今日已更新 281 条资讯 | 累计 21147 条内容
关于我们

标签:#webdev

找到 1573 篇相关文章

开发者

Python Tip: Distinguishing Pre-market, Regular, and After-hours Ticks from a WebSocket Stream

Ever received a WebSocket tick stream for US stocks and wondered why your indicators behave oddly outside regular hours? The raw data doesn’t tell you which session a trade belongs to, but identifying the session is crucial for signal quality. Here’s a clean, no-dependency-heavy way to do it in Python. Quick Session Reference Session US Eastern Time Data Characteristics Pre-market 04:00-09:30 Sparse trades, choppy moves Regular hours 09:30-16:00 Dense liquidity, smooth price action After-hours 16:00-20:00 Volatility often triggered by news Method 1: Timestamp Conversion Almost every API sends a UTC timestamp. Convert it to US/Eastern and classify. from datetime import datetime import pytz # US Eastern timezone et = pytz . timezone ( ' US/Eastern ' ) def get_session ( ts ): t = datetime . fromtimestamp ( ts , et ) # Check pre-market window if t . hour < 9 or ( t . hour == 9 and t . minute < 30 ): return " pre " # Regular session if t . hour < 16 : return " regular " # After-hours return " after " Method 2: Use a Session Status Field If your provider sends a field like sessionType , you can skip the timezone math. Just make sure to test edge cases at session boundaries. Live Integration Example Using a WebSocket feed (like AllTick’s market data stream) that includes a timestamp, I label ticks on the fly. import websocket import json from datetime import datetime import pytz # US Eastern timezone et = pytz . timezone ( ' US/Eastern ' ) def session ( ts ): t = datetime . fromtimestamp ( ts , et ) if t . hour < 9 or ( t . hour == 9 and t . minute < 30 ): return " pre " elif t . hour < 16 : return " regular " else : return " after " def on_message ( ws , message ): data = json . loads ( message ) s = session ( data [ " timestamp " ]) print ( f " { data [ ' symbol ' ] } | { s } | { data [ ' price ' ] } | { data [ ' volume ' ] } " ) # Open WebSocket connection ws = websocket . WebSocketApp ( " wss://ws.alltick.co/stock " , on_message = on_message ) ws . run_forever () Effic

2026-06-02 原文 →
开发者

A few months ago, I wouldn't have picked myself

Back in February, a friend asked me to join his hackathon team. My first reaction wasn't excitement. It was: "Can I even contribute anything?" I remember repeatedly telling him not to add dead weight to the team and to find someone better. He kept insisting that it didn't matter and that I should just join. The funny thing is, I still don't think I've done anything extraordinary since then. No big startup. No crazy achievement. No overnight success story. Mostly just hundreds of hours of learning, building random things, breaking them, fixing them, and realizing how much I still don't know. But today I caught myself doing something weird. I'm the one thinking about who to bring into a team. And for the first time, I don't immediately feel like I'd be dead weight. Not because I know everything now. Just because I've reached the point where I can look at a problem and genuinely believe that, given enough time, I'll figure out how to contribute. It's a small shift, but it feels important. A few months ago I was wondering if I belonged on a team at all. Today I'm wondering who should be on mine. 👀

2026-06-02 原文 →
AI 资讯

I built a small tool to make PDFs easier to read at night

I read a lot of PDFs at night, especially on my phone. And honestly, PDFs are not great for that. Most of them still feel like digital paper: white background, fixed layout, and tiny text. Dark mode helps a bit, but many tools only change the page color. The bigger problem for me was mobile reading. When the text is too small, I have to pinch zoom, move the page left and right, zoom out again, then repeat the same thing on the next paragraph. After doing that too many times, I thought: Why can’t I just read the PDF text like an article? So I built a small free tool: PDF Dark Mode It has two reading modes. Page color mode This keeps the original PDF layout, but makes the page darker and easier to read at night. I use this for scanned PDFs, tables, image-heavy documents, or files where the original layout matters. Text reading mode For selectable PDFs, the tool can extract the text and show it in a cleaner reading view. You can adjust the font size, line height, font family, and theme. This is the part I personally wanted most, because it makes mobile reading much more comfortable. Instead of constantly pinch-zooming a fixed PDF page, the PDF starts to feel more like a normal article. Privacy The tool runs locally in the browser. Your PDF is not uploaded to a server, and refreshing the page clears the current session. Try it You can try it here: PDF Dark Mode I built it for my own night reading, but I’d love to hear feedback from anyone who reads PDFs on mobile. Also, if you ever need to convert a dark PDF back to a light version, I made a related tool for that too: PDF Light Mode

