AI 资讯
The Biggest Misconception About React Reconciliation (Render vs. Paint)
Hey everyone, I recently had an "aha!" moment regarding how React handles updates under the hood, and I wanted to share it because I realize a ton of developers (including myself, until recently) trip over this exact concept. The common mental model is that React Reconciliation compares the Virtual DOM directly to the Real Browser DOM and surgically updates only what changed. But that’s fundamentally incorrect. React never reads or directly compares the real DOM during the diffing process. It actually splits the process into two entirely separate phases —The Render Phase and The Commit Phase —which creates a massive distinction between Re-rendering and Re-painting. Here is the exact breakdown of what happens when a single state change affects just 1 out of 100 divs in a component: The Render Phase (Pure JavaScript) When state changes, React calls your component function. It doesn't know which of your 100 divs changed yet, so it has to evaluate the entire JSX block. The Scope: React re-renders all 100 virtual divs in memory. The Process: It builds a brand-new Virtual DOM tree and compares it to the previous Virtual DOM tree (JavaScript object vs. JavaScript object). The Outcome: It spots that 99divs are identical, but 1 div has an update. It flags that single virtual node with an "Update" tag. Because this happens purely in-memory as JavaScript, it is incredibly fast and cheap. The Commit Phase (The Real DOM Update) This is where Reconciliation does its primary job. It acts as a shield to protect the browser from doing unnecessary work. The Scope: React completely ignores the 99 unchanged elements. The Process: It surgically targets the single real browser div associated with the flagged Virtual DOM element and updates only its modified property (e.g., element.textContent = "New Value"). The Outcome: The browser repaints only 1 single div on the screen. The Conclusion: Reconciliation isn't about stopping React from re-rendering (re-running JS to calculate the UI). It
AI 资讯
Designing a Three Reviewer Consensus Platform for Digital Harm Reporting
The Problem Real411 is a South African platform where citizens report digital harms: misinformation, incitement, hate speech, and harassment. When someone submits a complaint, it needs to be reviewed by multiple people, assessed against legal criteria, and resolved with a public verdict. The process must be transparent, auditable, and fair. I joined this project early and worked on it extensively over a long period. A senior solutions architect consulted on the database schema design. There was a cloud person who helped with parts of the infrastructure. Other coworkers contributed at different stages. I spent most of my time on the API layer and the frontend components. This article covers the architecture decisions I worked with, what I learned from the senior architect's design choices, and how the system evolved. The Status Machine Most applications model status as a column on a table. You update the value and the old state is gone. That works for simple workflows but fails when you need to know not just where a complaint is now, but how it got there and who made each decision. The senior architect who consulted on the database design suggested an append only status log. Instead of a single status column, the complaint_status table records every transition as a separate row. Each row has the status code, the user who made the change, a timestamp, and optional notes. The current status is derived by querying the most recent row. I implemented this pattern across the API layer. Every status transition became an insert operation rather than an update. It took some adjustment to shift from mutable state to event sourced state, but the benefits were immediate. Auditing became straightforward. The state machine also became easier to implement because each transition is a simple insert with a business logic check, not a conditional update. The schema has seventeen status codes covering the full lifecycle: received, claimed, under assessment, pending secretariat review,
开发者
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war.
AI 资讯
Meta's Noninvasive Brain–Computer Interface Brain2Qwerty Achieves 61% Accuracy
Meta recently open-sourced Brain2Qwerty v2, a noninvasive Brain–Computer Interface (BCI) that can decode sentences from thoughts using electroencephalography (EEG) or magnetoencephalography (MEG) signals from the brain. In evaluations, the system achieved a word accuracy rate 61% on average, compared to 8% for other non-invasive methods. By Anthony Alford
AI 资讯
A Differential Test Harness for Native vs. Generic XDP: Methodology and Baseline
Native XDP and generic SKB-mode XDP are not the same thing in practice. The same BPF program can pass the verifier and still behave differently depending on which mode the kernel uses, this could be a different verdict, different frame bytes, or different metadata. This post ships three things: an open differential test harness, a fixed eleven-packet corpus, and a simple way to classify the differences it finds. A tagged release lets anyone reproduce the virtio/veth baseline on Linux 6.8. The operational risk is straightforward. A firewall or rate-limiter validated only under native XDP can fall back to generic mode on an unsupported driver, a veth port, or after a reload. You keep the same bytecode, but behaviour can change, often without a clear error line. What this release includes: A harness loop: corpus → inject on the RX path → native vs generic sweep → xdpdump capture → compare.py manifest, comparing both the captured frame bytes and the XDP verdict ( PASS / DROP / TX / REDIRECT ). A deterministic corpus with eleven embedded test IDs ( 0xA001 – 0xA005 , 0xA007 – 0xA00C ; 0xA006 is intentionally omitted as a reserved gap in the generator). An operational divergence taxonomy (Class A / B / C). A virtio/veth smoke gate on Linux 6.8; now gating on frame bytes and verdict agreement that shows the full path is reproducible end to end. Scope for this post: native vs generic XDP on the virtio_vm profile only (five BPF programs, pinned manifests). This is part 1 of 2; it establishes the harness and an instrument-validity baseline; a follow-up post covers bare-metal divergence results. Physical NIC results are not part of this baseline. Ordinary conformance checks stop at “did the program load?” Differential testing asks a sharper question: given identical input packets, do the backends produce the same observable outcome at the hook? Background: native vs generic XDP Both modes load the same BPF object. They diverge at the hook point and in how the packet is represen
开发者
The US government warns that Russia state hackers are coming after your router
With residential proxies all the rage, CISA urges router users to be vigilant.
