. Bloomberg: Institutional-grade terminal API offering comprehensive cross-market depth, alternative datasets, and proprietary analytics; targeted exclusively at enterprise investment teams with high entry integration overhead and subscription costs. Alpha Vantage: Lightweight free-first REST API ideal for early-stage prototyping and educational use, lacking native real-time streaming and deep tick-level historical archives. Feature Comparison Matrix Metric AllTick Bloomberg Alpha Vantage Free Tier Rate Limits 100 requests/min, full tick granularity access No permanent free tier; limited trial enterprise access only 5 requests/min, restricted to daily/intraday bars Live Latency Average 170ms native WebSocket push Sub-10ms dedicated institutional line feeds Polling-only, minute-scale delayed refresh

2026-07-09 原文 →
AI 资讯

Collect VietQR Payments in Telegram Bots with AgentPay

The Problem: Why Most Telegram Payment Bots Fail You've built a Telegram bot that sells digital courses, takes coffee orders, or offers freelance services. Traffic is flowing. But when your bot tries to collect payment, you hit a wall: Payment gateways demand hefty setup fees and compliance audits You end up holding customer money in an intermediary account (legal liability) Settlement takes 3–5 days, frustrating both you and buyers Integration is a maze of webhooks, IPNs, and error handling A founder we know spent two weeks wrestling with Stripe's Telegram integration, only to discover the monthly fee ate 40% of his margins on $2–5 transactions. He needed something lighter, faster, and truly peer-to-peer. Enter AgentPay VN : an open-source Python SDK that lets your Telegram bot generate QR codes pointing directly to your bank account. No middleman. No holding funds. Just instant VietQR payments via the banking system Vietnameses already use daily. What Is AgentPay VN? AgentPay VN is an MIT-licensed Python SDK + MCP server that orchestrates VietQR payment requests. Here's the mental model: You create a payment request in your bot (e.g., "Customer ordered coffee for 50,000 VND") AgentPay generates a checkout URL with an embedded QR code Customer scans → pays → bank confirms settlement in seconds Your bot receives a webhook callback and fulfills the order The key: AgentPay never touches money . The QR points straight at your merchant bank account. A bank feed confirms settlement. You own the transaction end-to-end. Why Telegram + VietQR? Telegram has 180+ million users , with especially strong adoption in Southeast Asia. Vietnamese merchants already use banking apps (MB Bank, Techcombank, VCB) that natively support VietQR scanning. Your bot becomes a natural extension of their daily workflow: Customer receives a payment link in chat Opens the QR code (in-app or screenshot) Scans with their banking app (2–3 taps) Money clears to your account in minutes Bot auto-confirm

2026-07-09 原文 →
AI 资讯

Did you ever face "stale singleton httpx connection" and "cold-start connection problem" problem, Well I did tonight.

It is been while I am learning and build around FastAPI. So there is a project where I was thinking how to add this new feature over exiting one. Like what changes I need to make in database which need to be reflected in my backend and frontend. I already lunched the web locally. Problem started When I when back to the web and reload it it shows this error: ERROR: ConnectTimeout: Unauthorized 401. I was like what? Why? I thougth there is some issue with login endpoint or refresh token function. When i did some debugging and found some new information which is: "Either Supabase's edge/pooler (or OS, or an intermediate proxy/NAT) silently kills those idle connections server-side after some timeout but client-side pool doesn't know that." As I was doing nothing in become idle state so to save the resources server side silently close that particular connection. So I came back and try to connect it give this error. First thought come it my mind after this was there should be a way to automatically check this idle state and if user was in ideal state then create a new connection. Proposed Solutions After a while I come up with these solution: Calculate the Idle time: if it is more then server connection timeout then establish new connection. Retry logic: retry once on the specific connection errors. I thought this will work but This again give me error then this new issue I faced. Cold-start connection problem There is something call dual-stack (IPv4 and IPv6) networks and Happy Eyeballs is a network mechanism which automatically move to IPv4 connection if IPv6 fails. But supabase-py uses httpx and it doesn't support Happy Eyeballs. So in first try after the connection time out it try to establish IPv6 connection which is not routeable in most Pakistani ISPs and ultimately it fails and wait for timeout. There is no way to try it again for IPv4. So we have to do it manually. So this error help me to learn many thing in process. Share your thoughts.

2026-07-09 原文 →
AI 资讯

Applying SAST to Any Application (Without Sonar, Snyk, Semgrep, or Veracode)

Most "how to add SAST to your pipeline" articles gravitate toward the same four names: SonarQube, Snyk, Semgrep, Veracode. They're solid tools, but they're not the only options, and sometimes you can't use them — budget constraints, air-gapped environments, licensing restrictions, or simply wanting something lightweight that lives entirely in your repo. The OWASP Source Code Analysis Tools page lists dozens of alternatives across every language. In this article I'll walk through applying Bandit , a free, open-source SAST tool for Python, to a real sample application — from finding vulnerabilities locally to wiring it into a CI/CD pipeline with GitHub Actions. The same workflow (install → configure → scan → fail the build on high-severity findings → track results over time) applies almost identically if you swap Bandit for other OWASP-listed tools like Brakeman (Ruby), FindSecBugs (Java), Gosec (Go), or Horusec (multi-language). Why Bandit? 100% open source (Apache 2.0), maintained under the PyCQA org. No account, no server, no license key — it runs as a CLI or a library. Understands Python's AST, so it catches real logic patterns, not just regex matches. Easy to tune with a config file and inline # nosec suppressions. ## 1. The sample application Let's use a small Flask app with a few intentionally introduced vulnerabilities — the kind of thing that slips into real codebases under deadline pressure. # app.py import subprocess import sqlite3 import pickle import yaml from flask import Flask , request app = Flask ( __name__ ) DB_PATH = " users.db " @app.route ( " /ping " ) def ping (): host = request . args . get ( " host " ) # Vulnerable: command injection via shell=True result = subprocess . run ( f " ping -c 1 { host } " , shell = True , capture_output = True ) return result . stdout @app.route ( " /user " ) def get_user (): user_id = request . args . get ( " id " ) conn = sqlite3 . connect ( DB_PATH ) cursor = conn . cursor () # Vulnerable: SQL injection via strin

2026-07-09 原文 →