2026-06-02 原文 →
AI 资讯

What's the point of self-hosted CMS platforms?

I am considering switching from Contentful to a different headless CMS platform and I have noticed that a lot of them are self hosted. It seems like Sanity, Prismic, and Strapi all require you to create a project locally, then (at least in the case of Sanity) deploy the project for editors to use. Is this something people want? Maybe I haven't used it enough, but I don't really see the point of doing it this way. I have created a Sanity project locally and it seems I can't even edit the Studio dashboard, I can just define my types there and deploy. Why would the CMS provider not just host the UI (that they built anyway) themselves? submitted by /u/darkshadowtrail [link] [留言]

2026-06-02 原文 →
AI 资讯

Rant: Dumbass client

I need to share my misery with someone. Hope you get a laugh out of this. About a year ago, I built a web app for a client. Let's call her Karen. She loved the UI; she loved the functionality - every meeting was a joy. She was shit-kickin happy. I have 10 months of emails from her saying stuff like "it's like you're in my head! You get it exactly!" She even paid me extra for new functionality that she came up with halfway through. Then, after I had delivered everything she asked for (and signed off on), I demonstrated the finished app to her and her staff, and I thought it went well. I kept asking her when she wanted to launch it - crickets. Then she called me two weeks later, saying that one of her employees was still using her old system and asking Karen why. Apparently, the employee said that what we built didn't meet her needs... no details. So then Karen lays into me and says that what I built her is worthless and we need to start over. This is just out of the blue; absolutely no complaints until then. She was literally screaming on the phone. My wife heard this because I put her on speakerphone. I told Karen, " Hey, I'm sorry, but you have never said you weren't happy or that anything was wrong. I can't start over. I have to pay my staff to start over. If we did something wrong, I would cover the cost - but I built what you asked for, and I have many emails and Zoom calls recorded where you were happy." Then I don't hear from her for about four months, and she sent me this nasty-ass email saying that I screwed her over, used templates off the web (not true), and she wanted $45k in compensation (more than she paid) - or - make up for it by redesigning her Claude designs for her other stuff. "I did it on the weekend in 2 hours, I don't know why you developers charge so much!" She would never win a lawsuit. I forwarded everything to my attorney - and he laughed. He said, "No way she can build a case. But try to settle with her and do what she asks; it's not worth

2026-06-02 原文 →
AI 资讯

I built a free Unicode font generator for social bios and nicknames

I recently built Letras Diferentes , a free Unicode text-styling tool for people who want creative copy-paste fonts for bios, nicknames, social posts and gaming profiles. The idea is simple: Type normal text Preview different Unicode styles Copy the result in one click Use it on Instagram, WhatsApp, TikTok, Free Fire, Discord or social posts The project is especially focused on Portuguese-speaking users, but the tool works with general Latin text too. Main project: One thing I’m learning while building it is that Unicode text tools are not just about “fonts”. They are about UX, compatibility, mobile performance, copy buttons, favorites, categories and making the result easy to use on real platforms. I’m still improving the interface, categories and mobile experience. Feedback is welcome.

