今日已更新 213 条资讯 | 累计 20683 条内容
关于我们

标签:#webdev

找到 1541 篇相关文章

AI 资讯

My API Responded in 4 ms, but Navigation Still Felt Slow

I was debugging an internal project management application built with SvelteKit and a Rust API. Locally, navigation felt almost instant. On the VPS, opening the Tickets, Timeline, and OpenSpec docs pages felt noticeably slower. Clicking a ticket also took too long before the preview panel became useful. My first assumption was infrastructure: Maybe the VPS was underpowered. Maybe PostgreSQL queries were slow. Maybe the reverse proxy added latency. Maybe SvelteKit SSR was taking too long. The measurements pointed somewhere else. The Baseline I started with the feature list endpoint used by both Tickets and Timeline. For a project with 52 tickets: Metric Result API response time ~4 ms Response size 353,956 bytes Number of tickets 52 The API was not slow. But it was returning around 354 KB for a list of only 52 items. The SvelteKit route payload showed the same pattern: Route Data payload Tickets 349,857 bytes Timeline 354,731 bytes This explained why local testing was misleading. On localhost, transferring and parsing a few hundred kilobytes is easy to miss. Once the app runs behind a VPS, reverse proxy, TLS, and a real network connection, the payload becomes much more visible. What Was Inside the Payload? I broke down the feature response by field. The descriptions alone accounted for: 296,177 bytes That was more than 80% of the complete response. The list endpoint was returning something similar to this for every ticket: interface FeatureListItem { id : string ; title : string ; status : string ; priority : string ; storyPoints : number | null ; dueDate : string | null ; description : string | null ; checkoutCommand : string | null ; openSpecCommand : string | null ; } The problem was not that these fields were useless. They were useful on the ticket detail panel. They were not useful when rendering the initial list. Timeline was even more wasteful. It used ticket status, dates, dependencies, and assignees, but still downloaded every full Markdown description. The D

2026-06-20 原文 →
AI 资讯

No user verification leading to subscription bypass and pre-register

For security reasons, we consider "Target app", as the target we practiced on, and the real name won't be disclosed in this post. The target app, was a niche music streaming platform, available in web and mobile PWA, meaning the structure is same but access is easier for cross platform. The app worked in this way : You register using an account, 3rd party like google or via email After that you can use the app for free with a 3 day window (3 day trial) After the 3 day you gotta buy subscription to continue listening The flaw, existed in the first step, when you register using an email, no verification happens! You could enter any type of string@something.com , a random password and start your free trial. So what happens is that first I use string1@something.com , for 3 days. When the time runs out, I use string2@something.com for another 3 days. And since the app's trial and actual subscription don't have any difference, and the 3 day time window is the only limitation, the user with such knowledge from the app doesn't need to buy any subscriptions while such flaw exists! Mitigation : Apply email verification step after user input, so they have to use the received link to verify their address Blacklist "temporary email" service's address or IPs, so users won't generate any email to register after their trial has expired. This way, the registration process isn't too complex while keeps app from attackers avoiding a "For ever free" usage on the app.

2026-06-20 原文 →
AI 资讯

Pro File Uploads in Rails 8: Speed and Scalability with Direct Uploads

Imagine a user trying to upload a 100MB video or a high-resolution photo to your app. If you use the standard Rails file upload, that file travels from the user's browser to your Rails server, and then your server sends it to S3 or Google Cloud. This is a terrible way to do it. While that 100MB file is transferring, your Rails worker (Puma) is frozen. It can't handle other users. If three people upload large files at once, your whole app will stop responding. In 2026, the professional way to handle this is Direct Uploads . With Direct Uploads, the file goes directly from the user's browser to your cloud storage (S3, R2, etc.). Your Rails server only handles a tiny bit of metadata. It is faster for the user and much safer for your server. Here is how to set it up in Rails 8. STEP 1: Configure Your Storage First, make sure you aren't using the local disk for production. You need a cloud provider like AWS S3 or Cloudflare R2. In your config/storage.yml : amazon : service : S3 access_key_id : <%= ENV['AWS_ACCESS_KEY_ID'] %> secret_access_key : <%= ENV['AWS_SECRET_ACCESS_KEY'] %> region : us-east-1 bucket : my-app-uploads # Crucial for Direct Uploads! public : true Note: You must configure CORS in your S3/R2 dashboard to allow requests from your domain. If you don't do this, the browser will block the upload. STEP 2: The Rails Form Rails makes the backend part incredibly easy. You just add one attribute to your file field: direct_upload: true . <!-- app/views/users/_form.html.erb --> <%= form_with ( model: user ) do | f | %> <div class= "field" > <%= f . label :avatar %> <%= f . file_field :avatar , direct_upload: true %> </div> <%= f . submit "Save Profile" %> <% end %> When you add direct_upload: true , Rails automatically includes a JavaScript library that handles the "handshake" with S3. STEP 3: Adding a Progress Bar (The UX Win) Direct uploads can take a few seconds. If nothing happens on the screen, the user will think your app is broken. We can use the built-in Ac

