Discover curated articles, in-depth tutorials, and expert guides on technology, development, AI, and more.
Trending Topics
Next.jsReactTypeScriptAI/MLWeb3DevOps
AI News
Dec 15, 2025
5 min read
Dev.to
Music Monday Spotify: Open-Source Sync Bot
I created small Ruby bot that syncs tracks from Music Monday's comments to a Spotify playlist, just in time for today's post. Music Monday (Playlist Sync Launch!) Mikey Dorje for Music Forem Team ・ Dec 15 #musicmonday #playlist #newmusic #discuss Thanks to @tullis12 for the idea! It’s live, open, and after a few tweaks seems to be boringly reliable. I started with the Spotify API, because it's a super easy setup but I have plans to expand it. What It Does Parses the MusicMonday series on music.forem.com for Spotify and YouTube links/embeds. Maps YouTube → Spotify with simple heuristics; skips duplicates. Runs on GitHub Actions (no servers, no DB). Live Links Playlist: open.spotify.com/playlist/5pBJOB2JWQy4UdMEPELBDY Repo: github.com/mikeydorje/musicmonday How It Runs Schedule (UTC): Tue 00:00, Thu 12:00, Sun 23:00 Manual trigger: Actions → Run workflow (supports dry_run=true) Required secrets: SPOTIFY_CLIENT_ID, SPOTIFY_CLIENT_SECRET, SPOTIFY_REFRESH_TOKEN, PLAYLIST_ID Open to Contributors YouTube playlist mirroring (keep a matching YT playlist in sync) Bandcamp & SoundCloud detection/matching Vibe‑based routing with Gemini (auto‑route to multiple playlists; later, fold in Spotify audio features) Better matching (confidence/artist checks), fewer false positives Cover art automation (explore Forem cover‑art tooling → playlist image) Observability (clear logs/metrics), small DX improvements If you want to hack on this, jump into the repo and open an issue/PR.
Happy Music Monday! Video cover is from last week's submission from @shahrouzlogs. What are you listening to? Anything goes! Drop a YouTube, Bandcamp, Spotify or Soundcloud {% embed %} in the comments. I personally listen to all types of music, literally. All genres, all decades... doesn't matter. And I love being reminded of songs I haven't listened to in ages and being introduced to new music, so share away! No context needed. The Music Monday Spotify Playlist I whipped up a quick open-source ruby bot to scrape the comments of this series and add to a Spotify Playlist! So add a tune in the comments! It's already a pretty cool playlist and I think it will be cool to see a diverse community driven music from all around the world take shape. More about this: Music Monday Spotify: Open-Source Sync Bot Mikey Dorje ・ Dec 15 #ruby #opensource #automation #music The playlist:
Chiefs quarterback Patrick Mahomes out for season with torn ACL
Kansas City Chiefs quarterback Patrick Mahomes tore the ACL in his left knee Sunday, the team announced, ending his season the same day the Chiefs’ playoff hopes were dashed
Rep. Ilhan Omar says her son was pulled over by ICE agents in Minnesota
The Minnesota Democrat, an outspoken critic of the Trump administration's immigration operations around Minneapolis, said her son was let go after showing his U.S. passport.
Push-based vs. Pull-based Reactivity: The Two Driving Models Behind Fine-Grained Systems
Recap Building on the previous article about the core ideas behind reactivity, this part clarifies the difference between Push-based and Pull-based reactivity models. Core Idea In fine-grained reactivity: Push-based systems perform computation immediately when a value changes. Pull-based systems delay computation until the moment someone reads the value. Let’s look at them through real-world analogies. Real-World Examples Push-based Imagine ordering food in a food court. Write (ordering): You place your order. Push (notify on completion): When your meal is ready, your buzzer vibrates or lights up — the update is pushed all the way to you. Effect (pick up): You walk to the counter to pick it up. Reactivity interpretation: When a source changes, dependent nodes are recomputed immediately and notified right away. Pull-based Now imagine buying a bubble tea. Write (ordering): You place your drink order. Mark (state updated only): When the drink is ready, the shop just posts your number on a screen — they don’t notify you directly. Read → compute (only when needed): When you look up to check the screen, that read operation triggers “oh, it’s ready, I should go pick it up.” Effect (pick up): You go to the counter. Reactivity interpretation: Writes only mark nodes as dirty; real computation happens later when someone reads the value. Formal Definitions Model Behavior Focus Simplified Flow Push-based Compute on write: updates propagate immediately set() → propagate → compute → effect Pull-based Mark on write, compute on read set() → markDirty ⏸ read() → if dirty → compute → effect Key insight: Both models “push” signals — but Push pushes the computation, while Pull pushes the dirty mark. Timeline Diagrams Push-based Pull-based Pros & Cons Aspect Push-based Pull-based Read latency Lowest — always fresh First read may trigger recomputation Write cost Potentially high: O(depth × writes) Lower: mostly O(depth × 1) (mark dirty only) Over-computation High — computes even if never read Low — compute only when someone actually reads Batching Hard — work is already done Natural fit — flush later in one batch Debug visibility Dependency chain expands immediately Need DevTools to inspect when pulling happens Best use cases High-frequency writes, low reads (e.g., cursor syncing in collaboration apps) Low writes, high reads (dashboards, charts) Note: even Pull-based systems still must walk the dependency graph during marking, but they do not recompute — they only set dirty = true. How to Choose? It depends entirely on the scenario. Modern reactivity libraries often combine both strategies. Use Case Recommended Model Reason Real-time collaboration, game state sync Push Immediate reflection is more important than avoiding extra recomputation Large dashboards, data visualizations Pull Writes are rare, reads are frequent — compute only what is actually needed Timeline / scroll-driven animations Pull + Scheduler Pull defers work; scheduler ensures recomputation happens at most once per frame Data pipelines (expensive computations reused many times) Push-on-Commit Compute once upfront, then reuse everywhere React is basically Pull + Scheduler, which is why batching works the way it does. RxJS and MobX are classic examples of Push-on-Commit. Common Misconceptions “Pull means scanning the whole graph!” No — pull only checks the relevant dependency chain upward when a value is read. No full-tree traversal required. “Push always wastes computation.” Not when the result is guaranteed to be consumed immediately (e.g., cursor movement). Lower read latency > cost of extra writes. “Push vs Pull is either/or.” Most modern signal systems use a hybrid push-pull approach: Push during writes → propagate dirty flags Pull during reads → compute only when needed This combines responsiveness and laziness. “Why do even fine-grained systems still need Pull?” Because we often don’t know: Will this value ever be read? When will it be read? Pull separates: “The data changed” (mark dirty) from “Do I need to act on this?” (compute on read) Conclusion Why does fine-grained reactivity need a Push vs. Pull discussion? In coarse-grained systems (like React’s Virtual DOM), diffing the whole tree is abstract enough. But in signal-based systems, one single set() may fan out to hundreds of tiny derivations. Choosing when computation happens affects: Total compute cost (performance) Interaction latency (UI smoothness) Scheduling behavior (avoiding jitter & dropped frames) Understanding Push vs. Pull gives you the mental model and vocabulary needed to evaluate different reactivity frameworks. Next Up In the next article, we’ll explore how different mainstream frameworks design their reactivity systems — and why they made those choices.
Another E2E Solution delivered. This time with CI/CD, AWS EventBridge and ECS Fargate
To wrap up the year, I built my latest E2E project. It is a side project however it will help us at work. We have a service that uploads documents from a third-party system. This integration requires authentication, but the system enforces a monthly password rotation. When the password expires, uploads and downloads start failing, which quickly turns into a operational issue. To remove the need for manual updates and the risk of someone simply forgetting, I built an automation to handle this end to end. The solution is a Python worker using Selenium with headless Chromium, executed on a schedule and backed by a full CI/CD pipeline. On every push to the main branch, GitHub Actions assumes an AWS IAM Role via OIDC (no access keys involved), builds the Docker image, and pushes it to Amazon ECR. The workflow then registers a new ECS Task Definition revision, updating only the container image. This is the Architecture design solution: CI/CD: Execution is handled by Amazon EventBridge, which triggers the task every 29 days: ECS Cluster: The task runs on ECS Fargate in a public subnet, with a public IP and outbound traffic allowed. When triggered, Fargate starts the container, runs automation.py, launches Selenium with Chromium and Chromedriver, logs into the system, performs the password rotation, and exits. On success, the task finishes automatically with exit code 0. If an exception occurs, logs are sent to CloudWatch and the error is reported to a Slack alerts channel. Archtecture decisions: I chose to run the task in a public subnet for simplicity and cost reasons. Since the worker only needs outbound internet access and does not expose any inbound ports, there’s no additional risk as long as the security group has no inbound rules. This also avoids the cost and complexity of running a NAT Gateway, which would be required with private subnets. Using ECS Fargate instead of Lambda was also a deliberate decision. Running Selenium with Chromium on Lambda usually requires custom layers and fine-tuning, and it’s easy to hit limits around memory, package size, or execution time. With Fargate, the entire environment is packaged in the Docker image, with predictable runtime behavior and flexible CPU and memory allocation, which makes this kind of workload much easier to operate. In the end, this is a simple batch worker. It runs on a schedule, does one job, and exits. For headless browser automation, this approach turned out to be more straightforward and reliable.
Officials: father & son kill 15 in Australia mass shooting
Officials in Australia said father and son attackers killed at least 15 people in a shooting during a Jewish holiday celebration in Sydney. Video showed a bystander tackling one of the suspects. NBC News’ Raf Sanchez has more.
Full-Stack Development: The AI Evolution Are You Building on an Obsolete Roadmap? Are you building a full-stack career on a roadmap that's already obsolete? The tech landscape doesn't wait for anyone, and the traditional definition of a 'full-stack developer' is rapidly disintegrating, giving way to something far more powerful, yet profoundly misunderstood. The Paradox of Present-Day Mastery For years, the full-stack path was clear: master a frontend framework (React, Vue), a backend language (Node, Python, Go), a database (PostgreSQL, MongoDB), and maybe dabble in cloud deployment. This was the blueprint for independent creation, the ultimate leverage for turning an idea into a product. But while many are still perfecting their API integrations or debating JavaScript frameworks, a seismic shift has occurred. AI isn't just a fancy tool to enhance your workflow; it's becoming an intrinsic layer of the stack itself. Think about it. We're moving from a world where developers build logic to one where they command intelligence. Generative AI isn't just spitting out boilerplate code; it's crafting entire UI components, optimizing backend algorithms, and even orchestrating deployment pipelines. Your 'full-stack' expertise, without understanding how to integrate, prompt, and leverage these new intelligences, is like being a master carpenter in an age of automated construction. You might be excellent at your craft, but you're missing the future. "The future of full-stack isn't just about building applications; it's about commanding intelligence within them." The THINK ADDICT System: Building for the AI-Native Future So, how do you adapt? You don't abandon the fundamentals; you augment them. This isn't about replacing your hard-earned skills but expanding your mental models and toolset to incorporate the greatest leverage multiplier we've seen in decades. Here's the updated THINK ADDICT roadmap for the AI-Native Full-Stack Developer: 1. Solidify the Core Foundations (The 'Why' remains): Frontend Mastery: Deep dive into a modern framework (React, Vue, Svelte). Understand component architecture, state management, and performance. But now, explore how generative AI can build these components faster, and how AI-driven tools can optimize user experience. Backend Powerhouse: Choose a robust language (Node.js, Python, Go, Rust). Focus on API design, microservices, and scalability. Crucially, learn how to expose and consume AI services as part of your backend architecture. Data Acumen: SQL and NoSQL databases are still critical. Add to this understanding data pipelines for ML models, vector databases, and how to prepare data for AI consumption. Cloud & DevOps: Deploying to AWS, GCP, or Azure is non-negotiable. Now, integrate AI-driven monitoring, automated deployment scripts that leverage AI, and serverless functions optimized for AI inference. 2. Master the AI Integration Layer (The New 'How'): AI Fundamentals: Don't need to be an ML scientist, but understand the basics of machine learning, neural networks, and especially Large Language Models (LLMs). Know their capabilities, limitations, and ethical considerations. Prompt Engineering: This is the new API. Learn to craft effective prompts for code generation, debugging, testing, and even UI/UX ideation. It's about communicating effectively with intelligence. API Integration: Become proficient at integrating powerful AI APIs (OpenAI, Gemini, Hugging Face). Learn how to fine-tune models for specific use cases and build AI-powered features into your applications. Vector Databases & Embeddings: Crucial for building RAG (Retrieval Augmented Generation) systems, enabling your applications to interact with vast amounts of proprietary data intelligently. "Your ability to prompt, integrate, and orchestrate AI defines your leverage in the next decade." This isn't about blindly following trends. It's about recognizing reality. The full-stack developer who thrives will be the one who sees AI not as a threat, but as an indispensable co-pilot, an amplifier of their own capabilities. Start small. Integrate an LLM into a personal project. Experiment. Build. The world is moving, and the only way to stay relevant is to keep evolving with it. Your skill stack isn't static; it's a living, breathing entity demanding constant upgrades. "Don't just build with AI; build for an AI-driven future." 🚀 Upgrade Your Mindset 👉 JOIN THE SYSTEM Visual by Think Addict System.
What NestJS Actually Is — A Simple, No-Fluff Explanation
Alright, let’s come down to basics. NestJS is basically a TypeScript-first framework built on top of Node.js and Express. That’s it. No magic. No hype. Just structure on top of tools we already know. To understand why NestJS exists, you need to understand what came before it. Node.js → JavaScript runtime Runs JS outside the browser. Great for fast backend development. But JS itself? Very quirky. No types. Easy to move fast, also easy to break everything accidentally. Express → A simple server Express made backend development stupidly easy. Tiny learning curve. Perfect for small projects, prototypes, hackathons. But then… When apps got bigger, everything got messy As real-world apps became feature-heavy, codebases turned into spaghetti bowls: No type guarantees No enforced structure Every dev invents their own folder layout Business logic ends up mixed with routing Regression bugs multiply “Just add this new feature” becomes “hope nothing explodes” Even adding TypeScript to Node didn’t fix the deeper problem. TS gives you types, sure — but it doesn't give you architecture. Node + TS still leaves you with: Unreinforced boundaries Too much flexibility Teams writing code in completely different styles Dependency chaos No opinionated structure for large-scale apps And that’s exactly where NestJS comes in. NestJS: Node + Express, but grown-up NestJS sits on top of Express (or Fastify), but adds real structure, real boundaries, and a consistent way to build apps — especially when multiple developers are involved. The most important idea Nest brings is opinionated architecture. Not optional. Not “choose your own adventure.” Actual structure. Controllers + Services = Clean Separation Nest enforces the Controller → Service pattern. This quietly implements the Single Responsibility Principle in the background: Controllers handle incoming requests Services handle business logic No mixing No “let me put everything in one file” nonsense And Nest breaks everything into modules. Every controller, every service, every feature — all separated, all clean, all connected through one root module. This alone already makes large codebases way easier to reason about. Dependency Injection (DI) Done Right Node is notorious for relying heavily on random NPM packages for everything. Great for flexibility, also a giant security and maintenance headache. Nest gives you: Built-in dependency injection Cleaner integrations Fewer third-party landmines More secure and predictable architecture This means features plug in cleanly instead of becoming tangled metal wires behind your TV. Extra Nest Perks Nest also brings in a lot of real-world development conveniences: DTOs (Data Transfer Objects) Pipes for validation Providers Guards First-class testing support CLI tools for scaffolding Basically, everything you wish Express had out of the box. Why I’m Writing This Series I’m publishing a series of simple NestJS guides to help people actually understand: how NestJS works how the architecture fits together how TypeScript + Node + Nest can feel natural instead of overwhelming It’s not going to be full of buzzwords or fake enterprise speak. Just clean explanations, real fundamentals, and the bigger picture of how this ecosystem fits together. If you're trying to understand this NestJS / TS / JS domain from the ground up, this series will make the whole thing click. Want more no-fluff tech guides? I publish clean, practical cloud and backend notes here: https://ramcodesacadmey.gumroad.com Check it out if you want simple explanations that actually make sense.
You need to listen to Sudan Archives’ violin opus for the club
My introduction to Sudan Archives was the song "Nont for Sale" from her first EP Sink in 2018. I've been a die-hard fan ever since. With each album, she finds new ways to sculpt the sound of her violin, contorting it in defiance of expectations. Athena found her in conversation with it, leaving its timbre […]
Step 1: In the Search Bar, type EC2 and choose the first option Step 2: Click Launch Instance Step 3 In the Launch Instance Environment, in the name bar, type in a name and click Add Additional Tags Step 4 In the Name and Tag Section, for the Key info and value info Bar, type in while for the Resource Types, click the drop-down arrow and select Instances Step 5 In the Application and OS Images (Amazon Machine Images), select any of the Operating systems you want, though I will choose Windows Microsoft Step 6 In the Key Pair (Login) section, click Create new key pair and fill in the necessary information on the new bar that pops up Step 7 In the Network Setting Section, tick the Allow RDP traffic from and Allow HTTP traffic from the Internet Step 8 Click Launch Instance Step 9 Successful Message of EC2 instance creation Step 10 Click Connect to Instance Step 11 In the Connect Environment, click the RDP Client Tab Step 12 Click Upload private key file Step 13 Click Decrypt Password Step 14 Click the download remote desktop file and copy the password Step 15 In the Connection security environment, click Connect Step 16 Insert the copied password into the security environment, click OK, and click ** Yes ** for the subsequent pop-up. The EC2 instance is done and dusted I hope this article was helpful.
How an Oklahoma student's gender essay became a national culture war fight
Ryan Walters had a suggestion for the University of Oklahoma student who emailed him for help over a bad grade.“Fight back.”The student, Samantha Fulnecky, a junior on a pre-med track, recently got a 0 on her essay that leaned on her Christian beliefs for an assignment on gender stereotypes in her psychology class. The instructor told her in a Nov. 16 message that her essay was offensive and lacked evidence.
In a stark signal of robotics' explosive talent demand, Figure CEO Brett Adcock revealed that the company received 176,000 job applications over the last three years, yet hired just ~425 people, underscoring the fierce competition for expertise in humanoid development amid booming interest. This hiring frenzy aligns with broader labor market pressures, where electricians are commanding $300k salaries and H1B visas may soon extend to blue-collar roles like nursing, as Prakash warned, amplifying calls for robotic intervention. "Aging population + lower appetite for physical work + higher demand for goods and services means robotics for everything or bust. No future but a robotics future at this point." Such imperatives echoed loudly from Chris Paxton, who argued that even economic headwinds demand accelerating robotics to avert worker shortages, positioning humanoid robots as the iPhone of the 2030s. XPeng founder Xiaopeng He reinforced this vision, declaring that humanoid robots will dominate because the world is designed for humans, while Unitree eyes an "Apple of robotics" ambition through premium hardware scaling. Shenzhen solidified its status as robotics' pulsating epicenter at the recent SZ RoboX gathering, where over 80 founders from San Francisco, Europe, and local scenes convened, sharing insights on AI hardware scaling. Attendees explored storefronts like the 6S robot store in Longgang and EngineAI in Futian, while panels featured veterans like Lexie—who bridged Shenzhen and SF robotics marketing—and global pioneers such as Francesco Crive, who detailed Shenzhen's ecosystem pull. Even robot combat enthusiast Nima raved about his visit, teasing future REK bot fights amid the city's manufacturing might. Tuo Liu hailed Shenzhen as the sole city fusing global innovation with production scale, drawing figures from ByteDance—whose wheeled robot demoed shoe-tying dexterity—to international builders. On the hardware front, FANUC America showcased industrial might at PRI 2025, demoing the latest ROBODRILL Plus machines for precision machining alongside user-friendly CRX welding cobots at Booth 5359 through December 13th, priming manufacturers for 2026 automation leaps. These deployments highlight robotics' penetration into factories, where reliable manipulation remains paramount—Chris Paxton spotlighted a RoboPapers podcast with Wenli Xiao on recipes for ~100% reliable skills using data to bootstrap generalist models. Dexterity advances are surging at a "scary pace," per Rohan Paul, driven by massive real-world datasets, vision-language-action (VLA) models for smooth control, diffusion policies for coherent sequences, and compliant hardware slashing jitter. A standout: the X-Humanoid paper, which transforms everyday human videos into realistic humanoid footage via diffusion models fine-tuned on Unreal Engine pairs, releasing 60 hours of Tesla humanoid video (3.6M frames) from Ego-Exo4D. This bridges the sim-to-real gap, enabling scalable training for VLAs and world models that ingest text commands and predict outcomes without body mismatches plaguing prior overlays. Perception gains bolster this, as Chris Paxton praised MapAnything's blog—a flexible 3D mapping method blending priors without old-school rigidity—for enabling precise, interpretable motions in cluttered worlds. Emerging apps tease real-world impact, from ROBOTGYM's humanoid elderly care potentials—envisioning bots aiding physical therapy—to viral kid fascination, like Paxton's toddler fixated on orange robots stowing dishes. As SZ RoboX group photos captured collaborative energy, robotics hurtles toward ubiquity, with hardware, dexterity, and deployments converging to redefine labor.
