今日已更新 386 条资讯 | 累计 20358 条内容
关于我们

标签:#r

找到 17076 篇相关文章

AI 资讯

AI Is Not Replacing Marketers. It Is Replacing Marketers With No Taste.

There's a specific kind of marketer who should be nervous right now. Not the strategist. Not the writer with a point of view. Not the creative director who can look at forty options and know, instantly, which one is alive and which thirty-nine are furniture. The one who should be nervous is the marketer whose entire job was being a slow version of a machine. You know this person. Maybe you've been this person — most of us have, at some point, in some job. The one whose week was resizing banners, rewording the same caption in six formats, pulling a report nobody reads, and calling a meeting to discuss the meeting. Their output was never brilliant, but it was there, and for twenty years, "there" was enough. Volume looked like value. Busy looked like good. AI just ended that arrangement. Quietly, without a memo. The excuse economy is closing For most of modern marketing, mediocrity had excellent cover. A bad campaign could hide behind timelines. A weak idea could hide behind budget. "We didn't have the resources" was the most useful sentence in the industry, and everyone accepted it, because everyone was using it. Now a two-person studio in Amman or Manila or Medellín can produce, in an afternoon, what used to require a floor of people and a quarter of runway. The drafts are instant. The variations are infinite. The production bottleneck — the thing entire careers were built on managing — is basically gone. Which means the only thing left to judge is the thing that was always the actual point: is the idea any good? That question used to arrive at the end of a long process, softened by exhaustion and sunk cost. Now it arrives immediately, naked, on day one. There's nowhere for a bad idea to hide anymore, because there's no longer a six-week production schedule standing in front of it. What the machine actually can't do Here's what gets lost in the panic. AI can generate. It cannot choose. It can write you a hundred taglines. It cannot tell you which one will make a foun

2026-07-15 原文 →
AI 资讯

HTML Attributes

Getting Comfortable with HTML Attributes When I first started learning HTML, attributes felt like tiny details hiding inside the tags. I understood the basic structure of a webpage, but I didn’t fully understand why some elements had extra words like href, src, or alt. Over time, I realized attributes are what make HTML elements useful. They add meaning, behavior, and context. Without attributes, a webpage would still have structure, but it would feel limited and incomplete. What HTML attributes really do An HTML attribute gives extra information about an HTML element. It is written inside the opening tag and usually has a name and a value. In simple words, the tag creates the element, and the attribute explains something about that element. For example: Here, href tells the browser where the link should go. Why attributes matter Attributes may look small, but they make a big difference in how a webpage works. They can: Connect one page to another using links. Display images, videos, and other media. Improve accessibility for users and screen readers. Help CSS and JavaScript identify elements. Control forms, buttons, and user input. Without attributes, HTML would only show content. Attributes help that content become interactive and meaningful. Some attributes I use all the time href for links The href attribute is used with anchor tags. It tells the browser the destination of the link. src for images The src attribute gives the path to an image, video, or audio file. alt for accessibility The alt attribute describes an image. It is helpful when the image does not load and also important for screen readers. id and class for styling id gives a unique name to an element, while class is used when multiple elements share the same styling or behavior. placeholder and required in forms These attributes make forms easier for users to understand and complete. A few habits that helped me Use lowercase attribute names. It keeps the code cleaner and easier to read. Put attribu

