今日已更新 99 条资讯 | 累计 21318 条内容
关于我们

今日精选

HOT

最新资讯

共 21318 篇
第 133/1066 页
AI 资讯 Dev.to

Your Background Subagents Can Leak Secrets — Build the Isolation Model

Developers flagged a freshly filed, reproducible issue that should make anyone running background agents pause: Claude Code's background Opus subagents intermittently stall on their first turn and, instead of producing useful work, emit system-prompt fragments — including text shaped like authorization data — as their only output. It's labeled a security issue, it has a reproduction, and it's open. That's enough to treat it as a real, if intermittent, class of failure. Here's the mental model that matters: a subagent is not a trusted subprocess. It's an autonomous loop with access to a context window, a toolset, and — too often — the same credentials as its parent. When that loop stalls and dumps its prompt instead of its result, anything that was in context is now in output. Authorization-shaped text leaking is the canary: if the prompt carried a token, a session string, or an internal endpoint, that's what surfaces. The fix is structural, not reactive. Three rules: 1. Scope credentials per subagent, not per session. A background agent that only needs to read a repo shouldn't hold deploy keys. Hand it the narrowest token that completes its task and revoke it when the task ends. If the tooling can't scope credentials, that's a gap to close before you scale subagents. 2. Treat subagent output as untrusted. Anything a subagent returns — including error text, logs, and especially "stalled" dumps — should be parsed and sanitized before it touches shared state. Don't pipe raw subagent output into a context that feeds other agents or into any log that leaves your machine. 3. Separate the system prompt from the working context. The leak happened because authorization-shaped content sat in the same window the subagent could echo. Keep credentials and internal routing data out of the prompt that a stalled loop might surface. Put them in a side channel the model can call, not text it can print. The deeper lesson is about failure modes, not one bug. Most agent setups assume th

TerminalBlog 2026-07-11 23:44 5 原文
AI 资讯 Dev.to

Tencent's Hy3 Coding AI Puts Input Tokens at $0.14 Per Million

The feed showed a new entrant worth watching: Tencent has launched Hy3, a coding-focused AI model, with input tokens priced at $0.14 per million. For developers who live in the terminal running coding agents, that price point lands well below the per-token rates most frontier models charge, and it puts a major lab's coding model into the "cheap enough to leave running" category. What makes this interesting isn't just the number — it's the positioning. Hy3 is being pitched specifically as a coding AI, not a general chatbot, which suggests vendors are starting to carve out developer-facing models with their own pricing tiers rather than forcing coders to pay general-purpose rates. Developers spotted the launch in the daily AI news roundup and immediately started comparing it against the cost of running their existing agents. The catch, as always, is what the headline price doesn't tell you: output token cost, context-window limits, and how the model actually performs on real repository tasks all remain open questions. A low input price is meaningless if output is expensive or if the model needs five retries to get a diff right. Still, a credible cheap coding model from a major player is exactly the kind of pressure that nudges the whole category toward per-token transparency. If nothing else, it gives every other vendor a new number to justify theirs against.

TerminalBlog 2026-07-11 23:44 7 原文
AI 资讯 Dev.to

Learning Xahau: HookOnV2, NamedHooks, and Transaction Simulation. More Control Over When and How Hooks Fire.

Welcome to Learning Xahau, a series of articles dedicated to helping developers, builders, and blockchain enthusiasts better understand the Xahau ecosystem. Whether you're just getting started or already building advanced applications, these posts will explore Xahau's features, architecture, and best practices through practical examples and real-world use cases. If you've been building with Hooks on Xahau, you know the basic loop: write a C program, compile it to WebAssembly, install it on an account, and it fires automatically when that account is involved in a transaction. Simple and powerful, but until the 2026.6.21 major release, there were some friction points that made real-world hook architectures more complicated than they needed to be. This release ships three improvements that directly address those friction points: HookOnV2 : split the single HookOn bitmask into separate HookOnIncoming and HookOnOutgoing controls NamedHooks : assign a human-readable name to each hook slot, so senders can choose which hook to activate Simulate RPC : preview a transaction including all hook executions without spending fees or changing ledger state None of these require rewriting your hook logic. They are configuration and tooling improvements at the SetHook and transaction level. But they fundamentally change what you can build cleanly. All code in this article targets the Xahau Testnet ( wss://xahau-test.net ) and requires xahau.js 4.1.1 or later. Clone the companion repository: git clone https://github.com/Ekiserrepe/learningxahau20260621.git cd learningxahau20260621 npm install Copy .env.example to .env and fill in the seeds used across these examples: cp .env.example .env HUB_SEED = # account that installs the directional hook (07, 08, 09) NAMED_HUB_SEED= # account that installs and owns the named hooks (10, 11, 13, 14) SENDER_SEED = # account that sends payments targeting a named hook (12, 14) All accounts need testnet funds from the Xahau Testnet Faucet . HookOnV2: Di

