2025-09-08 20:19:00
Hi all,
We came back with other issue. I had got a new job with lot of duties last few month but things are cooling down so we’re going back :).
My friend, Joel Dare has also start writing a news letter, you may consider to subscribe there. He’s also creator of neat which as its name, a very neat css framework.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
Transform your skills at AWS re:Invent 2025. Over five dynamic days, you’ll dive into technical training, explore the latest technologies, and build valuable peer connections.Take home practical solutions that deliver instant value to your work and advance your career.
Join us in Las Vegas from December 1-5 to:
● Access insider knowledge through interactive labs, technical sessions, and workshop
● Accelerate your learning through direct mentorship from AWS experts
● Build your network and connect with peers who share your technical interests through AWS Community Programs at the Developer Pavilion
● Experience live music, amazing food, and more at re:Play, the ultimate tech celebration
● Attend in person and receive a 50% discount voucher for any AWS Certification exam
● Team up and save - Get one free pass for every 10 passes purchased*
Our 2025 event catalog is now available! From experimenting with new solutions to interactive workshops and hands-on training, we’ve got something for everyone at AWS re:Invent.
The Apollo “8-Ball” FDAI (Flight Director/Attitude Indicator) was a crucial instrument in Apollo spacecraft, used to display the vehicle’s orientation. The article details its complex internal workings, which include a multi-axis rotating ball mechanism driven by three motors and a servo loop. The specific unit examined was later modified for use in a Space Shuttle simulator, with changes made to its components and markings.
There are some latency numbers that every programmer should know, according to Jeff Dean, and one of them is branch misprediction, which costs around 5ns in 2012, and the latency remains roughly the same as the time of writing this post. So what is branch prediction, what happens when it’s mispredicted, and why is it costly?
Making programs slower can be useful to find race conditions, to simulate speedups, and to assess how accurate profilers are. To detect race conditions, we may want to use an approach similar to fuzzing. Instead of exploring a program’s implementation by varying its input, we can explore different instruction interleavings, thread or event schedules, by slowing down program parts to change timings. This approach allows us to identify concurrency bugs and is used by CHESS, WAFFLE, and NACD.
UIDv7 is a highly important and long-awaited feature that addresses a major pain point for developers who use UUIDs as primary keys in databases. Unlike older versions like UUIDv4, which are randomly generated and lead to poor performance and index bloat in B-tree indexes, UUIDv7 incorporates a Unix Epoch timestamp. This makes it time-ordered, ensuring that new UUIDs are inserted sequentially, which significantly improves performance for write-heavy workloads. The article emphasizes that this quiet but impactful addition “brings the best of both worlds” by providing global uniqueness while also being sortable and performance-friendly.
I always like syntax highling algorithm. It’s something we take for granted and didn’t ask how it can be done. Andy walked us through how he do it for his own shell language.
The webpage describes a new method for GPU text rendering that uses vector data of glyphs instead of pre-baked textures, addressing issues like poor quality with certain fonts and large texture sizes. The approach involves loading raw Bézier curves, sending them to the GPU, and rasterizing them at runtime with a temporal accumulation technique for high-quality anti-aliasing. This method also allows for customized subpixel anti-aliasing to eliminate color fringing on different monitor layouts.
Collaboratively editing strings of text is a common desire in peer-to-peer applications. For example, a note-taking app might represent each document as a single collaboratively-edited string of text.
The algorithm presented here is one way to do this. It comes from a family of algorithms called CRDTs, which I will not describe here. It’s similar to the approaches taken by popular collaborative text editing libraries such as Yjs and Automerge. Other articles have already been written about these similar approaches (see the references section below), but this article also has a nice interactive visualization of what goes on under the hood.
Speed kills rigor. In startups, the pressure to ship fast pushes teams to report anything that looks like an improvement. That’s how p-hacking happens. This piece breaks down three common cases—and how to avoid them
explains how Compiler Explorer works, a popular online tool for compiling code and viewing assembly output. The site handles millions of compilations annually, using Google’s nsjail tool for security to isolate compilation processes. To manage a massive 4 terabyte collection of over 4,700 compiler versions and reduce latency, it uses squashfs images mounted over NFS. The article concludes by discussing the site’s future plans, including the addition of an AI explanation tool and user accounts.
Have you ever scratch your head and see why your program seems hang? with very low CPU utilization? When you do strace it just show a bunch of FUTEX. In this short article we just learn some useful options and flags of strace to debug these easiser
the short of it is: they’re cool for appending notes from automated systems (like ticket or build systems) but not really for having interactive conversations with other developers (at least not yet)
A reimplementation of Stable Diffusion 3.5 in pure PyTorch. The Hacker News thread also had a lot of userful and great comment.
a Makefile formatter and linter. It only took 50 years!
Natural (“version number”) sorting with support for: name, legal doc numbering,
A tiny query language for filtering structured data
JavaScript UI component for interacting with audio waveforms
Animation engine for explanatory math videos
Link-Layer MAC spoofing GUI for macOS
run and test HTTP requests with plain text.
Active-active Replication Extension for PostgreSQL (pgactive)
Cloud-Native PostgreSQL WAL receiver. Stream, compress, encrypt, upload, retain and monitor your WAL archive.
Tiny S3 client. Edge computing ready. No-dep. In Typescript. Works with @cloudflare @minio @Backblaze @digitalocean @garagehq
A powerful, real-time log analysis terminal UI inspired by k9s. Analyze log streams with beautiful charts, AI-powered insights, and advanced filtering - all from your terminal
大家好,
我们又遇到了其他问题。我在过去几个月里获得了一份新工作,有很多职责,但现在事情逐渐平静下来,我们又回来了 :).
我的朋友 Joel Dare 也开始写新闻简报,您可以考虑订阅。他也是 neat 的创建者,这是一个以其名称命名的非常整洁的 CSS 框架。
如果您喜欢 BetterDev,请通过与朋友分享来传播这个信息。如果您想支持我的工作,给我买杯咖啡 将非常感激。
在 AWS re:Invent 2025 上提升您的技能。五天动态的活动中,您将深入技术培训,探索最新技术,并建立有价值的同行联系。带回家实用的解决方案,这些方案能立即为您的工作带来价值并推动您的职业发展。
加入我们,在拉斯维加斯 12 月 1 日至 5 日期间:
● 通过交互式实验室、技术研讨会和工作坊获取内部知识
● 通过直接与 AWS 专家进行指导学习来加速您的学习
● 在开发者馆的 AWS 社区计划中建立您的网络并与其他技术爱好者建立联系
● 在 re:Play,终极科技庆典中体验现场音乐、美食等
● 亲临现场并获得任何 AWS 认证考试的 50% 折扣券
● 团队合作并节省费用 - 每购买 10 张通行证即可获得一张免费通行证
我们的 2025 年活动目录现已发布!从实验新解决方案到互动研讨会和动手培训,我们为每个人在 AWS re:Invent 上都有所准备。
Apollo “8-Ball” FDAI(飞行指挥/姿态指示器)是阿波罗飞船上的关键仪器,用于显示飞行器的方位。文章详细介绍了其复杂的内部工作机制,包括由三个电机和伺服环驱动的多轴旋转球机制。所研究的具体单元后来被修改用于航天飞机模拟器,对其组件和标记进行了更改。
根据 Jeff Dean 的说法,每个程序员都应该知道一些延迟数字,其中之一是分支误预测,它在 2012 年的延迟成本约为 5ns,而延迟在撰写本文时仍大致相同。那么什么是分支预测,当它被误预测时会发生什么,为什么它会如此昂贵?
