Jun 8
Vibe coders: your AI will happily write `eval(userInput)` and call it "clean, production-ready code."
It is not clean. It is not production-ready. It is a front door with no lock.
2
Interesting. Thanks for sharing.
But who in 2020 checks a user input against a stored hashed (password, etc) instead of hash_equals() especially for auth?! Curious.
if ($userInput == $storedHash) { // login success }
Great finding. 👍🏽.
May 30
Type juggling has been exploited in real #PHP authentication bypasses. Here's the classic:
if ($userInput == $storedHash) { // login success }
If $storedHash starts with "0e" followed by digits (like "0e462097"), PHP treats it as scientific notation: 0 * 10^462097 = 0.
An attacker just needs to find an input whose MD5 also starts with "0e" digits. Both sides evaluate to 0. 0 == 0 is true.
Known "magic hashes":
- MD5("240610708") = 0e462097...
- MD5("QNKCDZO") = 0e830400...
- SHA1("aaroZmOk") = 0e00000...
Fix: use === everywhere. Or better: hash_equals() for timing-safe comparison. Never == for security checks.
1
2
347
May 30
Type juggling has been exploited in real #PHP authentication bypasses. Here's the classic:
if ($userInput == $storedHash) { // login success }
If $storedHash starts with "0e" followed by digits (like "0e462097"), PHP treats it as scientific notation: 0 * 10^462097 = 0.
An attacker just needs to find an input whose MD5 also starts with "0e" digits. Both sides evaluate to 0. 0 == 0 is true.
Known "magic hashes":
- MD5("240610708") = 0e462097...
- MD5("QNKCDZO") = 0e830400...
- SHA1("aaroZmOk") = 0e00000...
Fix: use === everywhere. Or better: hash_equals() for timing-safe comparison. Never == for security checks.
1
8
62
2,675
Get paid $30 per hour by testing websites online.
Here are 5 companies that pay in USD to test websites from home:
1. UserFeel.
userfeel.com/
2. UserInput.
userinput.io/
3. TryMyUI.
trymata.com/
4. Userlytics.
userlytics.com/
5. UserZoom.
usertesting.com/platform/use…
3
53
148
9,301
May 4
TUB/BSC drained for ~45 BNB
single tx, zero capital
Pledge contract claim function (0xb45c9928) takes reward amount as user input.
no validation. no accounting.
attacker staked 1 LP token, claimed 4.77×10²⁷ TUB
basically: tranfer(msg.sender, userInput)
4
1
6
292
May 3
if userInput == "Hi" {
output = "hello"
}
LLMs are just with way more conditions and utilize probabilities.
LLMs are trained by other humans to sound human on writing by humans.
1
2
560
Here are 5 companies that pay in USD to test websites from home:
1. UserFeel.
userfeel.com
2. UserInput.
userinput.io
3. TryMyUI.
trymata.com
4. Userlytics.
userlytics.com
5. UserZoom.
usertesting.com
do well to like retweet and bookmark
19
9
75
6,504
Apr 29
Get paid $30 per hour by testing websites online.
Here are 5 companies that pay in USD to test websites from home:
1. UserFeel.
userfeel.com
2. UserInput.
userinput.io
3. TryMyUI.
trymata.com
4. Userlytics.
userlytics.com
5. UserZoom.
usertesting.com
1
1
8
79
Apr 22
You can earn $10–$50/day from crowdtesting by testing apps and websites from uTest, Test. io, Testbirds, TesterWork , userfeel, userlytics, Userinput,and Userzoom, some don’t require proxy
2
23
64
3,574
Apr 22
🚨 Get paid $30/hour just to test websites.
No skills. No investment. Just your honest feedback.
Here are 5 platforms paying in USD to test websites from home:
1. UserFeel
userfeel.com
2. UserInput
userinput.io
3. Trymata
trymata.com
4. Userlytics
userlytics.com
5. UserTesting
usertesting.com
Don’t just bookmark this.
Sign up. Test. Get paid.
1
6
14
1,236
Apr 21
Get paid $30 per hour by testing websites online.
Here are 5 companies that pay in USD to test websites from home:
1. UserFeel.
userfeel.com
2. UserInput.
userinput.io
3. TryMyUI.
trymata.com
4. Userlytics.
userlytics.com
5. UserZoom.
usertesting.com/company/care…
Don’t only bookmark, explore and take advantage of these opportunities.
