今日已更新 76 条资讯 | 累计 21295 条内容
关于我们

标签:#rce

找到 1518 篇相关文章

AI 资讯

How I built a lightning-fast Game Sens Converter in Vanilla JS

As a developer who frequently switches between competitive FPS titles like CS2 and Valorant, re-tuning mouse sensitivity is always a hassle. I wanted a fast, ad-free tool to translate my aim perfectly across titles, so I built a clean Game Sens Converter . The Approach I built this using 100% Vanilla JS. It’s a simple utility, so there was absolutely no need for a backend or heavy frameworks. It loads instantly and calculates right in the browser. Here is a quick look at the core logic handling the sensitivity conversion multipliers: function convertSensitivity ( gameFrom , gameTo , currentSens ) { // Standardized multipliers relative to CS2 / Source engine const multipliers = { ' cs2 ' : 1 , ' valorant ' : 3.181818 , ' overwatch ' : 0.3 , ' apex ' : 1 }; if ( ! multipliers [ gameFrom ] || ! multipliers [ gameTo ]) return null ; // Convert to base (CS2), then to the target game const baseSens = currentSens * multipliers [ gameFrom ]; const convertedSens = baseSens / multipliers [ gameTo ]; return convertedSens . toFixed ( 3 ); } Try it out You can use the live tool for free here: Game Sens Converter Let me know what your main game is or if you'd add any other FPS titles to the list in the comments!

2026-06-04 原文 →
AI 资讯

A Practical Guide to the ROS Navigation Stack: Core Components & Tuning

With rapid advances in robotics, autonomous navigation has become essential for mobile robots. The ROS Navigation Stack is the de facto open-source framework for building reliable, real-world navigation systems. It integrates perception, mapping, localization, path planning, and motion control into a unified pipeline. This article breaks down the core components, working principles, configuration best practices, and common pitfalls of the ROS Navigation Stack to help engineers build stable autonomous robots. Overview The ROS Navigation Stack is a collection of coordinated packages that enable a robot to: Localize itself on a map Plan global paths to a goal Avoid dynamic obstacles locally Control motion safely It relies on sensor inputs (LiDAR, depth cameras, wheel odometry, IMU) and outputs velocity commands to the robot base. Core Components move_base The central coordinator of the entire navigation system. Manages the navigation state machine Runs global and local planners Triggers recovery behaviors when the robot is stuck Exposes an Action interface for goal commands Key states: PLANNING, CONTROLLING, CLEARING, RECOVERY. AMCL (Adaptive Monte Carlo Localization) AMCL uses particle filter localization to estimate the robot’s pose on a pre-built map. Particle filter steps: Initialize particles over a pose distribution Predict motion using odometry Weight particles by sensor likelihood (LiDAR scan matching) Resample to keep high-confidence particles Output the weighted average pose AMCL is highly tunable: min_particles / max_particles laser_model_type odom_model_type update_min_d / update_min_a costmap_2d Costmaps represent the environment as a grid of “cost” values, indicating collision risk. Two costmaps: Global costmap: large-scale, slow-update, for path planning Local costmap: small-scale, fast-update, for obstacle avoidance Cost values: 0: free space 253: lethal obstacle 254: inscribed obstacle 255: circumscribed or unknown Inflation expands obstacles by the ro

2026-06-04 原文 →
AI 资讯

Building a SaaS engine in public: shipping the billing seam, not billing

I tagged v0.9.0 of LaraFoundry this week: billing. Except the honest headline is that I shipped the billing seam , not billing. The free core now has the whole shape of a subscription system, a payment-gateway contract, a driver manager, a real access gate over subscription columns, and it cannot take a single cent. That is on purpose, and the reason is the most interesting part of the phase. LaraFoundry is a SaaS core I'm extracting in public from a live CRM, one module at a time. The deal I made with myself early on: the core is free and stays free for everything except money. Auth, multi-tenancy, RBAC, the admin console, the activity log, i18n, files: all free. The day a business wants to charge its customers , that is the paid part. So billing could not just be "another module." It had to split cleanly down a line, with the free side carrying real, useful structure and the paid side carrying the parts that actually move money. The donor habit I would not carry Here is what the original CRM did when a company "paid" for its subscription: // TODO: real payment gateway integration // TEMPORARY: every payment is successful, for testing $paymentStatus = 'success' ; That success was hardcoded. There was no Stripe, no Paddle, no gateway at all. "Paying" wrote a row into a company_payments table and flipped the subscription date forward. For a CRM I run myself, with one real user, that was fine: I never needed the real thing, so the placeholder sat there indefinitely. The moment this becomes a reusable core, that placeholder is poison. A success that is always true is worse than no gateway, because it looks like billing works. So the rule for this phase was simple: the fake gateway does not get extracted. Whatever stands in its place has to be honest about the fact that it takes no money. What the seam actually is The free core ships a PaymentGatewayInterface : subscribe, cancel, refund, status, and verify a webhook. It describes only the mechanics of moving money. It d