使程序变慢对于发现竞态条件、模拟加速以及评估剖析器的准确性可能很有用。为了检测竞态条件,我们可以采用类似于模糊测试的方法。而不是通过改变输入来探索程序的实现,我们可以通过减慢程序部分来改变时间安排,探索不同的指令交错、线程或事件调度。这种方法允许我们识别并发错误,并被 CHESS、WAFFLE 和 NACD 使用。
UUIDv7 是一个非常重要且期待已久的特性,解决了使用 UUID 作为数据库主键的开发人员的主要痛点。与较旧的版本如 UUIDv4 不同,后者是随机生成的,会导致 B 树索引的性能问题和索引膨胀,UUIDv7 融入了 Unix Epoch 时间戳。这使得它按时间排序,确保新的 UUID 按顺序插入,这显著提高了写密集型工作负载的性能。文章强调,这一安静但影响深远的添加“结合了两者最好的一面”,即提供全球唯一性的同时,也是可排序且性能友好的。
我总是喜欢语法高亮算法。这是我们习以为常的东西,很少有人问它是如何实现的。Andy 向我们展示了他是如何为自己的 shell 语言实现的。
该网页描述了一种新的 GPU 文本渲染方法,使用字形的向量数据而不是预烘焙的纹理,解决了某些字体质量差和纹理尺寸过大的问题。该方法涉及加载原始贝塞尔曲线,将其发送到 GPU,并在运行时通过时间累积技术进行光栅化,以实现高质量的抗锯齿效果。这种方法还允许自定义子像素抗锯齿,以消除不同显示器布局上的颜色边缘。
速度扼杀了严谨性。在初创公司中,快速交付的压力促使团队报告任何看起来像改进的东西。这就是 p-hacking 发生的方式。本文分解了三种常见的案例以及如何避免它们。
解释了 Compiler Explorer 的工作原理,这是一个流行的在线工具,用于编译代码并查看汇编输出。该网站每年处理数百万次编译,使用 Google 的 nsjail 工具进行安全隔离,以隔离编译过程。为了管理庞大的 4TB 编译器版本集合和减少延迟,它使用 squashfs 镜像通过 NFS 挂载。文章最后讨论了网站的未来计划,包括添加 AI 解释工具和用户账户。
您是否曾经困惑于为什么程序似乎挂起?CPU 利用率非常低?当您使用 strace 时,它只会显示一堆 FUTEX。在本文中,我们学习了一些有用的 strace 选项和标志,以便更容易地进行这些调试。
简而言之:它们适合用于添加来自自动化系统(如票务或构建系统)的注释,但不太适合用于与其他开发人员进行交互式对话(至少目前还不行)。
用纯 PyTorch 重新实现的 Stable Diffusion 3.5。 Hacker News 的讨论线也包含了许多有用且精彩的评论。
一个 Makefile 格式化和检查工具。只用了 50 年!
支持名称、法律文件编号等的自然(“版本号”)排序。
一种用于过滤结构化数据的小型查询语言。
一个用于与音频波形交互的 JavaScript 用户界面组件。
用于解释数学视频的动画引擎。
适用于 macOS 的链接层 MAC 欺骗图形用户界面。
使用纯文本运行和测试 HTTP 请求。
PostgreSQL 的主动-主动复制扩展(pgactive)。
云原生 PostgreSQL WAL 接收器。流式传输、压缩、加密、上传、保留和监控您的 WAL 归档。
微型 S3 客户端。适用于边缘计算。无依赖项。使用 TypeScript。与 @cloudflare @minio @Backblaze @digitalocean @garagehq 兼容。
一个强大的实时日志分析终端用户界面,灵感来自 k9s。在终端中分析日志流,使用美丽的图表、AI 驱动的见解和高级过滤功能。
2025-06-08 20:19:00
Hi all,
I recently becomes a heavy LLM user in coding, It helps me write a lot of helper and tedious script which will take me days or even weeks now I can do in 1⁄10 of time. It is great when you know how to do something but dont’ want to sit down and write it. Especially on UI. So I plan to share more about LLM/AI to help all of us.
On other note, Mozilla is shutting down Pocket on July 8, 2025. In spirit of self-hosted, I had switch to linkding. I wrote this simple script to import Pocket archive to linkding. The script was written by Gemini btw.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
Customer Data You Can Depend On
We know you run your business on data, so you better be able to depend on it.
Twilio Segment was purpose-built so that you don’t have to worry about your data. Forget the data chaos, dissolve the silos between teams and tools, and bring your data together with ease.
So that you can spend more time innovating and less time integrating.
Talk to sales and get a guided tour of Twilio Segment tailored to your business.
People say many things about entropy: entropy increases with time, entropy is disorder, entropy increases with energy, entropy determines the arrow of time, etc.. But I have no idea what entropy is, and from what I find, neither do most other people. This is the introduction I wish I had when first told about entropy, so hopefully you find it helpful. My goal is that by the end of this long post we will have a rigorous and intuitive understanding of those statements, and in particular, why the universe looks different when moving forward through time versus when traveling backward through time.
The Cinema Industry is using its own standards for creating and distributing movies in a secure way. The DCI (Digital Cinema Initiatives) specification defines everything from file formats and encryption to the projection systems itself.
The specification itself is publicly available but relies on various IEEE (Institute of Electrical and Electronics Engineers) and SMPTE (Society of Motion Picture and Television Engineers) standards, which have to be purchased.
At scale of OpenAI, I imagine they might shard PostgreSQL. But they utilize an unsharded architecture with one writer and multiple readers, demonstrating that PostgreSQL can scale gracefully under massive read loads.
Email is very well distributed where you cannot get lock down by a provider. As long asyou own domain, you can move email anywhere. In email world, generally SMTP is for sending email and IMAP is for receiving mail. In this article, we focus on IMAPv4.
In this section, I talk about why VPCs were invented and how they work. This is critical to understand because almost everything you do in AWS will happen inside of VPC. If you don’t understand VPCs, it will be difficult to understand any of the other networking concepts.
Printing on unix-like operating systems like Linux or macOS is usually done through the CUPS daemon. CUPS is responsible for handling printer configuration, scheduling print jobs and actually talking to the printer over the wire. In this article we discuss a printer system for ticket using FGL. And they implement a CUPS driver to take the rastered pixel data and ouput FGL.
A deeper look at how PostgreSQL logical replication works, from WAL internals and logical decoding to streaming protocols and replica lag. If you’ve ever wondered what’s happening under the hood, this post connects the dots.
Think of this post as your field guide to a new way of building software. By the time you finish reading, you’ll understand not just the how but the why behind AI-assisted development that actually works.
diffing dataset is very useful in data engineering. incremental syncing, detect drift etc. how can we create a tool that could efficiently diff large SQL datasets across different databases and servers. This article build such as a tool with: Divide, Hash, And Conquer
Instead of renting the GPU we can pay up-front cost to build a server with GPU. This post can serve as a simple foundation into this process with sourcing parts and assbler thing together.
Every backend dev will hit file limit at some point and we run something like ulimit -n 65000 to fix it. But how we debug it, how we find out how many file it openning? and what is these file descriptor.
Warpstream control plane is written in Go, which has excellent built-in support for debugging application memory issues with pprof. We’ve used pprof hundreds of times in the past to debug performance issues, and usually memory leaks are particularly easy to spot. But in this case, this isn’t something that pprof could help with.
