Your laptop has a CPU. A CPU runs code one operation at a time, very fast. For Python scripts, data processing, and small models, it is completely fine. Training a neural network is different. A single training step involves millions of matrix multiplications. A CPU does these sequentially. Even a decent laptop CPU takes minutes per epoch on a small image dataset. A real training run can take hour
A short guide to organizing FastAPI apps beyond a single main.py file. FastAPI makes it easy to start with a single main.py file. That is great for demos, prototypes, and small APIs. But once your application grows, one file can quickly turn into a mix of routes, database logic, security helpers, settings, and business rules. A clear project structure helps keep the app easier to understand, test,
AI Prompting techniques: Zero-shot, One-shot, Few-shot After using the ChatGPT and other AI tools, I used to think prompts were just simple text inputs that AI models magically processed. But as mentioned in my Day 1 post: AI models are just next-word predictors, not thinkers. They predict based on training data (though modern ones now use real-time search and tool calling for better results). The
Building an AI-Powered Quantitative Trading System with Hermes Agent and IBKR How I set up a multi-signal ETF trading bot that runs on autopilot — and the 7 things that broke along the way I wanted a system that watches the market 24/7, analyzes technical indicators across multiple ETFs, and executes trades automatically. No manual chart-checking. No emotional decisions. Just cold, calculated si
I wanted to understand how AI coding tools actually work under the hood. Not just use them — but build one myself. So I built AgentCode: an open-source, multi-model agentic coding CLI. You type a request in plain English, and it reads your codebase, writes code, runs tests, manages git — all autonomously. Here's what I learned building it. Every agentic coding tool — no matter how polished — runs
Your application fetches a URL. The user supplied it. Your server makes the request, follows the redirect, and returns the content. The URL pointed to http://169.254.169.254/latest/metadata/iam/security-credentials/production-role. Your application just handed the attacker your cloud credentials. SSRF lets an attacker trick your server into making requests on their behalf — to internal services, c
At 4:59 PM on a Friday, I was about to close my laptop and sneak out when the QA colleague's icon flashed on DingTalk: "Come check this out. The support bot remembers I'm Zhang San, but when I ask for my order number, it insists it belongs to Li Si." I pulled up the logs and saw LangChain's ConversationBufferMemory behaving like it had severe amnesia — Session A was mixing up chat history from Ses
How to Prevent IDOR Vulnerabilities in Django REST APIs An authenticated user changes /api/orders/42/ to /api/orders/43/ and reads someone else's order. No privilege escalation needed — the endpoint just returns it. This is IDOR in its simplest form, and it's endemic in Django REST Framework code because DRF makes it trivially easy to wire up a ModelViewSet that exposes every object in a table.