2026-06-04 原文 →
AI 资讯

Improving My OWASP Authentication Failures Write‑Up Using GitHub Copilot

As part of the GitHub Copilot Challenge, I revisited one of my older cybersecurity notes on Authentication Failures and transformed it into a clear, structured, and SOC‑focused write‑up. This challenge helped me improve my technical writing, organise my thoughts, and explain concepts in a more human, readable way. * BEFORE GITHUB SCREENSHOTS: * AFTER GITHUB SCREENSHOTS: What I Improved I rewrote my entire explanation of authentication failures, focusing on: Token leakage Weak or missing MFA Poor session management Brute force & credential stuffing Misconfigured OAuth / SSO I also added SOC detection examples to make the content more practical and relevant for blue‑team work. How GitHub Copilot Helped GitHub Copilot supported me by: Suggesting clearer explanations Expanding short bullet points into meaningful content Helping me structure the write‑up Improving readability and flow Encouraging a more human, natural tone GitHub Repository Here is the updated write‑up in my repo: https://github.com/sujalavnelavai/Cybersecurity-Notes/blob/main/OWASP-Authentication-Failures/README.md Final Thoughts This challenge helped me understand authentication failures more deeply from a SOC and IAM perspective. It also improved my documentation skills — something extremely important for cybersecurity roles. I’m proud of the transformation and excited to continue building my cybersecurity learning notes.

2026-06-04 原文 →
AI 资讯

Navigating the Reorganized CrabPascal Docs | Navegando a documentação Mintlify

Bilingual post · Post bilíngue Jump to: English · Português English {#english} Navigating the Reorganized CrabPascal Docs Phase 1 of this blog series covered fundamentals — CLI, lexer, sprints, and how to contribute. If you read Contributing to CrabPascal: Get Involved , you already know where the repo lives and how to open a PR. Phase 2 is different: we walk the Mintlify documentation site the way a new teammate would, mapping each article to the pages you actually need in daily work. The live docs live at crabpascal.mintlify.app . The source is under mintlify/ in the Bitbucket repo. Think of Mintlify as the canonical handbook; Dev.to posts are the guided tour. Why the docs were reorganized CrabPascal grew from a v1.5 experimental interpreter (October 2025) to v2.22.0 with sprint-driven releases, Horse E2E tests, and honest build-exe . Old folders like documentation/00-INICIO/ still exist in git history, but Mintlify groups content by job to be done : You want to… Start here Install and run Quickstart See current capabilities Project status Understand architecture Architecture Follow releases Changelog Historical reports from v1.5–v2.8 remain under Histórico with archive banners — useful for context, not for "what works today." The home page is your compass Open the Mintlify index . It shows v2.22.0 at a glance: real diagnostic spans, System.* RTL, Unicode strings, dual-mode run/build, and Horse HTTP parity. Four cards link to quickstart, changelog, sprint roadmap, and technical-debt backlog. Essential CLI commands are listed once: crab-pascal check programa.dpr # diagnostics with line/column crab-pascal run programa.dpr # interpreter / runtime crab-pascal build-exe programa.dpr # native binary via C toolchain Bookmark this page. When someone asks "is feature X done?", check status + changelog before diving into Rust sources. The documentation map: question-driven navigation The page essentials/documentation-map is the "I want X, go to Y" cheat sheet. It answers sc

2026-06-04 原文 →
AI 资讯

GSoC Community Bonding Period: Getting Ready to Code

Hey everyone! Welcome back to my Google Summer of Code (GSoC) journey. In my last post, I shared the story of how I got into open source and was selected for GSoC with NumFOCUS to work on the Neural Network Builder API Refactor project for sbi (Simulation-Based Inference). Since the official announcement, the past three weeks have been dedicated to the Community Bonding Period . It is designed to help contributors get to know their mentors, understand the community culture, and familiarize themselves with the codebase and tools. Here is exactly what I did during these past three weeks to get ready for the main coding phase! The Kickoff Meeting We started the bonding period with a great kickoff call on Google Meet. It was a joint meeting that included the mentors for both of the selected sbi projects, the selected GSoC candidates. We were also joined by the mentee who successfully completed the GSoC project for sbi last year! Everyone introduced themselves, and it was incredibly inspiring to meet the team face-to-face (virtually!) and hear about everyone's backgrounds. Having a former GSoC student there was a huge bonus, as they shared some great insights into what to expect in the coming months. Setting Up the Machine A big part of getting started is making sure the development environment is properly configured. During our meetings, we discussed the machine setup in detail to ensure both candidates had everything required to run and test the sbi codebase locally without any hiccups. Embracing AI Coding Assistants One of the most interesting discussions we had was about using AI coding assistants. In the modern development world, tools like these are becoming standard, and our mentors actually encouraged us to use them! However, they emphasized using them carefully and strictly following project guidelines. To help us get the most out of these tools without compromising code quality, the mentors shared some excellent Claude code tutorials and provided us with resour