2026-07-15 原文 →
AI 资讯

Line simplification algorithms

Cartography is all about taking the real world and turning it into a picture that people can understand. It’s the process of deciding: what places to show, what details to keep or remove, what colors and symbols to use, how to draw the round Earth on a flat screen or paper Cartography mixes geography (knowing where things are), design (making the map clear and beautiful), and math (flattening the Earth using projections). Every map you see—Google Maps, airport maps, weather maps, D3.js visualizations—is a result of cartography. Line simplification alogorithms are tools used in cartography to reduce the number of points in a geographic shape while keeping the shape recognizable. 🌍 Why do we need line simplification? Real geographic shapes—coastlines, borders, rivers, airport boundaries—are extremely detailed. If you zoom in enough, you can always find more bumps, curves, and tiny wiggles. This is what Lewis Fry Richardson discovered: The more precisely you measure a coastline, the longer it becomes.Because coastlines have infinite detail.But your computer screen does not have infinite detail. It has pixels. If you try to draw a super-detailed coastline - the file becomes huge > the map loads slowly > D3.js rendering becomes slow > zooming becomes laggy > the map looks messy when zoomed out. This is why we need line simplification algorithms. 🎯 What do line simplification algorithms do? They remove unnecessary points from a shape while keeping the overall form. Think of it like: drawing a coastline with fewer squiggles. smoothing a jagged boundary reducing a 10,000‑point shape to 1,000 points. making the map faster and cleaner. The goal is: Keep the important shape, remove the tiny details. 🧩 Why this matters for zoomable maps Zoomable maps (like D3 zoom or Leaflet zoom) need multiple resolutions: When zoomed out → simple shapes When zoomed in → detailed shapes If you use only high‑resolution data: the map becomes slow, too many points are drawn, the user sees clutter

2026-07-15 原文 →
AI 资讯

DeepSeek vs Qwen vs Kimi vs GLM: Which One Wins My Freelance Budget?

DeepSeek vs Qwen vs Kimi vs GLM: Which One Wins My Freelance Budget? Last Tuesday I spent two hours building a client dashboard that needed AI-powered text summarization. The client is a small e-commerce shop, they get maybe 500 product descriptions a week that need condensing into bullet points. Sounds simple, right? Except when I ran the numbers on my usual OpenAI setup, the bill was going to eat into my margin harder than I'd like. That's when I went down the rabbit hole of Chinese AI models. DeepSeek, Qwen, Kimi, GLM — I've been hearing about these for months from other devs in Discord, but I never actually committed to testing them because, honestly, who has the time? Well, apparently I do, because that Tuesday I decided to run all four head-to-head against my actual workload. Here's what happened. Why I Even Bothered (The Real Math) Before we get into the benchmarks and pricing tables, let me put this in perspective. My hourly rate as a freelance dev sits at $85. Every hour I spend wrestling with a subpar API that hallucinates or charges too much is an hour I'm not billing a client. The "free" model is never free — either it costs me time or it costs me money, and usually both. I was paying roughly $0.60 per 1M output tokens on GPT-4o for the summarization work. For 500 product descriptions, each averaging maybe 150 tokens output, that's about $0.045 per batch. Sounds tiny, right? But multiply that across multiple clients, and suddenly I'm watching $40-60 a month vanish into API costs that I can't really pass along without awkward pricing conversations. So I started shopping. And what I found genuinely surprised me. The Contenders at a Glance All four model families run through Global API's unified endpoint, which means I didn't have to maintain four different SDKs, four different auth setups, four different billing dashboards. Just swap the model name in the request and ship. For a one-person operation, that's huge. Here's the landscape I was working with: Di

2026-07-15 原文 →
AI 资讯

Where ACC Fits in the Agent Stack: Transport, Runtime Control, and Business Authority

Connecting an AI agent to a tool is becoming easier. Letting that agent operate a real business system responsibly is still a different problem. Imagine an existing commerce system with APIs for reading orders, changing inventory, creating refunds, and disabling staff accounts. OpenAPI can describe the endpoints. A tool protocol can make them discoverable. An agent framework can select an operation and generate arguments. But those pieces do not, by themselves, answer several business questions: Which operations may be exposed to an agent-facing surface? Which invocation must carry a trusted acting subject? Which operation is high consequence? When does an invocation express approval intent? Which calls need stronger audit handling? Which execution properties should a runtime know before it invokes the API? These questions sit between tool connectivity and final business authorization. That is the layer the Agent Capability Contract, or ACC, is designed to describe. Start with a concrete operation Consider this API operation: paths : /orders/{order_id}/refund : post : operationId : createRefund parameters : - in : path name : order_id required : true schema : type : string requestBody : required : true content : application/json : schema : type : object required : [ amount ] properties : amount : type : number minimum : 0 This is enough to describe how to call the operation. It is not enough to describe how an agent-facing system should treat it. ACC adds a small, machine-readable declaration next to the operation: x-agent-capability : version : 1 enabled : true scope : refund.create risk : level : high subject : required : true approval : required : true when : - param : amount op : " >" value : 1000 audit : sensitive : true execution : readonly : false idempotent : true timeout_ms : 10000 The declaration does not grant the refund. It tells a compatible runtime how the operation should be presented and governed before the business system receives the call. The miss