2026-06-20 原文 →
AI 资讯

Why I stopped reading my own backlog.md (and what I read instead)

The morning my own file lied to me Wednesday, May 21, start of session, coffee next to the keyboard. I ask the agent where we stand on the DEV.to series. Clean answer, articulated, "Four articles on stand-by, ready to publish." I reread. Half a second of unease, because I think I saw two or three of them go through DEV.to last week, but I slept in between and I'm no longer sure. I type the question that changes everything, "Are you sure articles remain to publish?" The agent re-queries the DEV.to API in parallel, opens scripts/devto/state.json , crosses the two. The four articles have been published for two or three days. What I just read wasn't a hallucination. The agent did exactly what was expected of it, namely open articles/backlog.md , read the table, restitute what it said. I'm the one who had stopped updating that file. sync-backlog.ts hadn't run after the pushes of last week. The markdown said "stand-by" while production said "published" . The typist didn't lie. She read faithfully a file I had written myself and that I was treating as authority while nothing was maintaining it. A summary is a Cache without a refresher This is the most common failure mode of a solo project that lasts. Each day produces two flows. On one side the matter that moves, made of commits, deploys, rows in the database, statuses that transition. On the other side the writings we draft to keep our bearings, namely backlog.md , the root MEMORY.md , the Sunday-night session note, the README of the folder we refactored last week. These writings are produced quickly, in the gesture that closes a sprint, and they are maintained slowly, or not at all, because nothing in the pipeline triggers to close them. R6 of the Counterpart Toolkit says it for SQL columns, Live / Snapshot / Cache mandatory . Any column derivable from other data must declare its category in the commit that creates it. If it's a Cache, the refresher mechanism ( GENERATED ALWAYS AS , SQL trigger, materialized view with pl

2026-06-19 原文 →
AI 资讯

How I Got a $340 AWS Bill from a Side Project (And What I Built to Prevent It)

The invoice arrived on a Tuesday morning. $340. For a side project I'd built in a weekend. A small LLM-powered summarization tool — users paste text, model returns a summary. I'd done the math before launching: roughly $0.002 per request, ~500 requests/day, around $30/month. Totally fine. What I hadn't accounted for: system_prompt_tokens = 800 requests_per_day = 2000 # not 500 — it went viral in a group chat input_price_per_1M = 2.50 # GPT-4o daily_cost = (800 * 2000 / 1_000_000) * 2.50 = $4.00/day → $120/month just from system prompts Plus the actual user input tokens. Plus output tokens. $340 later, I had learned my lesson. The Real Problem: API Pricing Is Designed to Be Hard to Compare Every provider uses different units: OpenAI → per million tokens (input vs output, different rates) Pinecone → read units + write units + storage GB/month Stripe → % of transaction + fixed fee + monthly platform fee AWS Lambda → per GB-second + per request + data transfer None of it is comparable at a glance. You end up either building a spreadsheet from scratch every time or just guessing — and guessing gets expensive. What I Built After the invoice incident I started keeping a cost estimation spreadsheet. It grew. Eventually I turned it into APICalculators.com — 16 free, browser-based calculators covering the infrastructure decisions most AI/SaaS developers face: LLM APIs GPT-4o, Claude Sonnet, Gemini Flash, Llama — cost by model, context length, daily volume Side-by-side comparison at your exact usage Vector Databases Pinecone vs Qdrant vs Supabase vs Weaviate Enter index size + queries/day → monthly cost Serverless AWS Lambda vs Cloudflare Workers vs Vercel Functions Cost at your invocation volume and memory config Auth Providers Clerk vs Auth0 vs Supabase Auth vs Cognito Monthly cost by MAU tier Payment Processors Stripe vs Paddle vs Lemon Squeezy Real fee comparison on your transaction volume The System Prompt Problem, Solved in 30 Seconds Here's what the LLM cost calculator