Curated collection of system prompts for top AI tools. Perfect for AI agent builders and prompt engineers. Incuding: ChatGPT, Claude, Perplexity, Manus, Claude-Code, Loveable, v0, Grok, same new, windsurf, notion, and MetaAI.
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
Customer Data You Can Depend On
We know you run your business on data, so you better be able to depend on it.
Twilio Segment was purpose-built so that you don’t have to worry about your data. Forget the data chaos, dissolve the silos between teams and tools, and bring your data together with ease.
So that you can spend more time innovating and less time integrating.
Talk to sales and get a guided tour of Twilio Segment tailored to your business.
Use Ruby DSL to let AI Model call function inside your Ruby app
A Ruby implementation of a Model Context Protocol (MCP) server for Rails projects. This server allows LLMs (Large Language Models) to interact with Rails projects
A Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
Go bindings for the Chafa terminal graphics library. Render high quality images on the terminal without CGO or external dependencies.
offers a modern, Pythonic interface to FFmpeg, providing extensive support for complex filters with detailed typing and documentation.
Online webgl photo editor with effects, filters and cropping
Browser’s End-user Automation CLI Hub. Potentialize All Tasks Regarding Online Life.
442 open source icons in 2 styles, made for interfaces. MIT license
Build by the fame depesz, it tells you what you got between 2 PG version.
A simple list of all PostgreSQL parameter.
airplay to an ios device, use your iphone as an airplay receiver
Python tool for converting files and office documents to Markdown.
Effortless LLM extraction from documents
Postgres MCP Pro is an open source Model Context Protocol (MCP) server built to support you and your AI agents throughout the entire development process—from initial coding, through testing and deployment, and to production tuning and maintenance.
Postgres extension and service for automated failover and high-availability
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Advanced PostgreSQL & Pgbouncer Metrics Exporter for Prometheus
大家好,
我最近成为了一名重度LLM用户,用于编程。它帮助我编写大量辅助和繁琐的脚本,这些脚本以前可能需要几天甚至几周的时间,现在我可以在十分之一的时间内完成。当你知道如何做某事但不想坐下来编写代码时,这非常棒。特别是在UI方面。因此,我计划分享更多关于LLM/AI的内容,以帮助我们所有人。
另外,Mozilla将在2025年7月8日关闭Pocket。出于对自托管精神的考虑,我已切换到
如果你喜欢BetterDev,请通过分享给朋友来传播这个内容。如果你愿意支持我的工作,给我买一杯咖啡将非常感激。
你可以依赖的客户数据
我们知道你的业务依赖于数据,因此你最好能够依赖它。
Twilio Segment是专门设计的,这样你就不必担心你的数据。忘记数据的混乱,消除团队和工具之间的孤岛,轻松地将数据整合在一起。
这样你就能花更多时间创新,而不是花时间整合。
人们常说很多关于熵的事情:熵随时间增加,熵是无序,熵随能量增加,熵决定了时间的方向,等等。但我对熵一无所知,从我找到的内容来看,大多数人也不清楚。这是我第一次听说熵时希望拥有的介绍,所以希望对你有所帮助。我的目标是通过这篇长文,我们能够对这些说法有严格且直观的理解,特别是为什么宇宙在时间向前和向后流动时看起来不同。
电影行业使用自己的标准来安全地创建和分发电影。DCI(数字影院倡议)规范定义了从文件格式和加密到投影系统本身的各个方面。
该规范本身是公开的,但依赖于各种IEEE(电气和电子工程师协会)和SMPTE(电影电视工程师协会)标准,这些标准需要购买。
在OpenAI的规模下,我想象他们可能会对PostgreSQL进行分片。但它们使用了一个非分片架构,一个写入者和多个读者,这表明PostgreSQL可以在巨大的读取负载下优雅地扩展。
电子邮件在分布式系统中非常强大,你无法通过提供商锁定它。只要你拥有域名,就可以将电子邮件迁移到任何地方。在电子邮件世界中,通常SMTP用于发送电子邮件,IMAP用于接收邮件。本文我们专注于IMAPv4。
在这一部分中,我将讨论为什么VPC被发明以及它是如何工作的。这是至关重要的,因为你在AWS上做的几乎所有事情都会在VPC内进行。如果你不了解VPC,将很难理解其他任何网络概念。
在类Unix操作系统(如Linux或macOS)上打印通常是通过CUPS守护进程完成的。CUPS负责处理打印机配置、安排打印任务以及通过网络与打印机通信。在本文中,我们讨论了一个用于票务的打印机系统,使用FGL,并实现了将光栅化像素数据输出到FGL的CUPS驱动程序。
深入了解PostgreSQL逻辑复制的工作原理,从WAL内部机制和逻辑解码到流式传输协议和副本延迟。如果你曾经想知道幕后发生了什么,这篇文章将为你连接这些点。
将这篇帖子视为你新软件构建方式的野外指南。读完这篇文章后,你将不仅了解AI辅助开发的“如何”,还将理解其背后的“为什么”。
对数据集进行差异比较在数据工程中非常有用。增量同步、检测漂移等。我们如何创建一个工具,可以高效地在不同数据库和服务器之间比较大型SQL数据集?本文构建了这样一个工具,方法是:分而治之,哈希和征服。
与其租用GPU,我们可以通过预先支付成本来构建一个带有GPU的服务器。这篇帖子可以作为这个过程的简单基础,包括采购零件和组装。
每个后端开发人员都会在某个时候遇到文件限制问题,我们通常运行ulimit -n 65000来解决这个问题。但如何调试它?如何找出它打开了多少文件?这些文件描述符是什么?
Warpstream控制平面是用Go编写的,它具有出色的内置支持,用于使用pprof调试应用程序内存问题。我们过去用pprof数百次来调试性能问题,通常内存泄漏很容易被发现。但在这种情况下,pprof无法提供帮助。
为顶级AI工具精选的系统提示集合。非常适合AI代理构建者和提示工程师。包括:ChatGPT、Claude、Perplexity、Manus、Claude-Code、Loveable、v0、Grok、same new、windsurf、notion和MetaAI。
包含鼓舞人心的列表、手册、速查表、博客、技巧、一行命令、CLI/Web工具等的集合。
你可以依赖的客户数据
我们知道你的业务依赖于数据,因此你最好能够依赖它。
Twilio Segment是专门设计的,这样你就不必担心你的数据。忘记数据的混乱,消除团队和工具之间的孤岛,轻松地将数据整合在一起。
使用Ruby DSL让AI模型在你的Ruby应用中调用函数
一个为Rails项目实现的模型上下文协议(MCP)服务器的Ruby版本。该服务器允许LLMs(大语言模型)与Rails项目交互
模型上下文协议(MCP)的Go实现,使LLM应用与外部数据源和工具无缝集成。
Go语言绑定的Chafa终端图形库。无需CGO或外部依赖即可在终端上渲染高质量图像。
提供了一个现代、Python风格的FFmpeg接口,对复杂滤镜有广泛支持,并带有详细类型和文档说明。
在线WebGL照片编辑器,带有特效、滤镜和裁剪功能
浏览器的终端用户自动化CLI中心。最大化你的在线生活任务。
442个开源图标,两种风格,适用于界面。MIT许可证
由depesz打造,它会告诉你两个PostgreSQL版本之间的差异。
所有PostgreSQL参数的简单列表。
将AirPlay传输到iOS设备,使用你的iPhone作为AirPlay接收器
一个将文件和办公文档转换为Markdown的Python工具。
轻松从文档中提取LLM信息
Postgres MCP Pro是一个开源的模型上下文协议(MCP)服务器,旨在支持你和你的AI代理在整个开发过程中——从初始编码,到测试和部署,再到生产环境的调优和维护。
Postgres的扩展和用于自动化故障转移和高可用性的服务
🔥 比golint快6倍,更严格、可配置、可扩展且美观的替代品
高级PostgreSQL和Pgbouncer指标导出器,适用于Prometheus
2025-03-31 20:19:00
Hi all,
So this week, Github CodeQL leaked their token; the token was only publicly exposed for about 2 seconds, but that’s enough. Then, we had Malware found on npm infecting local packages with a reverse shell. And an atop heap issue. The world truly fell apart last week, no joke. That’s why it’s helpful to be paranoid whenever we run any piece of software on our CI, on our dependencies—always vet them yourself.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
An in-depth exploration of the evolution of PostgreSQL’s buffer manager locking mechanisms over three decades, highlighting key design decisions and their impact on performance and concurrency.