A long time ago, in a galaxy powered by Redis, Nuxt, and the Force of the Command Line, the Redis Nuxt Blog was born. The Rebels (developers) could already create, manage, and publish posts using the CLI — fast, minimal, and powerful. But the galaxy is vast… and not everyone wants to live inside a terminal. So today, a new Force rises. ⚖️ The Two Forces of Redis Nuxt Blog Just like the galaxy itself, the Redis Nuxt Blog now lives in balance: 🌑 The Dark Side — The CLI (Still Strong) Fast Powerful Scriptable Perfect for backend lovers and automation Jedi Fully operational and battle-tested 🌕 The Light Side — The Admin Panel (New Hope) For those who feel the Force in the Frontend, the Admin Panel has arrived. No terminals. No commands. Just a clean UI to read, edit, and delete content with elegance. 🔐 Admin Login — Enter the Control Room Every imperial system needs security. The Admin Panel starts with a dedicated login screen, keeping the Holocron safe from unwanted visitors. 🛰️ Dashboard — A Galactic Overview Once inside, the dashboard gives you a clear view of the system. No noise. No clutter. Just control. 📚 Posts Index — Your Archive of Knowledge Here lies the heart of the blog: All posts stored in Redis, neatly listed and ready for action. ✏️ Edit & Delete — Precision Strikes Select a post and fine-tune it like a lightsaber crystal. Edits are instant. Deletions are… final. 🚫 “Create” Is Missing… For Now You may notice something. “Where is the Create Post button?” Ah yes… The young Padawan of this Admin Panel is still in training. For now: Creation lives in the CLI Editing & Deleting live in the Admin Panel Balance must be maintained. (But fear not — the feature is coming soon. Even the Death Star wasn’t built in a day.) 🧠 One Stack, Many Paths The Redis Nuxt Blog is not about choosing sides — it’s about choice. Love terminals? → Use the CLI Love UIs? → Use the Admin Panel Love both? → Achieve true balance Everything runs on the same core: Redis as the data engine Nuxt as the frontend framework Simplicity as the philosophy 🌌 The Journey Continues The README has been fully updated, and the Admin Panel is ready to explore. 👉 Repository: https://github.com/melasistema/redis-blog The Force is strong with this stack. And this… is only the beginning. May Redis be with you. 🚀
This article is intended as a study-oriented, introductory overview of Linux. It intentionally covers very basic concepts and simplifies some topics to help beginners build an initial mental model. It is not meant to be exhaustive or deeply technical, but rather a starting point for further exploration. Base needed knowledge: GNU: GNU is a predecessor of Linux and a free open-source unix-like operating system. Kernel: Kernel is the core system of an operational system, it acts as a bridge through software and hardware, managing system resources (CPU, memory, peripheral devices). Although we use the same Linux to describe the whole operating system, it's only refers to the kernel. Whats is Linux? Linux is an open-source operating system kernel originally created by Linus Torvalds. In practice, when people say “Linux,” they are usually referring to a complete operating system made of the Linux kernel combined with tools, libraries, and others softwares from the GNU project. A linux system is divided in three layers: Hardware: This includes the physical resources of your machine, such as CPU, memory, peripheral devices, etc. Linux Kernel: Is the core of the operating system, managing the hardware and facilitates communication between software and hardware. User Space: This is the environment where the users interacts with the system, using applications and command line interfaces. What is a Linux distribution? A distribution is a bundle of the Linux kernel with some specific softwares, tools, system utilities, libraries and applications. Essentially a distro is a complete, ready-to-use operating system built around the Linux Kernel. Debian: Debian is an operating system composed entirely of free and open-source software, it's one of the most respected projects in community. Package Management Debians uses a powerful package management tool called apt (Advanced Package Tool). The system maintain a massive repository of pre-compiled software packages. Red Hat Enterprise Linux (RHEL) RHEL is a commercial linux distribution developed by the Red Hat Team, build to provide long-term stability, security and professional support. Package Management RHEL uses RPM (Red Hat Package Manager) format for its software packages, for managing this packages, it provides powerful package managers like YUM (Yellowdog Updater, Modifier) and its sucessor, DNF (Dandified YUM). Ubuntu Ubuntu is probably the most famous famous linux distribution, it's and excellent entry point for anyone looking to get started with Linux. Package Management As a Debian-based operating system, Ubuntu utilizes the core Debian package management system. This means it uses the apt (Advanced Package Tool) command-line utility to handle software installation, updates, and removal, giving users access to a vast repository of free and open-source software. Fedora Fedora is and equivalent to Ubuntu but developed by Red Hat team, built on our foundation instead of Debian. Package Management Fedora utilizes the RPM package format and manages software with the DNF (Dandified YUM) package manager. DNF is a powerful and easy-to-use command-line tool for installing, updating, and removing software packages on the system. The shell The is a program that accepts you typed commands and passes them to the operating system. If you i've used a GUI (Graphical User Interface), you might have encountered applications like "Terminal" or "Console." the are simply programs that open a shell session for you. BASH (Bourne Again Shell) Bash is the default shell for most Linux distros. While other shells like ksh, zsh, and tsch exist, mastering Bash provides a solid foundation for working with any Linux system. When you open a terminal, you'll see the shell prompt, Its appearance can vary between distros but it typically follows this format: username@hostname:current_directory$. Yeah, i used a MacOS Terminal screenshot, don't care its not relevant. The $ symbol at the end indicates that the shell is ready to accept commands, you do not type this symbol when entering commands, it is purely informational! How the hell does this work? Well, just paste this command echo "I love Linux" and you'll see "I love Linux" as the output into console. Filesystem basics Linux uses single root filesystem, meaning everything starts from / (root). There are no drive letters like C: or D:, all storage devices are mounted into the same tree. Common directories / — root of the filesystem /home — user home directories /etc — system configuration files /var — variable data (logs, cache, spool) /usr — user-installed software and libraries /bin and /sbin — essential system binaries In Linux, everything is treated as a file, including devices, processes, and sockets. Paths A path is the location of a file or directory inside the filesystem. It tells the system where something is in the directory tree. Absolute paths starts from / like /home/user/projects and relative paths without as like projects/my-app. Useful navigation commands: pwd # show current directory ls # list files cd # change directory Permissions & users Linux is a multi user operating system, built with security in mind from the start, so, every file and directory has an owner, a group, and a set of permissions. You can permissions in you computer with ls -l: Root is the superuser, with full-access, otherwise, normal users have limited permissions. You can run some commands as root user using sudo before any command. Permissions are a core concept in Linux and one of the main reasons servers are secure by default. Networking basics Linux provides powerful built-in tools to inspect, debug, and interact with networks. Networking is a fundamental skill, especially for servers, containers, and cloud environments. Network concepts IP address: identifies a machine on a network Ports: identify services running on a machine Protocols: rules for communication (HTTP, TCP, UDP) Common networking commands: ping "url.com" curl "url.com" wget "url.com/file.zip" ip a Useful links & references GNU project: https://www.gnu.org Linux Kernel documentation: https://www.kernel.org/doc/html/latest/ Filesystem Hierarchy Standard (FHS): https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html Debian official docs: https://www.debian.org/doc/ APT documentation: https://wiki.debian.org/Apt Red Hat Enterprise Linux docs: https://access.redhat.com/documentation DNF documentation: https://dnf.readthedocs.io/en/latest/ Ubuntu documentation: https://help.ubuntu.com/ Fedora documentation: https://docs.fedoraproject.org/ Bash manual: https://www.gnu.org/software/bash/manual/ Linux permissions reference: https://www.redhat.com/sysadmin/linux-file-permissions Linux networking overview: https://www.kernel.org/doc/html/latest/networking/index.html Thanks! Thanks for reading this article. I hope it helped clarify the core concepts behind Linux and gave you a starter foundation to keep exploring the ecosystem. See you soon ;)
Hong Kong court set to rule in Jimmy Lai's landmark national security trial
A Hong Kong court on Monday found prominent China critic and media mogul Jimmy Lai guilty of collusion and sedition, in a landmark verdict that epitomizes the tensions between the city’s judicial autonomy and Beijing’s political grip.
Compilé para Linux sin Salir de mi Mac (y Costó $0.06) 📚 Serie: AWS Zero to Architect - Módulo 3 ⏱️ Tiempo de lectura: 20 minutos 💻 Tiempo de implementación: 120 minutos En los módulos anteriores configuramos AWS, Terraform e IAM. Ahora viene lo divertido: crear tu primera función Lambda en Go que cuesta centavos y es 3x más rápida que Python. 🤔 El Problema que Todos Tenemos Escenario común: "Tengo una API simple. ¿Monto un servidor 24/7 que me cuesta $50/mes aunque solo reciba 100 requests/día?" Respuesta: NO. Usa Lambda. ⚡ Lambda Explicada: Food Truck vs Restaurant Imagina que tienes un negocio de comida: 🏢 Restaurant (EC2 - Servidor Tradicional) - Rentas local completo: $500/mes - Pagas luz/agua/gas 24/7 - Staff de tiempo completo - Si hay 3 clientes o 300, pagas lo mismo - Si hay demanda, el local se satura Costo fijo: $500/mes 🚚 Food Truck (Lambda - Serverless) - Solo pagas cuando sirves un plato - $0.20 por cada 1 millón de platos - Sin staff fijo (AWS lo maneja) - Escala automáticamente - 3 clientes = $0.0006 - 300 clientes = $0.06 Costo variable: $0-$100/mes ¿Cuál tiene más sentido para una API que recibe tráfico esporádico? 💰 Pricing Real (Sin Marketing BS) Mi Lambda Actual 100,000 requests/mes 128MB RAM 200ms promedio de duración Cálculo: Requests: 100,000 ÷ 1,000,000 × $0.20 = $0.02 Compute: 0.128GB × 0.2s × 100,000 × $0.0000166667 = $0.04 Total: $0.06/mes Free Tier: 1 millón de requests/mes 400,000 GB-segundos Traducción: Gratis para desarrollo y apps pequeñas. 🐹 ¿Por Qué Go y No Python/Node.js? Benchmarks Honestos (Mis Propias Mediciones) Lenguaje Cold Start Memory Used Warm Invoke Go 156ms 48MB 45ms Node.js 342ms 89MB 89ms Python 478ms 127MB 134ms Java 1,240ms 186MB 203ms Resultado: Go es 3x más rápido en cold start. ¿Qué es un Cold Start? Primera invocación del día: 1. AWS crea un container → 100ms 2. Carga tu runtime (Node.js/Python) → 200ms 3. Carga tu código → 100ms Total: ~400ms Con Go: 1. AWS crea container → 100ms 2. Ejecuta binario → 50ms Total: ~150ms Para el usuario final: Go responde en 150ms, Python en 400ms. Ventaja de Costos Python (512MB): $0.0000083 por 100ms Go (128MB): $0.0000021 por 100ms Ahorro: 75% Con 1M requests/mes: Python: $83/mes Go: $21/mes Diferencia: $62/mes × 12 meses = $744/año 🏗️ Arquitectura: Hexagonal en Serverless ¿Qué es Arquitectura Hexagonal? Idea simple: La lógica de negocio NO debe depender de AWS. ❌ MAL (Acoplado a AWS): func CreateSession(userID string) { dynamodb.PutItem(...) // Directo a AWS } ✅ BIEN (Desacoplado): // Domain (puro Go, sin AWS) type Session struct { ID string UserID string } func NewSession(userID string) *Session { ... } // Adapter (traduce a AWS) type DynamoDBRepo struct { ... } func (r *DynamoDBRepo) Save(session *Session) { ... } Ventajas: ✅ Puedes cambiar DynamoDB por Postgres sin tocar el dominio ✅ Testeable sin AWS ✅ Lógica de negocio clara Mi Estructura go-hexagonal-auth/ ├── cmd/lambda/main.go # Lambda handler ├── internal/ │ ├── core/domain/ │ │ └── session.go # Lógica de negocio │ └── adapters/repository/ │ └── dynamodb_session.go # AWS adapter └── terraform/ └── lambda.tf # Infrastructure 💻 El Código que Importa Domain Model (Sin AWS) package domain import ( "time" "github.com/google/uuid" ) type Session struct { SessionID string UserID string ExpiresAt time.Time CreatedAt time.Time } func NewSession(userID string, ttl time.Duration) *Session { now := time.Now() return &Session{ SessionID: uuid.New().String(), UserID: userID, CreatedAt: now, ExpiresAt: now.Add(ttl), } } func (s *Session) IsValid() bool { return s.SessionID != "" && s.UserID != "" } Nota: CERO imports de AWS. Lógica pura. DynamoDB Adapter package repository import ( "context" "github.com/aws/aws-sdk-go-v2/service/dynamodb" "go-hexagonal-auth/internal/core/domain" ) type DynamoDBRepo struct { client *dynamodb.Client tableName string } func (r *DynamoDBRepo) Save(ctx context.Context, session *domain.Session) error { // Conversión domain → DynamoDB item := map[string]interface{}{ "session_id": session.SessionID, "user_id": session.UserID, "expires_at": session.ExpiresAt.Unix(), } // PutItem en DynamoDB _, err := r.client.PutItem(ctx, &dynamodb.PutItemInput{ TableName: aws.String(r.tableName), Item: marshalMap(item), }) return err } Lambda Handler package main import ( "github.com/aws/aws-lambda-go/lambda" "go-hexagonal-auth/internal/core/domain" "go-hexagonal-auth/internal/adapters/repository" ) func handler(ctx context.Context, request APIGatewayRequest) (Response, error) { // 1. Parse input var req CreateSessionRequest json.Unmarshal([]byte(request.Body), &req) // 2. Create session (domain logic) session := domain.NewSession(req.UserID, 24*time.Hour) // 3. Save (adapter) repo := repository.NewDynamoDBRepo(ctx) repo.Save(ctx, session) // 4. Response return Response{ StatusCode: 201, Body: json.Marshal(session), }, nil } func main() { lambda.Start(handler) } Flujo: Parse JSON Lógica de negocio (domain) Persistencia (adapter) Respuesta 🔨 Compilación Cross-Platform (La Magia de Go) El Problema Desarrollo en: macOS ARM64 (M1/M2/M3) Lambda ejecuta: Linux ARM64 ¿Cómo compilo para Linux sin salir de macOS? La Solución de Go # Un solo comando GOOS=linux GOARCH=arm64 go build -o bootstrap ./cmd/lambda Eso es todo. No necesitas: ❌ Docker ❌ Máquina virtual Linux ❌ Compilar en CI/CD Go compila nativamente para otras plataformas. Makefile (Automatización) build: GOOS=linux GOARCH=arm64 CGO_ENABLED=0 \ go build -ldflags="-s -w" \ -o build/bootstrap ./cmd/lambda zip: build cd build && zip lambda.zip bootstrap Comandos: make build # Compila para Lambda make zip # Crea lambda.zip Tamaños: build/bootstrap: 7.2 MB (sin comprimir) build/lambda.zip: 2.8 MB (comprimido) Flags Importantes -ldflags="-s -w" # Reduce tamaño 30-40% CGO_ENABLED=0 # Binario estático (sin deps C) 🚀 Deploy con Terraform Lambda Configuration resource "aws_lambda_function" "create_session" { filename = "../build/lambda.zip" function_name = "go-hexagonal-auth-dev-create-session" role = aws_iam_role.lambda_execution.arn handler = "bootstrap" runtime = "provided.al2023" # ARM64 (Graviton2 - 20% más barato) architectures = ["arm64"] memory_size = 128 timeout = 10 environment { variables = { DYNAMODB_TABLE_NAME = aws_dynamodb_table.sessions.name } } } Características: runtime = "provided.al2023": Custom runtime para Go architectures = ["arm64"]: Graviton2 (procesadores de AWS) memory_size = 128: Suficiente para Go ¿Por qué ARM64? Benchmarks: Arquitectura Precio/GB-seg Performance Relación x86_64 $0.0000166667 Baseline 1.0x ARM64 $0.0000133334 +10-15% 1.15x Resultado: ARM64 es 20% más barato Y 10% más rápido. Deploy # 1. Compilar make build zip # 2. Deploy cd terraform terraform apply Tiempo de deploy: ~15 segundos 🧪 Testing (La Parte Satisfactoria) Test Básico # Invocar Lambda aws lambda invoke \ --function-name go-hexagonal-auth-dev-create-session \ --payload '{"body": "{\"user_id\": \"test-123\"}"}' \ response.json # Ver resultado cat response.json | jq . Respuesta: { "statusCode": 201, "body": { "session_id": "f7a3b2c1-4d5e-6789-abcd-ef0123456789", "user_id": "test-123", "expires_at": 1734393600, "message": "Session created successfully" } } ✅ Primera invocación: 156ms (cold start) ✅ Segunda invocación: 45ms (warm) Verificar en DynamoDB SESSION_ID=$(cat response.json | jq -r '.body.session_id') aws dynamodb get-item \ --table-name sessions \ --key "{\"session_id\": {\"S\": \"$SESSION_ID\"}}" ¡Ahí está la sesión! 🎉 CloudWatch Logs aws logs tail /aws/lambda/go-hexagonal-auth-dev-create-session --follow Output: START RequestId: abc-123 Received request: {"body": "{\"user_id\":\"test-123\"}"} Session created: f7a3b2c1... for user: test-123 END RequestId: abc-123 REPORT Duration: 156ms Memory: 48MB Métricas: Duration: 156ms Memory Used: 48MB (de 128MB) Billed Duration: 200ms 🎯 Resultados Reales Performance Cold Start (primera invocación del día): Mi Lambda Go: 156ms Lambda Node.js equivalente: 342ms Mejora: 2.2x más rápido Warm Invocations: Go: 45ms Node.js: 89ms Costos (100k requests/mes) Go Lambda: 128MB × 200ms × 100,000 requests = $0.06/mes Node.js Lambda (mismo workload): 256MB × 200ms × 100,000 requests = $0.12/mes Ahorro: $0.06/mes × 12 = $0.72/año Multiplicado por 10 Lambdas: $7.20/año de ahorro. 🆘 Problemas que Tuve (Y Cómo los Resolví) Error: "Runtime.ExitError exit status 2" Causa: Faltaba import de net/http en main.go Fix: import ( "net/http" // ← Agregar esto // ... otros imports ) Error: "DYNAMODB_TABLE_NAME not set" Causa: Variable de entorno mal configurada en Terraform Fix: environment { variables = { DYNAMODB_TABLE_NAME = aws_dynamodb_table.sessions.name # NO: DYNAMODB_TABLE_SESSIONS } } Error: "exec format error" Causa: Compilé para x86 en lugar de ARM64 Fix: # Verificar arquitectura file build/bootstrap # Debe decir: ARM aarch64 # Recompilar GOARCH=arm64 make build 🔐 Seguridad: ¿Es Pública Mi Lambda? Respuesta Corta: NO Situación actual (Módulo 3): Internet → ❌ NO PUEDE ACCEDER AWS CLI con credenciales → ✅ PUEDE INVOCAR Solo es invocable con: AWS CLI + credenciales IAM permissions Nadie en internet puede ejecutarla. Módulo 4: API Gateway (Próximo) Ahí sí la haremos pública con: ✅ HTTPS endpoint ✅ Throttling (límite de requests) ✅ API Keys (opcional) 💡 Lo Que Aprendí Go es RÁPIDO para serverless Cold starts 3x más rápidos 75% más barato en memoria Compilación cross-platform es magia Un comando, no Docker Arquitectura Hexagonal vale la pena Testeable sin AWS Fácil cambiar DynamoDB ARM64 > x86_64 20% más barato 10% más rápido Terraform > ClickOps Reproducible Versionado 📊 Comparación Final Característica EC2 t3.micro Lambda Go Costo base $7.50/mes $0.00 Escalado Manual Automático Cold start N/A 156ms Warm invoke N/A 45ms Mantenimiento Tú AWS 100k req/mes $7.50 $0.06 Ganador: Lambda (para tráfico esporádico) 🎓 Lo Que Lograste Si llegaste hasta aquí e implementaste todo: ✅ Primera Lambda function en Go ✅ Compilación cross-platform ✅ Arquitectura Hexagonal ✅ Integración con DynamoDB ✅ Deploy con Terraform ✅ Testing funcional Y todo por < $0.10/mes. 🎉 🚀 Próximo Paso: API Gateway En el Módulo 4 vamos a: Crear endpoint público HTTPS Configurar CORS Agregar throttling Testear con Postman La Lambda será accesible desde cualquier lugar (con controles de seguridad). 📦 Código Completo Todo el código está en GitHub: edgar-macias-se / go-hexagonal-auth Production-ready Authentication Microservice in Go. Implements Hexagonal Architecture, JWT, Redis Blacklisting, and Rate Limiting. 🛡️ Go Secure Authentication Service Un microservicio de autenticación robusto, escalable y listo para producción, escrito en Go siguiendo principios de Arquitectura Hexagonal. Diseñado con la seguridad como prioridad, implementando las mejores prácticas de OWASP para la gestión de identidad, sesiones y protección contra ataques. 🚀 Key Security Highlights Este no es solo un login básico. Este proyecto implementa capas de defensa en profundidad: 🔒 Arquitectura Hexagonal (Ports & Adapters): Desacoplamiento total entre la lógica de negocio, la base de datos y la API HTTP. Código testable y mantenible. 🔑 Estrategia de Tokens Duales (JWT): Access Token (15 min): JWT firmado (HS256) de vida corta para minimizar riesgos en caso de robo. Refresh Token (7 días): Token opaco rotativo almacenado en BD para renovar sesiones sin exponer credenciales. 🛡️ Protección contra Fuerza Bruta (Rate Limiting): Middleware distribuido usando Redis. Bloquea IPs/Usuarios tras 5 intentos fallidos por 15 minutos. … View on GitHub Carpetas: terraform/ - Lambda config cmd/lambda/ - Handler internal/ - Domain y adapters 💬 Tu Turno ¿Has usado Lambda con otros lenguajes? ¿Cuál ha sido tu experiencia con cold starts? ¿Prefieres serverless o servidores tradicionales? Cuenta tu caso de uso en los comentarios 👇 🔗 Conecta GitHub: @edgar-macias-se LinkedIn: edgar-macias-devcybsec Website: edgarmacias.com/es Dev.to: @emp_devcybsec Serie: AWS Zero to Architect Anterior: Módulo 2 - IAM Roles & DynamoDB Siguiente: Módulo 4 - API Gateway (próximamente) 💡 Tip: Si este tutorial te ahorró horas de debugging, compártelo con alguien que esté empezando con serverless.