Ekiserrepe 2026-07-11 23:38 6 原文
AI 资讯 Dev.to

The JDK's forgotten JMX protocol

Every Java engineer who has connected JConsole — or JDK Mission Control — to a server in another network segment knows the ritual. Open the JMX port. Discover that RMI quietly opened a second port — random by default. Pin it with a system property nobody remembers without searching. File a firewall ticket for both. Wait. What fewer people know: the JMX specification shipped with the second remote transport that has none of these problems. One socket, one port, TLS underneath if you want it. It's called JMXMP — the JMX Messaging Protocol. It lost for the least mysterious reason in software — RMI shipped by default, JMXMP was a separate download, and defaults win — and its reference implementation has been effectively abandoned since around 2008. Yet, it never quite died. Code that refuses to die usually knows something. I didn't set out to resurrect it. I fell into it. The port dance, briefly The default remote JMX stack rides on RMI. The connection URL tells you most of the story: service:jmx:rmi:///jndi/rmi://host:1099/jmxrmi I'll spare you the full anatomy behind that URL — there's a JNDI lookup in it, and that second, dynamically assigned port from the ritual above; few people ever learn the details, which is rather the point. Dynamic ports were a reasonable design for 1999's flat networks. Between today's firewalls, NAT, and containers, they're friction — not because RMI is bad, but because the network it was designed for no longer exists. The JMXMP URL: service:jmx:jmxmp://host:9875 One socket. TCP in, TCP out. That's the whole networking story. How I ended up in this codebase I maintain JConsoleBooster , a modernized JConsole. It shipped fine for years on the 2008-era JMXMP jar — the one historically distributed as jmxremote_optional / jmx-optional , out of Sun's OpenDMK project, republished over the years by several parties because people kept needing single-socket JMX. Then I moved the app to a jlink -built runtime. An automatic module from 2008 does not coo

Deniss Larka 2026-07-11 23:36 4 原文
AI 资讯 Dev.to

How to Add Evals to an LLM Feature

Learning how to add evals to an LLM feature is the difference between shipping a demo and shipping a reliable product. When you embed an LLM into a real feature — a chatbot, a voice agent, a document summarizer — you’re not just calling a model. You’re betting your user’s experience on a non‑deterministic system that can silently break with every prompt tweak, model update, or edge case. That’s why we instrument every LLM feature we build with a purpose‑built eval suite. Here’s how we did it for an outbound AI calling agent and how you can do the same. Why Evals Are Not Optional LLMs are non‑deterministic: give them the same input twice, and you’ll get two different responses. That means unit tests that check for exact string matches are useless. As Pragmatic Engineer notes , you need evals to verify that the solution works well enough — because there’s no guarantee it will. When you’re building a feature that speaks to real customers, like the AI Calling Agent dashboard we built, a regression in tone or missed booking intent can cost revenue immediately. Evals turn that uncertainty into signal. How to Add Evals to an LLM Feature: A 4‑Step Workflow We’ll walk through the exact process we followed, from defining success to automating checks in CI, using the DeepEval framework as an example. You can swap in Evidently AI or build your own, but the pattern is the same. Step 1: Define Success for Your Feature Takeaway: Before you pick a metric, write down the one thing that makes the feature “done” — usually a business outcome, not a technical measure. For the AI Calling Agent, the core feature was an outbound call that books a meeting. The success criterion wasn’t “the LLM replied politely.” It was “the agent scheduled a meeting with the right time and date.” This is a reference‑based evaluation: you compare the output to a known ground truth. Evidently AI’s guide calls this pattern out as essential for regression testing and experimentation. From that criterion, we der