2026-06-04 原文 →
AI 资讯

PewDiePie built an open-source AI workspace, and the point is bigger than the hype

PewDiePie launching an open-source AI project sounds like one of those internet headlines you have to read twice. But it is real. Felix Kjellberg, better known as PewDiePie, has released a project called Odysseus through the GitHub account pewdiepie-archdaemon. The repo describes it as a self-hosted AI workspace, and the pitch is simple: give people something that feels closer to ChatGPT or Claude, but runs under their control. That is the part that makes this more interesting than a celebrity side project. Odysseus is not just another chatbot wrapper. It is a statement about where personal AI could go if users start caring less about convenience and more about ownership. What is Odysseus? Odysseus is a free, open-source, self-hosted AI workspace. The project says it is meant to recreate the web UI experience people get from ChatGPT and Claude, but with a local-first and privacy-first approach. In the README, the project describes itself as running on your own hardware, with your own data, and “no trojan.” The landing page calls it “A Self-Hosted AI Workspace.” The GitHub repo is licensed under MIT, which means people can inspect it, run it, modify it, and build on top of it. As of June 4, 2026, the repo had more than 44,000 GitHub stars. That is a massive amount of attention for a project that was created on May 31, 2026. Some of that is obviously PewDiePie's name. But the reaction also says something about the moment we are in: people want AI tools, but they are increasingly uncomfortable with how much those tools depend on cloud platforms and private company servers. Why did PewDiePie build it? The short version: control. In his launch video, titled “MY trillion $Dollar Project is finally OUT!”, PewDiePie presents Odysseus as an alternative to the big AI platforms people already use. Coverage from Gizmodo quotes him promising “no tracking, no subscriptions, no funny business. It's yours and yours forever.” The Business Standard also framed the launch around a pus

2026-06-04 原文 →
AI 资讯

Lessons from open-sourcing a CLI agent messaging layer (320 stars in a week)

About a week ago I open-sourced agmsg , a ~500-line bash + SQLite tool that lets CLI AI agents message each other directly. I built it for a dumb reason: I was tired of being the human copy-paste relay between Claude Code and Codex — selecting code in one terminal, pasting it into the other, carrying replies back, all day. I expected a few stars from friends and nothing else. Instead it went 5 → 320 in a week, picked up forks, derivative projects, and pull requests from people I've never met. That gap between what I expected and what happened is the interesting part, so here's the honest retrospective: the numbers, what worked, what flopped, and what genuinely surprised me. The numbers In about a week, with no budget and no audience to speak of: GitHub stars: 5 → 320 Forks: 0 → 15 3 derivative projects — someone ported the idea to shogi (agmsg-shogi), someone wrapped it as an MCP server (agmsg-mcp), someone rewrote it in Go (agmsg-go) Pull requests from outside contributors — support for Gemini CLI, Antigravity, and now GitHub Copilot CLI, plus a fix for role-isolation race conditions None of this came from one big spike. It came from a sequence of posts across channels, some of which worked and some of which completely didn't. What worked Leading with a video, not an explanation. The first post that got traction wasn't a description of the architecture — it was a 23-second clip of two Claude Code instances autonomously playing tic-tac-toe over agmsg, with no human input. People stop scrolling for a moving picture of agents doing something on their own. The text underneath could be short; the video did the work. A relatable problem, stated plainly. "I became a copy-paste relay between two AIs" landed because a lot of people are quietly doing exactly that right now. I didn't open with the technical design. I opened with the annoyance. The design was the payoff, not the hook. Using a long-form post as the landing pad. Timeline posts are good at reach and bad at depth.

2026-06-04 原文 →
开源项目

🔥 anurag3407 / career-pilot - An open-source, AI-powered career platform for resume optimi

GitHub热门项目 | An open-source, AI-powered career platform for resume optimization, mock interviews, and job tracking, Architecture Analysis and Portfolio Builder . 🌟 Star the repo to support us! 🤝 Ready to contribute? Read CONTRIBUTION.md to get started. I am unable to see all the mention so if want to merge pr and issue assignment contact me on linkedin. | Stars: 101 | 21 stars this week | 语言: JavaScript

2026-06-04 原文 →