今日已更新 420 条资讯 | 累计 20392 条内容
关于我们

标签:#rce

找到 1451 篇相关文章

AI 资讯

How to Know What Breaks Before You Upgrade WordPress to PHP 8.4

Every WordPress developer knows the feeling. A host emails: "PHP 7.4 reaches end of life — we're moving you to 8.x." Or you finally want the performance and security of PHP 8.4. You stage it, click upgrade, and… white screen. Somewhere in the 40 plugins and 3 themes on the site, something called a function PHP removed years ago — and now the whole site is down. The frustrating part: the broken code is almost never yours. It's buried in third-party plugins and themes you didn't write and can't easily read. So how do you find out what breaks before you upgrade, instead of after? This post walks through exactly that, using an open-source tool called Pressready . Why "just test it on staging" isn't enough Staging tells you that something broke, rarely what or where — and only for the code paths you happen to exercise. A fatal in an admin screen or a checkout edge case you didn't click won't surface until a real user hits it. You need something that reads all the code statically and reports every risky symbol, whether or not that path runs during your manual test. That's a job for static analysis across the whole stack. Two kinds of "breakage": PHP and WordPress Upgrades break sites along two axes, and a good audit covers both: The PHP axis — language features that get removed (e.g. create_function() is gone in PHP 8.0, each() in 8.0) or change behaviour between versions. The WordPress axis — core APIs that WordPress deprecates or removes from one release to the next. Pressready checks both in a single pass: it runs PHPCompatibility for the PHP axis and a custom PHP_CodeSniffer sniff — driven by a generated dataset of WordPress core deprecations — for the WordPress axis. Install it (pick whatever fits your setup) No Composer in the project? Use the standalone PHAR or Docker: # Standalone PHAR — single self-contained file, just needs PHP curl -L https://github.com/itzmekhokan/pressready/releases/latest/download/pressready.phar -o pressready.phar chmod +x pressready.phar #

2026-06-30 原文 →
AI 资讯

Stop Writing the Same Laravel Boilerplate: Generate a Complete Module with One Artisan Command

Stop Writing the Same Laravel Boilerplate: Generate a Complete Module with One Artisan Command Every Laravel developer has experienced this. You start implementing a new feature and immediately create the same files you've created dozens of times before: Model Migration Repository Service Form Request API Resource Policy Filter Status Enum Feature Tests Unit Tests Swagger/OpenAPI annotations The process is repetitive, time-consuming, and easy to get wrong. The Problem While Laravel provides excellent generators, building a production-ready API module still requires running many Artisan commands and wiring everything together manually. For large projects following Repository and Service Layer architectures, this becomes even more repetitive. The Solution I built Laravel Base , an open-source package that generates an entire production-ready module from a single command. php artisan make:module Product The generated module includes: ✅ Model ✅ Migration ✅ Repository Pattern ✅ Service Layer ✅ Form Requests ✅ API Resources ✅ Filters & Pagination ✅ Policies ✅ Status Enums ✅ Swagger/OpenAPI annotations ✅ Feature Tests ✅ Unit Tests Modern Development Experience The package is actively maintained and includes: Laravel 10–13 support PHP 8.1–8.4 compatibility GitHub Actions CI PHPStan static analysis Laravel Pint code style Automated releases Repository automation Why I Built It After working on multiple Laravel projects, I noticed I was spending too much time generating the same project structure instead of focusing on business logic. I wanted a tool that lets developers start implementing features immediately rather than setting up folders and classes. Feedback Welcome Laravel Base is open source, and I'd love to hear your thoughts. GitHub Repository: https://github.com/MuhammedMSalama/LaravelBase Packagist: https://packagist.org/packages/muhammedsalama/laravel-base The package was recently featured by Laravel News, and I'm continuing to improve it based on community feedbac

