今日已更新 328 条资讯 | 累计 20300 条内容
关于我们

标签:#Architecture

找到 366 篇相关文章

AI 资讯

OS Architecture, Kernel, Shell & File System

🐧 Linux for DevOps — Session 2: Understanding the Kernel, Shell, OS Architecture & File System 📓 Learning in public — These are my personal notes from my Linux for DevOps & Cloud journey. I'm sharing them in a way that's easy to revisit later and hopefully useful for anyone else starting out. In the previous session, I got comfortable with Linux basics and terminal access. This session focused on understanding what actually happens behind the scenes when we run commands , how Linux is structured internally, and how files are organized on the system. These concepts might sound theoretical at first, but they're the foundation of everything you'll do in DevOps—from managing EC2 instances and Docker containers to troubleshooting production servers. The Linux Kernel: The Heart of the Operating System The kernel is the most important component of Linux. Think of it as a translator sitting between software and hardware. Applications can't directly talk to the CPU, RAM, disks, or network interfaces. Instead, every request goes through the kernel. When you run a command, open a browser, start a Docker container, or deploy an application, the kernel is responsible for making it happen. Its main responsibilities include: Responsibility Purpose Resource Management Decides which process gets CPU time Memory Management Allocates and releases RAM Process Management Creates, schedules, and terminates processes Device Management Communicates with hardware through drivers Without the kernel, Linux would simply be a collection of files with no way to interact with hardware. Types of Kernels Not every operating system uses the same kernel design. Monolithic Kernel (Linux) keeps most operating system services inside a single kernel space. This approach is extremely fast because components communicate directly. Microkernel keeps only essential functionality in kernel space and moves other services outside. This improves isolation and stability but introduces additional overhead. Hybrid K

2026-06-13 原文 →
开发者

Building Dhrishti - Part 3: Testing on a Production Grade System

I was now done with the basic setup. However, during my time working at my startup, I have learnt to think about a project wearing multiple caps. One such aspect was - With Dhrishti running on a server that was already loaded, I did NOT want the tracking application itself to be heavy. I had to set some benchmarks to ensure that Dhrishti did not consume a tonne of space while tracking the metrics. I also had a problem with unresolved requests - in my mock_services, I had a client that was continuously hitting the API Gateway service. I had to fine-tune all the requests so that I could run tests under different loads, but the advantage was that my project was easily able to discern where the client request was coming from. However, in a production scenario, you can never know where a request is coming from - obviously, we cannot resolve different customer IPs to their respective customer names. This was the first problem. I had to specify what a customer was, and what an unknown request was. I came up with the following solution - Any unresolved IPs are going to be added to a table in the UI called unresolved IP table. This would help me with debugging later. Now, any unresolved IPs which also made requests to an ENTRY-POINT into my application could be added as the customers. For this, I very simply had to filter out the unknown IPs, and keep a configurable entry-point in dhrishti.json in which I would add a bunch of entry-points (in the case of my mock micro-service architecture, only 1) Now, I could differentiate between 2 types of unknown IPs - one which was potentially a customer, one which was a background network call, not important to the working system. The next problem was with the client service itself. It was difficult to simulate, say - a million users in my system. I had essentially built a service which was only being used by 1 customer, but how would Dhrishti behave if I added multiple client IPs? Using K6 k6 is a Grafana based application that helps

2026-06-13 原文 →
AI 资讯

WebMCP Standard Proposal for Agentic Web Actuation Now Available in Chrome (Origin Trials)

Google recently announced that WebMCP is entering origin trials in Chrome 149. The new WebMCP standard proposal lets sites expose tools (e.g., JavaScript functions and HTML forms) to in-browser AI agents, which can thus reliably simulate user actions instead of resorting to possibly expensive (e.g., on-screen reading) and often unreliable guesswork (e.g., DOM scraping). By Bruno Couriol

