SShortSingh.
0
ProgrammingDEV Community ·

New CLI tool mcp-audit exposes security flaws in MCP server configurations

A developer building MCP server integrations for Claude and Cursor discovered serious security gaps after running a self-built auditing tool called mcp-audit on their own setup, which scored 0 out of 100. The tool flagged issues including a remote server with no authentication, a plaintext GitHub token stored in a config file, unpinned auto-updating executables, and an overly broad filesystem access scope. A 2026 analysis of roughly 7,000 public MCP servers found that 41% require no authentication and 36.7% are vulnerable to SSRF attacks, highlighting how widespread these risks are. The tool also revealed that running multiple MCP servers can silently consume 50,000 to 75,000 context tokens per request, increasing costs and latency before a user types a single prompt. mcp-audit is a free, open-source, zero-dependency CLI that runs entirely locally and supports config files from Claude Desktop, Cursor, VS Code, and other clients.

0
IndiaTimes of India ·

US Strikes 10 Iranian Military Sites Near Strait of Hormuz After Tanker Attack

US forces carried out strikes against 10 Iranian military targets located near the Strait of Hormuz. The operation was ordered by President Trump in response to an Iranian drone attack on a commercial oil tanker. The targeted sites included surveillance, communication, and drone-related facilities. The strikes represent a significant escalation even as an interim ceasefire remains nominally in place. Washington has warned that further military action could follow if hostilities continue.

0
ProgrammingDEV Community ·

Developer Builds Five-Brain Cyber-Physical Closed-Loop System for Type 1 Diabetes

Developer Omer Giladi has designed a five-component cyber-physical architecture aimed at managing Type 1 Diabetes through automated closed-loop control. The system, versioned 8.5.0, integrates bio-acoustic resonance and cybersecurity protections into its design. Built using FastAPI, the architecture incorporates glucose sensing, epsilon smoothing, and metabolic frequency generation to guide insulin dosing decisions. The system uses the golden ratio (PHI) in its predictive calculations and triggers acoustic responses when glucose drops below 70 mg/dL. The project represents an experimental engineering approach to automating blood sugar regulation in T1D patients.

0
ProgrammingDEV Community ·

Developer builds LLM router that assigns different AI models based on article type

A developer has built an automated content pipeline that routes article generation to different AI models depending on content type and priority, with premium pieces going to stronger models and high-volume drafts to cheaper, faster ones. The system includes a cascade failover to prevent stalls when a provider hits rate limits. Before publishing, every draft passes through anti-AI-language cleanup, a quality scoring judge, and a structural schema check. A daily job re-scores recently published content and automatically regenerates pieces that fail quality thresholds. The pipeline currently powers two live niche content sites, with the developer targeting a $30,000 monthly run-rate across 30 sites within two years.

0
ProgrammingDEV Community ·

How to Build a Production MLOps Pipeline on Azure Databricks with Spark and MLflow

A technical tutorial published on DEV Community outlines how to construct a production-grade feature engineering pipeline using Azure Databricks for large-scale machine learning workloads. The guide leverages Apache Spark for distributed data transformation, Delta Lake for versioned and ACID-compliant feature storage, and MLflow for tracking pipeline runs and model experiments. The architecture follows the Medallion pattern, organizing data across Bronze, Silver, and Gold layers that progressively clean and enrich raw data before model training. A customer churn prediction system serves as the primary use case, though the author notes the patterns are broadly applicable to any ML feature pipeline. Code examples demonstrate append-only Bronze ingestion, Silver-layer deduplication and schema enforcement, and Gold-layer feature aggregation using PySpark and Delta Lake merge operations.

0
ProgrammingDEV Community ·

Arduino Dual-Sensor System Combines Ultrasonic and Infrared for Full Obstacle Detection

A developer tutorial on DEV Community demonstrates how combining an HC-SR04 ultrasonic sensor with an infrared sensor on an Arduino board can overcome the blind spots of each individual sensor. Ultrasonic sensors excel at detecting distant objects across a range of roughly 2cm to 400cm but struggle with soft or angled surfaces that scatter sound waves, while infrared sensors respond quickly at close range but fail on dark surfaces that absorb infrared light. By running both sensors simultaneously, the system uses dual-verification logic so that when one sensor fails, the other serves as a backup — for example, detecting light-colored foam that scatters sound but reflects infrared light. The full hardware setup costs under approximately NT$300 and includes an Arduino Uno or Nano, the HC-SR04 module, and an infrared obstacle detection module. The project is aimed at hobbyists building obstacle-avoidance robots and is described as accessible to high-school-level programmers.

