Yue Wang’s Post

When I first saw our production database hitting 99% utilization, I thought we needed a bigger server. I was wrong. The real problem wasn’t infrastructure. It was one unoptimized query quietly running inside a loop. Development was fast. Production exposed everything. I just published a deep dive on Django Query Optimization — covering N+1 problems, select_related vs prefetch_related, aggregations, indexing strategies, and real-world mistakes that slow apps down. here is my article link https://lnkd.in/gViDwwVd If you’re building APIs in Django, this might save you from a painful production incident. Would love to know: Have you ever faced a performance issue that wasn’t obvious at first? #Django #BackendDevelopment #Python #DatabaseOptimization #WebPerformance

Excited to release plyra-guard — open-source action middleware for AI agents. The problem: agents take real-world actions with no safety layer between the LLM's decision and execution. plyra-guard intercepts every tool call before it runs — policy engine, full audit log, built-in dashboard. Sub-2ms overhead, works with every major framework. pip install plyra-guard Apache 2.0. 217 tests. Python 3.11–3.13. Check out the link in Comments! #AgenticAI #Python #OpenSource #LLM

Built a URL shortener in C from scratch Not in Python, Not with a framework. Raw C, custom HTTP server and SQLite for persistence. At first it worked fine, but under load? Every redirect = a database read. Every database read = disk I/O. At scale, this is the bottleneck. What worked? An in-memory LRU cache in front of SQLite (sounds tempting but its not). The result: i) Frequently accessed URLs served from memory ii) SQLite reads dropped significantly around iii) Latency on hot URLs got much faster | 2x faster Most real-world URL traffic follows a power law. A small percentage of URLs get the majority of hits and a cache exploits exactly that pattern. Github: https://lnkd.in/gshFUnFj

Migrated from Node.js (Express) to FastAPI Recently, I rebuilt one of my APIs from Node.js to FastAPI — and here’s what changed: 🔹 Manual validation → ✅ Pydantic models 🔹 Custom Swagger setup → ✅ Auto-generated docs 🔹 More boilerplate → ✅ Cleaner & structured code 🔹 Middleware logic → ✅ Dependency Injection ⚡ Performance: FastAPI felt faster and more structured (especially with Python typing). 🛠 Maintenance: Easier due to built-in validation & documentation. If you're working with Python or ML stack, FastAPI is a solid choice for modern APIs. #Backend #FastAPI #NodeJS #Python #APIDevelopment

I put together a local text-to-speech project using Qwen3-TTS, wrapped in a C# console app and run inside Docker. It takes text from the command line, generates MP3 or WAV files, supports custom output names, and lets you override the voice and speaking style for each run. The repo is set up with the source folder mounted into the container, so code changes are available on the next run without rebuilding the image unless dependencies change. It’s a practical example of combining .NET, Python, Docker, and local AI in a development workflow. Repository: https://lnkd.in/eDuDbjdf #dotnet #csharp #python #docker #ai #tts #machinelearning #opensource

Currently working through a Flask tutorial. At this stage, I’ve been learning and implementing: • Flask routing and request handling (GET vs POST) • User authentication and session management • Extending data models and handling migrations • Server-side forms with validation • Tracking user activity with UTC timestamps • Using Jinja templates and template inheritance It’s been helpful in understanding how backend logic, database state, and templates come together in a real Flask application. #Python #Flask #WebDevelopment #BackendDevelopment #LearningInPublic

Bokeh, Origin Validation Bypass, CVE-2026-21883 (Medium) CVE-2026-21883 is a vulnerability in the Bokeh interactive visualization library for Python, specifically affecting versions 3.8.1 and below . The flaw resides in the server's `match_host` function within server/util.py, which is responsible for validating WebSocket connection origins against an administrator-defined allowlist (e.g., dashboard.corp) . The vulnerability arises because the validation logic uses Python's `zip()` function to compare the hostname parts against the pattern....

Bokeh, Origin Validation Bypass, CVE-2026-21883 (Medium) CVE-2026-21883 is a vulnerability in the Bokeh interactive visualization library for Python, specifically affecting versions 3.8.1 and below . The flaw resides in the server's `match_host` function within server/util.py, which is responsible for validating WebSocket connection origins against an administrator-defined allowlist (e.g., dashboard.corp) . The vulnerability arises because the validation logic uses Python's `zip()` function to compare the hostname parts against the pattern....

Dworshak configuration ecosystem rising. Now with libraries and CLI sub apps for: - dworshak-secret - dworshak-config - dworshak-env - dworshak-prompt It has never been easier to reach your users (or yourself) for cross-platform, stable credentials and config values scripted in your Python code and also managed with the `dworshak` CLI. Come see what we are up to. https://lnkd.in/ey5M2Bnc

What is Dependency Injection? DI is a design pattern where an object receives what it needs (DB session, client, cache, config) instead of creating those dependencies itself. That small shift pays off: - looser coupling (swappable implementations) - easier testing (fake/stub dependencies) - cleaner architecture (objects do one job) In Python, DI often turns into either manual wiring everywhere or heavy frameworks. That's why we built #diwire: An extremely fast type-driven DI container for Python that builds your object graph from type hints with dependencies, scopes + deterministic cleanup, async support, and integrations with the most popular libraries (FastAPI, Pydantic, and more). If you want a concrete "this is how it looks in a real app" example, start here: GitHub: https://lnkd.in/gshHbkWP Integrations docs: https://lnkd.in/gDz_Phya