2026-06-13 原文 →
AI 资讯

What We Learned Scanning Netflix Atlas

Clear Code Intelligence scanned a public Netflix repository: Netflix/atlas . This is not a dunk on Netflix. It is a public-code methodology test. After scanning Google zx and Microsoft agent-framework , we wanted a different kind of repository. Netflix Atlas is an observability and telemetry project with a mature platform-engineering shape. It is mostly Scala, and it includes query/evaluator logic, API modules, language-server tooling, resource files, tests, and platform integration code. That makes it a useful scan target because it tests whether a technical debt report can understand domain context. What We Scanned The Clear Code scan reviewed the public Netflix/atlas repository and produced a technical diligence PDF report. The scan measured: 1,247 repository files 706 analyzed files 89,113 lines of code 186 report findings high AI token debt risk The scorecard was mixed: Area Score Overall diligence 35/100 Projected after remediation 53/100 Delivery 96/100 Open source readiness 83/100 Architecture 45/100 Maintainability 0/100 AI governance 0/100 The delivery and open-source signals were strong. That matters because a serious report should not only criticize. It should show where the repository is already strong. The Important Lesson Is Classification Atlas is an observability/query system. That means some findings require domain-aware interpretation. For example, a generic scanner can flag evaluator-style code as dynamic execution. But in a query language, expression evaluation may be expected product behavior. The real report question is not simply "is there eval-like behavior?" The better questions are: Is this expected DSL/query behavior? Is user input constrained? Is execution sandboxed or bounded? Are failure modes tested? Are ownership boundaries clear? Is this active debt or accepted design? That distinction matters. A scanner dump can find a pattern. A useful technical debt report has to explain what the pattern means. Where AI Token Debt Appears AI toke

2026-06-13 原文 →
AI 资讯

How ESLint Actually Works: The Quality Gate Behind Modern JavaScript

A few days ago, I shared an article: You Don't Need Another Agent. You Need a Linter. Then I did what I do with anything I write: shared it around — a few publications, a few channels. Two reasons: First, feedback. I'd genuinely rather get roasted and fix my blind spots than stay comfortable and wrong. Second, let's be honest: reach. Every writer enjoys seeing a few more views. Most of the responses were positive. One wasn't. A publication rejected it with the reason: LOW_QUALITY Fair enough. It means there's room for improvement. Funny enough, my caffeinated 1 AM brain disagreed. Then it did what every developer does when someone says "this isn't good enough." It took that personally. So I went back and reread the article. And after the initial ego check, I realized something serious: The article talked in detail about ESLint, why it matters more in an AI-assisted world than ever. What it did not do was answer the question that actually matters: What is ESLint, how does it work, and why has half the JavaScript ecosystem quietly built its quality process around it? So let's fix that. Now, this isn't a sequel to my last piece about untangling vibe-coded code. It stands on its own — one thing, done properly . A complete teardown of ESLint: What it is How it works internally Why companies use it as a quality gate The different classes of problems it solves How plugins work How to write your own rules Where it fails Why it still beats many AI-based review systems Fair warning. This article is going to be technical. There will be syntax trees. There will be compiler concepts. There will be enough JavaScript internals to make frontend developers slightly uncomfortable. I'll try my best to keep it readable not letting it turn into another manual - which nobody finishes. Let's start with the question most people never ask. What Is ESLint Actually Doing? Most developers describe ESLint like this: It checks code for mistakes. Technically true. Also completely useless. That's

2026-06-12 原文 →
AI 资讯

Stop Your Agent From Replying Twice: Dedup Patterns

Ever watched an email agent reply to the same message twice? The recipient gets two near-identical responses seconds apart, screenshots them, and your carefully engineered assistant suddenly looks like a script with a stutter. Worse: under real load, this isn't a freak event. It's the default outcome if you haven't designed against it. The double-reply problem has three distinct causes, and each one needs its own fix. Let's walk through them. Why duplicates happen at all First cause: webhook redelivery . Nylas — like most webhook providers — guarantees at-least-once delivery. If your endpoint doesn't return a 200 fast enough, or a transient network blip eats the response, the same message.created notification shows up again. Process both, send two replies. Second: concurrent workers . Your handler probably runs on multiple instances — Lambda invocations, ECS tasks, worker processes. Two of them can pick up the same notification at nearly the same instant and both start generating a reply. Third: shared inboxes . Two agents (or an agent and a human) watching the same mailbox can both decide a message is theirs to answer. This one isn't a duplicate event at all — it's a coordination problem, and it's the hardest to patch at the application layer. Fix one: deduplicate deliveries Track which message IDs you've processed, and check before doing anything else: app . post ( " /webhooks/nylas " , async ( req , res ) => { res . status ( 200 ). end (); const event = req . body ; if ( event . type !== " message.created " ) return ; const messageId = event . data . object . id ; // Atomic check-and-set. If the key exists, bail. const alreadyProcessed = await db . processedMessages . setIfAbsent ( messageId , { receivedAt : Date . now (), }); if ( alreadyProcessed ) return ; await handleMessage ( event . data . object ); }); The check-and-set must be atomic. In Redis that's SET messageId 1 NX EX 86400 ; in Postgres it's INSERT ... ON CONFLICT DO NOTHING with a row-count check. G