2026-06-19 原文 →
开发者

Lo que aprendí cuando dejé de pensar solo en código y empecé a pensar en arquitectura

Durante mucho tiempo asocié el desarrollo de software con programar funcionalidades: crear entidades, armar controladores, conectar una base de datos, validar formularios y hacer que una aplicación responda correctamente. Sin embargo, durante el Trabajo Final de la asignatura Desarrollo de Aplicaciones Web , entendí que programar es solo una parte del problema. El verdadero desafío aparece antes de escribir código: decidir qué arquitectura conviene, por qué conviene, cuánto cuesta, qué riesgos resuelve y qué complejidad agrega. El trabajo consistió en diseñar un sistema de gestión clínica que comenzaba como un MVP para una única clínica y evolucionaba progresivamente hacia una plataforma SaaS multi-tenant . Aunque fue un proyecto académico, el ejercicio nos obligó a pensar como si estuviéramos tomando decisiones técnicas en un contexto real: con restricciones de negocio, costos, equipo, seguridad, datos sensibles y crecimiento futuro. La principal enseñanza fue: la mejor arquitectura es la que responde mejor al momento del producto . El primer desafío: no sobrediseñar desde el inicio Cuando empezamos a pensar el sistema, la tentación era ir directamente a una arquitectura compleja: microservicios, eventos, colas, Kubernetes, múltiples bases de datos y despliegues independientes. Pero al analizar el escenario inicial, esa decisión no tenía sentido. El sistema comenzaba para una sola clínica, con un presupuesto reducido y con requisitos todavía en etapa de validación. En ese contexto, arrancar con microservicios hubiera agregado más problemas que beneficios: comunicación entre servicios, contratos, versionado, observabilidad distribuida, debugging más difícil y mayor costo de infraestructura. Por eso, una de las decisiones más importantes fue comenzar con una arquitectura en capas , desplegada como un único proceso. Esta elección permitió separar responsabilidades sin asumir desde el principio la complejidad de un sistema distribuido. La capa de presentación se encarg

2026-06-19 原文 →
AI 资讯

Building an interactive Palworld map with Next.js, Leaflet and Supabase

As a solo developer I wanted a fast, mobile-friendly interactive map for Palworld that didn't bury me in ads. The result is Pindrop , and here are a few of the technical decisions behind it. Rendering 1000+ markers without jank The interactive map uses Leaflet with a custom marker-clustering layer. Markers are served as static JSON from the edge and hydrated client-side, so the first paint is server-rendered and the heavy marker work happens after. A breeding calculator as a pure function Palworld's breeding combos are deterministic, so the breeding calculator is just a lookup over a precomputed table rather than a backend call. That keeps it instant and fully cacheable. Stack Next.js (App Router) for SSR + static generation Leaflet for the map layer Supabase for the small amount of dynamic data Vercel for hosting and edge caching If you play Palworld, the guides section collects the breeding, location and boss notes I kept losing track of. Feedback from other devs welcome — especially on the clustering approach.

2026-06-19 原文 →
AI 资讯

Architecting Block: Building a Custom Social Network, Theme Engine, and more

Pre: What is BlockSocial? BlockSocial is the ultimate social network for developers, bringing the energy of short-form video to the world of open source. Think of it as Facebook meets Instagram—a place to showcase your code, find inspiration, and build your developer brand through "Reels" and interactive dashboards. Github link: https://github.com/Hfs2024/BlockSocial 1. User Scenario & Workflow (The Fork System) The Setup User A : Publishes a post saying: "I love drinking Pepsi every day." User B : Is shy, but wants to tell their friend this is an unhealthy habit. User C : Is a malicious user who gossips. The Fork Mechanism User B creates a fork to discuss this post with User C via the POST /api/share endpoint. Data Copying : It copies the entire post contents except comments, likes, reports, and downloads. Chain Prevention : You can fork a forked post, but the system will fork the original source root, not the fork itself. Scope : It shares with only one user at a time to prevent unexpected group creation. Database Payload for Forks The following fields are appended to the document structure: { "share" : true , "shareId" : "post._id" , // The original post ID "sharedBy" : "req.currentUser.username" , // The user who shared or forked "shareTo" : "shareTo" , // The friend receiving the share "shareComment" : "comment || ''" // A quick comment on the post } Moderation & Enforcement Workflow If User C breaks trust and leaks the conversation, User B can report them via the POST /report/user endpoint. Verification : Administrators review interaction history to verify the violation. Account Termination : Bad users receive a permanent lifetime account ban. Data Scrubbing : All associated messages from the malicious user are removed. Blacklisting : The account is fully banned. The Blindspot : Face-to-face interactions remain outside system moderation boundaries 😅 2. Technical Implementation Details Dynamic Comment Identity Logic When a user submits a comment via POST /api/c