AI 资讯
They Asked for My AI Rules. But I Could Not Just Hand Them Over.
A team lead announces that the team will start using AI-assisted development. Everyone nods. Nobody asks what that actually means on Monday morning. Some times ago I was in that position. A project I was working on needed to start using AI-assisted development, and the team was new to it. Nobody had rules written down for an agent to follow. Nobody had skills defined for it to load. There was no shared idea of how this should work inside our specific repo. Someone had to go first. That someone was me. The rules worked because I built them for one repo I spent time curating a set of rules and skills for that project. Not generic ones. I shaped them tightly around how that repo was actually structured, its conventions, its layout, the things a new engineer usually has to learn by asking around. I wanted an agent working inside that codebase to already know what a human teammate would have picked up in the first two weeks. I gave a demo. It landed well. Well enough that it got shared further across team, as something other teams could learn from. I gave the demo again. Same reaction. Then a few developers reached out for the actual rules and skills files. I said sure, and then I actually looked at what I would be handing them. The problem showed up the moment other people wanted in It was not copy-paste-able. The rules referenced folder names, module boundaries, and patterns specific to one repo. Handing them over as-is would have meant handing over advice that was wrong for their project, dressed up as a shortcut. So I told them to use it as a reference. Look at the structure, understand the reasoning, adapt it to your own repo. That is correct advice. I watched people nod at it and then quietly missing it. I was solving the wrong problem the whole time I had been thinking about this as a documentation problem. Write good rules, explain them well, let people copy the idea. What I actually had was a generation problem. The rules that worked were the ones rendered speci
AI 资讯
PHP Speaks QUIC Now, and OpenSSL Did the Hard Part
I released php-quic 1.0.0, a PHP extension that gives you raw QUIC transport with first-class access to streams. It links against the same OpenSSL that PHP already links against, and that is the whole trick. Why This Was Awkward Before QUIC is not a protocol you bolt on in userland. It is TLS 1.3, congestion control, loss recovery, and stream multiplexing, all riding on UDP, and all of it has to be right before you can send a single useful byte. You could get there from PHP if you were willing to bind to a foreign QUIC library like ngtcp2 or quiche through FFI. That works, but now your PHP app carries a second TLS stack, a second set of CVEs to track, a build story that involves Rust, and a version matrix that has nothing to do with the one your distro maintains. For a language whose entire deployment story is "the package manager handles it," that is a lot of rope. What Changed OpenSSL 3.5 shipped a native QUIC stack. Client and server, in the library PHP is already built against. That reframes the problem. The extension is no longer "embed a QUIC implementation into PHP." It is "expose the QUIC that is already sitting there." No new TLS stack, no FFI layer, no Rust toolchain in your build. If your OpenSSL is patched, your QUIC is patched. The requirements fall out of that directly: PHP 8.4 or newer (8.5 on Windows), NTS or ZTS OpenSSL 3.5.0 or newer, built with QUIC support Transport, Not HTTP/3 The thing I most wanted to avoid was shipping an HTTP/3 client and calling it a QUIC library. QUIC is a transport. HTTP/3 is one protocol that runs on it, and it is not the interesting one for everybody. DNS-over-QUIC runs on it. So does anything you want to invent that needs multiplexed, ordered, loss-recovered streams without head-of-line blocking across them. So php-quic hands you connections and streams, and stays out of the framing business. If you want HTTP/3, you build HEADERS frames and QPACK on top of it, and the README has a worked example. If you want something
AI 资讯
Wi-Fi 8 Explained: Features, Release Date, and More
Chipset makers and router manufacturers are talking about Wi-Fi 8, but what is the new standard, and when will it arrive?