A guide offering practical advice on crafting technical blog posts that effectively engage and inform developer audiences, emphasizing clarity, structure, and relevance.
An overview of identity tokens, detailing their role in authentication and authorization processes, and providing best practices for implementing secure and efficient access control mechanisms.
A technical analysis by Google’s Project Zero team on the NSO Group’s BLASTPASS exploit, which targeted Apple’s iMessage using malicious WebP images to achieve zero-click remote code execution.
A concise reference guide summarizing key algorithms related to visual data processing, offering quick insights into their applications and implementations.
If you have some old Raspberry Pi hardware lying around, this could be a great hobby project.
An examination of the relationship between MySQL’s transaction throughput and the filesystem’s synchronization operations, discussing how fsync frequency impacts database performance.
An article discussing techniques to enhance shell history search functionality, including the integration of tools like fzf for more efficient command retrieval and improved productivity.
A discussion on transformative PostgreSQL design patterns, such as using UUID primary keys, implementing timestamp fields, enforcing strict foreign key constraints, utilizing schemas for organization, and employing enum tables for data integrity.
A comprehensive guide addressing PostgreSQL’s transaction isolation anomalies, providing practical examples and strategies to understand and mitigate issues like dirty reads, lost updates, and phantom reads.
Single sign-on for SSH is a dream. No longer dealing with keys, editing ~/authorized_keys files, or modifying LDAP or PAM configurations. Easy to revoke and offboard developers.
An introduction to the Model Context Protocol (MCP), explaining its purpose, functionality, and how it can streamline development processes by providing contextual model information.
A fast approximate nearest neighbor search library for Go
A simple Physics engine in GoLang
A Rust implementation of a fast audio fingerprinting system inspired by Shazam, for audio recognition and identification. It focuses on speed, efficiency and simplicity
A ledger implementation in PostgreSQL
A tool by AMD to run LLM Agents on Ryzen AI PCs in Minutes
Generative View Synthesis with Diffusion Models
a foundation model for SVG generation that transforms vectorization into a code generation task. Using a vision-language modeling architecture, StarVector processes both visual and textual inputs to produce high-quality SVG code with remarkable precision.
The slightly more awesome standard unix password manager for teams
an Apache-Licensed, secure, fast and easy to use Apache Iceberg REST Catalog written in Rust. Apache Iceberg is a project that allow us to run SQL query on a set of file(CSV, Parquet, JSON) directly from storage such as S3.
This package provides a simple way to generate unique, symmetric identicons based on an input string (e.g., an email address or username). It uses an MD5 hash to create a deterministic pattern and color scheme, then mirrors the design for a visually appealing avatar.
大家好,
本周,GitHub CodeQL 泄露了他们的令牌;该令牌仅公开暴露了大约 2 秒,但已经足够。然后,我们发现了 npm 上的恶意软件,感染本地包并植入反向 shell。还有一个 atop 堆问题。上周世界真的崩溃了,不是开玩笑的。这就是为什么我们在 CI 上运行任何软件时,或者在依赖项上,都应该保持警惕,始终亲自验证它们。
如果你喜欢 BetterDev,请通过分享它来传播这个资源给朋友。如果你想支持我的工作,给我买杯咖啡 将不胜感激。
对 PostgreSQL 缓冲管理器锁机制在过去三十年中的演变进行深入探讨,突出关键设计决策及其对性能和并发的影响。
为开发者提供实用建议,指导如何撰写技术博客文章,有效吸引和告知开发者受众,强调清晰性、结构和相关性。
介绍身份令牌,详细说明其在认证和授权过程中的作用,并提供实施安全高效访问控制机制的最佳实践。
Google Project Zero 团队对 NSO Group 的 BLASTPASS 漏洞进行技术分析,该漏洞利用恶意 WebP 图像针对 Apple 的 iMessage 实现零点击远程代码执行。
一份简洁的参考指南,总结与视觉数据处理相关的关键算法,提供快速洞察其应用和实现方式。
如果你有一些旧的 Raspberry Pi 硬件,这可能是一个很棒的爱好项目。
探讨 MySQL 事务吞吐量与文件系统同步操作之间的关系,讨论 fsync 频率如何影响数据库性能。
讨论增强 Shell 历史搜索功能的技术,包括集成工具如 fzf 以更高效地检索命令并提高生产力。
讨论具有变革性的 Postgres 设计模式,例如使用 UUID 主键、实现时间戳字段、强制严格的外键约束、利用模式进行组织,以及使用枚举表确保数据完整性。
全面指南,解决 Postgres 的事务隔离异常,提供实际示例和策略,以理解和缓解脏读、丢失更新和幻读等问题。
SSH 的单点登录是一个梦想。不再需要处理密钥、编辑 ~/authorized_keys 文件,或修改 LDAP 或 PAM 配置。易于撤销和移除开发者权限。
介绍模型上下文协议(MCP),解释其目的、功能以及如何通过提供上下文模型信息来简化开发流程。
一个用于 Go 的快速近似最近邻搜索库
一个简单的 GoLang 物理引擎
一个基于 Shazam 的快速音频指纹系统 Rust 实现,用于音频识别和鉴定。它专注于速度、效率和简洁性
一个 PostgreSQL 实现的账本
AMD 提供的工具,可在几分钟内运行 LLM 代理在 Ryzen AI 电脑上
使用扩散模型进行生成视角合成
一个用于 SVG 生成的基础模型,将向量化转换为代码生成任务。使用视觉语言建模架构,StarVector 处理视觉和文本输入,以生成高质量的 SVG 代码,并具有惊人的精度。
一个稍微更强大的标准 Unix 密码管理器,适用于团队
一个 Apache 授权、安全、快速且易于使用的 Apache Iceberg REST 目录,用 Rust 编写。Apache Iceberg 是一个允许我们直接从存储(如 S3)上的文件(CSV、Parquet、JSON)运行 SQL 查询的项目。
该包提供了一种简单的方法,根据输入字符串(例如电子邮件地址或用户名)生成唯一的对称 identicon。它使用 MD5 哈希创建确定性的图案和配色方案,然后镜像设计以生成美观的头像。
2025-03-25 20:19:00
Hi all,
Last week, NextJS has a new security vulnerability, CVE-2025-29927 that allow by pass middleware auth checking by setting a header to trick it into thinking this is an internal request and skip the auth middleware check. If you’re hosted on Vercel there is no action to take, but if you run the vercel server in your infra, you should update.