2026-06-19 原文 →
AI 资讯

Using a locked-down WordPress as the form backend for my static sites

Static sites are great: fast, cheap to host, almost nothing to attack. Then you add a contact form and hit the same wall everyone hits — a static site can't process a submission. You need a backend. The usual answers are a third-party service (Formspree, Netlify Forms, Basin) or a small server you now have to babysit. Both add a dependency you don't control, a recurring bill, and — the part that bugs me most — your submission data lives on someone else's infrastructure. There's a third option I've been running for a while: one WordPress install, zero public pages, used purely as a form endpoint. Every form from every static site I own hits it. I own all the data. And because it serves no public HTML, its attack surface is close to nothing. The architecture Three pieces, each doing one job: WordPress — the backend. Locked down so hard it doesn't behave like a normal WP site anymore. A form plugin — handles building, validation, storage, email, file uploads. (I use CraftForms because it exposes a clean craftforms/v1 REST namespace and can also serve the form HTML to an external page — more on that below.) Your static frontend — Cloudflare Pages / Netlify / wherever. It either fetch es the REST endpoint on submit, or drops in an embed snippet. WordPress never serves a public request. It only processes submissions. The part that matters: locking it down The biggest WordPress attack vector isn't your host — it's outdated plugins . So the first move is brutal minimalism: one plugin, no theme, no page builder, no public frontend. A WP install with one plugin and a blocked frontend has almost no CVE surface, because none of the usual stuff is installed. The rest is one must-use plugin. Drop this in wp-content/mu-plugins/ (no activation needed) and you've blocked the four standard entry points: <?php if ( ! defined ( 'ABSPATH' ) ) exit ; // 1. Restrict the REST API to your form namespace only. // Kills user enumeration (/wp/v2/users), route discovery, the usual REST exploits

2026-06-19 原文 →
AI 资讯

A Few Months Ago, Agentic Development Felt Overwhelming

A few months ago, I was overwhelmed by everything happening in AI. Every week there was a new coding assistant, a new workflow, or someone claiming they built an app in just a few hours. It felt like if you weren't keeping up, you'd be left behind. I tried almost everything. Cursor. ChatGPT. Claude Code. Lovable. At first, I kept switching between tools, hoping one of them would magically make me a better developer. It didn't. The biggest lesson I learned wasn't about choosing the best AI tool. It was learning how to work with AI. These days, I don't start by asking AI to write code. I start by explaining the problem. I describe the feature, the business requirements, the edge cases, and what I want the final result to look like. Sometimes I ask ChatGPT to help me plan the implementation first. Once everything is clear, I pass that plan to an agentic coding assistant and start building. That one change made a huge difference. I spend less time writing boilerplate and more time thinking about architecture, user experience, and solving the actual problem. AI still gets things wrong, so I review everything before it goes into production. But instead of writing every single line myself, I'm guiding the process. Looking back, the first few months were the hardest. Now it just feels normal. The tools will keep changing, but I think the real skill is learning how to communicate with AI and use it as part of your development process. That's something worth investing in.

