AI 资讯
Chainlink Functions Is Serverless Compute With Oracle Guarantees. Here's the Full Request Lifecycle.
The mental model most people have is too simple "Chainlink Functions lets smart contracts call APIs." That's true the same way "Ethereum lets people send money" is true. Technically accurate, misses almost everything that makes the product interesting and almost everything that matters for security. Chainlink Functions is better understood as a decentralized serverless compute platform: arbitrary JavaScript runs across every node in a DON, each node executes independently, OCR aggregates the results, and the aggregated output gets delivered back to the consumer contract through a verified callback. The "API call" is just one of the things that JavaScript can do inside that environment. The DON consensus and the threshold-encrypted secrets model are what make it meaningfully different from a centralized API proxy. This is day 9 of the 28-day Chainlink architecture series. Today covers the full request lifecycle, every contract in the chain, how threshold encryption protects secrets without exposing them to any individual node, and the integration mistakes that come from misunderstanding how billing and callbacks actually work. The four contracts you need to understand Before tracing the full lifecycle, it helps to know exactly which contract does what. FunctionsRouter : the stable, immutable entry point for consumers. Manages subscriptions and authorized consumer contracts. Its interface doesn't change when the underlying implementation upgrades, consumer contracts call sendRequest here and only here. Also handles billing: estimates fulfillment cost at request time and finalizes it at response time. FunctionsCoordinator : the interface between the Router and the DON. Emits the OracleRequest event that DON nodes watch for. Handles fee distribution to transmitters via a fee pool. Inherits from OCR2Base , meaning the full OCR consensus machinery runs here. This contract can be upgraded independently of the Router, which is why the Router exists as a stable facade in fro
AI 资讯
You Can't Review an Agent. You Can Review a Plan.
A harness for AI-era Terraform. I'm building one. For a while now I've been developing a harness for infrastructure-as-code as a private SDK and compiler — the layer that sits between whoever proposes a change (a person, an agent, CI) and whatever actually reaches production. This post isn't the tool. It's the thinking underneath it, and the few pieces I've become most convinced by while building it. (Notes from inside the work — where I've landed so far, not advice.) The problem that sent me down this road is easy to state and easy to underrate. A version of it happened recently. An agent fixed some Terraform; the PR read clean — tidy diff, sensible resource names, a plan output that looked exactly like what I'd asked for. It got approved. And then, at apply time, a different plan ran than the one that was reviewed: apply had re-planned against state that moved in between, and the diff that touched production wasn't quite the diff anyone had read. Nothing broke, that time. But that near-miss is the whole reason the harness exists. Because the danger was never "the agent writes bad HCL." Agents write perfectly good HCL; I let them. The danger is the distance between the plan a human reviewed and the plan that actually runs — and once agents are the ones proposing changes at volume, that distance is the thing I most want to nail shut. Where I've landed for now (and expect to keep revising): What AI-era IaC needs isn't AI that can apply . It's a structure where every change — human or agent — is evaluated at the same boundary , and only a reviewed plan ships. The unit of trust isn't the agent. It's a specific, reviewed plan , bound byte for byte. You can't review an agent. You can only review a plan. Instructions to an agent can be broken. A CI gate can't be talked out of it. Put guidance in the prompt; put the guarantee in the gate. Terraform/OpenTofu don't go away. You wrap them in a harness; you don't replace them. Your repo has non-human authors now For years IaC
AI 资讯
Why the Hell Are There So Many Layers? Breaking Down the 4 Steps of C Compilation