Another one for k8s, if you’re running ingress-nginx, you should update this patch. The attack require the ability to have a pod already running inside K8S network, such as sharing namespace with other users, or exposing admission controller webhook to internet. So if your cluster is dedicated to you, and not doing stuff like host network or expose admission controller service, you can buy sometime for the upgrade.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
A classic tale of Linux horror. You’re SSH’d into a machine, you make one wrong move, and suddenly your system is broken. This post walks through how to recover from this self-inflicted nightmare.
RIGHT JOIN is an esoteric feature in the SQL language, and hardly ever seen in the real world, because almost every RIGHT JOIN can just be expressed as an equivalent LEFT JOIN. There is, however, one place in the SQL language where RIGHT JOIN is surprisingly ubiquitous and today we learn about it.
An approachable introduction to the magic of zero-knowledge proofs—how they let you prove something without revealing the details. Perfect for anyone curious about cryptography without diving into hardcore math.
This one’s a bit outside the usual programming realm, but trust me—it’s fascinating. A deep dive into how solar panels actually work, the engineering behind them, and why understanding electricity at this level is surprisingly useful.
Syncing data is one of those things that sounds easy until you try to build it. This post walks through a synchronization engine design that’s both simple and powerful.
A deep dive into how macOS can unintentionally leak sensitive data like passwords, thanks to clipboard behavior and debugging tools. A must-read for anyone who cares about security.
Ever tried putting text over an image and ended up with weird background overlaps? This post explains why that happens and how to fix it. If you do anything with CSS, you’ll want to bookmark this one.
BPF is like a superpower for peeking into Linux. Whether you care about performance monitoring, security, or just love cool system hacks, this is a fantastic read.
A nostalgic yet technical look at how null pointer dereferences have plagued macOS over the years. Great for those who love debugging deep OS issues.
AI-powered recommendations are everywhere, but how do they really work? This post explores how LLMs are changing search and recommendation engines for the better.
If you’re a Rubyist curious about parallelism, this is for you. A practical look at Ruby’s Ractors and how they enable truly parallel execution without locks.
A Game Boy emulator written in Rust.
A Rack web server written in Ruby from scratch.
an HTML5 Canvas JavaScript framework that extends the 2d context by enabling canvas interactivity for desktop and mobile applications.
Need to run untrusted code safely? This sandboxing tool might be your new best friend.
A physics engine in Go that makes simulating motion, collisions, and forces as simple as possible.
A blazing-fast plotting library for massive datasets, using modern GPU rendering to keep things smooth.
Parsing gigabytes of JSON per second. Zig port of simdjson with fundamental features.
A Model Context Protocol (MCP) server that provides browser automation capabilities using Playwright. This server enables LLMs to interact with web pages through structured accessibility snapshots, bypassing the need for screenshots or visually-tuned models.
Powerful devtools for Ruby on Rails. Inspired by the Laravel Debugbar.
an open source agent that monitors your database, finds root causes of issues, and suggests fixes and improvements. It’s like having a new SRE hire in your team, one with extensive experience in Postgres.
Free Online version of pgFormatter a PostgreSQL SQL syntax beautifier (no line limit here up to 100000 characters). This SQL formatter/beautifier supports keywords from SQL-92, SQL-99, SQL-2003, SQL-2008, SQL-2011 and PostgreSQL specifics keywords. May
A database schema management tool that works like Terraform—diff, apply, and keep your schema in check.
Define your API once in a simple tsp file, then generate OpenAPI, gRPC, client code, and docs automatically.
A fast, memory-safe web server powered by Rust. Similar to Caddy or Nginx but written in Rust.
大家好,
上周,NextJS 发现了一个新的安全漏洞,CVE-2025-29927,该漏洞允许通过设置一个头信息来欺骗系统认为这是内部请求,从而绕过中间件的身份验证检查。如果你使用的是 Vercel,那么无需采取任何行动,但如果你在自己的基础设施中运行 vercel 服务器,你应该更新。
另一个是关于 k8s 的,如果你正在运行 ingress-nginx,你应该更新 这个补丁。该攻击需要能够在一个已经运行在 K8S 网络中的 Pod,例如与其他用户共享命名空间,或暴露准入控制器 webhook 到互联网。因此,如果你的集群是专用于你的,并且没有进行诸如主机网络或暴露准入控制器服务等操作,那么你可以为升级争取一些时间。
如果你喜欢 BetterDev,请通过分享给你的朋友来传播这个资源。如果你想支持我的工作,买一杯咖啡 会非常感激。
Linux 世界中的经典恐怖故事。你通过 SSH 登录到一台机器,做出一个错误的举动,突然你的系统就崩溃了。这篇文章将带你了解如何从这种自找的噩梦中恢复。
RIGHT JOIN 是 SQL 语言中一个晦涩的特性,几乎很少在现实世界中看到,因为几乎每一个 RIGHT JOIN 都可以等价地用 LEFT JOIN 表达。不过,在 SQL 语言中有一个地方,RIGHT JOIN 却出乎意料地普遍,今天我们将学习这一点。
零知识证明的入门介绍——如何在不透露细节的情况下证明某事。非常适合对密码学感兴趣但不想深入硬核数学的人。
这篇文章稍微超出了通常的编程领域,但相信我——它非常有趣。深入探讨太阳能板的实际工作原理、背后的工程学,以及为何在这一层面上理解电力是出乎意料的有用的。
同步数据听起来很简单,直到你尝试去构建它。这篇文章将带你了解一个既简单又强大的同步引擎设计。
深入探讨 macOS 如何因剪贴板行为和调试工具而无意中泄露敏感数据,如密码。这是任何关心安全的人必读的文章。
你是否曾尝试在图像上放置文本,却导致了奇怪的背景重叠?这篇文章解释了为什么会发生这种情况以及如何修复。如果你使用 CSS,你一定会想收藏这篇文章。
BPF 是 Linux 的一种超级能力,无论你是否关心性能监控、安全,或者只是喜欢酷炫的系统黑客,这篇文章都是绝佳的阅读材料。
一次怀旧但技术性的回顾,探讨空指针解引用如何多年来困扰 macOS。非常适合喜欢调试深层操作系统问题的人。
AI 驱动的推荐无处不在,但它们究竟是如何工作的?这篇文章探讨大语言模型如何改善搜索和推荐引擎。
如果你是 Ruby 开发者,对并行处理感兴趣,那么这篇文章适合你。深入探讨 Ruby 的 Ractors 以及它们如何实现真正的并行执行而无需锁。
用 Rust 编写的 Game Boy 模拟器。
从头开始用 Ruby 编写的 Rack Web 服务器。
一个 HTML5 Canvas JavaScript 框架,通过扩展 2d 上下文,使画布在桌面和移动应用中具备交互性。
需要安全地运行不可信代码吗?这个沙箱工具可能是你的新最佳朋友。
一个用 Go 编写的物理引擎,使模拟运动、碰撞和力变得尽可能简单。
一个用于大规模数据集的超快速绘图库,使用现代 GPU 渲染保持流畅。
每秒解析数十亿字节的 JSON。Zig 实现的 simdjson 基础功能。
一个基于 Playwright 的 Model Context Protocol (MCP) 服务器,提供浏览器自动化功能。该服务器使 LLMs 能够通过结构化的可访问性快照与网页交互,无需截图或视觉调优的模型。
Ruby on Rails 的强大开发工具。灵感来自 Laravel Debugbar。
一个开源代理,监控你的数据库,找出问题的根本原因,并建议修复和改进方案。它就像拥有一个新加入的 SRE 团队成员,拥有丰富的 Postgres 经验。
PostgreSQL SQL 语法美化工具的在线版本(无行数限制,最多 100000 个字符)。该 SQL 美化工具支持 SQL-92、SQL-99、SQL-2003、SQL-2008、SQL-2011 以及 PostgreSQL 特定的关键词。
一个数据库模式管理工具,其工作方式类似于 Terraform——进行差异分析、应用更改,并保持模式的可控性。
在简单的 tsp 文件中定义你的 API,然后自动生成 OpenAPI、gRPC、客户端代码和文档。
一个基于 Rust 的快速、内存安全的 Web 服务器。类似于 Caddy 或 Nginx,但用 Rust 编写。
2025-03-18 20:19:00
Hi all,
This week the github action tj-actions/changed-files are compromise and steeling credential of github action env. I had always found the concept of trusting randome github action is scary. Especially github make the action appear under the global namespace /marketplace/actions make it seems trust worth. Had github adopt a <user-org>/name probably more people will aware. I recommend for any non official github action, fork it to your own org or account and review source code manually.