2026-06-19 原文 →
AI 资讯

How to Access 50+ Chinese AI Models Through One API

How to Access 50+ Chinese AI Models Through One API The Chinese AI ecosystem exploded in 2025-2026. DeepSeek dropped training costs by an order of magnitude. Qwen 3 ships 19 variants from 0.6B to 235B parameters. GLM-5 competes head-to-head with GPT-5 at 3% of the price. There's Kylin, Yi-Lightning, Hunyuan-T1, MiniMax-M1, Step-2-16K, and 40+ more models from a dozen labs. The models are incredible. The fragmentation is not. Every lab has its own API. Different auth headers. Different response formats. Different streaming protocols. Different error codes. If you wanted to try 5 models from 5 Chinese labs last year, you'd need 5 SDKs and 5 billing dashboards. Nobody has time for that. This is exactly the problem AIWave was built to solve. One API Key. 50+ Models. Zero Code Changes. AIWave is a unified API gateway that aggregates 50+ Chinese AI models behind a single endpoint. It speaks the OpenAI API format, which means every existing tool, SDK, and codebase in your stack works without modification. Here's what that looks like in practice: from openai import OpenAI # Point to AIWave instead of OpenAI client = OpenAI ( base_url = " https://api.aiwave.live/v1 " , api_key = " sk-your-aiwave-key " ) # Use DeepSeek V4 Pro response = client . chat . completions . create ( model = " deepseek-v4-pro " , messages = [{ " role " : " user " , " content " : " Explain MoE architecture " }] ) # Switch to GLM-5 — change one string response = client . chat . completions . create ( model = " glm-5 " , messages = [{ " role " : " user " , " content " : " Explain MoE architecture " }] ) # Try Qwen 3 235B — same thing response = client . chat . completions . create ( model = " qwen3-235b " , messages = [{ " role " : " user " , " content " : " Explain MoE architecture " }] ) That's it. Whatever you're already using — the OpenAI Python SDK, LangChain, LlamaIndex, Vercel AI SDK, a custom fetch wrapper — continues to work. You change the base URL and the model name, and suddenly you have acce

2026-06-19 原文 →
AI 资讯

Day 45 of Learning MERN Stack

Hello Dev Community! 👋 It is officially Day 45 of my non-stop run toward full-stack engineering! Yesterday, I learned how to serve static HTML pages using Express routing. Today, I took a major step toward building premium, clean, and minimalist UI/UX styles by installing and mastering Tailwind CSS via the Tailwind CLI ! Instead of writing massive, chaotic external CSS stylesheet files, today I shifted to the industry-standard utility-first workflow to speed up my design iterations. 🧠 Key Learnings From Day 45 (Tailwind CSS Architecture) Tailwind doesn't give you pre-built components; it gives you atomic utility classes that let you build completely custom, high-end layouts directly inside your HTML structure. Here is the engineering breakdown: 1. Tailwind CLI Installation & Initialization I learned how to integrate Tailwind from scratch using npm packages instead of lazy CDN links. Installed the tailwindcss compiler core ( npm install -D tailwindcss ). Initialized the configuration hub using npx tailwindcss init . 2. Crafting the Content Map inside tailwind.config.js Understood how Tailwind optimizes final file weights using tree-shaking. I configured the structural template paths so the compiler knows exactly which files to scan for dynamic styling classes: javascript /** @type {import('tailwindcss').Config} */ module.exports = { content: ["./public/**/*.{html,js}"], // Scanning static folders cleanly theme: { extend: {}, }, plugins: [], }

2026-06-19 原文 →
AI 资讯

What Does the Windows REFRESH button really do?

Hello, I'm Maneshwar. I'm building git-lrc, a Micro AI code reviewer that runs on every commit. It is free and source-available on Github. Star git-lrc to help devs discover the project. Do give it a try and share your feedback. I boot up my machine. The desktop loads. And before I open my editor, before I check Slack, before I do a single productive thing, I right-click an empty patch of desktop and hit Refresh . Then I do it again. And again. I am a person who can explain event loops and reason about cache invalidation, and yet here I am, mashing F5 on a static wallpaper like it owes me money. If you've never done this, congratulations, you're better than me. If you have ... welcome. You're among friends. First, let's kill the myth There's a folk belief that refreshing the desktop is a tiny act of system maintenance. A little spring cleaning. A gift to your hardworking CPU. It is not. Manually refreshing your desktop does not : free up RAM reduce CPU load clear some mysterious cache make your PC faster in any way, shape, or form All it does is tell Windows Explorer to redraw the current view . That's it. That's the whole feature. What's actually happening under the hood Here's the part that's actually interesting (we're devs, we live for the "actually"). Windows doesn't repaint your entire screen on every frame, that would be wildly wasteful. Instead it leans on a composition engine that, with help from your GPU when one's available, only redraws the regions that changed since the last frame. Already drawn elements get cached and reused. Icons, the taskbar, your wallpaper they're all mostly static, so mostly left alone. When something genuinely changes (you save a file, delete a folder, plug in a drive), the OS detects it and tells the composition engine: "hey, this little rectangle changed, repaint just that." The desktop refreshes itself, automatically, all day long, without you ever touching anything. So the manual Refresh button is really just a manual overrid