2026-06-30 原文 →
AI 资讯

Why I built a CLI to automate web research instead of relying on browser tabs

A few months ago I noticed something annoying about how I worked: I was spending more time collecting information than actually thinking about it. The pattern was always the same. Open a search engine, open a dozen tabs, skim past the SEO filler and cookie banners, copy the paragraphs that actually mattered into a doc, paste the whole mess into an LLM and ask it to make sense of things. Then, a week later, do it again because whatever I was tracking had changed. At some point I stopped asking "how do I do this faster" and started asking why I was doing it by hand at all. Why the obvious answers didn't work ChatGPT and Perplexity are fine for a single question. They're worse at the part I actually needed help with, which was repetition: running the same research loop on a schedule, keeping a record of what changed, and getting a notification when it did. Neither tool is built to sit in the background and check on a topic for you. Plain scraping scripts have the opposite problem. They get you raw HTML, not understanding. You still have to strip out nav bars and footers by hand, and the moment you point one at a list-style page like Hacker News instead of a blog post, it falls apart. And bookmarking is just deferring the problem. A folder of forty saved links isn't research, it's homework you haven't done yet. I wanted something in between: automated enough to skip the tab-hoarding, but still producing something I could read and trust, not just a black-box answer. So I built Focal Harvest It's a modular CLI that runs the whole research loop, search, scrape, clean, synthesize, report, on its own, and stays lightweight enough to run on a laptop with no GPU and no database. A single run looks like this: you give it a topic and a focus area (what you specifically want answered), it searches the web, pulls and cleans the pages, synthesizes a report, and writes it to disk. There's also a loop mode, so the same query can re-run every few hours and ping you on Discord or Teleg

2026-06-30 原文 →
AI 资讯

COSS Weekly: Timefold raises $13M, Continue.dev acquired by Cursor, Modular acquired by Qualcomm, and more

This week in COSS: The acquisition trend continued as Qualcomm agreed to acquire Modular for nearly $4 billion, Cursor quietly acquired open-source coding assistant Continue, and Elastic acquired AI SRE startup Deductive AI for up to $85 million. In funding news, DeepSeek closed over $7 billion in funding, Timefold raised a $13M Series A for its scheduling optimization platform, and Moonshot AI has reportedly sought a $30 billion valuation in new funding talks. In other announcements, Sentient Foundation committed $42 million to advance open-source AGI, Daytona announced it is going closed source, Vercel launched eve (an open-source agentic framework), Zilliz launched Vector Lakebase, Upbound open-sourced Modelplane (a control plane for AI inference), Bluesky COO Rose Wang discussed AI and the company's open-source approach, and ClickHouse announced Silk, a new fiber runtime. We also feature the following companies in Cossmology: ArcadeDB, Proton, HitKeep, Passbolt, Nirmata, Paper Compute Co., Plastic Labs, DuckLabs, Blacksky Algorithms, and Earendil Works. COSS Headlines Cursor quietly acquires Continue, an open-source alternative to GitHub Copilot Companies mentioned: Continue Announcement · The New Stack Introducing Modelplane: the control plane for AI inference Companies mentioned: Upbound Announcement · Modelplane Blog 'AI is taking away what makes us human' says social media boss Companies mentioned: Bluesky Media Mention · Metro DeepSeek closes $7bn-plus round with an unusual structure Companies mentioned: DeepSeek Funding · The Next Web Elastic reportedly acquires site reliability engineering startup Deductive AI Companies mentioned: Elastic Announcement · SiliconANGLE Vercel launches eve, an open-source framework that treats agents as directories Companies mentioned: Vercel Announcement · The New Stack Zilliz Launches Vector Lakebase, Extending the World's Most Adopted Vector Database into a Unified Data Platform for AI Companies mentioned: Zilliz Announcem