Second thing, if you has been using WHOIS to find out domain owner or registra info, that is going to change. ICANN is Launching RDAP; Sunsetting WHOIS and a CLI to replace whois too.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
Lots of coding AIs have cool X demos on greenfield apps. But the day-to-day of a pro software engineer working on a team looks…a little different from vibe coding. Enter Augment Code. The first developer AI built for teams and large codebases, Augment works on codebases of millions of lines of code and thousands of files, bringing full codebase context to every keystroke. Customers like Datastax, Observe, Kong, and Lemonade trust Augment because it’s fast, high quality, and secure. Even better - you don’t have to switch your IDE - Augment works in VS Code, JetBrains, and even Vim. Augment is free to try and never trains on code without consent. Start building for free today.
Non-volatile storage is a cornerstone of modern computer systems. Every modern photo, email, bank balance, medical record, and other critical pieces of data are kept on digital storage devices, often replicated many times over for added durability. we’re going to cover the history, functionality, and performance of non-volatile storage devices over the history of computing, all using fun and interactive visual elements.
Google release the full details of EntrySign, the AMD Zen microcode signature validation vulnerability which they initially disclosed on Feb 2025. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside a VM) to load malicious microcode patches. We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs
Exploring an unpopular git bundle-uri that can help speed up Git by pre-populate git local object cache from https instead of fetching from git server.
WebGPU is a modern graphics API designed to provide high-performance graphics and computation capabilities across different platforms, including web browsers, desktops, and mobile devices. It is intended to be a successor to the WebGL API, offering more advanced features, better performance, and greater flexibility for developers
CSS is evolving realy fast. This is a useful feature used to cover by CSS pre-processor like SCSS or LESS.
The question everyone have an answer for. The OP share with us an interesting concept: visual patterns of code, specifically the ones that make their brain hurt!
Any distributed system you will hear the term Raft or Paxos. Some expert consider Paxos is super simple, some say it’s the most complicated. In this post, the OP modeling Paxos with FizzBee, a design specification language and model checker to specify distributed systems at a much higher level of abstraction than a programming language for system analysis and design. So we will learn 2 things in this post.
Building on a previous post on sorting algorithms, I implemented the same algorithms using CUDA to explore performance improvements through parallel computing. The goal is to see how we can leverage the power of parallel computing to speed up our sorting algorithms. I went for a NVIDIA recruiting event some days ago, that was a great event and it motivated me to try to rewrite the sorting algorithms using CUDA.
“PostgreSQL scales” - we have all heard this phrase over and over again. However, the question is: What does this actually mean? Does it mean 1 million rows? Or maybe even 1 billion rows? So, on a rainy weekend, I decided to do a little experiment to figure out if it is possible to squeeze 1 trillion rows (= 1000 billion rows) into my local personal computer
As an engineer we’re all curious how a compilers to made. The bad news is there is no single resource to grasp all of that. The good news are all the resource widely available for us to get started.
Binary Security found the undocumented APIs for Azure API Connections. In this post we examine the inner workings of the Connections allowing us to escalate privileges and read secrets in backend resources for services ranging from Key Vaults, Storage Blobs, Defender ATP, to Enterprise Jira and SalesForce servers.
A delightful Ruby way to work with AI. No configuration madness, no complex callbacks, no handler hell – just beautiful, expressive Ruby code.
a powerful, web-based image editor built with React and TypeScript. It provides a modern, intuitive interface for quick image edits and filters, optimized for both desktop and mobile devices.
If you ever need a short-cut like a spotlight search for your app. You would want this
Go HardWare discovery/inspection library
a robust Rust framework for building interactive REPL (Read-Eval-Print Loop) applications and custom shells. It provides a flexible, type-safe foundation with built-in terminal UI capabilities using ratatui.
An agentic framework with extensible tools for complex reasoning
The cryptography-based networking stack for building unstoppable networks with LoRa, Packet Radio, WiFi and everything in between.
Prevent merging of malicious code in pull requests
The agents.json Specification is an open specification that formally describes contracts for API and agent interactions, built on top of the OpenAPI standar
a Python package designed to facilitate the creation of engaging short videos or social media clips. It leverages a variety of external services and libraries to streamline the process of generating, processing, and uploading short content.
Elevate your designs with our curated collection of modern background patterns. Preview, customize, and implement with just a few clicks.
an open source, community-driven, native audio turn detection model. Hugging Face model is available
an open-source, fast, reactive, in-memory database optimized for modern hardware.
Horizontal scaling for PostgreSQL.