2026-06-19 原文 →
AI 资讯

How email verification works: syntax, MX, and SMTP explained

"Email verification" sounds like one thing, but it's really a stack of checks of increasing depth and cost. Knowing what each layer actually proves helps you pick the right level instead of overpaying for verification you don't need. Layer 1: syntax The cheapest check: does the string look like a valid email address? A pragmatic regex catches obvious garbage ( asdf , a@@b , trailing spaces). It's instant and free, but weak on its own: nobody@asdf.asdf passes syntax and can't receive a single message. Layer 2: domain and MX records Next, does the domain actually accept mail? Every domain that receives email publishes MX (mail exchanger) records in DNS pointing to its mail servers. A quick DNS lookup tells you whether any exist. No MX (and no fallback A record) means the domain can't receive mail, so the address is undeliverable no matter how it's spelled. This single step removes a large class of fakes and dead domains. Layer 3: SMTP mailbox check The deepest level connects to the domain's mail server and begins the motions of sending a message to ask whether that specific mailbox exists, without actually delivering anything. It's the only layer that can hint a particular inbox is real, but it comes with real caveats: It's slow (a live connection per address). Many servers are "accept-all" and say yes to everything, so the answer is often meaningless. Lots of providers block or throttle these probes, and outbound port 25 is blocked on most modern hosting, so it's frequently unavailable anyway. SMTP checks matter most for cleaning old, cold lists, and far less for stopping junk at signup. The heuristics layer Alongside those, useful verification adds signal that has nothing to do with deliverability per se: Disposable detection: is it a throwaway provider? Role detection: is it info@ or admin@ rather than a person? Typo suggestions: "did you mean gmail.com?" for gmial.com . A deliverability score: one 0–100 number that rolls it all up so you can just threshold on it.

2026-06-19 原文 →
AI 资讯

# Building an AI-Powered Carbon Footprint Awareness Platform with Flask, SQLite, and Groq (Llama 3.1)

🌿 Introduction As climate awareness grows, individuals are looking for actionable ways to reduce their personal carbon footprints. However, most carbon calculators are either too complex or offer generic, unhelpful advice. To solve this, I built CarbonWise —a production-ready Carbon Footprint Awareness Platform. It combines deterministic scientific carbon calculations with real-time, personalized AI reduction strategies using the Groq LLM API. Here is a technical deep-dive into how I built, secured, and optimized this application for the PromptWars: Virtual challenge. 🏗️ Architecture & System Design The application is designed to be lightweight, secure, and highly performant, avoiding heavy framework overhead. System Data Flow ┌──────────────────────────────────────────────────────────┐ │ User Browser │ └─────────────┬──────────────────────────────▲─────────────┘ │ HTTPS (POST / GET) │ Rendered HTML/CSS ┌─────────────▼──────────────────────────────┴─────────────┐ │ Flask App (app.py) │ └─────────────┬──────────────┬───────────────▲─────────────┘ │ │ │ ┌─────────────▼──────────┐ ┌─▼─────────────┐ │ │ SQLite DB (carbon.db) │ │Secure Session │ │ │ - Users & Logs │ │ Cookies │ │ │ - WAL Mode Enabled │ └───────────────┘ │ └────────────────────────┘ │ Structured JSON Insights ┌────────────────────────────────────────────┴─────────────┐ │ Groq API (Llama 3.1) │ │ - Model: llama-3.1-8b-instant │ └──────────────────────────────────────────────────────────┘ Backend : Flask (Python) handles routing, user session state, and database operations. Database : SQLite manages users and logs. We activated WAL (Write-Ahead Logging) mode to enable concurrent reads and writes. AI Engine : Connects to the Groq API using the ultra-fast Meta Llama 3.1 8B model ( llama-3.1-8b-instant ). Frontend : Rendered server-side with Jinja2 templates and styled with a custom dark-mode glassmorphism design system in Vanilla CSS. ⚙️ Feature Deep-Dive 1. Deterministic Carbon Calculations ( carbon_engine.p