Notes: Prototype : a line that promises to a compiler that a certain function exists somewhere in the server or harddisk or files so it doesn't throw an error. In C, it is done with copying the declaration line of a function and adding a semicolon at the end of it. When we download / setup a specific programming language we download: the specific version of the language's compiler for your operating system and CPU the version of machine code of standard functions that the creator of the language has written that is fine tuned for our operating system and CPU the header files that has Only the prototype of the standard functions (aka functions like printf that are created by the creator of C) We need these in the compilation process: Pre-processing: compiler changing the header files calling line (#include line) with actual prototypes that are inside the header files and creates a temporary file with .i extension (temporary cause it gets deleted in the next step) that contains the prototype at the very top instead of #include line and your source code below compilation: compiler changes the entire contents of the .I file into assembly code (code written in assembly language). Here is why the specific version of compiler is important because every CPU has specific assembly language commands that are unique to it. Therefore when we setup a language we download specific assembly instructions for our own operating system and it comes handy in this step. Syntax check also happens in this step and the .I file also gets deleted. Now there comes a a.out file that we can actually see listed in our file explorer (but we only see the a.out file after the very end of compilation process but it does exist by this stage) Assembling: compiler changes assembly code (a.out file) to machine code (aka 0's and 1's). linking: compiler links your machine code and the machine code FOR the standard functions (because till now it ONLY has the prototypes of the function written in Binary, not
AI 资讯
Fundamental Concepts of Business Applications III: Locator Definitions
In the previous article, we argued that a Locator is neither a UI control nor a search mechanism. It is an architectural concept that resolves business references within a specific business context and transforms them into canonical business identities. If that is true, however, an obvious question immediately follows. How can a Locator be described? Not how it is implemented. Not how it is executed. But how it can be described independently of any particular implementation. This question is more important than it may seem at first glance. If two different development teams decide to implement a Locator, how can they be sure they are implementing the same concept? How can we discuss a Locator without referring to a particular library, programming language, or framework? The answer is that, like any mature architectural concept, a Locator must first be separated from its implementation. This distinction appears repeatedly throughout the history of software engineering. Relational theory existed before relational database systems. SQL does not describe how a query will be executed. It describes only the result we want to obtain. The choice of indexes, execution plans, and optimization algorithms is the responsibility of the query optimizer. Exactly the same principle applies here. A Locator should not be defined by the mechanism that implements it. It should be possible to describe it independently of that mechanism. This naturally leads to three distinct levels of abstraction. Locator Pattern │ ▼ Locator Definition │ ▼ Execution Engine The Locator Pattern is the architectural concept itself. The Locator Definition is the declarative description of a particular resolution process. The Execution Engine is the component responsible for interpreting that description and performing the actual resolution. Each level has a different responsibility, and they should never be confused with one another. This means that a Locator Definition is not an implementation artifact. It
AI 资讯
Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
Even Realities, an ex-Apple team building camera-free smart glasses, raised $150M from Meituan and Tencent at a $1B valuation.
开发者
South Korea’s hottest new bachelors are chip workers
Baek, a 35-year-old manager at the South Korean semiconductor titan SK Hynix, was enrolled in Sunoo, a matchmaking company based in Seoul, a year ago. In a move typical of anxious South Korean parents, his mother signed him up, hoping to find a good wife for her son. Lately, says Baek (who asked to be…
科技前沿
Apple's foldable iPhone may be in short supply after it launches
Many people who want Apple's rumored folding iPhone 'Ultra' may not be able to get it at first
AI 资讯
How I Benchmarked an LLM Running Entirely on a Phone (No Cloud, No API)
"It works on my test input" is the most dangerous sentence in on-device AI development. I typed that sentence - or some version of it - a dozen times while building Redacto, our on-device PII redaction app running Gemma 4 E2B on a Samsung Galaxy S25 Ultra. The model would redact a patient name from a clinical note, I would nod, and I would move on. Then I would hand the phone to a teammate, they would type a police report, and the model would redact the suspect description instead of the victim name. The problem is not the model. The problem is that manual spot-checking is not validation. You are testing a single input against your own expectations, with all the confirmation bias that entails. When you have five domain modes (HIPAA, Financial, Tactical, Journalism, Field Service), three difficulty levels, and two candidate models, you need