2026-06-12 原文 →
AI 资讯

One Nullable Timestamp, Four Account States: Deriving User Status in Laravel

Most of today went into a user-management overhaul in kickoff — my Laravel starter kit. Flyout CRUD panels, bulk actions, permission assignment, and the piece I want to talk about: account status . Active, suspended, unverified, deleted. The interesting part isn't the feature. It's the modelling decision underneath it. Where do those four states actually live ? The trap: a status column The obvious move is a status enum column on users . Set it to suspended when you suspend someone, active when you reinstate, unverified until they verify their email, deleted when they're soft-deleted. It works. Until it doesn't. Now you've got a status column and an email_verified_at column and a deleted_at from soft deletes — and all three encode overlapping truths. Soft-delete a user and forget to flip status ? Now your database says the account is both active and trashed. Verify an email but the status update fails mid-request? Drift. Every place that mutates a user becomes a place that has to remember to keep status in sync. That's not a feature, that's a maintenance tax. The signals already exist. email_verified_at tells you verified-or-not. deleted_at (soft deletes) tells you removed-or-not. The only genuinely new state is suspended — an admin deliberately blocking sign-in. So that's the only thing worth storing. What we actually store: one nullable timestamp Schema :: table ( 'users' , function ( Blueprint $table ) { $table -> timestamp ( 'suspended_at' ) -> nullable () -> after ( 'email_verified_at' ); }); That's the whole migration. Not a boolean is_suspended — a nullable timestamp. Null means not suspended; a value means suspended and tells you when. A boolean throws that second fact away for free; the timestamp keeps it at no extra cost. Same instinct as email_verified_at and deleted_at — Laravel models "did this happen, and when" as a nullable timestamp everywhere, so we follow the grain of the framework. The behaviour on the model stays tiny: public function isSuspended

2026-06-12 原文 →
AI 资讯

Why an encrypted config backup breaks when you move servers — and how I fixed it in laravel-config-backup

Imagine you write a letter in a secret code that only your old house key can read. Then you move. You photocopy the coded letter, carry it to the new house… and realise the new key can't decode any of it. The letter is valid, just useless. That's effectively what happens when you back up encrypted values from a Laravel database and restore them onto a different server. I hit exactly this while working on laravel-config-backup today, so here's the problem and the fix. The real cause: Crypt is bound to APP_KEY When you store sensitive settings (think API tokens or OAuth secrets) in the database, you typically encrypt them with Crypt::encryptString() . Lovely — until you remember Crypt uses your app's APP_KEY as the key. A naive backup copies that ciphertext straight across: // Naive approach — move the ciphertext as-is $value = DB :: table ( 'settings' ) -> where ( 'key' , 'some.secret' ) -> value ( 'value' ); // this value is encrypted with the OLD server's APP_KEY The new server has a different APP_KEY . Try to decrypt → DecryptException: The payload is invalid . Your backup is technically complete but practically dead. The fix: decrypt on the way out, re-encrypt on the way in The decision is easy to state, hard to stay disciplined about: never carry ciphertext across a server boundary. Instead — On create : decrypt the values with the source server's APP_KEY , store plaintext inside the archive. Protect that archive with AES-256 and a password (a human-held secret, not the APP_KEY). On restore : re-encrypt the values with the destination server's APP_KEY before writing to the DB. Back to the analogy: you decode the letter, carry the plain letter in a locked briefcase (the password-protected archive), and re-encode it with the new house's lock on arrival. The briefcase handles security in transit — not the old code that's no longer relevant. I made that intent explicit right where the behaviour lives, in ConfigBackupService : /** * Config Backup & Restore. * * Bundl