2026-06-30 原文 →
AI 资讯

🚦 Meet Kueue: Smart Job Queueing for Kubernetes 🧠⚙️

Hey everyone 👋 If you run batch jobs, data pipelines, or any kind of AI and ML training on Kubernetes, you have probably hit this wall. Kubernetes is fantastic at deciding WHERE a pod should run, but it is surprisingly clueless about WHEN a job should start. 😅 You submit ten jobs, the cluster fills up, and the rest just sit there as Pending. No real queue, no priority, no fairness between teams. One noisy team can eat all your expensive nodes while everyone else waits. 🥲 That is exactly the gap Kueue fills, and today I want to walk you through it with a pile of hands on examples you can run on any cluster, even your homelab. 🏡 👉 Key takeaway up front: Kueue is a job level manager that holds your jobs in a real queue and only admits them when there is enough quota to actually run them. 🧪 Everything in this guide was tested against Kueue v0.18.1 using the v1beta2 API. I pinned every command and manifest to that version so you do not get surprised by API drift. 📋 What we will cover ✅ Why Kubernetes needs a queue ✅ The building blocks in plain language ✅ Installing Kueue ✅ Setting up quota with a ResourceFlavor, a ClusterQueue, and a LocalQueue ✅ Submitting a Job and watching it get queued and admitted ✅ Priority based admission ✅ Partial admission and elastic jobs ✅ Multiple resource flavors for x86 and arm ✅ Fair sharing between teams with cohorts ✅ Dedicated quota with a shared fallback ✅ Queueing a plain Pod ✅ Why this matters a lot for GPUs and your cloud bill 🤔 Why Kubernetes needs a queue Native Kubernetes scheduling is pod centric. The scheduler looks at one pod at a time and tries to place it. That works great for long running services. Batch workloads are different. They have a beginning and an end, they often need a fixed chunk of capacity, and they compete with other teams for the same nodes. Without a queueing layer you get: ✅ Jobs that fail or stay Pending when resources are tight ✅ No quota governance, so one team can starve the others ✅ No admission prio

2026-06-30 原文 →
AI 资讯

Building desktop WebView apps in Go without CGo

I have been working on Glaze , a small desktop WebView toolkit for Go. The short version: Glaze lets a Go program open a native desktop window backed by the WebView already available on the operating system, without using CGo. It currently targets: macOS, through WKWebView Linux, through WebKitGTK Windows, through WebView2 The project is still young, but the core idea is already useful: keep small Go desktop tools close to the normal Go workflow. No C compiler in the build path. No bundled native helper library. No large application framework around it. Just Go code calling the system WebView. Why I wanted this I write a lot of small tools in Go. Some of them are fine as CLI programs. Others need a basic interface: a form, a preview, a local dashboard, a small editor, or a way to inspect and manipulate data visually. For those cases, HTML is often enough. The browser gives me layout, text rendering, forms, tables, keyboard handling, and a familiar debugging model. But I do not always want to ship a web server as the user interface. I also do not always want to pull in a large desktop framework when all I need is a native window around a local UI. A WebView is a reasonable middle ground. The problem is that many WebView solutions eventually bring CGo, native build tooling, helper libraries, or larger framework assumptions into the project. That is not necessarily wrong. For many applications, those trade-offs are acceptable. For this project, I wanted something narrower. The design constraint The main constraint behind Glaze is simple: Use the WebView already provided by the OS, but call it from Go without CGo. Glaze uses purego to call native platform APIs directly from Go. That means each backend talks to the platform WebView: WKWebView on macOS WebKitGTK on Linux WebView2 on Windows The result is not a full GUI toolkit. That is intentional. Glaze is focused on the window, the WebView, JavaScript-to-Go bindings, and a few desktop helpers that are useful for small t

2026-06-30 原文 →
AI 资讯

Stop Slouching! Build an AI-Powered Posture Monitor with MediaPipe and Electron

Let’s be honest: as developers, our relationship with our office chairs is... complicated. We start the day sitting upright like productivity gurus, but four hours into a debugging session, we’ve morphed into a human pretzel. This "gamer lean" isn't just a meme; it leads to chronic back pain and decreased focus. In this tutorial, we are going to build a real-time posture tracking system using MediaPipe Pose and Computer Vision to save your spine. By leveraging AI productivity tools and the power of cross-platform Electron desktop apps , we will create a silent guardian that watches your form and pings you the moment you start slouching. If you've been looking for a practical way to dive into MediaPipe and Node.js integration, you're in the right place. For those looking for more production-ready patterns and advanced AI implementations, I highly recommend checking out the deep dives at WellAlly Blog . 🏗 The Architecture The system works by capturing frames from your webcam, processing them through a pre-trained neural network to identify body landmarks, and then applying some basic trigonometry to determine if your posture is healthy. graph TD A[Webcam Stream] --> B[MediaPipe Pose Engine] B --> C[Extract 33 Keypoints] C --> D{Geometry Engine} D -->|Angle > Threshold| E[Slouch Detected] D -->|Angle < Threshold| F[Good Posture] E --> G[Electron Main Process] G --> H[System Notification 🔔] F --> I[Wait 5s] I --> A 🛠 Prerequisites To follow along, you'll need: Node.js (v16+) MediaPipe (The pose solution) OpenCV.js (For frame manipulation) Electron (For the desktop shell) 🚀 Step 1: Setting Up the Pose Engine MediaPipe provides a "Pose" model that gives us 33 landmarks in 3D space. For posture correction, we specifically care about the Ears (7, 8) , Shoulders (11, 12) , and Hips (23, 24) . The Math: Calculating the "Slouch" We measure the angle between the Ear, the Shoulder, and a vertical axis. If your ear moves too far forward relative to your shoulder, that's "Forward

