DEV Community: so1

We made an open-source DICOM viewer HIPAA-compliant — here's how

so1 — Thu, 28 May 2026 16:17:23 +0000

Body:

Open-source medical imaging tools have zero security. No access control, no audit logs, no encryption at rest.

HIPAA Vault adds a compliance layer to OHIF Viewer: AES-256-GCM encryption, RBAC access control, full audit trail, BAA-ready logging, and PHI auto-masking.

┌────────────────┬───────────┬─────────────┐

│ Capability │ Before │ After │

├────────────────┼───────────┼─────────────┤

│ Encryption │ None │ AES-256-GCM │

├────────────────┼───────────┼─────────────┤

│ Access control │ None │ RBAC │

├────────────────┼───────────┼─────────────┤

│ Audit │ None │ Full trail │

├────────────────┼───────────┼─────────────┤

│ BAA │ Not ready │ Documented │

└────────────────┴───────────┴─────────────┘

25 encryption tests passing. MIT licensed.

Contact: 16208204@qq.com

We built an AI memory system that evolves itself — here's why MemOS should be worried

so1 — Thu, 28 May 2026 16:16:07 +0000

Body:

EdgeMem SDK v5 does three things no other open-source memory system does:

Self-Evolving Memory (L1→L2) — 3+ fragments on same topic → auto-consolidated into insight
Memory Correction with Audit Trail — Fix a memory, original preserved, correction logged
Cross-Task Skill Reuse — Patterns crystallize into reusable skills automatically

┌───────────────────┬─────────┬────────────┐

│ Feature │ MemOS │ EdgeMem v5 │

├───────────────────┼─────────┼────────────┤

│ Self-evolving │ ✅ │ ✅ │

├───────────────────┼─────────┼────────────┤

│ Memory correction │ ❌ │ ✅ │

├───────────────────┼─────────┼────────────┤

│ Full audit trail │ ❌ │ ✅ │

├───────────────────┼─────────┼────────────┤

│ Local-first │ Partial │ ✅ Full │

├───────────────────┼─────────┼────────────┤

│ License │ Custom │ MIT │

└───────────────────┴─────────┴────────────┘

Contact: 16208204@qq.com

We patched Chromium with 49 C++ hooks to beat Cloudflare — here's how BrowserHand works

so1 — Thu, 28 May 2026 16:06:55 +0000

Body:

Every web scraper hits the same wall: Cloudflare.

You rotate IPs. You spoof headers. You use Playwright's stealth plugin. And Cloudflare still blocks you — because it checks things no JavaScript library can fake: WebGL renderer fingerprint, font enumeration,

audio context, hardware concurrency, Canvas2D image data, WebRTC local IPs, and more.

BrowserHand takes a different approach — C++ hooks at the Chromium binary level.

Instead of patching JavaScript objects at runtime (which Cloudflare can detect), we patched the browser engine itself. 49 hooks across 12 subsystems:

GPU: Forced WebGL vendor/renderer strings at the driver layer
Fonts: Controlled which system fonts the browser exposes
Audio: Faked audio context fingerprint at the OS level
Network: Spoofed WebRTC IPs before the JS runtime could read them
Canvas: Injected noise into Canvas2D/SVG fingerprinting reads
Timing: Normalized JS timer precision to match real hardware profiles

The result: same browser, same IP, same everything — but the fingerprint looks like a real Windows/Chrome user in Dallas, Texas.

After 6 months of production use across 200+ sites:

┌──────────────────────────┬─────────────────────────────┬─────────────────────┐

│ Metric │ Before (Playwright stealth) │ After (BrowserHand) │

├──────────────────────────┼─────────────────────────────┼─────────────────────┤

│ Cloudflare bypass rate │ 34% │ 92% │

├──────────────────────────┼─────────────────────────────┼─────────────────────┤

│ reCAPTCHA v3 pass rate │ 28% │ 87% │

├──────────────────────────┼─────────────────────────────┼─────────────────────┤

│ Average session lifetime │ 12 min │ 4+ hours │

├──────────────────────────┼─────────────────────────────┼─────────────────────┤

│ Detection rate │ 66% flagged │ <8% flagged │

└──────────────────────────┴─────────────────────────────┴─────────────────────┘

It's not a SaaS. It's a Go binary you run locally. No cloud dependency, no logs leaving your machine.

If you're fighting Cloudflare, reCAPTCHA, or any bot detection system — the approach matters more than the tool. Binary-level patching beats JS-level stealth every time.

For implementation details and licensing: 16208204@qq.com

How We Replaced Claude with DeepSeek in a Popular AI Infrastructure Project — and Cut Costs by 97%

so1 — Thu, 28 May 2026 15:37:30 +0000

Body:

There's a popular open-source project called Personal AI Infrastructure (PAI). Great concept — Life OS, Pulse dashboard, 171 workflows. But it has one critical flaw: hardcoded to Claude only.

No other models. No choice. If Claude's down or too expensive, you're stuck.

We forked it and swapped the model layer with our 9router Gateway. Here's what changed:

Before:

Only Claude Code CLI ($15 per 1M tokens)
No audit logging
No rate limiting
Vendor locked

After:

DeepSeek ($0.50 per 1M tokens — that's 97% less)
OpenAI fallback option
Full audit trail on every API call
Rate limiting built in
Provider switchable at runtime

The transformation took one evening. The gateway module is clean — about 100 lines of core logic. Audit log, rate limits, multi-provider support all built in.

What the end customer gets:

Choose their own model provider
97% cost reduction if they pick DeepSeek
Full audit compliance for enterprise use
No vendor lock-in

If you're running PAI or thinking about it — you don't have to be stuck on one model.

For the full transformation guide and commercial inquiries:16208204@qq.com

opensource #AI #DeepSeek #Claude #PAI