0
ProgrammingDEV Community ·

Why a Slight Delay in Interactive Exhibits Makes Visitors Stay Longer

Interactive museum exhibits that respond instantly often lose visitor interest quickly, while those with a brief 0.3–2 second 'thinking pause' before reacting tend to hold attention far longer. This design principle works because a small delay creates uncertainty in the visitor's mind, triggering curiosity about whether the exhibit has truly noticed them. The concept draws on game design research, including analysis of Super Mario's question blocks, which kept players engaged by making them believe a reward was imminent even when none appeared. Designers can apply this by layering feedback responses and introducing an unknown variable so that each interaction feels slightly different from the last. The core insight is that people do not simply want to operate a machine — they want to feel that the space around them is aware of their presence.

0
ProgrammingDEV Community ·

Browser Mic Turns Glass Tapping Into Visual Music Using Web Audio API

A developer has built a no-install, browser-based interactive toy that uses a computer microphone to detect the pitch of tapped water glasses. The project relies on the browser's getUserMedia API to capture live audio and convert it into a real-time data stream. Fast Fourier Transform (FFT) is then applied to analyze the frequencies present in each tap. Depending on whether the detected pitch is low, mid, or high, the screen responds with distinct color changes, geometric animations, and musical note labels. The entire tool runs from a single HTML file, requiring no downloads or external software.

0
ProgrammingHacker News ·

How Treating Music Practice as a Chore Helped One Artist Improve

A musician shares their personal experience of deliberately reframing music practice as a routine chore rather than a passion-driven activity. The author argues that removing the emotional pressure of inspiration allowed them to practice more consistently. By treating it like any other daily task, they were able to build discipline and improve their skills over time. The essay, published on their personal blog, challenges the common notion that artistic progress requires constant motivation or creative enthusiasm.

0
WorldBBC World ·

US Strikes Iran After Second Shipping Attack; Iran Hits Back at Gulf Bases

The United States launched military strikes against Iran following a second attack on shipping vessels in the region. Iran subsequently announced retaliatory strikes targeting US infrastructure located in Kuwait and Bahrain. The exchange marks a significant escalation in hostilities between the two countries. The incidents raise serious concerns about broader regional stability across the Gulf.

0
ProgrammingHacker News ·

Decomp Academy offers 250+ free lessons on decompiling GameCube games into C

A developer who taught himself game decompilation while working on Star Fox Adventures has launched Decomp Academy, a free interactive platform for learning PowerPC assembly decompilation. The site runs a live Metrowerks CodeWarrior compiler that converts C code into assembly and checks it against a target with strict, instruction-level accuracy. Over 250 lessons are available without requiring sign-up, starting from the basics and scaling up for those with some programming background. Several lessons feature real functions drawn from open-source decompilation projects including Metroid Prime, Pikmin, and Mario Party 4. The project is fully open source, with lessons stored in markdown for easy community contributions, and a C++ section is currently in development.

0
ProgrammingDEV Community ·

Developer launches Nyra, a language blending Rust safety with JavaScript syntax

A developer has created Nyra, a new programming language that combines Rust's memory safety model with JavaScript-inspired syntax. The language features compile-time memory management through a Rust-like ownership system, eliminating the need for a garbage collector. Nyra supports optional typing with aggressive type inference, aiming to offer a dynamic coding feel without sacrificing performance or safety. It uses an LLVM backend to compile code into efficient machine code. The project is still in early development, and the creator is actively seeking community feedback on syntax, architecture, and ownership edge cases.

0
ProgrammingDEV Community ·

Developer fixes memory and goroutine leaks in open-source Nuclei vulnerability scanner

A developer identified and resolved persistent memory and goroutine leaks in ProjectDiscovery's Nuclei vulnerability scanner engine, documented in Issue #7503 and Pull Request #7508 on GitHub. The leaks surfaced when Nuclei was embedded as an SDK inside long-running microservices, where memory usage grew steadily and orphaned goroutines persisted even after the engine was closed. Three root causes were found: an unbounded sync.Map storing host-port mappings, unreleased per-host rate limiter goroutines, and cached template parsers that were never purged between engine instances. Fixes included replacing the unbounded map with a capacity-capped, expirable LRU cache, updating the protocol state teardown to release rate limiter workers, and adding a thread-safe cache purge method invoked during engine shutdown.