something systematic. You need a benchmark suite. This post covers how I built one - from dataset curation to scoring methodology to on-device infrastructure - for a hackathon app running entirely on a phone. No cloud. No API calls. No data leaving the device. Why Not Use an Existing Framework? The LLM evaluation space has mature tools. EleutherAI's lm-eval-harness is the community standard for evaluating language models against academic benchmarks like MMLU, HellaSwag, and ARC. Stanford's HELM (Holistic Evaluation of Language Models) provides a multi-metric evaluation framework with standardized scenarios. Google's BIG-bench offers hundreds of tasks for probing specific capabilities. These frameworks are excellent for what they do. They are also completely wrong for this problem, for three reasons. First, they assume server-side inference. lm-eval-harness expects to call a model through an API or load it in PyTorch on a GPU server. Redacto's model runs on a Qualcomm Hexagon NPU inside a phone. There is no Python runtime, no HuggingFace tokenizer at evaluation time, no way to hook into the framework's inference loop. Second, their
AI 资讯
Cloudflare and AWS Embed x402 Agent Payments at the Edge
Cloudflare and AWS both implemented x402 stablecoin micropayments at their edge networks within two weeks. The open protocol under the Linux Foundation revives HTTP 402 for agent-to-service payments with sub-cent transaction costs. Coinbase reports 169 million transactions in year one. Enterprise tax and invoicing gaps remain unresolved. By Steef-Jan Wiggers
AI 资讯
Predicting When a Client Will Actually Pay: Modeling Invoice Timing With an AI Agent
The single hardest thing about getting paid isn't writing the invoice. It's the follow-up — knowing when to nudge a quiet client, and doing it in a tone that doesn't torch the relationship. Most tools solve this with a dumb cron job: "send a reminder 7 days after the due date." That's wrong for almost everyone, and here's why. The problem with fixed reminder schedules Payment behavior isn't uniform. One client pays like clockwork on day 32 of a "net 30" invoice — not late, just their rhythm. Another pays on day 5 but only if you remind them on day 3. A blanket "day 7 past due" reminder annoys the first client (who was always going to pay) and misses the second (who needed the poke earlier). So the real problem is per-client timing prediction , not scheduling. You want to model each client's payment distribution and act at the point where a reminder has the highest marginal effect — the moment they're most likely to convert intent into a transfer. Modeling payment rhythm as a per-client distribution Every invoice gives you a labeled data point: (sent_date, due_date, paid_date, amount, was_reminded) . Over time, per client, that's a distribution of "days from send to pay." The naive move is to average it. Don't — averages hide the shape, and the shape is the whole signal. We model each client's pay-day as a distribution and track two things that matter more than the mean: Dispersion — a tight distribution (always day 30–32) means a reminder before day 30 is noise. A wide one means the client is reminder-sensitive. Reminder lift — comparing paid-day distributions with and without a nudge tells you whether reminders actually move this client, and by how much. for client in clients : hist = paid_events ( client ) # list of days-to-pay p50 , p90 = quantiles ( hist , [. 5 , . 9 ]) lift = mean ( days_without_reminder ) - mean ( days_with_reminder ) # act just before the client's own habitual pay point, # but only if a nudge historically helps them if lift > MIN_LIFT_DAYS :
AI 资讯
Retro-Downfall Arcanum
🎲 A Tale of Inference Woes 🎲 Thy context window overflows with dread, Thy API keys scattered 'cross thy thread. Thou switchest providers mid-conversation, And pray thy tokens find the right foundation. No ward stands guard when tools go rogue, No grimoire saves a session from the fog. Thy agents wander, masterless and blind, Thy prompts untested—leaving truth behind. Thy wallet weeps. Thy latency doth creep. Thy model's fine. Thy infrastructure? Not so deep. Sound familiar? I'm excited to share the public README for Arcanum — a .NET 10, single-binary, Native AOT, local-first AI inference hub that treats your infrastructure with the seriousness of a dungeon master and the organization of a well-kept grimoire. Arcanum is one self-contained native executable. No runtime prerequisite. No "install the framework first." Just arcanum serve and you're running a full inference platform on loopback. What's in the bag of holding: 🏰 Local-first & encrypted — SQLCipher-encrypted Grimoire persists every session, entry, and memory. Your data never leaves your machine unless you tell it to. ⚔️ Multi-provider native engine — Any OpenAI-compatible API (DeepSeek, Groq, Ollama via /v1, LM Studio, etc.) plus local GGUF models via a managed llama-server lifecycle. One hub, zero vendor lock-in. 🔮 OpenAI API compatible — POST /v1/chat/completions and GET /v1/models work with existing OpenAI clients out of the box. Drop-in replacement for your local stack. 🛡️ Wards & Sanctum — High-risk tools require operator approval before execution. Per-campaign sandboxes enforce path containment, network policy, and OS-level CPU/memory/FD limits via cgroups v2 and setrlimit. 📜 Spells, not prompts — Versioned markdown workflows with dependency resolution, tool allowlisting, and semantic routing. Dry-run cast previews before spending a single token. 🧙 Autonomous Apprentices — Goal-driven agents with plan generation, retry/backoff, autonomous plan revision, DM escalation, and parallel step execution. 🏰 The