Beyond Next.js: TanStack Start and the Future of Full-Stack React Development
After 4-5 years of building with Next.js, I've watched the framework evolve from a simple, predictable tool into something far more complex. Next.js remains incredibly powerful for the right use cases. But the constant mental model shifts have become exhausting, and I'm not alone in feeling this way. When Next.js launched, it was genuinely revolutionary. Before that, building a production-ready React app meant orchestrating webpack, Babel, routing libraries, and countless other tools — each with their own configuration quirks. Next.js said, "Here's one thing. It handles routing, rendering, optimization, everything. Just use it." The Pages Router was simple and predictable. File-based routing that made intuitive sense. API routes that felt natural. You didn't have to think about the framework — you just built your app. The mental model was consistent. But at a certain point it went into the questionable direction... A friendly warning: The article is subjective, expressing my personal feelings, but to make things fair I include other resources so you can form your own opinion. I believe in your independent judgement! The App Router Era: Power and Complexity Starting with Next.js 13, things became less stable. React Server Components (RSC) were introduced alongside the App Router, and the framework began changing its foundational assumptions frequently. Suddenly, everything became "server-side by default." We entered a world of 'use client', 'use server', and the 'use cache' directive. The paradigm flipped entirely, bringing frequent hydration problems. We adapted to the idea that everything was cached by default in Next.js 14. Then Next.js 15 arrived with Turbopack and a completely inverted mental model: nothing is cached by default. You now have to explicitly opt-in to caching behavior. // Next.js 15 - Explicit caching with 'use cache' directive 'use cache' export async function getData() { const data = await fetch('/api/data') return data } Next.js 15 made Turbopack the default (or at least heavily promoted) build tool, moving away from Webpack. The Rust-based bundler promised 10x performance improvements, but real-world data told a more nuanced story. As of 2025, Turbopack is still the direction, but developers report variable experiences — excelling at hot refresh but struggling with broken imports, high resources consumption, and cold starts in some scenarios. The fact that Vercel published an official guide titled "Ten Common Mistakes with the Next.js App Router" speaks for itself. The Reality Check You're probably wondering: 'Does this mean we should ditch Next.js completely?' Absolutely not. Next.js remains excellent at what it does; it shines in specific scenarios but struggles to address what most modern web apps actually need. Here's the thing: most applications aren't purely server-rendered. Most are a mix. A marketing homepage that needs SEO? Sure, server-render that. But then there's the dashboard, search functionality, user preferences, and interactive features — the stuff that doesn't need (or shouldn't have) server rendering. With the Next.js App Router, you end up fighting the framework's server-first assumption. You're constantly adding 'use client' boundaries, managing server/client complexity, and dealing with performance trade-offs. For projects that are truly content-heavy — blogs, documentation sites, e-commerce product catalogs — Next.js still makes total sense. But for the 70% of applications that are interactive with some server-side needs? The friction becomes harder to ignore. TanStack Start Enters the Arena That's when TanStack Start enters the picture: a framework built on stable patterns, client-first by design, and refreshingly explicit about what runs where. Here's what makes it different: TanStack has serious credibility. They've been shipping battle-tested tools that developers actually use for years. TanStack Query (formerly React Query) powers data fetching in millions of React applications worldwide TanStack Table powers countless data grids TanStack Router provides type-safe routing for developers who care about type safety These are battle-tested tools with years of real-world usage, refined through community feedback, and stable APIs that don't flip every version (we can expect TanStack to change, but building blocks remain stable). When TanStack decided to build a full-stack framework, there was already credibility, an existing philosophy, and a deep understanding of what developers actually need. This image is quite self-descriptive, I think: As of November 2025, it's a RC, with active development and growing community adoption. Unlike Next.js, the framework maintains consistency in its fundamentals. Out of curiosity, I built an app while it was still a beta, and now it is v1 already, and everything works without friction. TanStack Start is built on two key technologies: TanStack Router (the entire routing layer with type safety) Vite (an industry-standard build tool) This combination matters because each piece is proven, modular, and well-understood. Core Philosophical Difference: Client-First vs Server-First Next.js 15: Server-First Architecture With the App Router, Next.js embraces a server-first paradigm. Every component is a React Server Component by default. You start on the server and explicitly opt into client-side interactivity with 'use client'. This approach excels for content-heavy websites, blogs, and e-commerce product pages where SEO matters and users primarily consume content. But for highly interactive applications — dashboards, admin panels, SaaS tools — this creates friction. Developers find themselves constantly fighting the framework's assumptions, marking files with 'use client', and navigating complex server/client boundaries. TanStack Start: Client-First with Powerful Server Capabilities TanStack Start takes a different approach: client-first with selective server-side rendering. Routes are rendered on the server by default for the initial request (providing SSR benefits), but you have fine-grained control over the rendering mode via the ssr property on each route: // TanStack Start - SSR configuration per route // Pure client-side rendering (like a traditional SPA) export const Route = createFileRoute('/dashboard')({ ssr: false, component: DashboardComponent, }) // Full SSR for SEO-critical pages export const Route = createFileRoute('/products')({ ssr: true, loader: async () => fetchProducts(), component: ProductsComponent, }) // Data-only SSR: fetch data server-side, render client-side export const Route = createFileRoute('/admin')({ ssr: 'data-only', loader: async () => fetchAdminData(), component: AdminComponent, }) Key clarification: TanStack Start's "client-first" philosophy means: The mental model is client-centric: You write code thinking about the client experience first SSR is opt-in per route: Unlike Next.js where you opt-out of server rendering, TanStack Start lets you opt-in where needed Code is isomorphic by default: Route loaders run on both server (initial load) and client (navigation) This gives you the best of both worlds: SSR performance where it matters, with SPA-like navigation for everything else. Feature-by-Feature Deep Dive 1. Routing with Type Safety This is where TanStack Start truly shines. The framework generates a routeTree.gen.ts file containing complete type information about every route — a feature Next.js simply doesn't offer. Next.js 15 Example // app/products/[slug]/page.tsx export default async function ProductPage({params}: { params: Promise<{ slug: string }> }) { const {slug} = await params // Use slug... return <div>Product: {slug}</div> } // In a component - just strings, no type checking <Link href={`/products/${productId}`}> View Product </Link> TanStack Start Example // routes/products.$id.tsx export const Route = createFileRoute('/products/$id')({ loader: async ({params}) => { // params.id is fully typed automatically return getProduct(params.id) }, component: ProductComponent, }) function ProductComponent() { const product = Route.useLoaderData() // Fully typed! return <div>{product.name}</div> } // Navigation with compile-time safety navigate({ to: '/products/$id', params: {id: productId} // TypeScript validates this exists and is correct type }) Change a route parameter? Every link using that route fails at build time — not at runtime. This eliminates an entire class of bugs before shipping. Learn more in the TanStack Router Type Safety guide. 2. Data Fetching: Isomorphic Loaders vs Async Server Components Next.js 15 Approach // app/page.tsx - Async Server Component export default async function Page() { // Direct data fetching on the server const res = await fetch('https://api.example.com/data') const data = await res.json() return ( <main> <h1>{data.title}</h1> <p>{data.description}</p> </main> ) } // To cache data in Next.js 15, use 'use cache' directive 'use cache' export async function getData() { const data = await fetch('/api/data') return data } See Next.js caching documentation. TanStack Start Approach export const Route = createFileRoute('/products/$id')({ loader: async ({params}) => { // This loader is ISOMORPHIC: // - Runs on server for initial load // - Runs on client for subsequent navigation const product = await getProduct(params.id) const wishlist = await getWishlist() return {product, wishlist} }, component: ({useLoaderData}) => { const {product, wishlist} = useLoaderData() return ( <div> <ProductCard product={product} /> <WishlistChecker product={product} wishlist={wishlist} /> </div> ) } }) These are called "isomorphic loaders" — the same code runs on server during initial load and on client during navigation. This is a fundamental architectural difference. Here's the key advantage: TanStack Start integrates deeply with TanStack Query. You get automatic caching, stale-while-revalidate, and background refetching out of the box. Navigate to /products/2, then back to /products/1? The data is still there. No refetch. Instant navigation. It's a cohesive system where data fetching, caching, and navigation work together seamlessly. Learn about TanStack Start's execution model and isomorphic loaders. 3. Server Functions: Flexibility vs Convention Next.js 15 Server Actions // Server Action - tightly coupled to forms 'use server' export async function createUser(formData: FormData) { const name = formData.get('name') const newUser = await db.users.create({ name: name as string }) revalidatePath('/users') return newUser } // Usage in component <form action={createUser}> <input name="name" /> <button type="submit">Create</button> </form> Server Actions are primarily designed for form submissions and only support POST requests by default. While this provides built-in CSRF protection (comparing Origin and Host headers), it also limits flexibility. It gets even trickier with middleware, where the exploit helped to bypass a security check. See Next.js Server Actions documentation and security considerations. TanStack Start Server Functions import {createServerFn} from '@tanstack/react-start' import {z} from 'zod' export const createUser = createServerFn({method: 'POST'}) .validator(z.object({ name: z.string().min(1), email: z.email() })) .middleware([authMiddleware, loggingMiddleware]) .handler(async ({data, context}) => { // data is validated and fully typed return db.users.create(data) }) // Call it from anywhere - not just forms const mutation = useMutation({ mutationFn: createUser }) <button onClick={() => mutation.mutate({name: 'Alice', email: 'alice@example.com'})}> Create User </button> TanStack Start server functions support: Any HTTP method (GET, POST, PUT, DELETE, etc.) Built-in validation with Zod or other validators Composable middleware (authentication, logging, etc.) Client-side and server-side middleware execution While it requires more code, it's far more functional and flexible. Learn more in the TanStack Start Server Functions guide and Middleware guide. 4. SEO: Static Metadata vs Dynamic Head Management Both frameworks handle SEO well, but with different approaches. Next.js 15 Metadata API import type { Metadata, ResolvingMetadata } from 'next' type Props = { params: Promise<{ id: string }> searchParams: Promise<{ [key: string]: string | string[] | undefined }> } export async function generateMetadata( { params, searchParams }: Props, parent: ResolvingMetadata ): Promise<Metadata> { // read route params const { id } = await params // fetch data const product = await fetch(`https://.../${id}`).then((res) => res.json()) // optionally access and extend (rather than replace) parent metadata const previousImages = (await parent).openGraph?.images || [] return { title: product.title, openGraph: { images: ['/some-specific-page-image.jpg', ...previousImages], }, } } export default function Page({ params, searchParams }: Props) {} Simple and consistent. Every page exports metadata, and Next.js handles it automatically. The trade-off? Quite verbose, requires additional function for dynamic routes and static in Server Components, less flexible for complex scenarios. See Next.js Metadata API documentation. TanStack Start Head Function export const Route = createFileRoute('/blog/$slug')({ loader: async ({params}) => { const article = await fetchArticle(params.slug) return article }, head: ({loaderData}) => ({ meta: [ {title: loaderData.title}, // Fully typed from loader! {name: 'description', content: loaderData.excerpt}, {property: 'og:title', content: loaderData.title}, {property: 'og:description', content: loaderData.excerpt}, {property: 'og:image', content: loaderData.coverImage}, ], links: [ {rel: 'canonical', href: `https://example.com/blog/${loaderData.slug}`}, ], }), component: BlogPostComponent, }) The head function receives fully-typed loaderData, ensuring meta tags are never out of sync with your data. Child routes can override parent route meta tags intelligently, creating a composable head management system. The Real Advantage: Selective SSR for SEO You choose which routes need server-side rendering: // Marketing page: Full SSR export const Route = createFileRoute('/about')({ ssr: true, loader: () => fetchAboutData(), component: AboutPage, }) // Internal dashboard: Pure client-side (no SEO needed) export const Route = createFileRoute('/dashboard')({ ssr: false, component: Dashboard, }) // Blog: Static prerendering at build time export const Route = createFileRoute('/blog/$slug')({ ssr: 'prerender', loader: ({params}) => fetchBlogPost(params.slug), component: BlogPost, }) For applications that are primarily interactive dashboards with some public-facing content, this granular control is invaluable. TanStack Start even supports static prerendering with intelligent link crawling: // vite.config.ts export default defineConfig({ plugins: [ tanstackStart({ prerender: { enabled: true, autoStaticPathsDiscovery: true, crawlLinks: true, concurrency: 14, }, }), ], }) The framework automatically crawls your site during build and prerenders all static pages. See the Static Prerendering documentation. 5. The Build Tool Story: Vite vs Turbopack Next.js 15 Update: Turbopack was introduced as the new build tool (moving away from Webpack), though not yet the absolute default everywhere. Performance improvements are notable but variable depending on project complexity. Turbopack Performance (Next.js 15 - 2025): Fast Refresh: Improved over Webpack but with variable performance in large monorepos Build speeds: Generally faster for medium projects, but struggles in very large codebases Cold starts: Still an area where some teams report slowness compared to Vite TanStack Start uses Vite, which has been battle-tested for years across the ecosystem: Predictable performance across different project sizes Mature ecosystem with extensive plugin support No major surprises between versions I will let you to decide which is better, but in my opinion Turbopack is not as matured as Vite or Webpack, and Vite has stronger positions in comparison with Webpack, so Vite is definitely a winner here. Learn about Next.js 15 and Turbopack and Vite benchmarks. 6. Deployment: Vendor Lock-in vs True Flexibility Next.js 15: Optimized for Vercel Next.js is heavily optimized for Vercel deployment. Deploy to Vercel? Everything works magically. Self-host? You're fighting against framework assumptions: Build artifacts need environment-specific configuration Image optimization and some performance features tied to Vercel infrastructure Feature parity issues across different hosting providers My devOps colleague hated it when I used a Next.js middleware in our projects because... Have you ever tried to deploy Next.js apps on AWS? Challenging, to say the least. Next.js is not build once, run anywhere. You often need to rebuild per environment. While it's possible to deploy Next.js elsewhere, it requires significantly more configuration and often lacks feature parity with Vercel deployments. TanStack Start: Deploy Anywhere TanStack Start is built on Vite — no vendor lock-in, no environment assumptions. Deploy to: Cloudflare Workers Netlify Your own Docker container AWS Lambda Any Node.js server Configuration example for Cloudflare: // vite.config.ts import {defineConfig} from 'vite' import {tanstackStart} from '@tanstack/react-start/plugin/vite' import {cloudflare} from '@cloudflare/vite-plugin' import viteReact from '@vitejs/plugin-react' export default defineConfig({ plugins: [ cloudflare({viteEnvironment: {name: 'ssr'}}), tanstackStart(), viteReact(), ], }) The framework doesn't care where you deploy. Build artifacts are truly portable. You build once and run anywhere. Check this short YouTube video to see how to deploy TanStack Start in less than a minute (it is indeed 1 minute, I tried myself!). 7. Developer Experience: Next.js 15 vs TanStack Start From my experience, dev experience of Next.js 15 is rather poor. They have announced adequate hydration errors handling just recently. But TanStack Start went far and beyond. Here is how it looks like starting with TanStack Start: 1) UI option 2) Console option 3) DevTools And what we have with Next.js 15: 1) Console option 2) DevTools Well, Next.js can definitely do better? When to Choose Each Framework Choose Next.js 15 if: ✅ Building content-heavy sites (blogs, marketing pages, documentation, e-commerce) ✅ SEO is mission-critical with zero-config needs ✅ Deploying to Vercel ✅ Team already knows Next.js thoroughly (sad, but true, learning curve can be a deal breaker if you have juniors in your team) ✅ App is mostly read-heavy with limited interactivity Choose TanStack Start if: ✅ Building highly interactive applications (dashboards, admin tools, SaaS) ✅ Need deployment flexibility without vendor lock-in (to have some mercy on your devOps engineers) ✅ Type safety across your entire app is non-negotiable ✅ Already using TanStack Query, Table, or Form ✅ Want fine-grained control over SSR per route You can check the full table here. The End of the Monopoly For years, Next.js was the only real choice for full-stack apps. One framework, one pattern, one way to build. While that simplicity helped the ecosystem grow, it also created constraints — not every application fits the server-first mold. TanStack Start changes that equation. It's not trying to kill Next.js — it's offering developers a genuine alternative with a different philosophy. Client-first, modular, deployment-agnostic, and built on battle-tested libraries. Next.js isn't going anywhere. It will continue dominating content-heavy sites where its server-first approach makes perfect sense. But TanStack Start brings real competition for interactive applications, and that competition makes the ecosystem healthier. I've watched it evolve from simple and predictable to powerful but complex. TanStack Start looks promising precisely because it takes a different path — stability over constant reinvention, flexibility over convention, explicit control over implicit defaults. The React ecosystem needed this. Not because Next.js is bad, but because having genuine alternatives — frameworks competing on merit and philosophy rather than inertia — benefits everyone. Developers win when they have real choices, not just default options. And right now, TanStack Start is the most compelling alternative I've seen. Additional Resources Next.js 15 Next.js 15 Release Blog Next.js App Router Documentation Next.js use cache Directive Next.js Caching Guide Next.js Metadata & OG Images Common Mistakes with App Router TanStack Start RC TanStack Start Official Documentation TanStack Start v1 Release Announcement TanStack Router Type Safety Guide TanStack Start Selective SSR TanStack Start Server Functions TanStack Start Middleware TanStack Start Hosting Options TanStack Start Static Prerendering TanStack Start Execution Model TanStack Start GitHub Releases Awesome demo video by Jack Herrington Deployment Guides TanStack Start on Cloudflare Workers TanStack Start on Netlify Official Hosting documentation Deploy TanStack Start in Less Than A Minute Comparison Resources TanStack Router vs Next.js Comparison Frontend Masters: TanStack start
Man suspected of killing his wife in California is extradited back to the US from Peru
Los Angeles officials say a man suspected of killing his wife and dumping her body in a Southern California forest has been extradited back to the U.S. from Peru to face a murder charge
The Chiefs will miss the playoffs for the first time in Patrick Mahomes' career
For the first time in his career as a starting quarterback, Patrick Mahomes will not only fail to reach the AFC Championship game — he won't even play in the postseason.