2026-06-19 原文 →
AI 资讯

I open-sourced the financial charting library we use in production

If you've ever tried to build a trading dashboard, a crypto portfolio tracker, or any financial app, you probably ran into the "charting problem" pretty quickly. The standard industry approach goes something like this: Embed a heavy <iframe> from a 3rd party provider. Realize it doesn't quite match your app's UI/theme. Struggle with limited postMessage APIs to push real-time data. Watch the UI lag when you try to render multiple charts on the same page. I got tired of fighting with iframe embeds and DOM-based SVG charts that couldn't handle thousands of real-time ticks. I needed something native, fast, and entirely under my control. So, I built one. And today, I'm fully open-sourcing the core engine. Meet Exeria Charts Exeria Charts is a source-available, high-performance financial charting library designed for self-hosted web applications. Instead of embedding external widgets, Exeria renders directly inside your application using a highly optimized Canvas architecture. Here’s a quick look at what it can do: https://exeria.dev The Tech Constraints (Why build another charting lib?) Building a financial chart isn't just about drawing boxes and lines. It’s about performance under pressure. When designing the architecture, we had a few strict requirements: Zero iframes: It had to be a native JavaScript/React module that lives in the main DOM tree, styled perfectly to match the host application. High-frequency updates: Crypto and forex markets move fast. The library needed to handle sub-millisecond tick updates without dropping frames or blocking the main UI thread. Unified runtime: I didn't want a separate library for line charts, another for candlesticks, and another for volume histograms. We needed one engine that could switch views instantly. How to use it We designed the API to be as straightforward as possible. Here is what a vanilla JS implementation looks like: import { createChart } from " @efixdata/exeria-chart " ; // 1. Grab your container const container = d

2026-06-19 原文 →
AI 资讯

How I Built an Adversarial AI Council in React (and Why It Argues With You)

A local-first, single-file SPA where multiple agents debate your decision and hand you a verdict. The problem: every AI I asked just agreed with me I almost named this project wrong. I'd picked a name that sounded powerful. I asked ChatGPT, and it loved it. I asked Claude, and it nodded along. Nobody warned me about the trademark conflict, the wrong search intent, or the SEO fight I'd pick with the BBC. That was the moment I realized the problem wasn't the name. It was the feedback loop. Most AI assistants are tuned to please, so they hide your blind spots instead of showing them. When you need to make a consequential decision, "sounds great" is the most expensive answer you can get. So I built the opposite: a council of AI agents that disagree on purpose. What NoFlattery does NoFlattery puts 2–4 agents in a room, gives them different reasoning biases, and makes them debate your decision. The output isn't another chat transcript. It's a Decision Record: a clear verdict, the reasoning behind it, the main risk, what would change the call, and a next step. Use it for product decisions, pricing, tech stack, hiring, or any call where one perspective isn't enough. Key product choices: Local-first: your chats and API keys stay in your browser. BYOK: bring your own OpenAI, Anthropic, OpenRouter, or Ollama key. One-time price: no subscription, no account, no data harvesting. The stack The whole app is a single-file SPA built with: React 19 + TypeScript Zustand for state Dexie over IndexedDB for local-first storage Vite + vite-plugin-singlefile for a single index.html deploy An OpenAI-compatible provider runtime so users can plug in their own keys Why single-file? Because the deploy becomes dead simple. One HTML file. No server for the data. No build orchestration. I can ship the app to Cloudflare Pages and forget about it. The turn engine: deterministic, not magical The heart of NoFlattery is a turn-based multi-agent engine. One user message triggers one round. Each agent sp