开发者
Dev Log: 2026-07-05
TL;DR 23 commits across 4 repos, one theme: opening apps to the outside world, safely. Public: kickoff v1.32.0 ships SDK-free support-widget integration stubs. Private: external intake channels (token-authed API, cookie-free widget, signed webhooks) on a helpdesk product; signed public API + rebuild webhooks on an event platform. Everything today was about external surfaces — letting the outside in without leaving the door unlocked. What shipped Where What kickoff v1.32.0 (public) SDK-free support-widget integration stubs: settings class + migration, Livewire admin settings page, Blade component, docs, Pest coverage Helpdesk product (private) External intake channels: token-authed API, magic-link requester view, cookie-free embeddable widget, signed outbound webhooks, hardening pass from an adversarial review Event platform (private) Signed public event API + landing-page rebuild webhooks, persona nav overhaul, 15 new MCP tools, offline PWA check-in, plan-limit enforcement Event platform docs (private) Tracker updates + before/after UX screenshots Stubs, not SDKs kickoff now ships a support-widget integration as stubs — settings class, migration, admin page, Blade component — copied into your app. No composer dependency for glue code: you own it, you can read it, you can change it. For ~100 lines of integration code, a stub beats a package. Intake is three problems The helpdesk work was the day's core: letting outside systems and end users create tickets. Every inbound surface splits into the same three problems — who gets in (token auth, magic links), what they can do (rate limits, severity clamps, single-use entry), and what you send back out (signed, idempotent webhooks). An adversarial review caught four real issues before launch; that story gets its own post, next. Static pages, fresh data The event platform got a signed public API plus webhooks that fire on content changes — so landing pages can be static builds that rebuild themselves when an event changes. C
AI 资讯
A Cookie-Free Embeddable Support Widget: What Adversarial Review Caught
TL;DR Built an embeddable support widget for a helpdesk product: no cookies — a short-lived bearer token in a header, hashed at rest. Entry is an HMAC-signed assertion from the host page. An adversarial review caught four real holes before launch. Outbound webhooks: sign the exact bytes, dedupe key for idempotency, SSRF guard on destination URLs. The requirement: end users file tickets from pages the product doesn't own. That means an embeddable widget — and embeddable means everything you know about sessions stops working. Why cookie-free The widget lives on customers' domains, so any cookie it sets is a third-party cookie — blocked or partitioned by modern browsers. Fighting that means flaky sessions, so: no cookies at all. The entry exchange mints a short-lived session token the widget sends in a header, and the server caches the session keyed by sha256(token) — a cache dump yields nothing replayable. Sessions last 60 minutes, and expiry shows a real recovery path in the UI instead of dying silently. customer backend widget (on customer page) helpdesk API | signs ref|email|name | | | into HMAC assertion ---> |-- redeem assertion (single use) ->| | |<-- session token (60-min TTL) ---| | |-- X-Widget-Token: ... ---------->| What the adversarial review caught Finding Fix Replay burn keyed by client-chosen nonce Burn by HMAC signature — a leaked assertion can't mint extra sessions `\ ` accepted inside signed fields Origin check failed open when Origin/Referer absent Fall back to the unspoofable Sec-Fetch-Dest header to enforce embedding Widget could request critical severity Clamp effective severity (including the channel default) to the widget's allowlist My favourite is the delimiter one. If you sign ref|email|name and accept | inside a field, two different identity tuples can share one valid signature. Canonicalization bugs, not crypto bugs. Webhooks out: sign the exact bytes Outbound webhooks get composed once at enqueue time and stored; the delivery job re-encod
AI 资讯
Why AI Still Can't Write Well and Which Half of That Problem Is Actually Yours
I built a 36-pattern checklist to catch AI writing tells in my own drafts, calibrated against...