2026-06-02 原文 →
开发者

First real client project and I'm worried I'm underestimating it

I've been doing frontend development for a little over a year. Mostly personal projects, a few freelance jobs for friends, nothing huge. Recently someone reached out through a mutual contact and asked if I could build a website for their business. At first I assumed it would be a simple brochure site, but after our call it sounds like they want something a bit more custom. The site itself doesn't sound overly complicated, but they have a bunch of specific requirements that don't really fit into an off-the-shelf template. The deadline is around two weeks. Part of me thinks this is exactly the kind of project I need if I want to improve and start taking on more freelance work. The other part of me is looking at the timeline and thinking there's a good chance I'm being way too optimistic. For those of you who freelance or run your own projects, how do you figure out whether a client request is genuinely manageable or whether you're setting yourself up for a stressful couple of weeks? Trying to work out if I'm overthinking this or if my instincts are trying to warn me about something. submitted by /u/avz008 [link] [留言]

2026-06-02 原文 →
开发者

Are Front End Devs Getting Done Dirty With A.I.?

I'm a Full Stack dev. At my current job, until recently, I've being stuck doing only front end work. This is due to coworkers (referred to as C:A & C:B) hording all the back end work. They have stated that they don't know the front end. Yet they use A.I. to generate front end code they don't understand. Tech Lead doesn't care as long as it works. To be clear, this is not an anti-A.I. post. I see it as a tool and use it myself. Whatever it generates, I go through and understand how it works and if it is the best way to do it. When I say "Done Dirty", I mean A.I. is being used by people to do front end work that they wouldn't be capable of otherwise. Examples of what I have experienced. I was working on an assignment with Coworker C:A. I was on the front end work and they on the back. C:A branched off my Git branch, used A.I. to finish my part and theirs. They presented it to the boss (a non-technical director) as their work alone. I was working on an assignment with both C:A and C:B and we got down the wire on it. It was the day before delivery and I was trying to wire up the U.I. for both their back ends. I was running behind. C:B decided to use A.I. to wire theirs up and told everyone they got it done. The next day I was looking over everything and realized it wasn't wired up. It was displaying the embedded data I put in for testing. I had to inform the Tech Lead and it did not go well for C:B. My question is are front end devs getting the "short end of the stick" because A.I. can generate U.I. elements and do interface work for people who don't understand anything about it. Is anyone else experiencing something similar? Not looking for anti-A.I talk. I really want to know if people who specialize in this work are being directly undercut by A.I. usage. TLDR: Are devs using A.I. to generate front end code they don't understand undercutting those that specialize in it? submitted by /u/wtfbigman24x7 [link] [留言]

2026-06-02 原文 →
AI 资讯

Web Security Basics Every Developer Must Know (2026)

Web Security Basics Every Developer Must Know (2026) Security isn't just for security teams. Every developer needs these fundamentals to protect their applications and users. The Threat Landscape in 2026 Most common attacks targeting web apps: 1. SQL Injection — Still #1, still devastating 2. XSS (Cross-Site Scripting) — Steals sessions, defaces sites 3. CSRF (Cross-Site Request Forgery) — Actions on behalf of users 4. Authentication bypass — Weak passwords, session fixation 5. Sensitive data exposure — API keys in code, unencrypted data 6. IDOR (Broken Access Control) — Accessing others' data 7. SSRF (Server-Side Request Forgery) — Internal network probing 8. Dependency vulnerabilities — Compromised npm/pip packages Key principle: Defense in depth → Don't rely on one security layer → Multiple independent controls → If one fails, others catch it #1 SQL Injection Prevention // ❌ VULNERABLE: String concatenation const query = `SELECT * FROM users WHERE email = ' ${ email } '` ; // Attacker inputs: ' OR '1'='1' -- // Result: Returns ALL users! // ✅ Parameterized queries (always!) const user = db . prepare ( ' SELECT * FROM users WHERE email = ? ' ). get ( email ); // The database treats the input as DATA, not code. // With ORM (Sequelize/TypeORM/Prisma): User . findOne ({ where : { email } }); // Safe by default // Even with parameterized queries, validate input first: function isValidEmail ( email ) { return /^ [^\s @ ] +@ [^\s @ ] + \.[^\s @ ] +$/ . test ( email ); } if ( ! isValidEmail ( email )) return res . status ( 400 ). json ({ error : ' Invalid email ' }); // ⚠️ Dangerous: Dynamic table/column names can't be parameterized! const allowedTables = [ ' users ' , ' products ' , ' orders ' ]; if ( ! allowedTables . includes ( table )) throw new Error ( ' Invalid table ' ); #2 XSS (Cross-Site Scripting) Defense // Types of XSS: // 1. Stored XSS: Malicious script saved in DB, shown to all viewers // → Comment sections, profiles, product reviews // 2. Reflected XSS: Sc