Suspects in Bondi Beach shooting identified as father and son
At least 15 people were killed in the attack at Bondi Beach and multiple remain injured. Officials identified suspects in the attack as father and son. According to Commissioner Mal Lanyon, police are not looking for additional shooters in connection with the attack.
I Built an ML Platform to Monitor Africa's $700B Debt Crisis - Here's What I Learned
I Built a full-stack analytics platform tracking sovereign debt risk across 15 African economies Implemented ML pipeline processing fiscal data from IMF and World Bank APIs System correctly identified Ghana (2022) and Zambia (2020) debt crises months before they materialized GitHub Repository: https://github.com/cyloic/africa_debt_crisis Tech Stack: Python, React, scikit-learn, pandas, REST APIs The Problem: A $700 Billion Blind Spot Nine African countries are currently in debt distress. Combined sovereign debt across the continent exceeds $700 billion, with debt service consuming over 40% of government revenue in several nations. The 2022 collapse caught many by surprise: Ghana went from "manageable debt levels" to sovereign default in under 18 months. Zambia, Mozambique, and Ethiopia followed similar trajectories. The core issue? Traditional monitoring relies on lagging indicators. By the time the IMF flags a country as "high risk," it's often too late for preventive measures. I wondered: could machine learning provide earlier warning signals? What I Built Africa-Debt-intelligence is a real-time sovereign debt risk monitoring platform that: Aggregates fiscal data from IMF World Economic Outlook and World Bank International Debt Statistics Generates risk scores (0-100 scale) using ML clustering and time-series analysis Forecasts debt trajectories 5 years ahead with confidence intervals Provides policy recommendations tailored to each country's risk profile Issues live alerts when fiscal indicators cross critical thresholds The platform currently monitors 15 Sub-Saharan African economies representing 85% of the region's GDP. Technical Architecture Data Pipeline The foundation is automated data ingestion from public APIs: def load_and_clean_data(filepath: str) -> pd.DataFrame: """ Load long-format fiscal data and perform cleaning operations. """ df = pd.read_csv(filepath) # Convert time to year format df['Year'] = pd.to_datetime(df['Time']).dt.year # Handle missing values with forward fill + interpolation df = df.groupby(['Country', 'Indicator']).apply( lambda x: x.interpolate(method='linear') ).reset_index(drop=True) # Normalize fiscal indicators to % of GDP gdp_data = df[df['Indicator'] == 'GDP'][['Country', 'Year', 'Amount']] gdp_data = gdp_data.rename(columns={'Amount': 'GDP'}) df = df.merge(gdp_data, on=['Country', 'Year'], how='left') # Create normalized ratios indicators_to_normalize = ['External_Debt', 'Revenue', 'Expenditure', 'Deficit'] for ind in indicators_to_normalize: mask = df['Indicator'] == ind df.loc[mask, 'Normalized_Value'] = ( df.loc[mask, 'Amount'] / df.loc[mask, 'GDP'] * 100 ) return df Key indicators tracked: Debt-to-GDP ratio Fiscal balance (% GDP) Revenue-to-GDP ratio Debt service ratio GDP growth rate Inflation rate External debt exposure FX reserves (months of imports) Risk Scoring Model The risk scoring combines unsupervised learning with domain expertise: from sklearn.cluster import KMeans from sklearn.preprocessing import StandardScaler def generate_risk_scores(df: pd.DataFrame) -> pd.DataFrame: """ Generate composite risk scores using K-means clustering and weighted fiscal indicators. """ # Select features for clustering features = [ 'Debt_to_GDP', 'Fiscal_Balance', 'Revenue_to_GDP', 'Debt_Service_Ratio', 'GDP_Growth', 'Inflation' ] # Standardize features scaler = StandardScaler() X_scaled = scaler.fit_transform(df[features]) # K-means clustering to identify risk groups kmeans = KMeans(n_clusters=4, random_state=42) df['Risk_Cluster'] = kmeans.fit_predict(X_scaled) # Weighted composite score weights = { 'Debt_to_GDP': 0.25, 'Debt_Service_Ratio': 0.25, 'Fiscal_Balance': 0.20, 'Revenue_to_GDP': 0.15, 'GDP_Growth': 0.10, 'Inflation': 0.05 } df['Risk_Score'] = sum( df[feature] * weight for feature, weight in weights.items() ) # Normalize to 0-1 scale df['Risk_Score'] = ( (df['Risk_Score'] - df['Risk_Score'].min()) / (df['Risk_Score'].max() - df['Risk_Score'].min()) ) return df Risk thresholds: 0.00-0.40: Low Risk (green) 0.41-0.60: Medium Risk (yellow) 0.61-0.75: High Risk (orange) 0.76-1.00: Critical Risk (red) Time-Series Forecasting For debt trajectory projections, I implemented ARIMA models with validation: from statsmodels.tsa.arima.model import ARIMA def forecast_debt_trajectory(country_data: pd.DataFrame, periods: int = 20) -> dict: """ Generate 5-year debt-to-GDP forecast with confidence intervals. """ # Fit ARIMA model model = ARIMA( country_data['Debt_to_GDP'], order=(2, 1, 2) ) fitted_model = model.fit() # Generate forecast forecast = fitted_model.forecast(steps=periods) conf_int = fitted_model.get_forecast(steps=periods).conf_int() return { 'forecast': forecast, 'lower_bound': conf_int.iloc[:, 0], 'upper_bound': conf_int.iloc[:, 1] } The Challenges I Faced Challenge 1: Data Quality Hell African macroeconomic data is notoriously unreliable. Countries revise figures years later, reporting frequencies vary, and some indicators are simply missing for extended periods. Example: Ghana's debt-to-GDP ratio was retroactively revised upward by 15 percentage points in 2023, completely changing the historical picture. Solution: Cross-validated against multiple sources (IMF, World Bank, AfDB) Implemented interpolation for missing quarterly data Added data quality flags to indicate confidence levels Manual spot-checks for outliers and obvious errors Challenge 2: Defining "Risk" What does a risk score of 0.75 actually mean? How do you validate it? Solution: Backtested against historical debt distress episodes (2000-2023) Validated that high scores (>0.70) preceded 8 out of 10 actual crises Average lead time: 14 months before distress materialized Built confusion matrix comparing predictions vs outcomes Historical validation results: Ghana 2022: Flagged 18 months early (score reached 0.82) Zambia 2020: Flagged 16 months early (score reached 0.79) Mozambique 2016: Flagged 12 months early (score reached 0.75) Challenge 3: Making It Interpretable ML models are black boxes. Policymakers need to understand why a country is flagged as high risk. Solution: Feature importance analysis showing which indicators drive risk scores Decomposition showing contribution of each factor Policy recommendations directly tied to specific vulnerabilities Natural language explanations: "Risk elevated due to debt service consuming 62% of revenue" Challenge 4: Keeping Data Current APIs don't always update on schedule, and manual data entry isn't scalable. Solution: Automated ETL pipeline running monthly Fallback to cached data when APIs fail Data freshness indicators on dashboard Email alerts when data hasn't updated in 45+ days Results That Surprised Me Finding 1: Regional Clustering Southern Africa shows consistently higher risk (average score: 0.71) compared to East Africa (0.54). This wasn't just about debt levels—it reflected structural differences in revenue mobilization and economic diversification. Finding 2: The Revenue Problem Countries in critical risk all share one trait: revenue-to-GDP ratios below 15%. Nigeria at 8.2% is particularly striking. Debt levels matter less than the ability to service debt. Finding 3: Growth Doesn't Save You Ethiopia maintains 6%+ GDP growth but sits at medium-high risk (0.58) due to debt service burden. High growth with unsustainable debt structure is a trap. Finding 4: Forecast Volatility 5-year forecasts have wide confidence intervals (±15 percentage points) for commodity-dependent economies. Angola's debt trajectory depends almost entirely on oil prices. What I'd Do Differently If I started over: Start simpler: I spent 2 weeks on clustering algorithms that added minimal value over weighted averages. The fancy ML wasn't necessary. More granular data: Quarterly data would enable better early warning. Annual data misses rapid deteriorations. Add market signals: Bond spreads and CDS prices could improve predictions, but data availability for African sovereigns is limited. Mobile-first design: Most African policymakers access content on mobile. My dashboard is desktop-optimized. Scenario analysis: Should have built interactive "what if" tools showing impact of fiscal reforms. Tech Stack & Tools Backend / Analytics: Python 3.10+ (pandas, numpy, scikit-learn, statsmodels) REST APIs (IMF, World Bank) Data validation: Great Expectations Frontend: React (via Lovable) Recharts for visualizations Tailwind CSS for styling Infrastructure: Hosted on Vercel Automated monthly data refresh via GitHub Actions Cloudflare CDN for static assets Development: VS Code + Jupyter for prototyping Git for version control Documentation: Markdown + inline docstrings Validation & Limitations What this model does well: Identifies countries in clear fiscal distress (>0.70 accuracy) Provides 12-18 month early warning signals Surfaces structural vulnerabilities (low revenue, high debt service) What this model doesn't do: Predict exact timing of defaults (too many political variables) Account for external shocks (wars, pandemics, commodity crashes) Capture contingent liabilities (state-owned enterprise debt) Replace professional credit analysis This is a research prototype, not investment advice. Always consult official sources and professional advisors for financial decisions. Try It Yourself 💻 Source Code: https://github.com/cyloic/africa_debt_crisis Explore: Interactive dashboard with risk scores for 15 countries 5-year debt trajectory forecasts Live feed of fiscal alerts and policy changes Detailed methodology page with code samples Questions I'm exploring: Can digital financial infrastructure (faster settlements, lower transaction costs) reduce liquidity premia and improve debt sustainability? How do regional integration and trade patterns affect fiscal resilience? What's the optimal debt structure for frontier markets? What's Next Roadmap: Expand coverage to 30+ African countries Add quarterly data updates (currently annual) Implement scenario analysis tools ("what if deficit reduced by 2% GDP?") Integrate market data (bond yields, CDS spreads where available) Partner with policy institutions for real-world validation I'm open to collaboration: Academic researchers studying sovereign debt Development finance professionals Data scientists interested in macro-financial modeling Anyone with better data sources! Reflections This project taught me that shipping a working product beats perfecting an algorithm. My initial plan involved sophisticated reinforcement learning models. I spent weeks on that and got nowhere. Switching to simpler methods (clustering + time-series) got me to a working prototype in days. The platform's value isn't in algorithmic sophistication—it's in making complex fiscal data accessible and actionable. For aspiring builders: Start with the simplest approach that could possibly work. Add complexity only when you hit clear limits. Discussion Questions for the community: What other applications of ML to sovereign risk analysis would be valuable? How would you improve the risk scoring methodology? Any suggestions for incorporating real-time market data? Interested in collaborating or testing the platform? Drop your thoughts below! 👇 Connect with me: LinkedIn: [linkedin.com/in/loic-cyusa-516131281] GitHub: [https://github.com/cyloic] Email: [cyusaloic078@gmail.com] Built this platform independently over [6 months] as part of my research into applying data science to emerging market economics. If you found this interesting, consider sharing with others who might benefit!
Grok is spreading misinformation about the Bondi Beach shooting
Grok's track record is spotty at best. But even by the very low standards of xAI, its failure in the aftermath of the tragic mass shooting at Bondi Beach in Australia is shocking. The AI chatbot has repeatedly misidentified 43-year-old Ahmed al Ahmed, the man who heroically disarmed one of the shooters, and claimed the […]
Meta-Optimized Continual Adaptation for smart agriculture microgrid orchestration during mission-critical recovery windows
Meta-Optimized Continual Adaptation for smart agriculture microgrid orchestration during mission-critical recovery windows Introduction: The Learning Journey That Sparked This Research It began with a failed experiment. I was attempting to optimize energy distribution for a small-scale hydroponic farm using a standard reinforcement learning model when an unexpected power fluctuation occurred. The system, trained on months of stable data, completely failed to adapt—it kept trying to apply outdated policies while the actual conditions had fundamentally changed. This wasn't just an academic failure; it represented a real risk to food production systems that increasingly rely on AI-driven energy management. Through studying this failure, I realized that most AI systems for smart agriculture operate under a flawed assumption: that the environment remains relatively stable. In reality, agricultural microgrids face what I've come to call "mission-critical recovery windows"—brief periods following disruptions (storms, equipment failures, market shocks) where optimal energy allocation decisions determine whether crops survive or fail. During my investigation of resilient AI systems, I discovered that traditional approaches to continual learning were insufficient for these high-stakes scenarios. Technical Background: The Convergence of Multiple Disciplines The Problem Space: Smart Agriculture Microgrids Smart agriculture microgrids represent a complex intersection of renewable energy sources (solar, wind, biogas), storage systems (batteries, thermal storage), and variable agricultural loads (irrigation, climate control, processing). What makes this particularly challenging is the time-sensitive nature of agricultural operations. While exploring microgrid optimization papers, I learned that a 30-minute power interruption during pollination or fruit setting can reduce yields by 40-60%. Continual Learning vs. Meta-Optimization Through my experimentation with various learning paradigms, I discovered a crucial distinction: traditional continual learning focuses on accumulating knowledge without catastrophic forgetting, while meta-optimized continual adaptation emphasizes rapid policy adjustment during critical windows. This insight came from studying biological systems—how plants rapidly adjust their resource allocation in response to stress. The core innovation lies in what I call Meta-Optimized Continual Adaptation (MOCA), which combines: Meta-learning for rapid adaptation from limited experience Multi-objective optimization balancing energy efficiency, crop yield, and system resilience Temporal attention mechanisms focusing on critical recovery windows Quantum-inspired optimization for near-real-time decision making Implementation Architecture: Building the MOCA Framework Core System Design During my research into distributed AI systems, I developed a multi-agent architecture where each component specializes in different aspects of the microgrid: class MOCAOrchestrator: def __init__(self, config): # Meta-learning components self.meta_policy = MetaPolicyNetwork() self.context_encoder = TemporalContextEncoder() self.adaptation_module = RapidAdaptationModule() # Specialized agents self.energy_agent = EnergyAllocationAgent() self.crop_agent = CropPhysiologyAgent() self.market_agent = EnergyMarketAgent() # Quantum-inspired optimizer self.quantum_optimizer = QuantumAnnealingOptimizer() # Critical window detector self.window_detector = CriticalWindowDetector() def detect_recovery_window(self, sensor_data): """Identify mission-critical recovery periods""" anomaly_score = self.calculate_anomaly_score(sensor_data) time_sensitivity = self.assess_crop_vulnerability() return anomaly_score > threshold and time_sensitivity > critical_threshold Meta-Learning for Rapid Adaptation One interesting finding from my experimentation with meta-learning was that traditional MAML (Model-Agnostic Meta-Learning) approaches were too slow for recovery windows. I developed a modified approach I call Window-Aware Meta-Learning (WAML): class WindowAwareMetaLearner: def __init__(self, base_model, adaptation_steps=3): self.base_model = base_model self.adaptation_steps = adaptation_steps self.context_memory = ContextMemory(buffer_size=1000) def meta_train(self, tasks, recovery_windows): """Train to adapt quickly during critical windows""" meta_optimizer = torch.optim.Adam(self.base_model.parameters()) for task_batch, window_batch in zip(tasks, recovery_windows): # Store pre-adaptation parameters fast_weights = list(self.base_model.parameters()) # Rapid adaptation during simulated recovery window for step in range(self.adaptation_steps): loss = self.compute_window_loss(task_batch, window_batch) grad = torch.autograd.grad(loss, fast_weights) fast_weights = [w - 0.01 * g for w, g in zip(fast_weights, grad)] # Meta-update based on adaptation performance meta_loss = self.evaluate_adapted_model(fast_weights, task_batch) meta_optimizer.zero_grad() meta_loss.backward() meta_optimizer.step() Quantum-Inspired Optimization for Real-Time Decisions While studying quantum computing applications, I realized that even classical quantum-inspired algorithms could dramatically improve optimization speed. The key insight was encoding the microgrid state as a QUBO (Quadratic Unconstrained Binary Optimization) problem: class QuantumInspiredMicrogridOptimizer: def __init__(self, num_assets, time_horizon): self.num_assets = num_assets self.time_horizon = time_horizon def formulate_qubo(self, energy_demand, generation_forecast, storage_state): """Formulate microgrid optimization as QUBO problem""" Q = np.zeros((self.num_assets * self.time_horizon, self.num_assets * self.time_horizon)) # Objective: Minimize cost while meeting demand for t in range(self.time_horizon): for i in range(self.num_assets): idx = t * self.num_assets + i # Energy cost term Q[idx, idx] += self.energy_cost[i, t] # Demand satisfaction constraints (as penalty) for j in range(self.num_assets): idx2 = t * self.num_assets + j Q[idx, idx2] += self.demand_penalty * 2 # Add temporal continuity constraints Q = self.add_temporal_constraints(Q) return Q def solve_with_simulated_annealing(self, Q, num_reads=1000): """Quantum-inspired classical optimization""" sampler = neal.SimulatedAnnealingSampler() response = sampler.sample_qubo(Q, num_reads=num_reads) return response.first.sample Real-World Application: Case Study Implementation Integration with Agricultural IoT Systems During my hands-on work with agricultural IoT deployments, I developed this integration layer that connects MOCA with physical sensors and actuators: class AgriculturalMicrogridController: def __init__(self, farm_config): self.sensors = { 'soil_moisture': SoilMoistureNetwork(), 'weather': WeatherStationInterface(), 'crop_health': MultispectralImagingProcessor(), 'energy': SmartMeterNetwork() } self.actuators = { 'irrigation': SmartValveController(), 'lighting': LEDLightingSystem(), 'climate': GreenhouseHVAC(), 'storage': BatteryManagementSystem() } self.moca_orchestrator = MOCAOrchestrator(farm_config) self.recovery_mode = False def monitor_and_adapt(self): """Main control loop with continual adaptation""" while True: # Collect real-time data sensor_data = self.collect_sensor_data() # Detect critical windows if self.detect_critical_window(sensor_data): self.recovery_mode = True recovery_policy = self.activate_recovery_protocol(sensor_data) else: self.recovery_mode = False recovery_policy = None # Generate optimal actions actions = self.moca_orchestrator.generate_actions( sensor_data, recovery_policy, self.recovery_mode ) # Execute with safety checks self.execute_actions_safely(actions) # Learn from outcomes self.update_models(sensor_data, actions) time.sleep(self.control_interval) Multi-Objective Reward Function One of the most challenging aspects I encountered was designing a reward function that balances competing objectives. Through extensive experimentation, I arrived at this formulation: class MultiObjectiveReward: def __init__(self, weights): self.weights = weights # Dict of objective weights def compute(self, state, actions, next_state): """Compute composite reward across multiple objectives""" rewards = {} # Energy efficiency objective rewards['energy'] = self.compute_energy_efficiency( state['energy_consumed'], state['crop_yield_potential'] ) # Crop health objective rewards['crop'] = self.compute_crop_health_improvement( state['crop_stress_indices'], next_state['crop_stress_indices'] ) # Economic objective rewards['economic'] = self.compute_economic_value( state['energy_cost'], state['predicted_yield_value'] ) # Resilience objective (particularly important during recovery) rewards['resilience'] = self.compute_resilience_metric( state['system_vulnerability'], actions['redundancy_activation'] ) # Weighted combination with adaptive weights during recovery if state['recovery_window']: # Increase weight on crop and resilience during critical periods recovery_weights = self.adjust_weights_for_recovery(self.weights) total_reward = sum(recovery_weights[obj] * rewards[obj] for obj in rewards) else: total_reward = sum(self.weights[obj] * rewards[obj] for obj in rewards) return total_reward, rewards Challenges and Solutions from My Experimentation Challenge 1: Catastrophic Forgetting During Stable Periods Problem: Early versions of the system would forget recovery strategies during long stable periods, then fail when disruptions occurred. Solution: I implemented a Selective Memory Rehearsal mechanism that prioritizes recovery scenarios: class SelectiveMemoryBuffer: def __init__(self, capacity, recovery_ratio=0.3): self.capacity = capacity self.recovery_ratio = recovery_ratio # Minimum % of recovery samples self.stable_buffer = deque(maxlen=int(capacity * (1-recovery_ratio))) self.recovery_buffer = deque(maxlen=int(capacity * recovery_ratio)) def add_experience(self, experience, is_recovery): if is_recovery: self.recovery_buffer.append(experience) # Ensure minimum recovery samples if len(self.recovery_buffer) < self.capacity * self.recovery_ratio: # Replicate important recovery experiences self.oversample_critical_recoveries() else: self.stable_buffer.append(experience) def sample_batch(self, batch_size): """Sample with guaranteed recovery experiences""" recovery_samples = min(int(batch_size * self.recovery_ratio), len(self.recovery_buffer)) stable_samples = batch_size - recovery_samples batch = [] if recovery_samples > 0: batch.extend(random.sample(self.recovery_buffer, recovery_samples)) if stable_samples > 0: batch.extend(random.sample(self.stable_buffer, stable_samples)) return batch Challenge 2: Real-Time Optimization Under Computational Constraints Problem: Full optimization was computationally expensive, especially on edge devices in rural agricultural settings. Solution: I developed a Hierarchical Optimization approach with cached policy fragments: class HierarchicalMicrogridOptimizer: def __init__(self): self.policy_cache = PolicyCache() self.fast_heuristics = PrecomputedHeuristics() self.full_optimizer = FullOptimizer() def optimize(self, state, time_constraint): """Hierarchical optimization with fallbacks""" # Level 1: Cache lookup for similar states cached_policy = self.policy_cache.lookup(state) if cached_policy and cached_policy['confidence'] > 0.9: return cached_policy['actions'] # Level 2: Fast heuristic for urgent decisions if time_constraint < 0.1: # Less than 100ms return self.fast_heuristics.get_actions(state) # Level 3: Meta-optimized adaptation if in recovery if state['recovery_window']: adapted_policy = self.meta_adaptation(state) self.policy_cache.store(state, adapted_policy) return adapted_policy # Level 4: Full optimization for non-critical decisions optimal_policy = self.full_optimizer.solve(state) self.policy_cache.store(state, optimal_policy) return optimal_policy Advanced Techniques: Temporal Attention for Recovery Windows While studying attention mechanisms in transformers, I realized they could be adapted to focus computational resources on critical time periods: class TemporalAttentionRecovery: def __init__(self, input_dim, num_heads, window_size): self.temporal_attention = nn.MultiheadAttention( input_dim, num_heads, batch_first=True ) self.window_size = window_size self.recovery_detector = nn.Sequential( nn.Linear(input_dim, 64), nn.ReLU(), nn.Linear(64, 1), nn.Sigmoid() ) def forward(self, temporal_data): # data shape: (batch, sequence_length, features) # Detect recovery probability at each time step recovery_probs = self.recovery_detector(temporal_data) # Create attention mask focusing on recovery periods attention_mask = self.create_recovery_mask(recovery_probs) # Apply temporal attention with recovery focus attended, _ = self.temporal_attention( temporal_data, temporal_data, temporal_data, attn_mask=attention_mask ) return attended, recovery_probs def create_recovery_mask(self, recovery_probs, threshold=0.7): """Create attention mask emphasizing recovery windows""" batch_size, seq_len = recovery_probs.shape[:2] mask = torch.zeros(batch_size, seq_len, seq_len) for b in range(batch_size): recovery_indices = torch.where(recovery_probs[b] > threshold)[0] # Allow full attention within recovery windows for i in recovery_indices: window_start = max(0, i - self.window_size) window_end = min(seq_len, i + self.window_size) mask[b, i, window_start:window_end] = 1 # Allow limited attention outside recovery windows mask[b] += 0.1 # Baseline attention return mask.bool() Future Directions: Where This Technology Is Heading Through my research into emerging technologies, I've identified several promising directions: 1. Quantum Machine Learning Integration While current implementations use quantum-inspired algorithms, actual quantum hardware could solve certain optimization problems exponentially faster. I'm particularly excited about Quantum Neural Networks for representing the complex state space of agricultural microgrids. 2. Neuromorphic Computing for Edge Deployment My experimentation with neuromorphic chips suggests they could provide the energy-efficient, real-time processing needed for field deployment. The event-driven nature of neuromorphic systems aligns perfectly with the sporadic but critical nature of recovery windows. 3. Federated Learning Across Agricultural Networks One insight from studying distributed systems is that farms could collaboratively improve their adaptation policies without sharing sensitive data. I've begun prototyping a Privacy-Preserving Federated MOCA system: class FederatedMOCA: def __init__(self, num_farms): self.global_model = MOCAModel() self.farm_models = [MOCAModel() for _ in range(num_farms)] self.secure_aggregator = SecureAggregationProtocol() def federated_round(self, recovery_experiences): """One round of federated learning focusing on recovery strategies""" # Each farm adapts global model to local recovery experiences local_updates = [] for i, farm_model in enumerate(self.farm_models): local_update = farm_model.learn_from_recovery( recovery_experiences[i], base_model=self.global_model ) # Add differential privacy noise noisy_update = self.add_dp_noise(local_update) local_updates.append(noisy_update) # Secure aggregation of updates aggregated_update = self.secure_aggregator.aggregate(local_updates) # Update global model self.global_model.apply_update(aggregated_update) return self.global_model 4. Biological-Inspired Adaptation Mechanisms My study of plant stress responses revealed sophisticated adaptation strategies that could inform AI design. I'm exploring phytohormone-inspired signaling networks for coordinating distributed responses across the microgrid. Conclusion: Key Takeaways from My Learning Journey This research journey—from that initial failure to the development of Meta-Optimized Continual Adaptation—has taught me several crucial lessons: Critical windows require specialized approaches: General-purpose AI systems fail when mission-critical recovery periods demand rapid, reliable adaptation. Meta-learning is transformative for adaptation speed: The ability to learn how to learn quickly during disruptions is more valuable than optimizing for stable conditions. Multi-objective balancing is dynamic: The relative importance of energy efficiency, crop yield, and system resilience shifts dramatically during recovery windows. Quantum-inspired algorithms offer practical benefits today: Even without quantum hardware, quantum-inspired optimization can significantly improve decision speed. 5.
Real‑time market data is the backbone of modern trading systems, analytics dashboards, and automated strategies. When latency matters and decisions must be based on the freshest information available, developers need efficient mechanisms to ingest, process, and act on streaming financial data. In crypto, this challenge is even more pronounced: prices can swing in milliseconds, and the quality of market feeds directly impacts the reliability of any dependent system. At the core of real‑time consumption are WebSocket APIs — persistent connections that push updates to clients as soon as they occur. Unlike traditional REST endpoints, which are designed for periodic polling and snapshots, WebSockets allow applications to receive continuous streams of events without repeatedly opening new HTTP connections. This design not only reduces overhead but also enables developers to build responsive interfaces and event‑driven logic that react instantly to market changes. An instructive example is the public WebSocket API provided by WhiteBIT. The platform exposes endpoints that deliver a variety of real‑time market feeds, including order book depth, trade events, and best bid/ask prices. Subscribing to these streams allows a client to receive updates with minimal latency, making it suitable for high‑frequency trading systems and live dashboards. Each message is delivered in JSON format, with clearly defined fields for prices, volumes, and timestamps — enabling precise integration with downstream logic. To handle these streams effectively, developers typically combine a few patterns: Maintain a single persistent WebSocket connection and subscribe to multiple channels, reducing connection overhead and managing rate limits more gracefully. Use a snapshot + update pattern: fetch an initial state via REST (e.g., current order book) and then apply incremental updates from WebSocket messages to keep local state accurate. Implement robust reconnection logic and keep‑alive (e.g., periodic pings) to ensure stability across network interruptions. Beyond the transport layer, developers must also consider data modeling and performance. Real‑time feeds can produce high volumes of messages — especially when tracking order books at millisecond granularity or across several trading pairs. Efficient parsing, event queuing, and state reconciliation are key to preventing bottlenecks or staleness in downstream components. Modern real‑time applications also benefit from abstractions such as message brokers, in‑memory caches, or streaming libraries that can buffer and distribute data to multiple consumers without duplicating the connection logic itself. Libraries like RxJS in JavaScript or reactive streams in other ecosystems make it easier to handle asynchronous flows while preserving clarity and composability. Finally, quality of data matters. Developers should monitor metrics like latency, message rate, and data freshness (often inferred from timestamps included in payloads) to ensure that their real-time logic is consuming reliable inputs. Tools for replaying events or synchronizing with historical backfills can also be invaluable when reconstructing state after reconnects or outages. In summary, real‑time market data demands not just access to a live feed, but thoughtful engineering around connection management, efficient state handling, and resilient architecture. By leveraging well‑designed APIs — such as those with WebSocket support and clear data structures — developers can build systems that stay closely aligned with the pulse of the market.
Most cloud breaches? Not sophisticated attacks. Not genius hackers. Just someone who left an S3 bucket public or gave an IAM role way too many permissions. It's painfully common. The frustrating part is that AWS actually gives you tools to prevent this stuff. Most people just don't turn them on. Worth looking into if you haven't already. I'm not saying you need all of them on day one, but they're solid starting points. 1. GuardDuty GuardDuty watches your environment 24/7 and tells you when something weird happens. It pulls from CloudTrail, VPC Flow Logs, and DNS logs to build a picture of normal activity, then alerts you when things deviate. What kind of weird? EC2 instances suddenly mining crypto. Login attempts from countries where you have zero employees. IAM keys being used from IP addresses nobody recognizes. That sort of thing. Is it perfect? No. You'll get some noise. But I'd rather deal with a few false positives than find out three months later that someone was camped out in my environment. Turn it on through AWS Organizations so every account gets covered. And pipe the findings into whatever SIEM you're using. Alerts sitting in the AWS console don't help anyone. 2. Security Hub The more security tools you run, the more places you have to check. It gets scattered fast, which is exactly the problem Security Hub solves. Security Hub pulls everything into one place. It continuously scans your environment against security best practices and shows you exactly where you're falling short. The part I actually like is how it ranks findings by severity. Makes it easier to focus on what matters instead of getting lost in a pile of alerts. Hook it up to Systems Manager Automation and you can auto-fix the obvious stuff too. 3. IAM Access Analyzer Permissions in AWS get messy fast. Someone needs cross-account access for a project, you grant it, project ends, nobody removes it. Multiply that by a hundred times across a few years and you've got a disaster waiting to happen. Access Analyzer scans your resource policies and shows you everywhere you've granted external access. That S3 bucket accessible to some random AWS account you don't recognize? It'll find it. IAM roles that can be assumed by accounts outside your org? Found. The policy generation feature is actually pretty solid too. Instead of guessing what permissions a role needs (and usually guessing too high), you can generate policies based on what the role actually does. Takes like 90 days of activity data but worth the wait. 4. CloudTrail If there's one tool on this list I'd never skip, it's CloudTrail. CloudTrail logs every API call in your account. Every. Single. One. When something goes wrong and you need to figure out what happened, this is how you do it. Without logs, you're just guessing. Someone deleted a critical resource at 2 AM? CloudTrail tells you who. Suspicious activity from an IP you don't recognize? CloudTrail has the receipts. Auditor asking for evidence of access controls? Point them at CloudTrail. 5. Config Here's the thing about misconfigurations: they creep in slowly. Someone opens up a security group "temporarily" for testing. An engineer spins up an unencrypted database because they're in a hurry. Six months later you've got thirty things that violate your security policies and nobody noticed. Config tracks your resource configurations over time and checks them against rules you define. Unencrypted RDS instance? Flagged. Security group with 0.0.0.0/0 on port 22? Flagged. S3 bucket without versioning? You get the idea. Set up the managed rules AWS provides. They cover most of the obvious stuff. Then hook it up to auto-remediation so violations get fixed automatically. Otherwise you're just generating alerts that pile up in a queue nobody looks at. Why All Five? These tools overlap on purpose. GuardDuty catches active threats. Security Hub gives you the big picture. Access Analyzer keeps permissions from spiraling out of control. CloudTrail gives you the forensic trail when things go sideways. Config stops misconfigurations from piling up. Run all five. Seriously. The cost is minimal compared to what a breach costs. And if you're scaling your AWS footprint without these basics in place, you're building on a shaky foundation.
Bayesian Neural Networks Under Covariate Shift: When Theory Fails Practice
October 22, 2025 | Machine Learning | Bayesian Methods The Surprising Failure of Bayesian Robustness If you've been following Bayesian deep learning literature, you've likely encountered the standard narrative: Bayesian methods provide principled uncertainty quantification, which should make them more robust to distribution shifts. The theory sounds compelling—when faced with out-of-distribution data, Bayesian Model Averaging (BMA) should account for multiple plausible explanations, leading to calibrated uncertainty and better generalization. But what if this narrative is fundamentally flawed? What if, in practice, Bayesian Neural Networks (BNNs) with exact inference are actually less robust to distribution shift than their classical counterparts? This is exactly what Izmailov et al. discovered in their NeurIPS 2021 paper, "Dangers of Bayesian Model Averaging under Covariate Shift." Their findings are both surprising and important—they challenge core assumptions about Bayesian methods and have significant implications for real-world applications. The Counterintuitive Result Let's start with the most striking finding: Yes, you read that correctly. On severely corrupted CIFAR-10-C data, a Bayesian Neural Network using Hamiltonian Monte Carlo (HMC) achieves only 44% accuracy, while a simple Maximum a-Posteriori (MAP) estimate achieves 69% accuracy. That's a 25 percentage point gap in favor of the simpler method! This is particularly surprising because on clean, in-distribution data, the BNN actually outperforms MAP by 5%. So we have a method that's better on standard benchmarks but catastrophically fails under distribution shift. Why Does This Happen? The "Dead Pixels" Analogy The authors provide an elegant explanation through what they call the "dead pixels" phenomenon. Consider MNIST digits—they always have black pixels in the corners (intensity = 0). These are "dead pixels" that never activate during training. The Bayesian Problem For a BNN with independent Gaussian priors on weights: Weights connected to dead pixels don't affect the training loss (always multiplied by zero) Therefore, the posterior equals the prior for these weights (they're not updated) At test time with noise, dead pixels might activate Random weights from the prior get multiplied by non-zero values Noise propagates through the network → poor predictions The MAP Solution For MAP estimation with regularization: Weights connected to dead pixels get pushed to zero by the regularizer At test time, even if dead pixels activate, zero weights ignore them Noise doesn't propagate → robust predictions Formally, this is captured by Lemma 1: If feature $x^i_k = 0$ for all training examples and the prior factorizes, then: $$ p(w^1_{ij}|\mathcal{D}) = p(w^1_{ij}) $$ The posterior equals the prior, and these weights remain random. The General Problem: Linear Dependencies The dead pixels example is just a special case. The real issue is any linear dependency in the training data. Proposition 2 states that if training data lies in an affine subspace: $$ \sum_{j=1}^m x_i^j c_j = c_0 \quad \forall i $$ then: The posterior of the weight projection $w_j^c = \sum_{i=1}^m c_i w^1_{ij} - c_0 b^1_j$ equals the prior MAP sets $w_j^c = 0$ BMA predictions are sensitive to test data outside the subspace This explains why certain corruptions hurt BNNs more than others: The Brilliant Solution: EmpCov Prior The authors' solution is both simple and elegant: align the prior with the data covariance structure. The Empirical Covariance (EmpCov) prior for first-layer weights: [ p(w^1) = \mathcal{N}\left(0, \alpha\Sigma + \epsilon I\right) ] where $\Sigma = \frac{1}{n-1} \sum_{i=1}^n x_i x_i^\top$ is the empirical data covariance. How It Works Eigenvectors of prior = Principal components of data Prior variance along PC $p_i$: $\alpha\sigma_i^2 + \epsilon$ For zero-variance direction ($\sigma_i^2 = 0$): variance = $\epsilon$ (tiny) Result: BNN can't sample large random weights along unimportant directions The improvements are substantial: Corruption/Shift BNN (Gaussian) BNN (EmpCov) Improvement Gaussian noise 21.3% 52.8% +31.5 pp Shot noise 24.1% 54.2% +30.1 pp MNIST→SVHN 31.2% 45.8% +14.6 pp Why Do Other Methods Work Better? Here's the interesting part: many approximate Bayesian methods don't suffer from this problem. Why? Method Why Robust? Connection to MAP Deep Ensembles Average of MAP solutions Direct SWAG Gaussian around SGD trajectory Indirect MC Dropout Implicit regularization Indirect Variational Inference Often collapses to MAP-like solutions Indirect BNN (HMC) Samples exact posterior None The common theme: most approximate methods are biased toward MAP solutions, which are robust due to regularization. HMC is unique in sampling the exact posterior, including problematic directions where posterior = prior. Practical Implications For Practitioners Don't assume BNNs are robust: Test on corrupted/out-of-distribution data Consider deep ensembles: They're often more reliable under shift If using BNNs: Implement data-aware priors like EmpCov Benchmark properly: Always include distribution shift evaluations For Researchers Re-evaluate Bayesian assumptions: The theory-practice gap needs addressing Design better priors: Data-dependent priors are crucial Study intermediate layers: The problem might not be limited to the first layer Explore hybrid approaches: Combine BNNs with domain adaptation techniques The Bigger Picture This paper represents a paradigm shift in how we think about Bayesian methods: BMA ≠ Automatic Robustness: Averaging over the posterior can actually hurt generalization under shift Regularization Matters More: MAP's explicit regularization provides unexpected benefits Context Matters: BNNs are great for calibrated in-distribution uncertainty but not for shift robustness As the authors note, this problem affects "virtually every real-world application of Bayesian neural networks, since train and test rarely come from exactly the same distribution." Conclusion The "Dangers of Bayesian Model Averaging under Covariate Shift" paper is a must-read for anyone working with Bayesian methods or robustness. It: Identifies a critical failure mode of BNNs under distribution shift Provides theoretical understanding through linear dependencies Offers practical solutions with data-aware priors Challenges conventional wisdom about Bayesian robustness The key takeaway: Bayesian methods are powerful tools, but they're not magic. Understanding their limitations—especially under distribution shift—is crucial for safe deployment in real-world applications. As machine learning systems get deployed in increasingly diverse and unpredictable environments, papers like this remind us that robustness needs to be explicitly designed and tested, not just assumed from theoretical principles. Reference: Izmailov, P., Nicholson, P., Lotfi, S., & Wilson, A. G. (2021). Dangers of Bayesian Model Averaging under Covariate Shift. Advances in Neural Information Processing Systems, 34. Code: Available at GitHub This post is based on the NeurIPS 2021 paper "Dangers of Bayesian Model Averaging under Covariate Shift." All credit goes to the original authors for their insightful work. Any errors in interpretation are mine.