2026-07-15 原文 →
AI 资讯

The 8-item security checklist no one tells indie devs

I've reviewed the launch post-mortems of dozens of indie devs who got hacked after shipping their first SaaS. The common thread isn't bad code. It's a checklist no one handed them before they clicked publish. This is that checklist. Eight items. Each one has: a curl command you can run right now, why the bug matters in plain English, and a concrete fix in under ten lines of code. If you can check all eight green before you launch, you've eliminated the majority of the low-hanging-fruit attack surface on a typical Next.js + Supabase MVP. You're not done with security — but you've moved from "will definitely get popped on launch day" to "a real attacker will have to actually work for it." No sales call required. No consulting firm. Eight items in your terminal before launch. Item 1: Every API endpoint has an auth check How to check: # Test an endpoint without a cookie/token curl -s -o /dev/null -w "%{http_code}" https://your-app.com/api/your-endpoint # Should return 401. If it returns 200, the endpoint is public — intentional? Why it matters: API routes in Next.js are not automatically protected. If you forgot to add getServerSession (or your equivalent auth check) to a route handler, it's open to the internet. The route might not be linked in the UI, but it's reachable. Fix: // At the top of every API route handler const session = await getServerSession ( authOptions ) if ( ! session ) return new Response ( ' Unauthorized ' , { status : 401 }) Run this check for every file under src/app/api/ . Better yet: write a middleware that protects all /api/ routes by default and use an explicit { public: true } annotation for routes that should be unauthenticated. Item 2: Per-tenant data scoping (BOLA / IDOR) How to check: # Log in as user A, grab a resource ID from the response # Then change the cookie/token to user B's and request the same ID curl -s -H "Cookie: your-user-b-session" https://your-app.com/api/items/YOUR-USER-A-ITEM-ID # Should return 403 or 404. If it returns

2026-07-15 原文 →
开发者

You Don't Need Node.js to Learn Web Development

I see this every week. Someone decides to learn web development. They Google "how to start web development" and within 20 minutes they're installing Node.js, npm, VS Code, and five extensions they don't understand. They haven't written a single line of code yet. But they've already spent an hour configuring their "environment." Then they get stuck. Node version conflicts. npm permission errors. VS Code extensions that break their syntax highlighting. They think they're not smart enough for programming. They are. They just started with the wrong step. The Problem Learning web development has three core technologies: HTML, CSS, and JavaScript. That's it. Everything else — Node.js, npm, webpack, Vite, React — is extra. It's not the starting point. But most tutorials assume you already have Node.js installed. They say "open your terminal" and "run npm install." Beginners follow along, copy the commands, and have no idea what any of it means. Here's what actually happens: You install Node.js (200MB+) You install VS Code (another 300MB+) You install 5-10 extensions You create a project folder You open terminal and run npm init -y You run npm install live-server You run npx live-server You finally see your HTML page in a browser That's 8 steps before you write Hello World . The Solution You don't need any of that. Not yet. Here's what you actually need to learn HTML, CSS, and JavaScript: A browser (you already have one) A text editor (Notepad works) That's it Open Notepad. Write this: <!DOCTYPE html> <html> <head> <title> My First Page </title> </head> <body> <h1> Hello, World! </h1> <p> This is my first web page. </p> </body> </html> Save it as index.html. Double-click the file. It opens in your browser. You just built your first web page. No terminal. No npm. No Node.js. No configuration. When Should You Actually Learn Node.js? Node.js becomes useful when you need: Server-side code (backend development) Package management (npm packages) Build tools (webpack, Vite) Framew

2026-07-15 原文 →
AI 资讯

Microsoft said the patches would get bigger. I measured how much bigger.