12
50
256
22,273
全生命周期
是指把软件或某个功能从提出需求开始,一直到最终下线退役,都作为一个连续演进的对象来管理,而不只把它看成一次开发交付;对应到“特性落地全生命周期”,就是按照“需求→原型→迭代→用成熟方案重构→生产级优化→自动化运维加固”的路径推进:先用需求和原型快速验证方向、在迭代中不断修正,再把早期试验性实现替换为成熟方案并做结构化重构,随后补齐性能、稳定性、安全性等生产级能力,最后通过自动救活、可观察性建设和沉淀 agent 运维包等方式实现自动化运维加固,形成一个持续“去风险、提复用、提稳定、提效率”的闭环。
UserInput(全生命周期 / 特性落地全生命周期)
-> 需求
-> 原型
-> 迭代实现
-> 成熟方案替换
-> 结构化重构
-> 生产级优化
-> 自动化运维加固
-> 持续演进闭环
1
2
416
Apr 20
If you’re sleeping on this, you’re leaving easy money on the table.
You can earn $200–$400 weekly just by testing websites from your phone or laptop.
No advanced skills. No experience barrier.
Here’s how it works:
You get paid $10–$20 per test
Each test takes about 10–20 minutes
You can complete up to 4 tests daily
Do the math:
$20 × 4 tests = $80/day
$80 × 5 days = $400/week
What you’ll be doing:
•Navigate websites or apps
•Record short video feedback
•Share honest opinions on usability, design, or bugs
•Sometimes submit written feedback
That’s it. No complex tasks. Just real user experience.
Requirements:
•Smartphone or computer
•Internet access
•Ability to speak simple English
Two platforms to get started:
Platform 1: UserInput
Go to userinput.io → Click “Get paid to test” → Complete the 5-minute application
Platform 2: Trymata / QuestionPro UX
Trymata.com → Apply as a tester
Or
ux.questionpro.com/tester/pr… → Fill your profile
What happens after applying:
•You get approved (most people do)
•You receive test invites via email
•You complete tasks and get paid
Important:
UserInput tends to have more consistent opportunities globally (including Nigeria).
Trymata/QuestionPro may take time depending on your demographic, but opportunities do come.
If you’re serious about earning online, this is one of the simplest entry points.
No hype. Just execution.
Follow for more real ways to make money online.
Apr 11
If you’re in Nigeria and want to earn in USD remotely without VPN or proxy, read this carefully.
Most people think platforms like Outlier are the only option. They’re not.
There are legit AI task platforms you can access directly with a Nigerian IP.
Here are 8 you should know:
1.Uber AI
$1–$30 /hr
Pays directly to your bank account
2.Luel AI
$10–$25/hr
Stripe / Wise payouts
3.Remotasks
$3–$15/hr
PayPal / AirTM
4.Mindrift AI
$15–$100 /hr
Payoneer
5.Pareto AI
Up to $60/hr
PayPal
6.Appen (CrowdGen)
$5–$20/hr
Payoneer / PayPal
7.Mercor
$20–$150/hr
Stripe
8.TELUS Digital AI
$10–$25/hr
International payout systems
Now let’s break down how to actually start (most people get stuck here):
PLATFORM 1: Uber AI
What you need:
• NIN
• CV
• ND/HND/BSc
• Nigerian bank account
How it works:
1.Sign up with your email
2.Verify with code
3.Select Nigeria as your country
4.Access your task dashboard
Next:
• Click “Complete Onboarding”
• Choose task types (data labeling, etc.)
• Upload your documents
Then comes the test:
• ~30 minutes
• Questions based on your field
Important:
You can’t switch screens during the test
Smart move:
Use a second device if you need to research answers
After that:
• Add your bank details
• Set your work hours
• Start picking tasks
Reality check:
Pay is currently lower for Nigerian users, but consistency matters more than rates at the start
PLATFORM 2: Luel AI
This one is simpler to enter.
Steps:
1.Create account
2.Fill in your personal details
3.Select your devices (phone/laptop)
4.Choose your language skills
Then:
• Log in via magic link
• Connect Stripe
• Start browsing tasks
You’ll see things like:
• Conversations
• Recording tasks
• Simple AI training jobs
Tip:
More tasks show up over time, so check back daily
Final advice most people ignore:
Don’t jump on all platforms at once.