AI 资讯
From Angular.js to Fine-Grained Reactivity: Part 2 — The JS Proxy Runtime
In the first article of this series, we saw how a custom build-time compiler can transform a legacy Angular.js template into raw, optimized JavaScript. To recap, starting from this template: <!-- simple.html --> <p> Hello {{ name }}! </p> Our Go compiler generates the following JavaScript module: // simple.js export function template () { const p_0 = document . createElement ( " p " ); const text_1 = document . createTextNode ( "" ); p_0 . append ( text_1 ); return { mount ( container ) { container . append ( p_0 ); }, update ( change ) { if ( " name " in change ) { text_1 . data = " Hello " + change . name + " ! " ; } } } } This is incredibly clean. By running template() , we get an object with mount and update methods. Using mount is fully intuitive: we pass a reference to a DOM element, and it injects our empty paragraph ( p_0 ) into it: import { template } from ' ./simple.js ' ; const { mount , update } = template (); const container = document . getElementById ( ' view-container ' ); mount ( container ); // The DOM now contains: <p></p> (waiting for data) However, the paragraph remains empty until we call update with a change object like this: let changes = { name : " Mario " , }; update ( changes ); // The DOM surgically updates to: <p>Hello Mario!</p> But who is responsible for tracking changes in our application state, building this changes object, and calling update ? The answer lies in marrying the legacy Angular.js $scope with the modern JavaScript Proxy API . The Legacy State Pattern In a traditional Angular.js application, developers mutate the state directly inside a controller by assigning properties to the $scope object: // simple-controller.js export function SimpleController ( $scope ) { $scope . name = " Mario " ; } To bridge the gap between this legacy controller and our new build-time template, we need a way to automatically capture the assignment $scope.name = "Mario" and translate it into a structured update: let changes = { name : " Mario " }
开源项目
Uber’s European expansion plans may have hit a speed bump
Back in February, Uber announced ambitious plans to launch in seven new European markets in 2026 — but now five of those launches are reportedly on hold.
AI 资讯
What AGENTS.md Gives Coding Agents That README Files Do Not
Here's the failure mode I keep running into. A team gives a coding agent a repo, a task, and maybe a README. The agent can find files and write code, but it still has to guess the operating rules. It guesses the package manager. It guesses which checks matter. It guesses whether generated files are safe to edit. It guesses what "done" means. A README is usually for humans: what the project is, how to run it, and where the important docs live. A coding agent needs different context. Setup rules. Test commands. Boundaries. Completion criteria. That's the gap AGENTS.md fills. The official AGENTS.md guidance describes it as a predictable place for coding-agent instructions: setup commands, test commands, code style, security considerations, and nested instructions for large monorepos. I find the split useful in a more boring way. The README answers, "What is this project?" AGENTS.md answers, "What should an agent know before touching it?" That second question is where the work usually gets fragile. Where Goose Fits Goose makes this less theoretical because it isn't just a chat box. It's an open source local AI agent with a desktop app, CLI, API, MCP extensions, and skills. Without AGENTS.md , I find myself writing prompts like this: Update the docs, but don't touch generated files, use pnpm, run the lint and test commands, keep the PR small, and tell me what you couldn't verify. With AGENTS.md , the prompt can get shorter: Update the quickstart docs for the new config flag. Goose can run the task in the repo. The repo can carry the standing instructions. I noticed this on a small docs/config update where generated files sat near source files. Without repo instructions, the prompt had to carry the package manager, generated-file boundary, checks, and the "tell me what you could not verify" rule. Once those rules lived in AGENTS.md , the prompt became just the task. Not magic. Just fewer chances to forget the boring parts. Where Skills Fit I would add one more layer once
开发者
How a Hollywood Star Helped Invent Wi-Fi
One of the most important ideas in modern wireless communication did not come out of a corporate research lab or a defense contractor. It was patented in 1942 by one of the most famous movie stars of the era, working alongside an avant-garde composer. The actress was Hedy Lamarr, and the technique she helped invent, frequency hopping , is a direct ancestor of the Wi-Fi, Bluetooth, and GPS signals your devices rely on every day. The patent Hollywood forgot At the height of her Hollywood fame, Hedy Lamarr was also a self-taught inventor who tinkered between film shoots. Early in World War II she became fixed on a hard problem: radio-controlled torpedoes were easy to jam, because an enemy who found the single control frequency could simply drown it in noise and send the weapon off course. Working with composer George Antheil, she designed a system where the transmitter