Recently, I embarked on the Intro to Assembly Language module on Hack the Box. Coming from a background in C, I thought I had a good grasp of compiled languages. However, I quickly realized that Assembly is an entirely different beast. While Hack the Box is an excellent platform, it's not necessarily the ideal place to learn programming languages in depth. But the module was also the last one I needed to complete the SOC Analyst Prerequisites Skill Path and, I don't know you, but I hate to have unfinished business. And then I reach last skills assessment: We are performing a pentest, and in a binary exploitation exercise, we reach the point where we have to run our shellcode. However, only a buffer space of 50 bytes is available to us. So, we have to optimize our assembly code to make it shellcode-ready and under 50-bytes to successfully run it on the vulnerable server. Tips Refer to the "Syscalls" section to understand what the assembly code is doing. Refer to the "Shellcoding Techniques" section to be able to optimize the assembly code. The above server simulates a vulnerable server that we can run our shellcodes on. Optimize 'flag.s' for shellcoding and get it under 50 bytes, then send the shellcode to get the flag. (Feel free to find/create a custom shellcode) After spending two frustrating days attempting to optimize assembly code manually, I had an epiphany. The mindset of a hacker differs from that of a traditional programmer. Sometimes, the most efficient solution is choosing the right tool rather than writing code from scratch. I turned to MSFVenom, a powerful payload generation tool. Here's the magic command: msfvenom -p 'linux/x64/exec' CMD='cat /flg.txt' -a 'x64' --platform 'linux' -f 'hex' where: -p 'linux/x64/exec' - select the payload to execute commands CMD='cat /flg.txt' - specify the command to run -a 'x64' - define the system architecture --platform 'linux' - set the target OS -f 'hex' - choose the output format Result? The final step was simple: use netcat to send the shellcode to the target machine. Boom! Flag obtained. Hacking is fundamentally about tool selection and strategic thinking, not just raw coding skills. Sometimes, the most elegant solution is the simplest one. Something to read: Trent Dalton - Boy Swallows Universe Something to listen to: Papir - IX Something to watch: Nouvelle Vague
Just to don't talk only about failures, let's have a bit of fun with password cracking (can't wait, uh?). In my last group project I have to deal with hashcat to crack hashed passwords but, most important, I had to understand how a good Open Source INTelligence (OSINT for friends) activity can make a significant difference in this activity. First step: thanks to a cool Python script designed by my good friend Zstaigah, we've generated 1000 fake profiles with relative passwords hashed with the SHA-512 algorithm. Then, using a tool called PassGPT we've obtained a first wordlist to try to crack the passwords. In this screenshot you can see the results: So, basically just 12 passwords were discovered. Promising, but yet non satisfactory. Second step: we've decided to include rockyou, a list of over 14 million plaintext passwords from the 2009 RockYou hack (more info on this here. But... Another pass bites the dust. Third step: at this point we've used a wordlist based on the personal information of the profiles and... BANG! All passwords cracked. So, what can we learn from this? Ensure your password are a robust mix of randomness and length (as you can learn from the amazing comic in the cover image provided by xkcd) Passwords alone are not sufficient; always utilize Multi-Factor Authentication (MFA) to secure your accounts, especially for sensitive corporate information. Always remember: don’t be the weak link that could lead to significant security setbacks. If you can find the complete project here (yeah, I know, hash_and_crack it's a great name). Something to read: Kate Beaton - Ducks Something to listen to: Totorro - Sofa So Good Something to watch: Paying for It
Getting Started with Envoy Proxy: What It Is, How It Works, and a Hands-On Implementation
webp)Envoy Proxy is a modern, high-performance open-source edge and service proxy originally developed by Lyft. It's designed for cloud-native applications and is widely used in service meshes like Istio. Envoy excels at handling traffic management, observability, and security in microservices architectures. It supports advanced protocols like HTTP/2 and gRPC natively, making it ideal for modern APIs, including gRPC services exposed to web clients via gRPC-Web. In this article, we'll cover Envoy's core architecture, key concepts like upstream/downstream traffic and connection pooling, and then dive into a practical example: configuring Envoy to handle both gRPC-Web requests from browsers and native gRPC to your backend, while serving static frontend assets. What is Envoy Proxy? Envoy is an L7 proxy (with strong L3/L4 capabilities) that acts as a communication bus for distributed systems. Key features include: .Dynamic configuration via xDS (discovery services) .Rich observability (stats, logging, tracing) .Advanced load balancing, circuit breaking, and retries .First-class support for HTTP/2 and gRPC (including trailers) .Extensibility through filters It's often deployed as a sidecar in Kubernetes or as an edge proxy. Envoy Architecture Overview Envoy's architecture is modular and thread-based: Listeners: Bind to downstream ports/IPs and accept connections from clients (downstream hosts). Filter Chains: Process incoming data (e.g., TCP proxy, HTTP connection manager). Clusters: Groups of upstream hosts (services Envoy forwards to). Cluster Manager: Handles load balancing, health checking, and connection pooling to upstreams. A typical request flow: 1.Downstream client connects to a listener. 2.Data passes through listener filters and network filters (e.g., 3.HTTP Connection Manager). For HTTP, it goes through HTTP filters (routing, gRPC-Web translation, etc.). 4.The router filter selects a cluster based on route rules. 5.Envoy picks an upstream host, acquires a connection from the pool, and forwards the request. Key Concepts: Downstream vs. Upstream .Downstream: Refers to clients connecting to Envoy (e.g., browsers, other services). Envoy receives requests here via listeners. .Upstream: Refers to backend services Envoy connects to (defined in clusters). Envoy acts as a client to these hosts. Connection Pooling in Envoy Connection pooling is a critical performance feature, especially for HTTP/2 and gRPC. Envoy maintains per-cluster, per-worker-thread connection pools to upstream hosts. For gRPC (which uses HTTP/2): .Connections are long-lived and multiplexed (multiple streams over one TCP connection). . New connections are created on-demand when no idle . connection/stream is available (up to circuit breaker limits). . HTTP/2 features like GOAWAY drain connections gracefully. . Pooling happens automatically in clusters configured with http2_protocol_options. You can tune it via circuit breakers (e.g., max_connections, max_requests) in the cluster config. In your gRPC setups, enabling HTTP/2 ensures efficient multiplexing—perfect for high-concurrency gRPC calls. Where is the connection pool? It's managed internally by the Cluster Manager for each upstream cluster. No separate "pool" resource—it's part of the cluster's runtime state. Hands-On: Configuring Envoy for gRPC-Web and Static Frontend A common scenario: Your backend is a gRPC service (e.g., on port 50051), but browsers can't speak native gRPC (HTTP/2 with trailers). Use gRPC-Web from the browser, and let Envoy translate it to native gRPC. Additionally, serve static frontend files from another server. Here's a complete static Envoy config that does exactly that: static_resources: listeners: - name: listener_http address: socket_address: address: 0.0.0.0 port_value: 8080 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http codec_type: AUTO route_config: name: local_route virtual_hosts: - name: local_service domains: ["*"] routes: # Route gRPC-Web requests to the backend gRPC cluster - match: prefix: "/sales.CsvProcessor" route: cluster: backend_grpc # Also handle /fileUpload if frontend uses it - match: prefix: "/fileUpload" route: cluster: backend_grpc # All other requests go to the frontend static server - match: prefix: "/" route: cluster: frontend_server http_filters: - name: envoy.filters.http.grpc_web typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb - name: envoy.filters.http.cors typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - name: backend_grpc connect_timeout: 30s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions explicit_http_config: http2_protocol_options: {} load_assignment: cluster_name: backend_grpc endpoints: - lb_endpoints: - endpoint: address: socket_address: address: backend port_value: 50051 - name: frontend_server connect_timeout: 5s type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: frontend_server endpoints: - lb_endpoints: - endpoint: address: socket_address: address: frontend port_value: 80 admin: access_log_path: "/tmp/admin_access.log" address: socket_address: address: 0.0.0.0 port_value: 9901 Breaking It Down 🚀 Listener (Port 8080): Accepts HTTP/1.1 (from browsers) or HTTP/2. gRPC-Web Filter: Converts gRPC-Web (HTTP/1.1) requests into native gRPC (HTTP/2) for your backend. Routing: /sales.CsvProcessor/* → backend_grpc cluster (gRPC service) /fileUpload → same backend_grpc cluster Everything else (/) → static frontend server backend_grpc Cluster: Uses HTTP/2 for efficient gRPC multiplexing and connection pooling. Includes a CORS filter for seamless browser access. Pro Tips: Use DNS names like backend and frontend (ideal for Docker Compose or Kubernetes). For local development without Docker, replace with host.docker.internal. Run It: envoy -c envoy.yaml This setup leverages Envoy's connection pooling for high-performance gRPC traffic. Next Steps: Add TLS for production security Enable stats and tracing Switch to dynamic xDS config for zero-downtime updates Envoy is powerful yet approachable—start with this config, monitor via the admin port (:9901), and scale effortlessly! Happy proxying! 🚀
Officials hope to bring forth charges in Brown University shooting soon
Col. Oscar Perez, Providence’s police chief, told NBC News' Erin McLaughlin that police are confident the person of interest in custody is the suspected gunman and they hope charges can be brought forth within "the next few hours."
Absynth is back and weirder than ever after 16 years
Absynth is something of a cult classic in the soft synth world. It was originally released in 2000, and quickly found an audience among the growing cadre of people making music on computers. But its last major update, Absynth 5, was released in 2009, and Native Instruments officially discontinued the instrument in 2022, citing a […]
Trump speaks about a weekend of violence across the world
President Trump speaks about a weekend of violence across the world, including mass shootings at Brown University and Australia’s Bondi Beach, as well as a deadly attack on U.S. service members in Syria.
We Evaluated 13 LLM Gateways for Production. Here's What We Found
Why We Needed This Our team builds AI evaluation and observability tools at Maxim. We work with companies running production AI systems, and the same question kept coming up: “Which LLM gateway should we use?” So we decided to actually test them. Not just read docs. Not just check GitHub stars. We ran real production workloads through 13 different LLM gateways and measured what actually happens. What We Tested We evaluated gateways across five categories: Performance — latency, throughput, memory usage Features — routing, caching, observability, failover Integration — how easy it is to drop into existing code Cost — pricing model and hidden costs Production-readiness — stability, monitoring, enterprise features Test workload: 500 RPS sustained traffic Mix of GPT-4 and Claude requests Real customer support queries The Results (Honest Take) Tier 1: Production-Ready at Scale 1. Bifrost (Ours — but hear us out) We built Bifrost because nothing else met our scale requirements. Pros Fastest in our tests (~11 μs overhead at 5K RPS) Rock-solid memory usage (~1.4 GB stable under load) Semantic caching actually works Adaptive load balancing automatically downweights degraded keys Open source (MIT) Cons Smaller community than LiteLLM Go-based (great for performance, harder for Python-only teams) Fewer provider integrations than older tools Best for: High-throughput production (500+ RPS), teams prioritizing performance and cost efficiency Repo: https://github.com/maximhq/bifrost 2. Portkey Strong commercial offering with solid enterprise features. Pros Excellent observability UI Good multi-provider support Reliability features (fallbacks, retries) Enterprise support Cons Pricing scales up quickly at volume Platform lock-in Some latency overhead vs open source tools Best for: Enterprises that want a fully managed solution 3. Kong API gateway giant with an LLM plugin. Pros Battle-tested infrastructure Massive plugin ecosystem Enterprise features (auth, rate limiting) Multi-cloud support Cons Complex setup for LLM-specific workflows Overkill if you just need LLM routing Steep learning curve Best for: Teams already using Kong that want LLM support Tier 2: Good for Most Use Cases 4. LiteLLM The most popular open-source option. We used this before Bifrost. Pros Huge community Supports almost every provider Python-friendly Easy to get started Cons Performance issues above ~300 RPS (we hit this) Memory usage grows over time P99 latency spikes under load Best for: Prototyping, low-traffic apps (<200 RPS), Python teams 5. Unify A unified API approach. Pros Single API for all providers Benchmark-driven routing Good developer experience Cons Relatively new Limited enterprise features High-scale performance unproven Best for: Developers prioritizing simplicity over control 6. Martian Focused on prompt management and observability. Pros Strong prompt versioning Good observability features Decent multi-provider support Cons Smaller user base Limited documentation Pricing unclear at scale Best for: Teams prioritizing prompt workflows Tier 3: Specialized Use Cases 7. OpenRouter Pay-as-you-go access to many models. Pros No API key management Instant access to many models Simple pricing Cons Markup on model costs Less routing control Not ideal for high-volume production Best for: Rapid prototyping, model experimentation 8. AI Gateway (Cloudflare) Part of Cloudflare’s edge platform. Pros Runs at the edge Built-in caching Familiar Cloudflare dashboard Cons Locked into Cloudflare ecosystem Limited LLM-specific features Basic routing Best for: Teams already heavily using Cloudflare 9. KeyWorthy Newer entrant focused on cost optimization. Pros Cost analytics focus Multi-provider routing Usage tracking Cons Limited production track record Smaller feature set Unknown scaling behavior Best for: Cost-conscious teams and early adopters Tier 4: Niche or Limited 10. Langfuse More observability than gateway. Pros Excellent tracing and analytics Open source Strong LangChain integration Cons Not a true gateway No routing or caching Separate deployment Best for: Deep observability alongside another gateway 11. MLflow AI Gateway Part of the MLflow ecosystem. Pros Integrates with MLflow workflows Useful if already using MLflow Cons Limited LLM-specific features Heavy for simple routing Better alternatives exist Best for: ML teams deeply invested in MLflow 12. BricksLLM Basic open-source gateway. Pros Simple setup Cost tracking Open source Cons Limited feature set Small community Performance not battle-tested Best for: Very basic gateway needs 13. Helicone Observability-first with light gateway features. Pros Good logging and monitoring Easy integration Generous free tier Cons More observability than gateway Limited routing logic Not built for high throughput Best for: Observability-first teams Our Real Production Stack We run Bifrost in production for our own infrastructure. Requirements Handle 2,000+ RPS during peaks P99 latency < 500 ms Predictable costs Zero manual intervention What we tried Direct OpenAI calls → no observability LiteLLM → broke around 300 RPS Portkey → great features, higher cost Bifrost → met all requirements Current setup Bifrost (single t3.large) ├─ 3 OpenAI keys (adaptive load balancing) ├─ 2 Anthropic keys (automatic failover) ├─ Semantic caching (40% hit rate) ├─ Maxim observability plugin └─ Prometheus metrics Results 2,500 RPS peak, stable P99: 380 ms Cost: ~$60/month infra + LLM usage Uptime: 99.97% (30+ days, no restart) Decision Framework Under 100 RPS LiteLLM Helicone (if observability matters) OpenRouter 100–500 RPS Bifrost Portkey LiteLLM (watch performance) 500+ RPS Bifrost Portkey (if budget allows) Kong (enterprise needs) Specialized Needs Prompt management → Martian Cloudflare stack → AI Gateway MLflow ecosystem → MLflow AI Gateway Observability focus → Langfuse + separate gateway What Actually Matters After testing 13 gateways, these matter most: Performance under your load Benchmarks lie. Test real traffic. P99 > P50. Total cost (not list pricing) Infra + LLM usage + engineering time + lock-in. Observability Can you debug failures, latency, and cost? Reliability Failover, rate limits, auto-recovery. Migration path Can you leave later? Can you self-host? Our Recommendations Most teams starting out: LiteLLM → migrate later High-growth startups: Bifrost or Portkey from day one Enterprises: Portkey or Kong Cost-sensitive teams: Bifrost + good monitoring Try Bifrost It’s open source (MIT), so you can verify everything: git clone https://github.com/maximhq/bifrost cd bifrost docker compose up Run benchmarks yourself: cd benchmarks ./benchmark -provider bifrost -rate 500 -duration 60 Compare with your current setup. The Honest Truth There’s no perfect LLM gateway: LiteLLM: Easy, but doesn’t scale well Portkey: Feature-rich, expensive at scale Bifrost: Fast, smaller ecosystem Kong: Enterprise-grade, complex Pick based on where you are now, not where you might be. We went through three gateways before building our own. Most teams won’t need to. Links Bifrost repo: https://github.com/maximhq/bifrost Docs: https://docs.getbifrost.ai We’re the team at Maxim AI, building evaluation and observability tools for production AI systems. Bifrost is our open-source LLM gateway, alongside our testing and monitoring platforms.
Special Report: Trump speaks on shootings at Brown Univ., Bondi Beach and attacks in Syria
President Donald Trump gave his reaction to the recent fatal shootings at Brown University and Bondi Beach in Australia and fatal attacks on U.S. soldiers in Syria.
One survivor told mayor active shooter drills helped yesterday
Providence Mayor Brett Smiley said that a Brown University student he met at the hospital told him an active shooter drill from high school helped them during the shooting at the school on Saturday.
Designing a Symbol-Based Portal System for a Web Browser MMO Strategy Game
In Interstellar Empires, a web-based sci-fi strategy game, portals are not just fast travel. They are a system built around addresses composed of symbols, even if players usually interact with them through missions, intel, or map clicks. Symbols as Addresses A portal address consists of 6 unique symbols selected from a pool of 18. Key rules: • Symbols cannot repeat • A single symbol has no meaning on its own • Only the full 6-symbol combination resolves to a destination Players rarely need to input these symbols manually. Most of the time, addresses are provided by missions, events, or intel and can be launched directly from the map. Manual dialing exists, but it is optional. Missions on interactive map Selected missions shows symbols and allows to send units directly without manual input from player. Internal Representation Internally, each complete symbol combination resolves to a location on the galaxy map. • The address corresponds to a specific position in the galaxy • There is an additional hidden coordinate (Z) that players never see From the player’s perspective, symbols are opaque. They are not presented as coordinates, and the game provides no direct way to decode how symbols relate to locations. The Hidden Z Coordinate Known addresses always point to the same location. They never redirect elsewhere. The hidden Z coordinate acts as a validity layer: • If Z matches, the portal connects • If Z changes, the same visible address no longer works The destination still exists, but the portal rejects the input. This allows addresses to expire or be disabled without changing what players see or breaking spatial consistency. Known vs Manual Dialing Most portal usage comes from known addresses: • Missions • Events • Intel rewards Players can also attempt manual dialing. However, without knowing the hidden Z value, the chance of success is intentionally low. Manual dialing exists as a risk-driven option, not the primary way to interact with the system. Design Constraints and Scalability Using 18 unique symbols and 6-symbol combinations creates a hard limit on how many distinct addresses can exist. As the galaxy expands, this becomes a real constraint. To scale the system long-term, the plan is to: • Introduce additional unique symbols • Increase address length to 7 or 8 symbols This preserves the core interaction while allowing the galaxy map to grow without redesigning the mechanic. Design Goals The portal system was built with these goals: • Portal travel should feel intentional, even when launched by a click • Exploration should not rely on visible randomness • Addresses must be reusable, shareable, and verifiable (except individual missions, those are individual and can't be shared) • The system must support long-term expansion Final Thoughts This mechanic looks simple in the UI, but it supports exploration, content rotation, and future growth without exposing complexity to the player. The important part is not that symbols are coordinates, but that the system behaves consistently even if players never understand why. Don't hesitate to ask any questions or put suggestions in the comments.