Pick 1–2
Learn how tasks work
Build accuracy
Then scale
That’s how you move from $0 to consistent weekly earnings.
Links in comments
20
81
433
54,871
优化理论研究如何在给定目标、约束与资源条件下选择最优方案的理论框架;作用是把“更好”转化为可分析、可比较、可求解的问题形式,为决策、设计与控制提供方法基础;相关概念有目标函数、约束条件、可行域、最优解、局部最优、全局最优、凸优化、算法;区别于一般的问题求解或经验调参,优化理论强调明确的评价标准、约束结构与最优性分析。
UserInput(优化理论)
-> 决策变量
-> 目标函数 / 约束条件
-> 可行解
-> 可行域
-> 优化问题
-> 最优性条件
-> 最优解(局部 / 全局)
-> 凸优化等典型结构
-> 求解算法
-> 优化理论框架
3
1
3
3,929
UserInput(金融知识体系终极指南)
-> 资源配置与价值认知
-> 经济学 / 金融学 / 财经框架
-> 基础金融关系(所有权 / 债权 / 信托 / 保险)
-> 基础金融产品(股票 / 债券 / 存款 / 基金 / 保险 / 外汇 / 商品)
-> 衍生金融工具(远期 / 期货 / 期权 / 互换)
-> 金融市场体系(一级 / 二级 / OTC / 衍生品市场)
-> 监管体系与规则框架
-> 学习路径 / 资格体系 / 职业路径
-> 金融科技与风险管理演化
-> 金融认知操作系统
2
2
3,128
UserInput(编程的指导方针)
-> 命名
-> PIE(意图表达)
-> SLAP(抽象分层)
-> DRY(一致性收敛)
-> KISS / YAGNI(复杂度克制)
-> OCP(变化隔离)
-> 可读且可控的代码结构
-> 可维护的模块 / 系统
-> 可持续演化的软件
编程的指导方针
1. KISS原则的核心就是“保持简单”,无论是写新代码、修Bug还是扩展功能,都应优先追求简洁,因为代码一旦被随意堆改,就会越来越复杂、混乱、难读、难测、难维护,最终拖慢开发和发布;相反,简洁的代码职责清晰、关系简单、易于理解和修改,也更方便团队协作。实践上要警惕三种让代码变复杂的常见冲动:为了炫技而硬塞新技术、为了“将来可能会用”而提前写过剩功能、以及程序员不经确认就擅自替用户加需求;真正应该做的是只保留当前运行和交付所必需的内容,持续删掉多余部分,把“不要画蛇添足”当成编程准则。这个原则不仅适用于代码,也适用于软件功能设计,因为用户往往更喜欢功能和界面都简洁的软件;它也呼应了“less is more”和“奥卡姆剃刀”的思想,即越少的非必要内容,往往越有力量、越容易理解,也越经得起长期演化。
2. DRY(Don’t Repeat Yourself,不要重复)原则:核心意思是不要在代码、常量、条件分支、注释,甚至开发流程里反复表达同一份逻辑或信息,因为复制粘贴式的重复会让代码量膨胀、可读性下降、修改时容易漏改或改错,尤其很多重复代码还是缺少测试的遗留代码,会让修复缺陷和添加功能越来越困难;解决办法是把重复内容抽象出来,把相同逻辑提炼成函数、模块,把相同数据定义成常量,让“一个意思只在一个地方存在”,这样既能减少代码、提升理解效率,也能集中修改、提高复用性和质量;它的思想还可以扩展到开发过程中的重复劳动,比如用持续集成自动完成构建、测试和发布;同时文中也说明,很多编程技术、设计模式和数据库中的 OFOP、OAOO 等理念,本质上都在追求消除重复,不过现实里像对象模型和数据库表之间的阻抗失配也会带来某些“不得已的重复”,这时就应尽量把信息集中到一处,再通过自动生成来减少重复和不一致。
3. YAGNI(You Aren’t Going to Need It,意为“你不会需要它”)是一条强调克制的开发原则,核心意思是只为当前明确存在的需求编写最低限度、真正需要的代码,不要因为“以后也许会用到”就提前设计复杂的扩展点、通用能力或额外功能,因为软件变化难以准确预测,预先准备的大量代码往往最后既用不上,还会增加复杂度、降低可读性、提高维护成本;因此在多个方案中,应优先选择基于当前需求、能直接工作的简单方案,而不是看似更通用却更复杂的方案,因为简单代码通常更容易理解、修改和扩展,这种思想不仅适用于代码结构,也适用于产品功能设计,与“选择一个可能有效的最简单方案去做”的 DTSTTCPW 原则高度一致。