and receiver would rapidly and secretly switch together across many different frequencies. Antheil, who had once synchronized sixteen player pianos for a concert piece, suggested using a slotted paper roll like a player piano to keep both ends hopping in step across 88 frequencies , the same number as the keys on a piano. On August 11, 1942, they received U.S. Patent 2,292,387 for a "Secret Communication System." The U.S. Navy filed the idea away and did not use it during the war. For decades the patent sat largely forgotten, and Lamarr received no money and little recognition for it in her lifetime. She was finally inducted into the National Inventors Hall of Fame in 2014, years after her death. What frequency hopping actually does The core insight is deceptively simple. Instead of putting a signal on one fixed frequency, you spread it across many frequencies in a pattern that only the sender and receiver know. Both ends "hop" in perfect synchronization, dwelling on each frequency for only a fraction of a second before jumping to the next. This buys you two enormous advantages. It is very hard to jam, b
AI 资讯
Behind the Curtain: APE-QIL QUANTUM SUPREME OCTOPUS and the 3-Tier Sovereign Auth Pipeline
Most API authentication I've seen in production follows the same pattern: a single apiKey check at the top of each route handler, maybe a rate limiter slapped on as middleware, and a quota check that lives in the database layer. It works — until you have 673 routes across 3 access tiers, and you realize you can't answer the question "which routes require a paid subscription?" without grepping every file. I ran into this exact problem building the APE-QIL QUANTUM SUPREME OCTOPUS — a Bio-inspired Autonomous Intelligence Organism that operates as an AI routing platform with 14+ provider integrations. The codebase has 673 API routes divided into three access tiers: public (79 routes), free API key (337 routes), and paid subscription (255 routes). Manually maintaining auth on each route was untenable. So I built a composable request pipeline that makes the auth structure declarative and CI-enforced. This post walks through the architecture: the 3-tier sovereign auth model, the composable withRequestPipeline function, and the CI guard that fails the build if any protected route is missing its wrapper. The 3-Tier Sovereign Auth Model The access model is deliberately simple — three tiers, each with a clear boundary: // TIER 0 — Public, no auth (79 routes) // Health checks, pricing, blog, lead magnet, metrics // Example: /api/health, /api/pricing, /api/blog/* // TIER 1 — Free API key required (337 routes) // Any valid API key in the database grants access // Enforced via: withSovereignAuth('free') // Example: /api/v1/chat/completions (free tier limits) // TIER 2 — Paid subscription required (255 routes) // Requires Pro ($79/mo) or Business ($249/mo) tier // Enforced via: withSovereignAuth('professional') // Example: /api/v1/chat/completions (premium models, higher limits) The key design decision: the tier is declared at the route level, not inferred from the user's subscription at runtime. This means the route registry itself is the source of truth for "what requires what."
AI 资讯
Turning Technical Reading Into Language Learning Notes
Many developers and knowledge workers read English every day. Documentation, GitHub issues, product updates, research papers, API references, blog posts, changelogs, technical reports. But most of the useful language inside those materials disappears after we finish reading. We may understand the article in the moment, but later forget the phrases, sentence patterns, and vocabulary that made the explanation clear. I have noticed this especially with technical English. A word or phrase may look simple, but its real value comes from the context around it. For example: key takeaway depends on context edge case trade-off implementation detail expected behavior worth noting These are not difficult words by themselves. But they become useful when we remember how they were used in a real sentence. The problem with saving only definitions A traditional vocabulary note often looks like this: text key takeaway = main point That is helpful, but not enough. A few days later, it is easy to forget where the phrase came from, why it mattered, and how it was used in the original explanation. The missing part is usually context. A better note might include: Phrase: key takeaway Meaning: the main point to remember Original sentence: The key takeaway is that caching improves response time but adds invalidation complexity. Source: technical article Context: used to summarize the most important idea This kind of note is much easier to review later because it keeps the language connected to the real material. Learning from the content we already read I do not think language learning always needs to start from a course or a lesson. For people who already read English content every day, the learning material is already there. The challenge is capturing it. When reading a technical article, a PDF, or a documentation page, we often find useful expressions that could improve our own writing and communication. But unless we save them with context, they usually disappear. That is the habit I ha