techpotions 2026-07-11 23:30 5 原文
AI 资讯 Dev.to

Memprediksi Peluang Klub Promosi Bertahan di Liga Top Eropa — Part 1: Kickoff & Rencana

series: Prediksi Survival Klub Debutan Kenapa Project Ini? Setiap musim, klub yang promosi ke liga top (Premier League, La Liga, dst.) menghadapi risiko besar: sekitar 2 dari 3 klub yang naik biasanya kembali terdegradasi di musim pertama mereka. Saya penasaran — bisakah performa di beberapa laga awal musim memberi sinyal dini soal peluang klub tersebut bertahan? Ini jadi project portofolio pertama saya sebagai data scientist yang baru mulai (0-1 tahun pengalaman). Saya sengaja pilih topik yang saya suka (sepak bola) supaya prosesnya tetap enjoyable, bukan cuma "tutorial project" generik. Rencana Project Pertanyaan utama: Berdasarkan performa 8 laga pertama musim debut, seberapa besar peluang klub promosi bertahan hingga musim berikutnya (tidak degradasi)? Data yang dipakai: football-data.co.uk — data hasil pertandingan tiap musim sejak 1993/1994 Wikipedia (halaman musim liga) — daftar klub promosi & klasemen akhir musim Tech stack: pandas , requests untuk data collection scikit-learn untuk modeling (mulai dari Logistic Regression sebagai baseline) imbalanced-learn untuk handle class imbalance Streamlit + Plotly untuk dashboard interaktif Deploy ke Streamlit Community Cloud Timeline (Build in Public) Saya bikin timeline ini publik supaya ada tekanan yang sehat untuk benar-benar menyelesaikannya, bukan cuma jadi ide yang menguap: Checkpoint Target Tanggal Yang Harus Selesai Part 1 (post ini) 11 Juli 2026 Kickoff, rencana, environment siap Part 2 15 Juli 2026 Dataset jadi, push ke GitHub Part 3 17 Juli 2026 EDA selesai, insight awal Part 4 24 Juli 2026 Model final dipilih + evaluasi Part 5 31 Juli 2026 Dashboard live di Streamlit Cloud Part 6 (final) 8 Agustus 2026 Project selesai, recap lengkap Tantangan yang Sudah Saya Antisipasi Data leakage — fitur harus dihitung dari laga awal musim saja, bukan seluruh musim, biar model beneran memprediksi bukan "menyontek" hasil akhir Dataset kecil — kemungkinan hanya ~60-100 sampel klub, jadi saya mulai dari model sederhana (Lo

Daggermaster 2026-07-11 23:29 5 原文
AI 资讯 Dev.to

Open Knowledge Format: Google quiere estandarizar cómo le damos contexto a la IA (y varios dicen que reinventó la wiki)

El 12 de junio de 2026, Google Cloud publicó el Open Knowledge Format (OKF) , una especificación abierta que intenta resolver un problema que suena aburrido pero es carísimo: cómo darle a un agente de IA el contexto que necesita para no inventar. La propuesta es tan simple que da un poco de desconfianza —una carpeta de archivos Markdown con un encabezado YAML— y esa simpleza es, al mismo tiempo, su mayor virtud y el blanco de todas las críticas. Vale la pena entender qué anuncian, porque detrás del formato aparentemente trivial hay una apuesta bastante ambiciosa sobre cómo van a compartir conocimiento las empresas en la era de los agentes. El problema: el conocimiento vive en silos En casi cualquier organización, lo que un modelo necesita saber está desparramado y encerrado en formatos incompatibles: catálogos de metadatos con APIs propietarias, wikis internas, comentarios de código, docstrings, celdas de notebooks y —el clásico— la cabeza de dos o tres ingenieros senior. Cuando un agente tiene que responder algo tan concreto como "¿cómo calculo los usuarios activos semanales a partir del stream de eventos?" , tiene que ensamblar la respuesta juntando pedacitos de superficies que no se hablan entre sí. El resultado: cada equipo que arma un agente resuelve el mismo rompecabezas desde cero, y el conocimiento queda preso del sistema que lo generó. No hay portabilidad. La propuesta: un formato, no una plataforma La respuesta de Google no es "otro servicio de conocimiento en la nube" —y ese es el punto que más recalcan—. Es un formato . OKF v0.1 representa el conocimiento como: Solo Markdown : legible en cualquier editor, renderizable en GitHub, indexable por cualquier buscador. Solo archivos : se transporta como un tarball, se hospeda en cualquier repo git, se monta en cualquier filesystem. Solo frontmatter YAML : campos consultables como type , title , description , resource , tags y timestamp . Cada "concepto" (una tabla, un dataset, una métrica, un runbook) es un arc