产品设计
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans
The creator of TV Time is building a successor app that will let users import their watch histories and preserve the community that formed around discussing their favorite shows.
AI 资讯
Demystifying LDAP: The Digital Phonebook of Your Network
If you have ever logged into a corporate computer, searched for a colleague in your company’s email directory, or used a single set of credentials to access dozens of different internal applications, you have likely interacted with LDAP . Standing for Lightweight Directory Access Protocol , LDAP is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an IP network. In simpler terms, it is the underlying language that allows different systems and applications to communicate with a central directory to find information about users, devices, and permissions. Think of LDAP as a highly organized, digital phonebook. When an application needs to know if "John Doe" is a valid user and what his password is, it uses LDAP to ask the phonebook. How LDAP Organizes Data Unlike traditional relational databases (like SQL) that store data in tables, LDAP stores data in a hierarchical, tree-like structure known as the Directory Information Tree (DIT) . This makes it incredibly fast at reading and searching for information, which is exactly what an authentication system needs to do millions of times a day. Here are the core components of this structure: Root: The top level of the directory tree, usually representing the organization (e.g., dc=example, dc=com ). Branches (Organizational Units - OU): Categories or departments within the organization (e.g., ou=Marketing , ou=Servers ). Leaves (Entries): The actual objects being stored, such as a specific user, printer, or computer. Attributes: The specific pieces of data tied to an entry. For a user entry, attributes might include givenName (first name), mail (email address), and userPassword . Every entry in an LDAP directory has a unique identifier called a Distinguished Name (DN) . It acts like an absolute file path. For example, John Doe’s DN might look like this: cn=John Doe, ou=Marketing, dc=example, dc=com How Applications Talk to LDAP When an
AI 资讯
EEM 101: On-Box Automation That Runs Even When Your NMS Doesn't
This is Part 1 of a 5-part series on Cisco EEM. We start here with the fundamentals and a few working applets, then build toward self-healing networks, automated diagnostics, compliance guardrails, and a complete real-world deployment. Ask ten network engineers what they use EEM for, and nine will say the same thing: "Oh, I have an applet that auto-recovers err-disabled ports." Then they never touch it again. That's a shame, because Embedded Event Manager is one of the most capable tools already sitting inside every Cisco IOS device you own — and almost nobody uses more than 1% of it. It's a full automation engine that lives on the box . No external server. No API gateway. No orchestration platform. Just the router or switch, watching itself, ready to react the instant something happens — even if the WAN is cut, the NMS is down, and it's three in the morning. This series is about using that other 99%. By the end you'll have a toolkit of applets you can deploy and, more importantly, a way of thinking about on-box automation. But we start at the foundation: what EEM actually is, how it's put together, and why "on the box" is a bigger deal than it sounds. What EEM actually is Embedded Event Manager is an event-driven automation framework built into Cisco IOS, IOS-XE, and NX-OS. Strip away the jargon and it's a very simple idea: When something happens, do something about it — automatically, on the device itself. That "something happens" is an event . That "do something" is one or more actions . Bundle an event with its actions and you have an applet — the basic unit of EEM. That's the whole model. The power comes from how many different things can be an event , and how much an action can do. Events EEM can watch for include: A syslog message matching a pattern (an interface flapping, an HSRP state change, a config being saved). An SNMP OID crossing a threshold (CPU over 85%, a power supply going absent, temperature rising). A CLI command being entered (someone typing wr
AI 资讯
What Happened When I Let Several AI Agents Loose in One Repo
Originally published at blog.whynext.app . Work with AI agents for a while and the ambition comes naturally. While one session fixes a bug, another can refactor, and a third can investigate an issue, right? You can spin up as many models as you like, so productivity should scale to match. That's how I started too. And within a week I learned that the real enemy of parallel agents isn't the models' skill. It's the working directory they share. HEAD is a global variable The cause fits in one sentence. When multiple sessions share a single git checkout, the current branch becomes everyone's global variable. Picture two people working on one computer at the same time and the absurdity is obvious, but that thought never occurred to me while spinning up agents. With one session per terminal tab, they look