A blazing-fast KV store written in pure Golang without any dependencies with native pub-sub support, engineered for high-frequency, contention-heavy workloads
Toolkit for linearizing PDFs for LLM datasets/training
大家好,
本周,github action tj-actions/changed-files 被入侵并窃取了 github action 环境的凭证。我一直觉得信任随机的 github action 是令人不安的。特别是 github 将 action 放在全局命名空间 /marketplace/actions 下,让人觉得更值得信赖。如果 github 采用 <user-org>/name 的方式,可能更多人会意识到这个问题。我建议对于任何非官方的 github action,都应将其 fork 到自己的组织或账户中,并手动审查源代码。
第二件事,如果你一直在使用 WHOIS 来查找域名所有者或注册信息,这将发生变化。ICANN 已经 Launching RDAP; Sunsetting WHOIS 和一个 CLI 工具来替代 WHOIS。
如果你喜欢 BetterDev,请通过分享给朋友来传播这个资源。如果你想支持我的工作,给我买杯咖啡 将不胜感激。
许多编码 AI 在绿色字段应用上都有炫酷的 X 演示。但专业软件工程师在团队中日常的工作却看起来……与 vibe 编码有些不同。进入 Augment Code。这是首个为团队和大型代码库打造的开发者 AI,Augment 可在数百万行代码和数千个文件的代码库中运行,为每个按键带来完整的代码库上下文。Datastax、Observe、Kong 和 Lemonade 等客户信任 Augment,因为它快速、高质量且安全。更棒的是——你无需更换 IDE,Augment 支持 VS Code、JetBrains,甚至 Vim。Augment 可免费试用,且不会未经许可地训练代码。 今天就开始免费构建吧。
非易失性存储是现代计算机系统的基础。每一张现代照片、每一封电子邮件、每个银行账户余额、每一份医疗记录以及其他关键数据都存储在数字存储设备上,通常会多次复制以增加耐用性。我们将通过有趣且互动的视觉元素,探讨非易失性存储设备在计算机发展历史中的功能和性能。
Google 公布了 EntrySign 的完整细节,这是 AMD Zen 微代码签名验证漏洞,他们最初于 2025 年 2 月披露。该漏洞允许拥有本地管理员权限(在虚拟机外部的 ring 0)的对手加载恶意微代码补丁。我们已经展示了如何在 Zen 1 到 Zen 4 处理器上构建任意恶意微代码补丁。
探索一个不受欢迎的 git bundle-uri,它可以通过 https 预填充 git 本地对象缓存,从而加快 Git 的速度。
WebGPU 是一种现代图形 API,旨在为不同平台(包括网络浏览器、桌面和移动设备)提供高性能的图形和计算能力。它旨在成为 WebGL API 的继任者,提供更先进的功能、更好的性能和更大的灵活性。
CSS 正在以极快的速度发展。这是一个有用的特性,可用于 CSS 预处理器如 SCSS 或 LESS。
每个人都对此有答案。作者与我们分享了一个有趣的概念:代码的视觉模式,特别是那些让大脑感到痛苦的模式。
任何分布式系统你都会听到 Raft 或 Paxos 这个术语。一些专家认为 Paxos 非常简单,一些人则认为它是最复杂的。在本文中,作者使用 FizzBee,一种设计规范语言和模型检查器,以比编程语言更高的抽象级别来指定分布式系统,从而进行系统分析和设计。因此,我们在本文中将学到两件事。
在之前一篇关于排序算法的文章基础上,我使用 CUDA 实现了相同的算法,以探索通过并行计算实现的性能提升。目标是看看我们如何利用并行计算来加速排序算法。前几天我参加了一个 NVIDIA 的招聘活动,那是一次很棒的活动,也激励我尝试用 CUDA 重写排序算法。
“PostgreSQL 可扩展”——我们早已听过这句话。然而,问题是:这到底意味着什么?是指 100 万行?还是甚至 10 亿行?因此,在一个雨天的周末,我决定做个小实验,看看是否可以将 1 万亿行(= 1000 亿行)塞进我的个人电脑中。
作为工程师,我们所有人都好奇编译器是如何被制造出来的。坏消息是,没有单一资源能涵盖所有内容。好消息是,所有资源都广泛可用,供我们入门。
Binary Security 发现了 Azure API 连接的未文档化 API。在本文中,我们将探讨 Connections 的内部运作,使我们能够提升权限并读取后端资源(如 Key Vaults、Storage Blobs、Defender ATP、Enterprise Jira 和 SalesForce 服务器)中的秘密。
一种愉快的 Ruby 方式来与 AI 交互。无需配置混乱,无需复杂的回调,无需处理地狱——只需优雅、富有表现力的 Ruby 代码。
一个基于网络的强大图像编辑器,使用 React 和 TypeScript 构建。它提供了一个现代、直观的界面,用于快速图像编辑和滤镜,优化了桌面和移动设备的使用体验。
如果你曾经需要一个类似 Spotlight 搜索的快捷方式来查找你的应用程序,那么你需要这个。
Go 语言的硬件发现/检查库
一个用于构建交互式 REPL(读取-求值-打印循环)应用程序和自定义 shell 的强大 Rust 框架。它提供了一个灵活、类型安全的基础,并内置了使用 ratatui 的终端 UI 功能。
一个具有可扩展工具的代理框架,用于复杂推理
基于加密的网络堆栈,用于构建不可阻挡的网络,涵盖 LoRa、Packet Radio、WiFi 以及中间的一切。
防止拉取请求中合并恶意代码
agents.json 规范是一个开放规范,正式描述了 API 和代理交互的合同,基于 OpenAPI 标准构建
一个 Python 包,旨在帮助创建吸引人的短视频或社交媒体片段。它利用各种外部服务和库,简化了生成、处理和上传短视频的过程。
提升你的设计,使用我们精心挑选的现代背景图案。只需几下点击即可预览、定制和实现。
一个开源、社区驱动的原生音频转检测模型。 Hugging Face 模型已可用
一个开源、快速、反应式、内存数据库,专为现代硬件优化。
PostgreSQL 的水平扩展。
一个用纯 Golang 编写的快速键值存储,无任何依赖,并且原生支持发布-订阅功能,专为高频率、高竞争的工作负载设计。
用于线性化 PDF 以供 LLM 数据集/训练的工具包
2025-03-10 20:19:00
Hi all,
In the wave of ByBit exchange being hack for 1.6billion, and the hack is very sophisciated, exploit developer access key to change an s3 bucket. The attack start by having the developer run some untrusted docker compose with privileged: true I’ll include a few more tools in security, vulnerable scan, and supply chain attack.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
Lots of coding AIs have cool X demos on greenfield apps. But the day-to-day of a pro software engineer working on a team looks…a little different from vibe coding. Enter Augment Code. The first developer AI built for teams and large codebases, Augment works on codebases of millions of lines of code and thousands of files, bringing full codebase context to every keystroke. Customers like Datastax, Observe, Kong, and Lemonade trust Augment because it’s fast, high quality, and secure. Even better - you don’t have to switch your IDE - Augment works in VS Code, JetBrains, and even Vim. Augment is free to try and never trains on code without consent. Start building for free today.
Imagine someone could turn your laptop, smartphone, or even your gaming console into a tracking device without your knowledge. Our research team discovered a way this can happen through Apple’s Find My network The Find My network uses over a billion Apple devices worldwide. We found a security problem that lets hackers use this system to track almost any device with Bluetooth capabilities - not just Apple products. We call this attack “nRootTag.”
In this post, we’ll cover how to prevent ransomware and provide resources & code for 11 different ransomware prevention use cases to ensure preventative controls are in place to prevent against types of ransomware attacks targeting AWS S3.
The internet is insecure by default. Attackers can intercept and modify traffic, so we need a way to secure communication and verify the server’s identity. Encryption ensures data privacy, but without verification, hackers could impersonate a legitimate website, intercepting traffic while still using encryption. This is why TLS/SSL combines encryption with authentication.
When consuming Kafka in a consumer group, the offset each consumer has bit read the message and ack it is recorded by Kafka. When they crashed or restart, they can resume from the commited ack position. But what happen if a record has been processed by consumer but failed to send the ack, the app will consume the record again on restarting. How can we somehow do 2 thing: commit the offset and the result of operation somehow in a single atomic operation. Enter Kafka transactions allow.
We usually don’t include this tutorial style link but this one is really interesting to see. We will learn how transforms, perspective, and stacked grids can create a fully addressable 3D space and push the boundaries of what’s possible with pure CSS
In this tutorial, we learn how to create a simplified clone of the mobile game Crossy Road with React Three Fiber. The goal of the game is to move a character through an endless path of static and moving obstacles. We have to go around the trees and avoid getting hit by a car or a truck. We start with the basic setup: setting up the scene, camera, and lighting. We learn how to draw the player and the map’s trees, cars, and trucks. We cover how to animate the vehicles and add event handlers to move the player through the map. Finally, we add logic to detect collisions between the player and the cars.
A very command problem when we need to re-present a relationship in databsae such as family, friend. Can come in very handy to write a single SQL query to find relationship instead of building them from the app level
XOR is every where. We use them in Linux permission: umask, chmod. We use them in Cryptography. We will learn about their hardware implementation, about their usage and all kind of trick to use them efficiently.
Write up when following “Build a large language model from scratch” book.
Den has been running podcast for half a decade. He use WhistpeX, run it locally and build a workflow to transcibe his podcast to text. He shared with us the setup. I think local ai is really useful and worth to explorer the self hosted path. It is much easiser to self hosted than we think even
Go specific but come in very handy when working with Go app.