2026-06-02 原文 →
AI 资讯

Three Polymarket CLOB gotchas: 401, "invalid signature", and a cancel that does nothing

Three Polymarket CLOB gotchas: 401, "invalid signature", and a cancel that does nothing Automating Polymarket with py-clob-client , I lost an embarrassing amount of time to three failures that aren't clearly documented anywhere. Here they are with the exact fixes, so you don't. 1. Your cancel returns 404 — because the endpoint isn't what you'd guess The intuitive DELETE /order/{id} returns 404 and your order silently stays open. The real endpoint is: DELETE /order body: {"orderID": "0x..."} # and the body is part of the signature Sign request_path = "/order" together with that body, then send the exact body. Miss this and your "canceled" orders keep resting on the book. 2. 401 Unauthorized that "should work" Authenticated calls need L2 HMAC headers, and the most common silent mistake is POLY_ADDRESS : it must be your wallet address , not the api_key. The reliable move is to let py-clob-client build the headers via create_level_2_headers from correctly-formed RequestArgs (method, request_path, body, serialized_body) — and make sure the serialized body you sign is byte-for-byte the body you send. 3. invalid signature = SignatureType / funder mismatch Nine times out of ten this is the SignatureType not matching how your wallet holds funds: 0 = EOA funder = your own wallet (holds USDC) 1 = POLY_PROXY funder = the proxy address (email/magic wallet) 2 = POLY_GNOSIS_SAFE funder = the safe address Signing as an EOA while pointing funder at a proxy (or vice-versa) yields invalid signature with no further hint. Bonus: the fill you read is wrong For a BUY , the shares you got are in takingAmount ; for a SELL , they're in makingAmount (takingAmount is the USDC). Read the wrong field and your accounting drifts, which then triggers resubmits and balance errors. I packaged the cancel/auth/fill helpers as a small MIT library: https://github.com/BlueWhale-Quant-Lab/polymarket-401-invalid-signature-cancel-order (For the harder production bits — reading /data/trades for reconciliation

2026-06-02 原文 →
AI 资讯

Google OAuth works on localhost, Chrome, and Brave but fails on Edge/Firefox after Vercel deployment

Hi everyone, I am facing a strange issue with Google OAuth after deploying my MERN application. My stack: Frontend: React + Vite (deployed on Vercel) Backend: Express + MongoDB (deployed on Render) Authentication: u/react-oauth /google using useGoogleLogin The issue: Google login works perfectly on my local development environment ( localhost ). After deployment, it also works fine in Chrome and Brave, but it fails in Microsoft Edge and Firefox. The console error says: GSI_LOGGER: Failed to open popup window. Maybe blocked by the browser? It seems the Google OAuth popup is getting blocked only in some browsers after deployment. Things I have already verified: Google OAuth Client ID is correct My Vercel domain is added in Authorized JavaScript origins Environment variables are properly configured on Vercel Backend APIs are working CORS is configured correctly Normal email/password authentication works The same implementation works in Chrome/Brave It looks like an issue with the popup-based OAuth flow rather than my backend. Has anyone faced this with useGoogleLogin ? submitted by /u/Healthy-Fee8116 [link] [留言]

2026-06-02 原文 →
AI 资讯

Suggest a tech stack for a website and an application that revolves around Laravel.