isolated from each other. But there is one filesystem, and one HEAD. The moment one session runs git checkout , the ground shifts under every other session. The incidents from that week fell into clear types. Branch hijacking. While session A was working on a topic branch, session B switched branches to do its own work. A committed without knowing, and the commit landed on top of B's branch. It happened in the other direction too: right as A was about to commit, the branch had been switched to develop, and only the hook that blocks direct commits to protected branches saved it. Without the hook, it would have gone straight in. Orphaned commits. Session B deleted session A's topic branch during a cleanup pass. A's commits became orphans belonging to no branch, and I dug through the reflog, found the commit hashes, and recovered them with cherry-pick. Lucky that it worked; if the reflog had expired or I hadn't found them, the work would have simply evaporated. Staging contamination. At the moment session A was creating a commit, a file deletion that session B had staged was sitting in the staging area alongside it. Committed as-is, B's deletion would have been folded into
AI 资讯
Pipeline, Flow, or Chain? Picking the Right Tool to Wire LLM Calls Together
In the previous post I argued that agents are great planners and DAGs are great executors . This one is the practical follow-up: when you actually sit down to wire several LLM calls together, what tool do you reach for? Because the moment one prompt's output feeds the next, you've built a workflow — whether you call it that or not. download transcript → summarize → translate (tool) (LLM) (LLM) That tiny pipeline is already the whole problem in miniature: a non-LLM step (fetch a YouTube transcript), then a model call, then another model call that depends on the first. Run it as one giant prompt and you lose visibility; split it into steps and you gain debuggability — at the cost of more calls and more state to manage. The naming trap Half the confusion is vocabulary. The same idea ships under a dozen labels: Name What it whispers Chain sequential, output → input Pipeline stages, data flowing through Flow branches and conditions Workflow general orchestration Agent workflow the model also decides The word sets expectations. "Chain" promises a straight line; "agent workflow" promises the thing might re-plan on you mid-run. Pick the label that matches how much autonomy you're actually handing over — calling a deterministic two-step pipeline an "agent" only invites disappointment. The real choice: library or orchestrator? There are two families of tools, and they solve different problems. LLM-native chaining libraries — LangChain , LlamaIndex Workflows , Azure Prompt Flow , or visual layers like Flowise . These understand LLM-specific concerns out of the box: prompt templating, passing context between steps, token budgets, streaming, retries on a flaky model. General orchestrators — Airflow , Prefect , AWS Step Functions , Azure Logic Apps . These treat each LLM call as just another task in a DAG, and give you the heavyweight reliability machinery: durable state, scheduling, checkpointing, audit trails, human approval. The rule of thumb that falls out of the last post: F
产品设计
Are you filthy enough for a $700 portable shower?
Hot showers, like electricity, are a luxury that's easy to take for granted. That all changes after a few nights camping at a music festival, a week toiling at a backcountry job site, or overlanding all summer in the great unknown. An itchy scalp and the vague smell of warm clams suddenly make the idea […]
AI 资讯
My First Experience with SigNoz
Modern applications, especially AI agents and distributed systems, need more than logs to understand what is happening. That's why I explored SigNoz, an open-source observability platform built on OpenTelemetry. Setting up SigNoz with Docker was simple. After connecting a sample application, I could view logs, metrics, and traces from a single dashboard within minutes. My favorite feature is distributed tracing. Instead of guessing where requests slow down or fail, SigNoz clearly shows the complete request journey across services, making debugging much easier. The built-in dashboards provide valuable insights into CPU usage, memory, request latency, throughput, and error rates. Having centralized logs alongside metrics and traces saves time by eliminating the need to switch between multiple tools. I also liked the alerting feature, which helps detect issues before they affect users. For AI applications, observability is essential. AI agents make multiple API calls, use tools, and perform complex workflows. SigNoz makes it easier to understand each step, identify failures, measure latency, and optimize performance. Overall, my experience with SigNoz was excellent. It combines logs, metrics, traces, dashboards, and alerts into one intuitive platform. Among all its features, distributed tracing impressed me the most because it provides deep visibility into application behavior and simplifies troubleshooting. I'm excited to use SigNoz in future AI and cloud-native projects.