FastDOOM was a port of DOOM but it is 30% faster. On some complicated map, it’s even 48% faster. We will dive into the secret sauce of the technique that is used to optimized it. very low level thing like use the right assembly instruction to make code run in fewer instructions.
I recently tried to optimize convolutions using SIMD instructions, but what I thought would be a simple task ended up taking me days, with issue after issue popping up one after another. Some of them make sense in hindsight, but others were utterly baffling. While the specific examples are for direct convolution, these considerations apply to pretty much any code with a hot loop.
A complete search engine and RAG pipeline in your browser, server or edge network with support for full-text, vector, and hybrid search in less than 2kb.
a library which enables viewing of and interaction with PDF documents in React and SolidJS apps. It’s build on top of Mozilla’s PDF.js, and utilises Zustand to provide a reactive store for the loaded documents.
I recently pickup Zig and I think this is going to replace Rust and C for me when I needed them. It has all the power of Rust while less restricted, and have power of C while being more friendly than C.
A tool to detect cell site simulators on an Orbic mobile hotspot
E164 international phone number normalizing, splitting, formatting.
Yet another Go REPL that works nicely. Featured with line editing, code completion, and more.
Prevent merging of malicious code in pull requests
If you ever need to keep postgres in-sync with another datawarehouse, or even another postgres, this is the way to go.
A text-to-speech (TTS) and Speech-to-Speech (STS) library built on Apple’s MLX framework, providing efficient speech synthesis on Apple Silicon
Idempotent schema management for MySQL, PostgreSQL, and more
An intelligent web vulnerability scanner agent powered by Large Language Models
The Most Advanced Client-Side Prototype Pollution Scanner
A truly Open Source MongoDB alternative
powerful tool designed to bring actionable insights for tasks such as security monitoring and threat hunting on Linux systems. Think of it as the Linux counterpart to Sysmon on Windows, tailored for comprehensive and precise event monitoring.
大家好,
在ByBit交易所被黑客攻击了16亿美元的浪潮中,这次攻击非常复杂,利用开发者访问密钥更改S3存储桶。攻击始于开发者运行一些不受信任的docker compose,并使用privileged: true。我将加入更多关于安全、漏洞扫描和供应链攻击的工具。
如果你喜欢BetterDev,请通过分享给朋友来传播这个资源。如果你想支持我的工作,给我买杯咖啡将非常感激。
很多编码AI在绿色领域应用中有酷炫的X演示。但专业软件工程师在团队中日常的工作看起来……与随意编码略有不同。进入Augment Code。这是首个为团队和大型代码库设计的开发者AI,Augment可以在数百万行代码和数千个文件的代码库中运行,为每个按键提供完整的代码库上下文。Datastax、Observe、Kong和Lemonade等客户信任Augment,因为它快速、高质量且安全。更棒的是——你不需要更换IDE,Augment可以在VS Code、JetBrains甚至Vim中使用。Augment可免费试用,且绝不会在未经许可的情况下训练代码。立即免费开始构建。
想象一下,有人可以在你不知情的情况下将你的笔记本电脑、智能手机,甚至是游戏主机变成追踪设备。我们的研究团队发现了一种通过Apple的Find My网络实现这一目标的方法。Find My网络使用了全球超过十亿台Apple设备。我们发现了一个安全漏洞,让黑客能够利用该系统追踪几乎所有具有蓝牙功能的设备——不仅仅是Apple产品。我们将这种攻击称为“nRootTag”。
在本文中,我们将介绍如何防止勒索软件,并提供11种不同勒索软件防护用例的资源和代码,以确保在针对AWS S3的勒索软件攻击中具备预防控制措施。
互联网默认是不安全的。攻击者可以拦截并修改流量,因此我们需要一种方法来加密通信并验证服务器身份。加密确保了数据隐私,但如果没有验证,黑客可以伪装成合法网站,即使使用加密也能拦截流量。这就是为什么TLS/SSL结合了加密和认证。
当在消费者组中消费Kafka时,每个消费者读取消息并确认(ack)的位置由Kafka记录。当它们崩溃或重启时,可以从中断的确认位置恢复。但如果一条记录已被消费者处理但未能发送确认,重启后应用会重新消费该记录。我们如何才能在一次原子操作中完成两个任务:提交偏移量和操作结果?进入Kafka事务。
我们通常不会包含这种教程风格的链接,但这个链接非常有趣。我们将学习如何通过变换、透视和堆叠网格创建一个完全可寻址的3D空间,并推动纯CSS的边界。
在本教程中,我们将学习如何使用React Three Fiber制作移动游戏Crossy Road的简化克隆。游戏的目标是让角色通过静态和移动障碍物的无限路径。我们需要绕过树木并避免被汽车或卡车撞到。我们将从基本设置开始:设置场景、相机和照明。我们将学习如何绘制玩家和地图中的树木、汽车和卡车。我们将介绍如何动画化车辆并添加事件处理程序以移动玩家。最后,我们将添加逻辑以检测玩家与汽车之间的碰撞。
当我们需要在数据库中表示关系(如家庭、朋友)时,这是一个非常常见的问题。它可以非常方便地用一个SQL查询来查找关系,而不是在应用层构建。
XOR无处不在。我们用它在Linux权限中:umask、chmod。我们用它在密码学中。我们将学习其硬件实现、使用方法以及各种高效使用技巧。
这是按照“从零构建大型语言模型”书籍进行的总结。
Den已经运营播客五年了。他使用WhistpeX,本地运行并构建了一个转录播客为文本的工作流程。他与我们分享了这个设置。我认为本地AI非常有用,值得探索自托管路径。它比我们想象的更容易自托管。
Go特定但对工作中的Go应用非常有用。
FastDOOM是对DOOM的移植,但速度提高了30%。在某些复杂地图中,甚至提高了48%。我们将深入探讨用于优化该技术的秘诀。涉及非常底层的内容,比如使用正确的汇编指令以减少指令数量。
我最近尝试使用SIMD指令优化卷积,但本应是一个简单的任务却花了我数天时间,问题接踵而至。其中一些问题事后看来是有道理的,但其他问题却令人困惑。虽然这些具体示例是针对直接卷积的,但这些考虑适用于任何具有热循环的代码。
一个完整的搜索引擎和RAG管道,可在浏览器、服务器或边缘网络中运行,支持全文、向量和混合搜索,仅需不到2KB。
一个允许在React和SolidJS应用中查看和交互PDF文档的库。它基于Mozilla的PDF.js,并利用Zustand为加载的文档提供反应式存储。
我最近开始学习Zig,我认为这将取代我需要的Rust和C。它拥有Rust的所有功能,但限制更少,同时拥有C的强大功能,但比C更友好。
一个用于检测Orbic移动热点上的蜂窝模拟器的工具
E164国际电话号码的标准化、拆分和格式化
另一个功能良好的Go REPL。支持行编辑、代码补全等。
防止拉取请求中合并恶意代码
如果你需要将PostgreSQL与另一个数据仓库甚至另一个PostgreSQL保持同步,这是最佳选择。
基于Apple的MLX框架构建的文本到语音(TTS)和语音到语音(STS)库,提供高效的Apple硅芯片语音合成
适用于MySQL、PostgreSQL等的幂等模式管理工具
一个由大型语言模型驱动的智能Web漏洞扫描代理
最先进的客户端侧原型污染扫描工具
一个真正开源的MongoDB替代品
一个强大的工具,旨在为Linux系统上的任务(如安全监控和威胁狩猎)提供可操作的见解。可以将其视为Linux系统上的Sysmon(Windows)的对应工具,专为全面且精确的事件监控而设计。