2026-06-12 原文 →
AI 资讯

One Agent Identity Per Customer: Multi-Tenant Email

Provisioning a tenant-scoped email identity for your SaaS is one POST: curl --request POST \ --url "https://api.us.nylas.com/v3/connect/custom" \ --header "Authorization: Bearer <NYLAS_API_KEY>" \ --header "Content-Type: application/json" \ --data '{ "provider": "nylas", "workspace_id": "<WORKSPACE_ID>", "settings": { "email": "scheduling@customer-a.com" } }' No OAuth dance, no refresh token — just an address on a registered domain. The response comes back already valid: { "request_id" : "5967ca40-a2d8-4ee0-a0e0-6f18ace39a90" , "data" : { "id" : "b1c2d3e4-5678-4abc-9def-0123456789ab" , "provider" : "nylas" , "grant_status" : "valid" , "email" : "scheduling@customer-a.com" , "scope" : [], "created_at" : 1742932766 } } The data.id is a grant_id that works with every existing Nylas endpoint, and the account is live immediately. That's the primitive behind a multi-tenant pattern worth knowing: one Agent Account per customer, on each customer's own verified domain, all managed from a single application. (Agent Accounts are in beta, so the surface may shift before GA.) The architecture in one paragraph Your app runs scheduling@customer-a.com , scheduling@customer-b.com , and so on — same code path, different identities. Each account has its own policy, its own send quota, and its own sender reputation. A single application can manage accounts across an unlimited number of registered domains, so tenant count is a billing question, not an architectural one. Customer A's deliverability problems stay Customer A's; nothing they do contaminates Customer B's mail. Domains: register once, mint accounts forever The provisioning docs lay out two domain strategies you can mix freely in one application: Strategy Address format Setup Trial domain alias@<your-application>.nylas.email None — instant Your own domain alias@yourdomain.com MX + TXT records at the DNS provider For the per-customer pattern, each tenant brings their domain. You register it once per organization (picking the US

2026-06-12 原文 →
AI 资讯

Road To KiwiEngine #15: Why I Care More About Systems Than Features

One of the reasons I often find myself disagreeing with modern software trends is that many conversations revolve around features. How many features does it have? How quickly can we add more? What can we put on the marketing page? What can we announce next? Features matter. But I care far more about systems. Because at the end of the day, people don't buy features. They buy outcomes. And outcomes come from systems. The Car Analogy One of the easiest ways to explain my thinking is with cars. A car is made up of thousands of individual components. An engine. A transmission. Suspension. Brakes. Fuel systems. Electrical systems. Cooling systems. Sensors. Wiring. Each component is important. But nobody walks into a dealership and says: "I'd like to purchase six pistons, a transmission housing, and a fuel injector." They buy a car. They buy transportation. They buy a complete system. The individual parts only matter because they contribute to the overall experience. The customer doesn't want to think about every moving piece. They want to get in, turn the key, and drive. Drivers and Mechanics This is where I think technology often loses its way. Users are drivers. Engineers are mechanics. A driver should be able to: Start the vehicle Fill it with fuel Check the oil Wash it Perform light maintenance That's about it. They shouldn't need to understand combustion timing, transmission gearing, or electrical diagnostics to get to work. The mechanic, however, lives in the details. They tune the system. They replace parts. They troubleshoot failures. They recommend upgrades. They understand how the pieces fit together. Technology is exactly the same in my mind. Users should be able to focus on their goals. Engineers should focus on the machinery. Features Are Parts This is where I think software conversations sometimes become backwards. A feature is a component. A login screen is a component. A dashboard is a component. A database is a component. An API is a component. AI integra

2026-06-12 原文 →
AI 资讯

OpenAI's GPT-5.5 and Codex Reach General Availability on Amazon Bedrock

OpenAI's GPT-5.5, GPT-5.4, and Codex are now generally available on Amazon Bedrock, one month after OpenAI revised its exclusive Azure arrangement. Pricing matches OpenAI's direct rates with usage counting toward AWS commitments. Codex shifts to pay-per-token billing with no seat fees. GPT-5.4 is the first OpenAI model available in AWS GovCloud. By Steef-Jan Wiggers