Gustavo Theler 2026-07-11 23:28 4 原文
AI 资讯 Dev.to

Conditional Statements in JavaScript

Conditional Statements Conditional statements allow JavaScript to execute different blocks of code based on whether a condition is true or false. if - The if statement executes a block of code only if the condition is true. if...else - Use if...else when you want one block of code to run if the condition is true and another block if it's false. if...else if...else - Use this when you have multiple conditions to check. switch statement - The switch statement is used when you have many possible values for one variable. Nested if statement - You can also write an if statement inside another if. Ternary Operator - An optimized one-line shorthand for standard if...else blocks ** If Statement ** let age = 20 ; if ( age >= 18 ) { console . log ( " Eligible to vote " ); } //Output: Eligible to vote ** if else Statement ** let age = 16 ; if ( age >= 18 ) { console . log ( " Eligible to vote " ); } else { console . log ( " Not eligible to vote " ); } // Output: Not eligible to vote ** if ... else if ... else ** let marks = 85 ; if ( marks >= 90 ) { console . log ( " Grade A " ); } else if ( marks >= 75 ) { console . log ( " Grade B " ); } else if ( marks >= 50 ) { console . log ( " Grade C " ); } else { console . log ( " Fail " ); } // Output: Grade B ** switch statement ** let day = 3 ; switch ( day ) { case 1 : console . log ( " Monday " ); break ; case 2 : console . log ( " Tuesday " ); break ; case 3 : console . log ( " Wednesday " ); break ; default : console . log ( " Invalid Day " ); } // Output: Wednesday // Important: The break statement stops the execution after the matching case.We must compulsory to use break statement because if you don't use break, JavaScript will continue executing the next cases even the output is correct. ** Nested if Statement ** let age = 20 ; let hasLicense = true ; if ( age >= 18 ) { if ( hasLicense ) { console . log ( " You can drive. " ); } } // Output: You can drive. ** Ternary Operator ** let isLoggedIn = true ; let systemMessage = is

Pranay Rebeyro 2026-07-11 23:27 4 原文
AI 资讯 Dev.to

What a Refinery Taught Me About CI Pipelines

I’m currently relearning the Core Three — HTML, CSS, and JavaScript — as I work toward becoming a full-stack JavaScript developer. Before I came back to learning software, I spent 22 years working industrial turnarounds. One lesson from that world has followed me into software engineering: Never trust a single point of failure. In industrial maintenance, there’s a safety practice called double block-and-bleed . Instead of trusting one isolation valve, you use two independent valves with a bleed point between them. If one valve leaks, you know immediately. The entire system assumes individual components can fail. Safety doesn’t come from perfect parts. It comes from independent layers of protection. That idea completely changed how I think about CI pipelines. When I first started relearning web development, my mindset was simple: Run Lighthouse. Everything green? Great. 100 across the board locally? Even better. Ship it. Different results after deployment? Uh-oh. Now I see Lighthouse as one checkpoint — not the finish line. A fast website can still have accessibility issues. An accessible site can still have broken metadata. Good SEO won’t catch rendering bugs. Passing unit tests won’t tell you if the generated HTML is malformed. Every tool has blind spots. No single tool should get the final vote. So instead of asking: “Did my tests pass?” I ask: “What kinds of failures could still slip through?” That question naturally leads to layered validation. Formatting Linting Type checking Accessibility checks Performance audits HTML validation SEO analysis Manual review None of these tools is perfect. Together, they’re much stronger than any one of them alone. The more I learn about software, the more I find myself applying lessons from heavy industry. Different environment. Different risks. The same engineering mindset. Assume components will fail. Design systems that fail safely. That’s becoming the philosophy behind every test matrix and CI pipeline I’m designing. What’s