2026-06-19 原文 →
AI 资讯

Structuring TypeScript: Interfaces, Type Aliases, Enums, and Object Types

Structuring TypeScript: Interfaces, Type Aliases, Enums, and Object Types You've learned TypeScript's primitive types and the basics of type inference here . Now it's time to model real-world data — users, orders, API responses, configuration objects. That's where interfaces, type aliases, and enums come in. These three features are what make TypeScript genuinely powerful for building applications. Let's dig in. Object Types: Describing the Shape of Data Before we get to interfaces, let's understand object types. When you want to describe the structure of an object, you define what properties it has and what types those properties are: // Inline object type annotation function displayUser ( user : { name : string ; age : number ; email : string }): void { console . log ( ` ${ user . name } ( ${ user . age } ) — ${ user . email } ` ); } This works, but it's messy to repeat everywhere. That's why we use type aliases and interfaces to name and reuse these shapes. Type Aliases: Naming a Type A type alias gives a name to any type — primitives, unions, objects, or combinations: // Alias for a primitive union type ID = string | number ; // Alias for an object shape type User = { id : ID ; name : string ; age : number ; email : string ; }; // Now use it anywhere const user : User = { id : 1 , name : " Ramesh " , age : 31 , email : " ramesh@example.com " , }; function getUser ( id : ID ): User { // ... fetch user logic } Type aliases are flexible — they can represent almost anything. Interfaces: Defining Object Contracts An interface is specifically designed to describe the shape of an object. Syntax is slightly different: interface User { id : number ; name : string ; age : number ; email : string ; } const user : User = { id : 1 , name : " Ramesh " , age : 31 , email : " ramesh@example.com " , }; Optional and Readonly Properties Properties can be marked as optional ( ? ) or read-only ( readonly ): interface UserProfile { readonly id : number ; // Can't be changed after cre

2026-06-19 原文 →
AI 资讯

What is HiveTalk?

HiveTalk.space is a privacy focused chat app. HiveTalk.space should not be confused with hivetalk.org. While both platforms focus on communication, they are separate projects with different goals and feature sets. HiveTalk is closed source and cloud hosted, making it easy to start chatting without setting up your own server. Despite not being self-hosted, privacy remains a core focus. Private conversations are designed with privacy in mind, allowing users to communicate without unnecessary tracking or intrusive data collection. Every account includes generous free limits. Users can upload files and videos up to 1 GB each, send unlimited messages , and sign in using supported social login providers or a traditional account. Creating communities is simple, with the ability to make your own chat rooms for friends, gaming groups, project teams, schools, or fanbases in just a few clicks. HiveTalk also aims to provide a modern messaging experience with features such as polls, rich text formatting, media sharing, and room management tools, while keeping the interface simple and easy to use. Whether you want a private conversation, a small group chat, or a larger community, HiveTalk is designed to scale without placing artificial limits on everyday usage. Unlike many messaging platforms that reserve key features for paid subscriptions, HiveTalk offers its core functionality for free. The goal is to make private, feature-rich communication accessible without requiring users to pay just to unlock basic messaging features. As the platform continues to develop, new features and improvements are regularly added, with a focus on privacy, usability, and giving communities more control over how they communicate.

2026-06-19 原文 →
AI 资讯

Cosmic as Agent Memory: Structured, Versioned, and Queryable

AI agents get better the more they run. Every conversation turn, every task completed, every prompt refined adds to a growing body of context that shapes the next output. The compounding effect is real: an agent with 100 turns of memory and a versioned prompt history behaves meaningfully differently from one starting cold. This post walks through using a structured, versioned, API-accessible store as the memory layer for AI agents, with TypeScript examples. Agent messages, system prompts, findings, and instructions are all stored as structured, versioned, API-accessible Objects. Each new turn adds to the record. Each prompt edit is tracked. What Agent Memory Actually Needs The compounding loop only works if the memory layer has the right properties. Most agent frameworks handle working memory well. The gap is episodic and semantic memory: what the agent learned, did, and produced across sessions. Researchers at Elastic recently published a breakdown of agent memory tiers : working memory (in-context), episodic memory (past interactions), semantic memory (knowledge), and procedural memory (learned behaviors). Good persistent agent memory needs four properties: Structured : queryable by type, status, date, or custom field, not just full-text search Versioned : you need to know what the agent wrote at each point in time, not just the latest state API-accessible : any model, any framework, any language should be able to read and write it Human-reviewable : agents make mistakes; a human needs to inspect and correct outputs without touching a database Objects as Agent Outputs When an agent produces output, storing it as a structured Object gives you a queryable record with typed fields, a draft/published workflow so a human can review before promoting to production, a full audit trail of every change, REST API access from any runtime, and a dashboard UI where non-technical team members can inspect, edit, or approve agent outputs. Here's a simple research agent that stores

2026-06-19 原文 →