2026-06-30 原文 →
AI 资讯

The GitHub Actions workflow that's been failing for weeks (and how to find yours)

trpc has a scheduled workflow called "Lock Issues & PRs." Its own scorecard shows it failing on almost every run. It is still scheduled, still running, still red. trpc ships excellent software, which is exactly the point: if a project this careful has a workflow that has been red for ages, the rest of us almost certainly do too. It is not a one-off. drizzle-orm has one ("Unpublish release"). cal.com has one ("PR Update"). I scanned 35 popular open-source repos and the same thing kept turning up: a scheduled workflow that fails on nearly every run, quietly, for a long time. Why nobody notices GitHub does email you when a scheduled workflow fails. So how do these survive? Two reasons. First, those emails are routine. You get them for flaky reruns and transient blips too, so you filter them out. Second, a workflow that is always red stops reading as a signal. It is just how that row looks now. I did exactly this on my own project. GitHub emailed me that a workflow had failed. The next day it emailed again. I saw it, told myself I would fix it tomorrow, and promptly forgot. It was my nightly database backup, quietly broken the whole time, and I only caught it when a failure-rate number crept up where I would notice. An always-red workflow is not free It burns minutes every run to produce nothing but a red X. Worse, it trains you to ignore the failure that actually matters: the day a real one lands in the same inbox you have learned to skim past. How to find yours Open your Actions tab and look at the scheduled workflows, the cron-triggered ones nobody watches. If the last several runs are all red, you found one. From the CLI: gh run list --workflow = "Lock Issues & PRs" --status = failure What to do about it Two honest options: fix it, or if the workflow is genuinely abandoned, turn it off. Do not leave it scheduled and red. gh workflow disable "Lock Issues & PRs" Or drop the schedule trigger from the workflow file if it should not run on a timer at all. A disabled work

2026-06-30 原文 →
AI 资讯

Why your GitHub Actions CI is slow (and how to speed it up)

Two days ago GitHub emailed me to say one of my workflows had failed. The next day it emailed me again. I saw it, told myself I would fix it tomorrow, and promptly forgot. It was my nightly database backup, quietly broken the whole time, and I only caught it because a failure-rate number nudged up. A failed run at least gets you an email. A slow run gets you nothing. GitHub never pings you when CI quietly takes twice as long, runs the whole suite twice per PR, or rebuilds dependencies from scratch every time. That waste compounds where no one looks. Here are the usual culprits, each with the exact fix. When I scanned 35 popular open-source repos, not one had a fully clean config. 32 of 35 had no concurrency control, 33 of 35 had no job timeouts, and 22 of 35 ran the full suite twice on every PR. If projects this polished leave minutes on the table, the rest of us definitely do. Your suite runs twice on every PR Trigger a workflow on both push and pull_request and, for a branch in the same repo, opening a PR fires both. You just paid for two identical runs. This one is pure waste and it can roughly halve your PR-related minutes. Trigger on pull_request , and keep push for your default branch: on : push : branches : [ main ] pull_request : Old runs don't cancel when you push again Push a fix 30 seconds after the first push and, with no concurrency group, both runs go to completion. The first is dead weight, and it is holding a slot in your queue while it finishes. This hides even when you do have a group: astro has a concurrency group on one workflow but left off cancel-in-progress , which our scan estimates leaves roughly 1,850 minutes a month on the table. Add a group keyed on the branch, with cancel-in-progress , so a new push supersedes the old run: concurrency : group : ${{ github.workflow }}-${{ github.ref }} cancel-in-progress : true Every run reinstalls dependencies from scratch No cache means every run re-downloads and rebuilds your dependencies. On a typical