A story on Frontend Architectures - Everyone deserves a BFF!
SPAs were revolutionary and ground-breaking in the way they changed frontend architectures and shifting the entire view of the data-model(pun intended). A lot of UI and data-shaping work came into the browser which created client-specific needs. Let's discuss a few of them. 1. Different shapes of the payload - There can be case of over and under fetching when a generic API is used. It sends too much data for one client and too less for another, thus forcing clients to request multiple endpoints and waste bandwidth. 2. Juggling between microservices - SPAs often need to call multiple microservices, join results and shape them for the view. This increases complexity and hurts performance. auth/token handling 3. Mobile device handling - Mobile apps, TV apps or web SPAs have different payload, caching and security requirements. One API fits all is bound to fail. 4. Organisational bottlenecks - With a single backend, the dependency of the frontend team for minor API changes results in slower delivery timelines. Let's understand through an example. Suppose you've an web-based e-commerce application which has an API /v1/products/102938 showing the details of a certain product as follows - { "productId": "PROD-102938", "name": "ZenBeat Pro Wireless Noise Cancelling Headphones", "description": "Wireless headphones with active noise cancellation, deep bass, and long-lasting battery life.", "seller": { "sellerId": "SELL-908", "name": "ZenBeat Official Store", "rating": 4.6 }, "variants": [ { "variantId": "VAR-1", "label": "Black", "price": 9999, "inStock": true }, { "variantId": "VAR-2", "label": "Silver", "price": 10499, "inStock": false }, ], "reviews": { "averageRating": 4.4, "totalReviews": 612, "topReviews": [ { "reviewId": "REV-1", "rating": 5, "comment": "Excellent sound quality and very comfortable for long use." }, { "reviewId": "REV-2", "rating": 4, "comment": "Great noise cancellation, battery life could be slightly better." }, ] }, "faqs": [ { "question": "Does this support fast charging?", "answer": "Yes, it supports fast charging and provides up to 5 hours of playback with a 10-minute charge." }, { "question": "Is there a warranty?", "answer": "Yes, it comes with a 1-year manufacturer warranty." } ] } Now to render data for a response like this on a mobile app would be very different to that of a mobile app given the limited real estate on the device. Probably in a mobile app, we would show the "faqs" on click of a button which would be another API call. With lesser and different set of response, we get a better UX faster rendering times save on network bandwidth And this doesn't just apply to mobile, but for any other client which might work better with a different API response than a single monolith API. To deal with this mismatch and give each client(TV, mobile, web) their own backend, emerged the pattern of Backend for Frontend(BFF). The idea here is to have an intermediate layer between the client and the backend. And mind that, this layer is completely to assist the client i.e presentation logic and there is NO business logic involved here. Imagine this, instead of a single API gateway, we have multiple API gateways for every type of client. Let's understand 2 different use cases of a BFF for different types of backends. 1. BFF and Monolith With a monolith API architecture, the BFF does the work of filtering responses and provides a specific entry point as per the client needs. Each BFF decides 1) what it needs to fetch 2) how it needs to fetch 3) what needs to be sent in A mobile BFF can remove the responses which might be unnecessary to be displayed on the mobile screen, like reviews or FAQs, while a desktop BFF can keep those additional details. Here, you might think, why would we fetch all kinds of data from the backend if we're eventually going to drop it? Yes, you're not wrong. We can use a flag, like device=mobile and filter the responses sent from the backend accordingly. But this also complicates the backend logic and we try to keep the backend as generic as possible. And on top, having a BFF layer with all the responses coming in, gives the advantage of caching responses to be used later. 2. BFF and Microservices With a micro-service backend architecture, the BFF only picks those services which it requires in the catalogue of services. In the picture above, a mobile client would benefit from a AR service to imagine any product in a real-life 3D visual, which would be absolutely unnecessary in the web client. Now let's discuss some pros and cons of this middle-man! Advantages: There is now a support for different types of interfaces in their own isolated manner Any particular client specific tweaks can be executed much faster Since backend is not directly exposed, there can be filtering of any sensitive data at the BFF layer BFFs can also act as a mediator between the stack/protocols that is being used by the client and the server, thus making it seamless. For e.g., if a legacy client uses XML but gets JSON from the backend, BFFs can act as a transformation layer. Given different client interfaces are treated separately, the security concerns can be addressed separately and in a much better way. There need not to have all kinds of security checks for every client. BFFs help make a generic backend, putting the heavy load of customisation upon itself. And thus, acts as a request aggregator, making the client lightweight. Disadvantages: On the same lines of the last advantage point, fanning out or sending requests out from a single source(BFF) to multiple micro-services concurrently, can be network heavy. The choice of language and runtime is therefore crucial. Languages with efficient, non-blocking concurrency models (such as Node.js, Go or reactive Java) are better suited for handling high levels of parallel I/O without incurring excessive thread or memory overhead. Code for multiple BFFs would mostly be the same(as seen previously, both web and mobile would need Product details and Seller details services) with minor tweaks here and there, which results in code duplication, which increases developer efforts. With the addition of a new moving layer, comes in the pain of managing, maintaining and monitoring it. Having a new layer adds an extra network hop and in turn increases the latency of the application. Some applications like e-commerce apps or fintech dashboards benefit from it given their presence on multiple devices. But this would really harm the performance of real-time systems like High frequency trading. After this entire discussion, it is definitely a head-scratcher to decide when to have this BFF in your system. Here are some real use-cases where a BFF seems very much handy and useful. 1. When the client interfaces are significantly different from each other, BFF brings in a heap load of advantages. The backend stays generic and simple and multiple BFFs can serve the multiple clients as per their need. 2. Format of communication of the client is very different. Suppose a legacy client using XML to render information has a backend with JSON responses. Here the conversion can be handled by XML with the use of a XML BFF. A BFF is not a default architectural choice(contrary to the actual need of a Best Friend Forever lol), but a conscious trade-off. It shines when client experiences diverge, payloads and protocols vary, and frontend teams need speed and autonomy, while keeping the core backend clean and generic, empowering modern, multi-device applications.
Hostinger vs. Bluehost: Which Is Better for Pakistani Developers in 2025?
As a developer based in Pakistan, I've spent countless hours testing hosting providers to find the perfect balance of performance, affordability, and local support. After migrating 15+ client websites between Hostinger and Bluehost over the past year, I want to share my honest comparison to help fellow Pakistani developers make an informed decision. Why This Comparison Matters for Pakistani Developers Choosing the right hosting isn't just about server specs. For us in Pakistan, critical factors include: Local payment options (JazzCash, Easypaisa, bank transfers) Support during our business hours (GMT+5) Performance for both local and international visitors Pricing that makes sense for our market Head-to-Head Comparison Pricing & Value for Money Feature Hostinger Bluehost Starting Price Rs. 399/month ($1.99/mo) Rs. 1,199/month ($5.99/mo) Renewal Price Rs. 999/month ($4.99/mo) Rs. 2,399/month ($11.99/mo) Free Domain Yes (1 year) Yes (1 year) Money-Back Guarantee 30 days 30 days Winner: Hostinger. Their entry-level plan is 66% cheaper than Bluehost, making it ideal for Pakistani developers on a budget. Performance & Speed I tested both providers with identical WordPress sites: Metric Hostinger Bluehost Page Load Time 1.2s 2.8s Uptime 99.98% 99.92% Server Response 180ms 420ms Global CDN Free Cloudflare Paid upgrade Real-World Test: I hosted a WooCommerce store on both: Hostinger handled 50 concurrent users without slowdown Bluehost showed latency at 30+ users Winner: Hostinger. The LiteSpeed servers and free CDN make a noticeable difference. Features for Developers Feature Hostinger Bluehost SSH Access Free on all plans $5.99/month extra Git Integration Built-in Manual setup Staging Environment 1-click Manual setup PHP Versions Up to 8.2 Up to 8.1 Node.js Support Yes Limited Winner: Hostinger. Better developer tools out-of-the-box. Local Pakistani Support This is where things get interesting for us in Pakistan: Aspect Hostinger Bluehost Local Payments JazzCash, Easypaisa, Bank Transfer Credit Card Only Support Hours 24/7 (including Urdu) 24/7 (English only) Local Server Singapore (optimal for PK) US-based Pakistani Client Onboarding Dedicated guide Generic process Personal Experience: When my client's payment failed on Bluehost (no local payment options), we switched to Hostinger and completed payment via JazzCash in 2 minutes. Winner: Hostinger. Clearly designed with emerging markets in mind. Control Panel & User Experience Feature Hostinger Bluehost Control Panel Custom hPanel cPanel Learning Curve 15 minutes 45 minutes WordPress Management 1-click installer Standard installer Resource Usage Dashboard Real-time graphs Basic stats Winner: Hostinger. hPanel is cleaner and more intuitive for beginners. When Should You Choose Bluehost? Despite Hostinger winning most categories, Bluehost might be better if: You need dedicated US-based servers You prefer traditional cPanel You're running enterprise-level applications You have clients who specifically request Bluehost My Recommendation for Pakistani Developers For 90% of Pakistani developers, Hostinger is the clear winner because: Affordability: At Rs. 399/month, it's perfect for freelancers and small agencies Local Payment Support: JazzCash/Easypaisa integration is a game-changer Performance: Faster load times improve SEO rankings Developer-Friendly: SSH and Git access without extra costs I've migrated all my clients to Hostinger except one US-based project. The difference in support quality and performance has been significant. Special Offer for Pakistani Developers [Full disclosure: This is my referral link, but I genuinely use Hostinger for all my projects] Get 20% OFF + 3 FREE MONTHS on Hostinger: Claim Discount Final Thoughts While Bluehost is a solid global provider, Hostinger has clearly tailored its services for markets like Pakistan. The combination of affordable pricing, local payment options, and excellent performance makes it the best choice for most Pakistani developers in 2025. What's your experience with these providers? Have you found other hosting solutions that work well for Pakistani projects? Share your thoughts below! Tags: webhosting, pakistan, hostinger, bluehost, webdevelopment, devops, wordpress, freelancing
Day 18: Image Processing Serverless Project using AWS Lambda
Today marks the Day 18 of 30 Days of Terraform challenge by Piyush Sachdeva. In this Blog, we will deep dive into a project of Images Processing Serverless Project using AWS Lambda entirely using Terraform. We’ll walk through an end-to-end image processing project i.e. from uploading a file to S3, to automatically processing it using a Lambda function, all orchestrated through Terraform. Before diving deep into the project, lets first understand what exactly is AWS Lambda and why it is used and what is the significance of that. AWS Lambda: At its core, AWS Lambda is a serverless function. What is a serverless, you would imagine that for any service to be up and running we would need a service. yeah that's true. When you want to host any app or server, you need to set up a service and deploy that app on that server like EC2 Instance. But What do you mean by Serverless, There are no servers at all, which isn’t really true. There are servers involved, but the difference is we don’t manage them. With Lambda, we don’t provision servers at all. Instead of thinking about machines, we think about functions. We simply write our application code, package it, and upload it as a Lambda function. AWS takes care of everything else. The servers still exist, but AWS manages them for us. We don’t worry about operating systems, scaling, or uptime. Our responsibility ends with the code. And here’s the key difference: a Lambda function does not run all the time and runs only when something triggers it. An event could be: A file being uploaded to an S3 bucket A scheduled time (for example, every Monday at 7 AM) A real-time system event Project Architecture: ┌─────────────────┐ │ Upload Image │ You upload image via AWS CLI or SDK │ to S3 Bucket │ └────────┬────────┘ │ s3:ObjectCreated:* event ↓ ┌─────────────────┐ │ Lambda Function │ Automatically triggered │ Image Processor │ - Compresses JPEG (quality 85) └────────┬────────┘ - Low quality JPEG (quality 60) │ - WebP format │ - PNG format │ - Thumbnail (200x200) ↓ ┌─────────────────┐ │ Processed S3 │ 5 variants saved automatically │ Bucket │ └─────────────────┘ We’ll have two S3 buckets: One bucket where we upload the original image Another bucket where the processed images will be stored The first bucket is our source bucket. Whenever we upload an image to this bucket, that upload creates an S3 event. And remember what we discussed earlier, events are exactly what serverless functions like Lambda are waiting for. So as soon as an image is uploaded, that S3 event will trigger our Lambda function. This Lambda function is where all the image processing logic lives. It will take the original image and automatically generate: A JPEG image with 85% quality Another JPEG image with 60% quality A WebP version A PNG version And a thumbnail image resized to 200 by 200 All of this happens without us clicking any extra buttons or running any manual commands. Components: Upload S3 Bucket: Source bucket for original images Processed S3 Bucket: Destination bucket for processed variants Lambda Function: Image processor with Pillow library Lambda Layer: Pillow 10.4.0 for image manipulation S3 Event Trigger: Automatically invokes Lambda on upload Terraform Code: Now we will go through the code for the project execution. The first step is to clone the repository and move into the Day 18 directory. The repository lives here Once we clone it, navigate into the day-18 folder and then into the terraform directory. This is where all the Terraform files for today’s project live. 1. Making unique resource names: resource "random_id" "suffix" { byte_length = 4 } locals { bucket_prefix = "${var.project_name}-${var.environment}" upload_bucket_name = "${local.bucket_prefix}-upload-${random_id.suffix.hex}" processed_bucket_name = "${local.bucket_prefix}-processed-${random_id.suffix.hex}" lambda_function_name = "${var.project_name}-${var.environment}-processor" } As we know the names of the S3 bucket should be unique, we need to name the S3 buckets carefully making sure those names do not exist earlier. For this we use a resource of random_id in Terraform which generates random characters and we append them before and after our bucket name. We build a common bucket prefix using the project name and environment We create two bucket names i.e. one for uploads and one for processed images We append the random suffix so the names stay unique We also define a clear name for our Lambda function 2. Creating the Source S3 Bucket This project begins with an S3 bucket that acts as the source bucket. We will be uploading image which will start the entire image processing workflow. # S3 Bucket for uploading original images (SOURCE) resource "aws_s3_bucket" "upload_bucket" { bucket = local.upload_bucket_name } We’re simply creating an S3 bucket and giving it the name we already prepared using locals. 3. Enabling Versioning: resource "aws_s3_bucket_versioning" "upload_bucket" { bucket = aws_s3_bucket.upload_bucket.id versioning_configuration { status = "Enabled" } } Versioning helps us keep track of changes. If the same file name is uploaded again, S3 doesn’t overwrite the old object, it stores a new version instead. Eventhough it is not needed in this project, we will keep it as it is best industry standard. 4. Enabling Server-Side Encryption: Next, we enable server-side encryption. resource "aws_s3_bucket_server_side_encryption_configuration" "upload_bucket" { bucket = aws_s3_bucket.upload_bucket.id rule { apply_server_side_encryption_by_default { sse_algorithm = "AES256" } } } Here we are enabling the server_side_encryption on the bucket so the files in the bucket will be encrypted. This ensures that any image uploaded to the bucket is encrypted at rest using AES-256. We don’t need to manage encryption keys manually, AWS takes care of that for us. 5. Making Bucket Private: We are making the source bucket private so that no one else will be accessing this source bucket. resource "aws_s3_bucket_public_access_block" "upload_bucket" { bucket = aws_s3_bucket.upload_bucket.id block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } By blocking public ACLs and policies, we make sure the bucket isn’t accidentally exposed. In real production systems, public access is usually handled through controlled layers in front of S3, not directly on the bucket itself. 6. Creating Destination S3 Bucket: Now we will be doing the same above steps for Destination Bucket too. resource "aws_s3_bucket" "processed_bucket" { bucket = local.processed_bucket_name } resource "aws_s3_bucket_versioning" "processed_bucket" { bucket = aws_s3_bucket.processed_bucket.id versioning_configuration { status = "Enabled" } } resource "aws_s3_bucket_server_side_encryption_configuration" "processed_bucket" { bucket = aws_s3_bucket.processed_bucket.id rule { apply_server_side_encryption_by_default { sse_algorithm = "AES256" } } } resource "aws_s3_bucket_public_access_block" "processed_bucket" { bucket = aws_s3_bucket.processed_bucket.id block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } We have done creating the bucket, enabling versioning on that, enabling server-side encryption and making that bucket access private. IAM Roles and Policies: This is an important section and we need to be very careful about what access does a Lambda role needs for this project. Instead of hard-coding permissions or credentials, AWS uses roles to define what a service is allowed to do. In our case, we want the Lambda function to: Write logs to cloudwatch so we can see what’s happening Read images from the source bucket Write processed images to the destination bucket 1. Creating the IAM Role for Lambda: We start by creating an IAM role that Lambda can assume. resource "aws_iam_role" "lambda_role" { name = "${local.lambda_function_name}-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Principal = { Service = "lambda.amazonaws.com" } } ] }) } This role doesn’t give any permissions yet. It simply says: This role can be assumed by AWS Lambda. AWS even provides a policy generator to help create these documents, which makes life easier when you’re starting out. 2. Defining the Permissions with an IAM Policy: Next, we create a policy that tells AWS exactly what this Lambda function is allowed to do. resource "aws_iam_role_policy" "lambda_policy" { name = "${local.lambda_function_name}-policy" role = aws_iam_role.lambda_role.id policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ] Resource = "arn:aws:logs:${var.aws_region}:*:*" }, { Effect = "Allow" Action = [ "s3:GetObject", "s3:GetObjectVersion" ] Resource = "${aws_s3_bucket.upload_bucket.arn}/*" }, { Effect = "Allow" Action = [ "s3:PutObject", "s3:PutObjectAcl" ] Resource = "${aws_s3_bucket.processed_bucket.arn}/*" } ] }) } There are 3 blocks in the above IAM JSON Policy: The first block allows the Lambda function to create log groups, log streams, and write logs. Without this, we’d have no visibility into what the function is doing, especially if something goes wrong. The second block allows Lambda to read objects from the source bucket. This is how it gets access to the uploaded image. The third block allows Lambda to write objects to the destination bucket. This is where all the processed images will be stored. We can also give S3 full access but it is not recommended for Best practices. With this IAM role and policy in place, our Lambda function will be able to: Read images from S3 bucket Process them using Pillow Libraries Store the results to Destination Bucket Write logs to Cloudwatch to inspect 3. LAMBDA LAYER (Pillow): A Lambda layer is a way to package external libraries and dependencies separately from our function code. Instead of bundling everything inside the function zip, we place shared or heavy dependencies into a layer and then attach that layer to the Lambda function. This keeps the function code clean and makes dependencies easier to manage. resource "aws_lambda_layer_version" "pillow_layer" { filename = "${path.module}/pillow_layer.zip" layer_name = "${var.project_name}-pillow-layer" compatible_runtimes = ["python3.12"] description = "Pillow library for image processing" } Here’s what’s happening: filename points to a zip file that contains the Pillow library layer_name gives the layer a clear, readable name compatible_runtimes ensures this layer works with Python 3.12 How do we create the pillow_layer.zip file in the first place? Because AWS Lambda runs on Linux, the dependencies inside the layer must also be built for a Linux environment. This is important, especially if you’re working on macOS or Windows. To solve this, we use Docker. 4. LAMBDA FUNCTION (Image Processor): Our Lambda function is written in Python and lives inside the repository. To package it correctly, we use a Terraform data source. # Data source for Lambda function zip data "archive_file" "lambda_zip" { type = "zip" source_file = "${path.module}/../lambda/lambda_function.py" output_path = "${path.module}/lambda_function.zip" } This data source takes the Python file, compresses it into a zip archive, and makes it ready for deployment. Even though we’re working with a local file here, Terraform treats this as data it needs to reference during deployment which is exactly what data sources are designed for. 5. Defining the Lambda Function: Now we define the Lambda function itself. resource "aws_lambda_function" "image_processor" { filename = data.archive_file.lambda_zip.output_path function_name = local.lambda_function_name role = aws_iam_role.lambda_role.arn handler = "lambda_function.lambda_handler" source_code_hash = data.archive_file.lambda_zip.output_base64sha256 runtime = "python3.12" timeout = 60 memory_size = 1024 layers = [aws_lambda_layer_version.pillow_layer.arn] environment { variables = { PROCESSED_BUCKET = aws_s3_bucket.processed_bucket.id LOG_LEVEL = "INFO" } } } In the above block: filename points to the zip file created earlier function_name gives the Lambda function a clear identity role attaches the IAM role we created, allowing the function to access S3 and logs handler tells Lambda where execution begins in the Python file runtime specifies Python 3.12 timeout is set to 60 seconds, which is more than enough for image processing memory_size is set to 1024 MB to give the function enough resources 6. CloudWatch Logs: We will create a cloudwatch log group to make sure logs are retained in a predictable way. resource "aws_cloudwatch_log_group" "lambda_processor" { name = "/aws/lambda/${local.lambda_function_name}" retention_in_days = 7 } 7. S3 EVENT TRIGGER: Now, we will give S3 permission to invoke our Lambda function. # Lambda permission to be invoked by S3 resource "aws_lambda_permission" "allow_s3" { statement_id = "AllowExecutionFromS3" action = "lambda:InvokeFunction" function_name = aws_lambda_function.image_processor.function_name principal = "s3.amazonaws.com" source_arn = aws_s3_bucket.upload_bucket.arn } # S3 bucket notification to trigger Lambda resource "aws_s3_bucket_notification" "upload_bucket_notification" { bucket = aws_s3_bucket.upload_bucket.id lambda_function { lambda_function_arn = aws_lambda_function.image_processor.arn events = ["s3:ObjectCreated:*"] } depends_on = [aws_lambda_permission.allow_s3] } Without the above permission, S3 events would never be able to trigger the function, even if everything else was configured correctly. Whenever an object is created, in any way, invoke this Lambda function. As long as an object is created in the bucket, the event fires. Deployment: Now everything is set, now all that is left is to deploy them. We will be deploying this entire project using a shell script named deploy.sh When we run this script, here’s what it does. First, it performs a few basic checks. It makes sure: AWS CLI is installed Terraform is installed If either of these is missing, the script stops and tells us exactly what’s wrong. This saves time and avoids confusion later. Next, the script builds the Lambda layer. This is an important step. Remember, the Pillow library needs to be compiled in a Linux environment to work correctly with AWS Lambda. Instead of doing this manually, the script calls another helper script that uses Docker to: Spin up a Linux-based Python environment Install Pillow in the correct directory structure Package everything into a pillow_layer.zip file Once that’s done, the script moves into the Terraform directory and runs the familiar commands: terraform init terraform plan terraform apply Terraform then takes over and creates every AWS resource we discussed: Both S3 buckets IAM roles and policies Lambda layer Lambda function CloudWatch log group S3 event trigger When the deployment finishes, the script prints out something very useful information in the terraform output console. Testing / Verification: Setup is all done, Now all we need to do is to just upload an image to the upload bucket. It can be any JPG or JPEG file. We can upload it using: The AWS Console or AWS CLI Any method that creates an object in the bucket The moment the file is uploaded, the event is triggered. Behind the scenes: Lambda starts The image is processed Five new images are generated All processed files appear in the destination bucket If we open CloudWatch, we can also see the logs generated by the Lambda function, helpful for understanding what happened and for troubleshooting if something goes wrong. Conclusion: And with that, we’ve completed Day 18 of the 30 Days of Terraform Challenge. We have gone a deep dive into a serverless project of Image processing using AWS Lambda involving S3 Buckets and CloudWatch.