0
ProgrammingDEV Community ·

Ollama Lets You Run Large Language Models Locally Without Cloud or API Keys

Ollama is an open-source tool that allows users to run large language models (LLMs) directly on their own machines, eliminating the need for API keys, cloud services, or internet connectivity. It bundles model weights, a runtime built on llama.cpp, and a CLI/REST API into a single package compatible with macOS, Linux, and Windows. Installation takes only a few minutes via a downloadable installer or command-line script, after which users can pull and chat with models like Llama 3.2 or Qwen using simple commands. The tool supports a wide range of use cases — from general conversation and coding assistance to reasoning, vision, and embeddings — with model choices tailored to available RAM or VRAM. While local models currently lag slightly behind frontier cloud models such as GPT and Claude in raw capability, the performance gap is reportedly narrowing.

0
ProgrammingDEV Community ·

Key Kubernetes Metrics That Actually Matter for Production Monitoring

A four-year production Kubernetes practitioner outlines a focused observability strategy across three distinct layers: cluster health, workload health, and application performance. Rather than tracking every available metric, the guidance emphasizes cluster-level capacity alerts over individual node CPU, and monitoring services instead of ephemeral pods. Critical signals include pod crash-loop detection, HPA scale-ceiling hits, and application-level error rates and latency using the RED and USE methods. A single four-panel dashboard covering capacity, workload status, error rates, and Kubernetes events is recommended to answer most operational questions quickly. Common pitfalls highlighted include ignoring the control plane, skipping resource requests, and alerting on raw resource usage instead of service-level objectives.

0
ProgrammingDEV Community ·

How to Build a Real-Time AI Recommendation Agent Using AWS Bedrock and Kinesis

A software developer has published a technical guide detailing how to build an AI-powered recommendation system that responds to user behavior in real time, replacing traditional batch-processing approaches. The architecture uses Amazon Kinesis to ingest and route user interaction events, AWS Lambda to process and enrich those events, and Amazon Bedrock as the AI reasoning and recommendation layer. DynamoDB stores user profiles and caches fresh recommendations, while S3 archives raw events for future model retraining. A key design choice keeps the AI inference pipeline fully asynchronous, so users are served cached recommendations instantly while updated ones are computed in the background. The result is a system where a user's recommendation set can refresh within seconds of their behavior changing, rather than waiting for an overnight batch job.

0
IndiaTimes of India ·

Ethan Vaz, 14, becomes India's 96th Chess Grandmaster after family's decade-long sacrifice

Ethan Vaz has earned the title of Grandmaster at age 14, becoming India's 96th GM in chess. He was born shortly after the 2011 Fukushima nuclear disaster prompted his family to relocate from Japan to India. His journey has been shaped by significant family sacrifice, including financial hardship and unwavering parental support. Ethan gave up cartoons early in childhood to dedicate himself to the game. His achievement reflects both exceptional natural talent and a family's wholehearted commitment to nurturing it.

0
ProgrammingDEV Community ·

How to Build a Unified ROS 2 Serial Bridge for Yahboom 520 Motor Drivers

Developers building 2WD differential drive robots with Yahboom 4-Channel Encoder Motor Driver Boards face a common serial communication conflict when using ROS 2. The Yahboom board uses an onboard STM32F103RCT6 microcontroller to handle encoder reading and PID control, communicating with the host processor via simple UART serial commands. Running separate ROS 2 nodes for odometry and velocity control on the same serial port causes a Linux resource-busy error, since the OS blocks multiple processes from binding to one device simultaneously. The solution is a single unified ROS 2 Python bridge node that holds one shared serial file handle and manages both velocity commands and encoder polling asynchronously at 20Hz. This bridge subscribes to the /cmd_vel topic and publishes odometry data to /odom, sitting cleanly between Nav2 and the physical hardware.

← NewerPage 124 of 183Older →