AI 资讯
How to usar Docker networks na pratica
Quando voce cria um container e depois outro, eles podem nao se enxergar. O motivo quase sempre e a rede. Entender os tipos de rede que o Docker oferece resolve isso de uma vez. Comece listando as redes que ja existem no seu Docker. docker network ls A rede bridge e a rede host vem de fabrica. Nenhuma delas oferece resolucao de nomes entre containers. Para isso voce precisa criar a sua propria rede. docker network create minha-rede Agora os containers que entrarem nessa rede conseguem se comunicar pelo nome do container. docker run -d --name app1 --network minha-rede nginx docker run -d --name app2 --network minha-rede alpine sleep 3600 Teste a comunicacao. docker exec app2 ping app1 -c 2 O ping funciona. O DNS interno do Docker resolve app1 para o IP interno do container. Isso resolve 90% dos problemas de comunicacao. A rede bridge padrao nao tem esse recurso. Crie sua propria rede sempre que precisar que containers se enxerguem. Agora a rede host. Ela elimina o isolamento de rede. O container usa a placa do host diretamente, sem NAT e sem mapeamento de porta. docker run -d --name web-host --network host nginx O nginx fica acessivel em http://localhost:80 direto. Sem -p 80:80. Mas so um container pode usar cada porta, porque a porta e a do host de verdade. Para ambientes com mais de uma maquina, existe a rede overlay. Ela precisa do Docker Swarm ou de um cluster. docker swarm init docker network create -d overlay rede-overlay docker service create --name api --network rede-overlay --replicas 3 nginx Os containers em maquinas diferentes se enxergam pelo nome como se estivessem na mesma maquina. No dia a dia, a rede bridge personalizada resolve quase todo caso de uso. Host e para performance ou casos especificos. Overlay e para quando voce escala para mais de uma maquina. That's all for now. Thanks for reading!
科技前沿
Increased drone surveillance of illegal July 4th fireworks led to $100K fine
More police and firefighters use drones to catch and deter illegal fireworks.
AI 资讯
Rosemary
Rosemary: Transparent Network Tunneling Over QUIC (Kernel-Level) Ever SSH into a box and wish you could just use its network without setting up proxy chains or VPNs? Rosemary makes that happen. The server intercepts traffic at the kernel level (no proxy settings, no TUN devices) and tunnels it over encrypted QUIC through a lightweight agent on the remote host. From your laptop, curl , ping , or your browser reach private subnets as if you were there. What you get Kernel-level packet interception, transparent to all your apps TCP, UDP, ICMP, and DNS just work without configuration Route all internet traffic through a chosen agent (egress) SOCKS5 proxies, port forwards, and reverse forwards per agent Multi-hop pivoting through several agents Web dashboard with real-time agent graph Full REST API for automation Works on Linux, Windows, macOS, FreeBSD, and OpenBSD Agents run without root; traffic is AES-256-GCM encrypted over QUIC Quick start # install (requires Go) go install github.com/blue0x1/rosemary/rosemary@latest go install github.com/blue0x1/rosemary/agent@latest # start server (needs sudo for kernel interception) sudo rosemary # deploy agent on remote box ./agent-linux-amd64 -s <server-ip>:2048 -k <your-key> That's it. Open http://server-ip:1024 and you'll see the agent's subnets automatically routed. Set a default egress agent to route all traffic through a jump host: egress agent-1 Now your laptop behaves like it's on the remote network. No proxychains, no ssh -D , no friction. Check the repo blue0x1/rosemary for pre-built binaries, PowerShell agents, and the full API. Use only on systems you own or have permission to test.
AI 资讯
Stop Using Raw WebDriver in Robot Framework
A lot of Robot Framework projects still look like plain Selenium scripts with .robot file extensions. Someone imports webdriver , creates driver = webdriver.Chrome() , then calls find_element and send_keys in Python helpers. Robot Framework runs the suite, but readable keywords, shared libraries, and consistent waits never show up in the tests. If you already use Robot Framework with SeleniumLibrary , you do not need the raw WebDriver API. SeleniumLibrary gives you high-level keywords. The Page Object Model gives you structure. Together they keep tests short and UI changes localized. We published a small MIT template that shows the layout: rf-seleniumlibrary-pageobject-template . It targets Sauce Demo — clone it, run four tests, fork the folder structure. What breaks when you mix in raw WebDriver driver = webdriver . Chrome () driver . find_element ( By . ID , " user-name " ). send_keys ( " standard_user " ) driver . find_element ( By . ID , " password " ). send_keys ( " secret_sauce " ) driver . find_element ( By . ID , " login-button " ). click () Fine for a script. Painful in a growing suite. Locators spread across helpers and test files. Waits become time.sleep(2) in one place and missing in another. You end up maintaining SeleniumLibrary and a parallel WebDriver stack. CI fails on a Tuesday night and you are not sure which path opened the browser. Before and after Before After driver.find_element(...).send_keys(...) Login With Valid Credentials ${VALID_USER} ${VALID_PASSWORD} Locators in every file LoginLocators.USERNAME in one module Ad-hoc sleeps wait_until_element_is_visible in BasePage.click() Two browser stacks One SeleniumLibrary instance per suite Four layers Layer Job Example Locators Selectors per screen login_locators.py BasePage Shared waits and actions click() , enter_text() Page library Screen keywords LoginPage.login() Robot test Scenario only Inventory Should Be Visible Folder layout in the repo: resources/locators/ → selectors pages/ → Python pa