2026-06-30 原文 →
AI 资讯

Building Quudos: a casting platform on Amazon Aurora + Vercel

I created this post for the purposes of entering the H0: Hack the Zero Stack with Vercel v0 and AWS Databases hackathon. #H0Hackathon Inspiration — this one's personal This started with my daughter. She's 13 and an aspiring actor — she's already worked on campaigns and shows from national commercials to a children's TV show, and walked NYC and Brooklyn fashion shows. Every time we went to an audition or recorded a self-tape, I saw how disconnected the whole process was: submissions over email, schedules buried in texts, files scattered across folders, and no clear view of where anything actually stood. I started talking to talent agencies in New York and LA, and they all said the same thing — they're still managing their talent by hand, and it doesn't scale. That's why I built Quudos. The problem Talent agencies run casting on a patchwork of spreadsheets, email threads, shared folders, and disconnected casting databases. Submissions get lost, callbacks slip, and there's no single place to see a campaign move from breakdown to booking. Quudos is the all-in-one operating system for talent agencies — manage your roster, launch casting campaigns, and track every submission through callback and booking. For this hackathon I put it on the zero stack : a front end on Vercel and Amazon Aurora PostgreSQL as the primary database. The architecture Frontend: an Angular single-page app on Vercel , with a v0-built marketing landing page in front of it. API: a NestJS (Node) service using node-postgres with pooling, transactions, and advisory locks. Primary database: Amazon Aurora PostgreSQL (Serverless v2) in us-east-1 — the system of record for every agency, talent profile, campaign, role, submission, and lifecycle event. Auth: a managed auth provider issues JWTs that the API verifies; all application data lives in Aurora. Why Aurora — and a deliberate data model Casting is inherently relational, so I modeled it that way: organizations (agencies) → users (admins + talent) → actor

2026-06-30 原文 →
开源项目

Highlights from Git 2.55

The open source Git project just released Git 2.55. Here is GitHub’s look at some of the most interesting features and changes introduced since last time. The post Highlights from Git 2.55 appeared first on The GitHub Blog .

2026-06-30 原文 →
AI 资讯

Galfus Script MVP is complete

Galfus Script has reached its first MVP milestone. Galfus is an experimental programming language written in Rust, designed around a typed VM-first execution model, compact .gfb artifacts, deterministic module/workspace resolution, and an ownership model based on anchors, edges, and weak observers. The MVP goal was not to build a full ecosystem yet. The goal was to prove the complete local execution pipeline: txt .gfs source -> lexer and parser -> resolver -> type checker and semantic analyzer -> ownership check -> MIR lowering -> bytecode emitter -> Galfus Module Image -> .gfb serialization -> VM interpreter execution https://github.com/vulppi-dev/galfus-script/discussions/10

2026-06-29 原文 →
AI 资讯

Building a Legal AI Platform on Aurora DSQL and Vercel

I built this project as an entry for the H0: Hack the Zero Stack with Vercel v0 and AWS Databases Hackathon. #H0Hackathon Inspiration Justice moves slowly. I learned that firsthand as my family navigated a legal dispute. What struck me wasn't just the stress — it was that things were quite disorganised. Documents were paper-based or buried somewhere in emails. Updates came through WhatsApp messages. Simple documents took a really long time to draft and send. The system was fragmented and difficult to navigate. Companies like Harvey tackle document drafting well, but legal research tools and LLM wrappers can hallucinate case law, citing judgments that don't exist. I knew that if I was going to build something for this space, it had to be grounded in real, verifiable law. That led me to Laws Africa, which provides structured access to actual South African legislation and court judgments. I also noticed a problem that lawyers experience daily: the mechanical work. Logging into court portals to file a case. Hunting through OneDrive, Google Drive, and Dropbox for the right version of a document. Sifting through hundreds of emails to find something relevant to a matter. Onboarding a new client when the intake form is a PDF someone emails you. These are not AI problems. They are automation problems — and lawyers or their secretaries are doing them manually every single day. That became Agently. What Agently Does Agently is a legal workspace that handles the full lifecycle of a matter, from the moment a client submits an intake form to the day the case closes. Matter Management. Every client engagement lives in a structured matter. Documents, emails, notes, contacts, workflows, and AI conversations are all scoped to it. A lawyer can open a matter and immediately see everything relevant. AI Agent with Real Legal Research. The AI connects to Laws Africa's knowledge bases — South African legislation, court judgments, and municipal law — so research is grounded in actual legal

2026-06-29 原文 →