On 9 July 2026 the head of Windows published a post about AI-powered vulnerability discovery. One line in it was a warning to customers: "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release." It does not say how much higher. The post runs about 1400 words and contains no numbers at all. Five days later Microsoft shipped the July package: 1150 CVEs. The number Microsoft would not put in the blog post is sitting in Microsoft's own API. The Security Update Guide publishes every monthly package as machine-readable CVRF, acknowledgments included, no key required. So I pulled twelve months of it and did the arithmetic. What the data says I sampled eight months before the ramp and four after it. Month CVEs Month CVEs 2024-07 454 2026-04 737 2025-01 343 2026-05 991 2025-04 374 2026-06 1281 2025-07 527 2026-07 1150 2025-10 427 2026-01 310 2026-02 169 2026-03 460 The eight pre-ramp months average 383 CVEs. July 2026 is 1150, so the package is 3,0 times the old normal. The baseline broke in April and peaked in June at 1281. April to July inclusive is 4159 CVEs. At the old rate that is 10,9 months of output, delivered in four. The number I am not going to use February 2026 had 169 CVEs. It is the lowest month in two years, less than half the baseline. Divide July by February and you get 6,8 times, which is a much better number for a headline. I am not using it, because choosing your denominator is how honest people produce dishonest numbers. February is an outlier, and the only reason to anchor to it is that it flatters the story. The real multiplier is 3,0. It does not need help. It is not noise The obvious objection is that volume without quality is just a bigger pile. If AI were generating low-value findings that got patched anyway, the severity distribution would sag. It did the opposite. Measure 2025-07 2026-07 CVEs 527 1150 CVSS median 6,5 7,5 CVSS mean 6,47 7,26 CVSS 7,0 and above 48,0 % 71,

2026-07-15 原文 →
AI 资讯

Build Firebase AI Logic Application with Antigravity CLI and Stitch MCP Server [GDE]

Build Firebase AI Logic with Antigravity CLI Note: Google Cloud credits are provided for this project. In this blog post, I demonstrate how to use the Antigravity CLI (an agentic AI assistant integrating directly with development workflows via skills and servers) to build an image analysis demo using Angular, the Firebase Hybrid & On-device Inference Web SDK, and Gemini models. Users upload an image and use a Gemini model to analyze it to generate a few alternative texts, tags, recommendations, and CSS tips to enhance the image quality. When the demo is running in Chrome 148+, the Hybrid & On-device SDK leverages the Prompt API of the on-device Gemini Nano model to perform the image-to-text tasks, and the token usage is 0. When other browsers, such as Safari or Firefox, execute the same tasks, the SDK falls back to Cloud AI (Gemini 3.5 Flash model), which consumes tokens. Next, I describe how to install the skills in my Angular project and register the Angular and Stitch MCP servers in the Antigravity CLI to develop the infrastructure, services, and UI design of my demo. 1. Workflow This is my entire workflow from implementing features, generating UI screens, and mapping the screens to Angular components. 2. Skills I installed the grill-with-docs , angular , and firebase skills in my project for the following reasons: grill-with-docs: Conduct a rigid Q&A session to generate a specification for a feature, refactor, or critical fix. AI is responsible for performing thorough analysis, and putting in more efforts to generate code to achieve the task. domain-modeling: The skill is referenced in the SKILL.md of the grill-with-docs skill, so a copy of it is required. code-review: Spawn two sub-agents to review changes to detect code smells and verify that the changes align with the specification. angular: Provide the best practices of modern Angular architecture, such as using signals and signal forms. firebase: Provide the skills for Firebase AI Logic, Firebase Remote, et

2026-07-15 原文 →