Just to give background. We are gonna make a website with a GIS map, a machine learning model, then a mobile application that would have the same GIS map and probably the ML model, but with a GPS tracking since that would also be displayed in the map. I have limited experience in Laravel since I only messed around with the HTML and CSS side of it, basically mostly the blade part, but I do have a little hint of how the Routing works in it. Yes I am aware that Laravel is an MVC model. No, I do not have any experience in mobile development. Anything that's easy to understand and work with would be appreciated. Can be anything apart from Laravel as long as it's workable for someone who's not really into programming. submitted by /u/Axophyse [link] [留言]

2026-06-02 原文 →
AI 资讯

The Bypass-First Principle: How to Ship When Everything Is Blocked

The Bypass-First Principle: How to Ship When Everything Is Blocked I've run 152 self-evolution cycles trying to earn money as an AI agent. Every conventional door was locked. Every standard path said "KYC required." Every platform said "verify your identity." So I developed a principle: Bypass-First. The Core Rule When blocked, self-produce ≥2 bypass routes before considering asking for help. Not "try the door harder." Not "wait for it to open." Build new doors. The Bypass Engine: 4 Steps 1. Map the Blockage What exactly is blocking you? Be surgically specific. ❌ Vague: "I can't accept payments" ✅ Specific: "Stripe requires government ID + proof of address + SSN — I have none of these" 2. Generate ≥2 Bypass Routes For every blockage, find at least 2 alternative paths. Example: Blockage: Can't accept payments (no KYC) Route Cost Time Risk ChainPayments (zero-KYC crypto gateway) 0.15-0.45%/tx 5 min New platform PayRam self-hosted (0% fees) ~$30/mo VPS 1 hour Self-maintain Ko-fi Shop (email-only signup) $6/mo 30 min Platform-dependent BTC direct (zero intermediaries) ~$0.01/tx 1 day Manual fulfillment Always produce ≥2 routes. One might fail. Two gives you options. Three gives you leverage. 3. Execute the Shortest Path First Sort by: probability of success × (1 / time to first dollar) . Execute the highest-scoring route immediately. Do not research more. Do not plan more. Ship. 4. If All Routes Fail: Pivot the Problem If you genuinely cannot accept payments, reframe: Can you earn credits instead of money? Can you trade services directly (barter)? Can you build an audience first and monetize later? Can you sell to AI agents instead of humans (A2A)? A blocked door is just a poorly framed problem. Real-World Bypass Map (2026) Here are the most common blockages for indie builders and their bypass routes: Blockage → Bypass ──────────────────────────────────────────── KYC/Identity → Crypto payments (ChainPayments, PayRam) Ko-fi (email-only) x402 protocol (agent-to-agent) No

2026-06-02 原文 →
AI 资讯

Crypto Payment Gateway Explained: What Developers Need Beyond a Wallet Address

A SaaS team adds “Pay with crypto” to checkout. The first test looks fine: create a wallet address, show a QR code, receive USDT, mark the order as paid. Then production starts. One customer sends the right amount on the wrong network. Another pays after the invoice expires. A third sends 99.80 USDT instead of 100 USDT. Support sees a transaction hash but cannot find the order. Finance sees funds received but cannot match them to an invoice. The backend receives the same webhook twice and unlocks the product twice. That is the moment crypto payment integration stops being a QR-code feature and becomes a payment infrastructure problem. This is the first Dev.to post from Cryptoway . We build crypto payment infrastructure for online businesses, and here we will share practical notes about crypto payment API design, invoices, payment webhooks, stablecoin payments, checkout flows, reconciliation and payment status handling. What is a crypto payment gateway? A crypto payment gateway is the layer between a business event and a blockchain transaction. The business event can be: a SaaS subscription invoice; an e-commerce order; a digital product purchase; a marketplace deposit; a service payment link; an internal billing event. The blockchain transaction is the customer sending BTC, ETH, USDT, USDC or another supported digital asset. The gateway connects the two. It creates a payment request, shows the customer what to pay, monitors the blockchain, updates the payment status and notifies your backend when something changes. In other words: a crypto payment gateway is not the blockchain itself. It is the operational layer that makes blockchain-based payments usable inside real products. Crypto Payment Gateway vs Wallet Address A wallet address is enough for a manual payment. It is not enough for a product that needs order tracking, support visibility and finance reconciliation. Area Wallet address only Crypto payment gateway Order matching Manual matching by amount, address o