Content: What I learned today Bash Functions Local vs Global Variables Function Parameters Return Values (Exit Codes, Echo) Variable Quoting ✅ (Still practicing!) Challenges I faced Not ALWAYS use local Not ALWAYS quote variables Validate input Next steps Advanced patterns + Arrays
Special Report: Officials give update on Brown Univ. shooting victims and investigation
Rhode Island officials give an update on the active investigation at Brown University and the condition of the injured victims. Col. Oscar Perez, Providence's chief of police, said investigators are still collecting evidence and did not identity of the person of interest who has been detained.
PromptShield AI – An AI Cost & Risk Firewall Built with Xano
This is a submission for the Xano AI-Powered Backend Challenge: Full-Stack, AI-First Application PromptShield AI – An AI Cost & Risk Firewall for LLM Applications As teams rapidly build agentic apps and AI-powered features, one problem shows up almost immediately: LLM costs explode, usage becomes opaque, and there are no guardrails. Developers lack: Per-user and per-feature budgets Visibility into token and cost usage Protection against risky prompts (PII, secrets) Smart routing to cheaper models when budgets are exceeded PromptShield AI solves this by acting as an intelligent backend control plane that sits between applications and LLM providers. It enforces: Cost budgets (tenant / user / feature) Usage analytics and spend visibility Safety and routing policies Multi-provider cost control The result is a production-ready AI infrastructure backend, not just a wrapper around LLM APIs. 🧱 Architecture Overview Backend: Xano (Postgres, APIs, background jobs, AI workflows) Frontend: Lovable.dev (low-code SaaS dashboard) AI-first approach: Backend generated with AI, refined by hand Public API + Admin UI: Production-ready by design 🎬 Demo 🔗 Live Application: https://promptshield.lovable.app/ 💻 Source Code (GitHub): https://github.com/Manikant92/promptshield_ai 🎥 Demo Walkthrough Video: 📸 Product Screenshots 🔎 Swagger / Public API: https://x8ki-letl-twmt.n7.xano.io/api:q5xLch4v The dashboard shows real API keys, budgets, policies, providers, and usage analytics powered entirely by Xano. 🧠 The AI Prompt I Used (Backend Generation) All backend workflows, API definitions, and schema refinements are tracked in the GitHub repository below for transparency and reproducibility: 👉 https://github.com/Manikant92/promptshield_ai I used XanoScript with an AI-first workflow to generate the initial backend. Below is the original prompt used to bootstrap the system: You are an expert backend architect building a production-ready, multi-tenant AI infrastructure backend using Xano. Build a backend called "PromptShield AI" — an AI Cost & Risk Firewall that sits between applications and multiple LLM providers (OpenAI, Anthropic, etc.) to enforce budgets, rate limits, and safety policies before requests reach the LLM. The backend must be secure, scalable, and suitable for public API consumption. Create the initial backend for PromptShield AI with the following requirements: 1. Core Concept PromptShield AI acts as a proxy API for LLM calls. Applications send standard chat/completion payloads to PromptShield, which enforces usage policies, budgets, and risk checks before forwarding requests to LLM providers. 2. Database Schema (Postgres) Design tables for: - tenants (org_id, name, plan, created_at) - api_keys (key, tenant_id, status, last_used_at) - users (user_id, tenant_id, role) - llm_providers (provider, model, cost_per_1k_tokens) - usage_logs (tenant_id, user_id, feature, provider, model, tokens_in, tokens_out, cost, timestamp) - budgets (tenant_id, scope_type [tenant/user/feature], scope_id, daily_limit, monthly_limit) - policies (tenant_id, preferred_models, fallback_model, blocked_categories) 3. API Endpoints Create the following APIs: POST /llm/proxy - Accepts OpenAI-compatible chat/completion payload - Authenticates using API key - Identifies tenant, user, and feature - Performs budget checks and policy enforcement - Routes request to the selected LLM provider - Logs token usage and cost POST /limits/configure - Allows tenants to define per-user, per-feature, or per-tenant budgets - Supports daily and monthly limits GET /usage/summary - Returns aggregated usage by tenant, user, feature, and model - Optimized for dashboards 4. AI Logic Use AI workflows to: - Classify prompts for risky categories (PII, secrets, unsafe content) - Block or redact requests that violate policy - Automatically downgrade to cheaper models when nearing budget limits - Detect anomalous usage spikes (e.g., sudden 10x increase) 5. Background Jobs - Aggregate daily and monthly usage - Recalculate remaining budgets - Run anomaly detection periodically 6. Security & Scalability - Multi-tenant isolation - Rate limiting per API key - Clean error responses - Extensible provider abstraction 7. Output Generate: - Database tables - API endpoint logic - AI workflows - Background jobs Use clean, maintainable naming and comments suitable for a production backend. Do NOT generate frontend code. Focus entirely on the backend implementation in Xano. This prompt allowed AI to quickly generate a solid baseline backend, which I then refined heavily inside Xano. ## 🛠️ How I Refined the AI-Generated Backend in Xano AI gave me a starting point — **human refinement made it production-ready**. ### Key Improvements I Made in Xano #### 🔐 Security & Multi-Tenancy - Introduced tenant isolation across all tables - Added API key lifecycle management (create, revoke, rotate) - Hardened error handling and rate limits #### 💰 Cost & Budget Enforcement - Added scoped budgets (tenant / user / feature) - Implemented background aggregation jobs for daily & monthly usage - Enabled budget thresholds and warning states #### 🧠 AI Logic Enhancements - Added prompt classification for risky categories (PII, secrets) - Implemented policy-based model fallback when budgets are exceeded - Designed provider abstraction for future expansion #### 📊 Observability & Analytics - Normalized usage logs for dashboards - Enabled cost-by-model and cost-by-feature views - Optimized APIs for frontend consumption Before: AI-generated CRUD-style endpoints After: A scalable, secure AI infrastructure backend suitable for real-world use 🎨 Frontend: Turning APIs into a Product I connected the Xano backend to Lovable.dev to build a clean, enterprise-style dashboard. The UI allows users to: Manage API keys securely Define and monitor budgets Configure routing and safety policies Analyze token and cost usage with filters and charts This step demonstrated how Xano’s backend capabilities translate directly into product value. 🚀 My Experience with Xano What I Loved AI + Human workflow: AI for speed, Xano for control Background jobs: Perfect for cost aggregation and analytics Clean API design: Easy to connect to any frontend Production mindset: Xano encourages scalable patterns by default Challenges Thinking through multi-tenant isolation correctly (worth the effort) Designing APIs that balance flexibility and simplicity Overall, Xano made it incredibly easy to go from idea → AI-generated backend → production-grade system in a very short time. 🏁 Final Thoughts PromptShield AI is not just a demo — it’s a realistic example of how AI-assisted backend development, combined with thoughtful human refinement, can produce scalable, secure, and maintainable systems. Xano was the perfect platform to bring this idea to life. Thanks for checking it out! 🚀
Blazor SaaS Starter Kits Compared: When to Choose Brick Starter for Full‑Stack C#
Blazor SaaS starter kits give .NET teams a faster path to multi‑tenant, subscription‑based applications, but they differ a lot in focus, features, and how much they handle beyond UI. Brick Starter sits in the category of full‑stack C# SaaS foundations, combining a Blazor UI option with a feature‑rich ASP.NET Core backend built specifically for SaaS and multi‑tenancy. Why Blazor SaaS starter kits exist Blazor lets developers build rich web UIs in C# instead of JavaScript, which is attractive to .NET teams who want full‑stack C# across client and server. However, building a serious SaaS app still demands multi‑tenant architecture, authentication, billing, localization, admin tools, and deployment plumbing—far beyond what “File → New Blazor App” provides. Blazor‑focused SaaS starter kits exist to package those repetitive capabilities into reusable templates, so teams can start from a running Blazor + ASP.NET Core SaaS skeleton instead of reinventing every infrastructure piece. Types of Blazor SaaS starter kits Most Blazor SaaS kits fall into three broad types. Blazor UI‑first templates: focus on page layouts, components, and auth for single‑tenant apps; ideal for internal tools and basic CRUD but light on multi‑tenancy and billing. Blazor‑centric multi‑tenant kits: add tenant awareness, localization, and better authorization on top of Blazor, often with opinionated architectures like Clean Architecture. Full SaaS boilerplates: combine Blazor (optionally among other UIs) with a mature .NET backend that includes tenant management, recurring payments, MFA, email templates, background jobs, and more. Brick Starter fits into the third category, where the goal is to ship production SaaS, not just a nice Blazor front end. Notable Blazor SaaS starter kits Several Blazor‑based SaaS kits are frequently mentioned in .NET and SaaS communities. BlazorPlate: a multi‑tenant and multilingual Blazor template that targets SaaS scenarios with support for Blazor Server and WebAssembly, MudBlazor UI, authentication/authorization, and shared database multi‑tenancy. Clean Architecture‑style Blazor kits (including samples and open templates): focus on DDD, modularity, and clean layering with Blazor front ends, but often require you to add billing, tenant lifecycle, and operational features yourself. Custom Blazor SaaS templates on GitHub and marketplaces: many offer auth, basic roles, and Stripe integration, but coverage of admin, email, localization, and multi‑tenant configuration varies significantly. These can be excellent for teams comfortable extending infrastructure, but they still expect you to fill gaps, especially around multi‑tenant billing and operations. Brick Starter: full‑stack C# boilerplate with a Blazor option Brick Starter is a .NET SaaS boilerplate that supports multiple front‑end stacks—including Blazor—on top of a single, feature‑rich ASP.NET Core backend. The same backend powers Blazor, Angular, React, Vue, Next.js, and Razor, so C# teams can stay in .NET on both client and server while choosing the best UI for each project. Out of the box, Brick provides SaaS‑critical building blocks: Multi‑tenancy: tenant creation, isolation, subdomain‑based tenant routing, and a full tenant management panel. Authentication and authorization: email, social, and Entra ID sign‑in; role and permission framework; multi‑factor authentication via email OTP and authenticator apps. Billing and subscriptions: integrated Stripe‑based recurring payments with tenant‑level plans and automated handling of renewals, cancellations, and failures. Operational features: email template management, multi‑language UI, database data encryption, background jobs, and admin dashboards for users, tenants, and settings. All of this ships with full source code so teams can extend patterns, integrate with their own services, and audit everything. Blazor‑specific benefits in Brick Starter When you choose the Blazor option in Brick Starter, you get a Blazor front end that is designed to sit on top of that SaaS‑ready backend rather than being a one‑off UI. That means your Blazor components immediately benefit from tenant context, permission checks, billing state, and localization that are already implemented server‑side. Advantages for full‑stack C# teams include: Single language end‑to‑end: C# for Blazor components, business logic, and backend services, reducing context switching and making it easier to share models and validation. Consistent patterns across clients: if you later add a React or Angular client, they call the same APIs and reuse the same multi‑tenant logic, making Brick a long‑term foundation rather than a Blazor‑only experiment. Faster onboarding: Blazor and .NET developers can work within familiar patterns while leveraging Brick’s opinionated modules for security, tenants, and payments. How Brick compares to other Blazor SaaS kits Placed alongside other Blazor SaaS templates, Brick can be summarized like this. Kit / template Primary focus Multi‑tenant & SaaS depth Front‑end scope BlazorPlate Blazor‑only multi‑tenant template Strong Blazor‑centric multi‑tenancy and localization; you add more SaaS ops as needed. Blazor WebAssembly/Server Clean‑arch Blazor kits Architecture and code quality Clean layering; enterprise SaaS features mostly DIY. Blazor only Custom GitHub Blazor SaaS templates Niche SaaS use cases or demos Varies; often Stripe + auth, but limited admin and tenant tooling. Blazor only Brick Starter (Blazor) Full SaaS boilerplate with multi‑front‑end support Tenant management, auth/MFA, Stripe billing, email templates, localization, encryption, admin panels. Blazor plus Angular, React, Vue, Next.js, Razor For teams that want not just a UI template but a reusable SaaS platform, Brick’s broader scope and shared backend architecture are important differentiators. When to choose Brick Starter for full‑stack C Brick Starter is usually the right Blazor SaaS kit when: You want full‑stack C# but do not want to design multi‑tenant, subscription, and security infrastructure yourself. You may need to support additional clients (SPA, mobile, or another JS framework) later, and you want a backend that is already built for that. You are a founder, product team, or agency that needs to standardize on a single .NET SaaS foundation across multiple apps, with predictable architecture and commercial support. In those cases, Brick Starter’s combination of Blazor front end, multi‑tenant SaaS backend, and full source code makes it a strong choice among Blazor SaaS starter kits for 2026 and beyond.
Verification Token 1764728136303: Revolutionizing Digital Authentication in 2024
Explore Verification Token 1764728136303, a quantum-resistant auth innovation. Dive into trends like AI integration, blockchain anchoring, and real-world apps in fintech, social media, and IoT for unbreakable digital security.
Zero-Prompt AI Assistants: Reading Minds Without a Single Command
Explore zero-prompt AI assistants that infer intentions without commands. Dive into trends like Project Astra, practical apps in homes and businesses, and the ethical future of intuitive tech.
Autonomous Agent Swarms: Revolutionizing Self-Managing Digital Ecosystems
Discover how autonomous agent swarms are building self-managing digital ecosystems, from supply chains to DeFi. Explore trends, applications, and the future of AI-driven intelligence.
Discover how on-device LLM acceleration is powering private edge AI on smartphones and IoT, boosting privacy, speed, and offline capabilities with the latest hardware, models, and apps.
Neural Context Engines: Redefining Real-Time Personalization in 2025
Discover how Neural Context Engines are transforming real-time personalization in 2025, from e-commerce to healthcare. Explore trends, applications, and the future of context-aware AI. (148 chars)
AI Copilots: Revolutionizing Coding, Writing, and Design Workflows
Discover how AI copilots are transforming coding, writing, and design with real-time assistance. Explore latest trends, tools like GitHub Copilot and Adobe Firefly, and productivity gains up to 55%.
Personalized AI Companions: Revolutionizing Emotional and Social Interactions
Discover how personalized AI companions are transforming emotional and social interactions with cutting-edge trends, real-world applications, and ethical insights. From mental health support to AR buddies, explore the future of digital companionship.
AI Voice Cloning: Crafting Lifelike Digital Voices from Mere Samples
Dive into AI voice cloning: from tech basics to trends like ElevenLabs' instant synthesis. Explore apps in entertainment, business, accessibility, plus ethics and future outlook. Lifelike voices from seconds of audio are here.
From Pixels to Motion: The Explosive Rise of AI-Generated Videos from Text and Images
Discover how AI tools like Sora and Runway are creating stunning videos from text or images. Explore trends, applications in marketing & entertainment, and the future of content creation.
Multimodal AI Revolution: Seamlessly Processing Text, Images, Audio, and Video
Explore multimodal AI models that integrate text, images, audio, and video. Latest trends like GPT-4o real-time processing, applications in healthcare and AV, challenges, and future outlook.
Personal AI Operating Systems: Multi-Agent Magic Running Your Daily Life
Discover how multi-agent Personal AI OS are revolutionizing daily life—from morning routines to work productivity. Explore trends, apps, and the future of autonomous AI assistants. (148 chars)
AI Agents: The Autonomous Revolution Redefining Task Automation
Discover AI agents: autonomous systems that plan, act, and learn to complete tasks independently. Explore 2024 trends, real-world apps, challenges, and the future of agentic AI revolutionizing work.
![[Boost]](/_next/image?url=https%3A%2F%2Fmedia2.dev.to%2Fdynamic%2Fimage%2Fwidth%3D800%252Cheight%3D%252Cfit%3Dscale-down%252Cgravity%3Dauto%252Cformat%3Dauto%2Fhttps%253A%252F%252Fdev-to-uploads.s3.amazonaws.com%252Fuploads%252Fuser%252Fprofile_image%252F3637957%252F246fb03e-3f7f-41c2-a9c7-53666c1cbdc2.png&w=3840&q=75)