Ken Morgan 2026-07-11 23:25 4 原文
AI 资讯 Dev.to

From Passwords to Private Keys: Understanding Identity on Solana

When I first started learning Solana, one of the biggest questions I had was: "If there are no usernames or passwords, how does the blockchain know who I am?" As a Web2 developer, I was used to creating accounts with an email address, choosing a password, and relying on a company to manage my identity. After spending several days learning Solana, I realized blockchain approaches identity in a completely different way. Identity in Web2 Think about all the accounts you have today. GitHub Gmail Facebook LinkedIn Your bank Every service asks you to create another account. Each company stores your username and password in its own database. Your identity exists because they say it exists. If they suspend your account or delete it, your access disappears. In other words, your identity is owned by the platform. Identity on Solana On Solana there are no usernames. There are no passwords. There isn't even an account registration page. Instead, your identity begins with one thing: A cryptographic keypair. A keypair consists of: A Public Key A Private Key When I generated my first wallet using the Solana CLI, I immediately had a new blockchain identity. For example: Public Key: AxfVXDX7jsCw7vSnwut9hA7oX4UykE3ZeiNF6cxCKvpf This public key becomes my wallet address. Anyone can send tokens to it. Anyone can view its transactions. But nobody can spend funds from it. Why? Because only I possess the private key. Think of SSH Keys The easiest comparison for Web2 developers is SSH. When connecting to a Linux server: the server knows your public key you prove ownership using your private key Solana works almost exactly the same way. Except instead of logging into one server... you're interacting with an entire blockchain. Every transaction I make is digitally signed using my private key. Validators verify the signature before accepting the transaction. No password is ever transmitted. No administrator approves my login. The mathematics prove my identity. Why Wallets Matter One thing I f

Hilda Olabanji 2026-07-11 23:25 4 原文
AI 资讯 Dev.to

737x faster LangGraph checkpoints, and the case where Rust lost

Run a LangGraph agent long enough and the model call stops being your bottleneck. The plumbing takes over. Every step, the graph serializes its state to a checkpoint so you can resume, replay, or recover. LangGraph does that with Python's deepcopy . For a small dict that is fine. For a 250KB agent state with nested messages, tool outputs, and accumulated context, deepcopy is brutally slow, and you pay it on every single step of a long run. So I built fast-langgraph : a set of Rust accelerators for the hot paths in LangGraph, packaged as drop-in components that keep full API compatibility. Lead with the numbers, including the ones that hurt Here is what the Rust paths actually buy you, measured against the Python equivalents: Operation Speedup Where Complex checkpoint (250KB) 737x faster than deepcopy Large agent state Complex checkpoint (35KB) 178x faster Medium state Sustained state updates 13-46x Long-running graphs, many steps LLM response caching 10x at 90% hit rate Repeated prompts, RAG End-to-end graph execution 2-3x Production workloads with checkpointing And the automatic mode, the one that needs zero code changes, lands around 2.8x for a typical invocation. Now the honest part. These are not "Rust is faster at everything" numbers. The checkpoint speedup scales with state size. It is a serialization story. For a small, flat dict, Python's built-in dict is implemented in C and already fast. Rust does not win there, and the README says so plainly. The 737x is a large complex-state number, not a headline you get on a toy graph. The core idea: reimplement the critical paths, keep the API LangGraph is good. I did not want to fork it or replace it. I wanted to swap out the three operations that dominate a real workload: Checkpoint serialization. deepcopy on complex nested state is the single biggest cost in a long run. Rust does a structured serialize instead. State management at scale. High-frequency updates accumulate overhead. A Rust merge path handles append-h

Dipankar Sarkar 2026-07-11 23:24 3 原文
开发者 The Verge AI

Nintendo’s Talking Flower got a small price cut

If you’re the type of person who could always use a little extra positive affirmation, or you have a weakness for weird gadgets, the Talking Flower might be of interest. I’m only kind of serious. The toy is based on a character from Super Mario Bros. Wonder that guides Mario through levels with quippy, whimsical […]

Cameron Faulkner 2026-07-11 23:00 5 原文