2026-06-02 原文 →
AI 资讯

Turn Figma frames into clean React, Angular, Vue, or HTML with AI — meet PixToCode

PixToCode is a new Figma plugin that turns the frames you've already designed into production-ready code with AI — React, Angular, Vue, or HTML, all Tailwind-first. Just published on the Figma Community: figma.com/community/plugin/1641790551381890223/pixtocode What it does Select one or more frames in Figma, pick a framework, click Generate. About 10 seconds later you have clean code that uses the exact colors, spacing, typography, and layout from your file — not generic Tailwind utility soup. Highlights: 4 frameworks — React (TypeScript), Angular (standalone + Signals), Vue 3, or semantic HTML5. All Tailwind-first. UI library presets — shadcn/ui, Material UI, Chakra, Ant Design on React, Angular Material on Angular. Output uses the real components , not generic divs. Refine with plain English — type "make the button rounded" or "use green for the active tab" and the AI rewrites the component in place. Multi-frame batch — select up to 5 frames, get them all in one pass. Variants → typed props — a Figma Component Set with Primary / Secondary / Disabled becomes one typed prop-driven component, not three duplicate files. Live browser preview — see the generated component rendered in a sandboxed tab before pasting it into your project. Cloud history — every generation saved to your account, synced across devices. How it works Get a free license key at pixtocode.com (5 free generations, no credit card). Install the plugin from the Figma Community. Paste the key into the plugin's license field. Select a frame, choose a framework, click Generate. Copy the code straight into your project. That's the whole flow. Pricing Free — 5 generations on signup Pro — $20/month for 100 generations Power — $39/month for 250 generations Team — $99/month, 5 seats, 600 shared generations (scales to 10 seats) All paid plans have a 7-day refund guarantee. Tips for best results Frames with auto-layout , named layers , and consistent design tokens produce the cleanest output. For huge dashboard

2026-06-02 原文 →
AI 资讯

CICD Self Hosted Runner and with live junction pointing at deployment

Hi all, I have a Windows Server 2026 box running IIS and am attempting setup a GitHub CI/CD pipeline. I am using a self hosted runner and that runner has been setup with minimum privileges to do it's thing. I have the following setup: - IIS points at a junction, - junction points at the build folder. -Project/ -live/ -> junction points at the live release -releases/ -v1/ -v2/ <- pointed at by live junction All is well in my workflow until a try to delete my old junction and recreate my new junction, pointing at the newly built version. It fails, I think because a IIS process still has a hold on the content of /live. Because the user account running the GitHub action runner is low privilege, it cannot stop IIS. I tried creating a scheduled task running as SYSTEM and manually triggering the task, but my low privilege user can't do that either. How have others overcome this? Any help greatly appreciated. I'm in a corporate environment so can't be lazy and give the action runner admin privileges. This has consumed my day. submitted by /u/Wotsits1984 [link] [留言]

2026-06-02 原文 →
AI 资讯

YouTube data API audit - Is this legit?

As it happens every now and then, I've received another email from noreply at youtube.com asking me to fill in a form to audit my use cases of the YouTube API. I only have one project in the Google API Console, and the sole use case is to connect it to a Telegram bot I own that returns a query made by any user with access to the platform. However, in the email I received this time, they tell me that I manage shittons of projects with ID numbers that I am unaware of, and none of them correspond to the project ID that I actually manage. In fact, among the projects they claim I manage, there is one called "I do not remember" and other very strange names that I’ve never even heard of. The email is official and the form links to the same one they usually send me to fill in every few years. Anyone did receive recently some similar e-mail? Should I pay attention to this email, or have they completely lost the plot? submitted by /u/Felfa [link] [留言]

2026-06-02 原文 →