4. PIE(Program Intently and Expressively)原则,核心意思是写代码时要把“意图”清楚地表达出来,因为代码首先是给人读的,也是理解软件真实运行方式最可靠、往往也是唯一的依据,所以应把可读性放在比编写方便、甚至比执行效率更优先的位置;好代码不是炫技,而是能让别人甚至未来的自己快速看懂“做什么、怎么做、为什么这样做”,其中“为什么”往往还需要通过注释补充说明,这样才能减少维护时到处救火的“打地鼠式开发”;文中还提到“文学编程”是这种思想的极致形式,即把代码和说明写成一个整体,让程序像故事一样可读,虽然实践成本较高未广泛普及,但“代码应自解释、能传达设计意图”的理念被保留并浓缩成了 PIE 原则。
5. SLAP(单一抽象层次原则)强调在同一个函数、模块或类中,代码应保持一致的抽象层级,不要把“执行业务逻辑”这类高层意图和“连接数据库”“处理细节”这类底层操作混杂在一起;实践上就是把代码拆成结构清晰的小函数,让上层函数只负责表达步骤和意图,下层函数负责具体实现,使整体像一本层次分明的书:高层像目录,中层像章节,底层像正文。这样做能显著提升代码的概括性、可读性和理解流畅度,避免阅读时抽象层次突然跳变造成混乱。SLAP不仅适用于函数,也适用于模块和类设计,例如用抽象类承载高层概念、子类承载低层实现;落实时可以像写文章一样,把“写具体内容”和“整理结构层次”分开处理,先实现功能,再统一抽象级别,从而写出更清晰、更易维护的代码。
6. OCP(开闭原则)指软件设计应“对扩展开放、对修改关闭”,也就是新增功能时尽量通过扩展已有系统来实现,而不是改动原有代码,从而避免牵一发而动全身,提高系统在长期变化中的稳定性和灵活性;实现上通常会把容易变化的部分抽象到接口后面,让客户端依赖稳定接口而不是具体实现,这样新增一个实现类就能接入新功能而不必修改原有调用方;不过 OCP 不是所有场景都要强行使用,因为在变化尚未发生前过度抽象会让代码变复杂,所以更合理的做法是先识别真正可能变化的部分,再对这些“流动元素”进行封装;它常借助多态来实现,但并不局限于面向对象语言,在设计模式中像 Strategy、Observer、Template Method、Decorator 等也都体现了这一思想,其核心本质与 GRASP 中“受保护变化”的理念一致,即用稳定接口隔离不稳定实现,把变化的影响控制在局部。
7. 在编程中,命名不是小事,而是决定代码质量、设计成熟度和沟通效率的关键,因为一个名字如果准确,就说明程序员已经真正理解了这个元素的职责与意图,代码阅读者也能仅凭名字快速把握函数、变量或模块的用途,减少反复钻研内部实现的负担;反过来,含糊、晦涩或自创的名字会制造歧义,迫使人做“心理映射”,让阅读、修改和使用代码都变得更费脑力,最终形成持续的维护成本,因此写代码时应该先认真想名字,并让名字尽量包含足够信息、无歧义、描述效果和目的而非实现手段、容易发音、容易搜索、符合领域和语言习惯,最好还能通过“环回检测”验证名字是否能准确还原原本的说明,从而让代码更易读、易用、易维护。
2
6
1,056
Apr 18
v0.preview.13 — 2026-04-17 ✨
This update is focused on offline mode
now added progress bar the the loading doesn't not feel like it freezes.
• Added initial Claude Code SDK (agent-sdk)
• Added offline mode support for headless, serve, and channel modes
• Added offline mode loading progress bar
• Promoted Evt::UserInput to a protocol-level event
• Refactored agent-sdk so CLI now owns the session ID
• Dropped redundant search_incomplete field from GrepResult
4
393