2026-06-11 原文 →
AI 资讯

What Designing a Binary Protocol Actually Taught Me

Most developers never have to design a network protocol from scratch. You use HTTP, gRPC, WebSockets, or something else that already exists and has been debugged by thousands of people over many years. That is the right call for most situations. I did not take that path when building Vaylix, a key-value database engine. I designed a custom binary protocol called VTP2, and the process taught me things about networking that I would not have picked up any other way. This is not an argument that you should also build a custom protocol. For most things, you should not. This is an honest account of what I ran into. Why not HTTP The first question anyone reasonably asks is: why not just use HTTP? HTTP is everywhere. The tooling is excellent. Every language has a client. Debugging with curl is trivial. If I had used HTTP, I would have had working client libraries in a dozen languages before writing a single line of server code. The problem is that HTTP is stateless by design. Every request is independent. Every request carries headers. Every response carries headers. The model assumes that each round trip is a fresh conversation with no memory of what came before. A database session is the opposite of that. A client connects, authenticates, and then issues many commands over the same connection. The authentication should happen once. The session should carry state. Pipelining requests without waiting for each response to return should be natural, not something you fight the protocol to achieve. HTTP/2 closes some of this gap. But using HTTP/2 correctly for a stateful session model involves working against the grain of what HTTP was designed for. I would have been spending a lot of time on infrastructure that exists to make HTTP behave less like HTTP. The other issue is overhead. HTTP headers are verbose. For small key-value operations, the headers can easily exceed the payload. That felt wrong for something designed to be a tight operational data store. So I went with TCP d

2026-06-11 原文 →
AI 资讯

When Four Memory Systems Hit the Same Wall

I built a knowledge graph out of my own work sessions. Hundreds of them — transcripts of me building a system with LLMs, extracted into concepts, decisions, findings, and the edges between them. For a while it felt like the thing was working. I'd query it, get back a clean structured answer, and move on. Then I ran a foreign model against it. I gave a different model my concept definitions and asked it to reconstruct the system, both the vocabulary and the relationships. It recovered 97.7% of the words. It recovered 61.1% of the structure. That 36-point gap was the first time I could see the problem instead of just living inside it. The vocabulary transferred because the definitions were written carefully. The edges didn't, because the edges were the part I'd let the extraction handle. And the whole time, querying the graph had felt complete. The structure came back typed, connected, confident-looking — so I stopped looking. I started calling it premature retrieval closure: the retrieval returns something shaped like a whole answer, which is exactly why I didn't notice the parts that were missing. Part 10 of Building at the Edges of LLM Tooling . If you're running a long-term project through an LLM-backed memory system (anything that turns raw sessions into structured, persistent memory), this is about the step where the structure starts lying about how complete it is. Start here . Why It Breaks Every memory system of this kind does the same move. An LLM reads raw interaction (a conversation, a document, a session log) and lifts structured memory out of it: entities, facts, rules, summaries. That structured memory becomes the thing the agent reads later, instead of the raw record. The lift is where fidelity goes. Pulling clean structure out of messy text means making decisions the text didn't make explicit: which entity this pronoun refers to, whether a relationship is real or inferred, what to keep and what to drop. Those decisions can be wrong, and when they are,

2026-06-11 原文 →
AI 资讯

AI Agent Memory Is Not Chat History

Most AI agent systems start with a simple idea: "Let's give the Agent Memory". At first, this usually means saving previous messages, retrieving similar chunks, and injecting them back into the prompt. That works for demos. It does not work reliably for real organizational workflows. Because chat history is not memory. A vector database is not memory. A bigger context window is not memory. Those are storage and retrieval mechanisms. Useful, yes. But memory in an AI Agent System is not just about remembering more information. It is about deciding what should influence future behavior. And that is a much harder problem. The Simple Version When people say "Agent Memory", they often mix together very different things: Conversation history User preferences Workflow state Previous tool results Retrieved documents Task summaries Business rules Approved policies Model-generated assumptions Evidence of completed actions But these should not all be treated the same way. A user saying "I usually prefer short answers" is not the same kind of memory as "invoice #123 was paid". A model saying "the client is probably interested" is not the same as a CRM record. A previous chat message is not the same as a runtime audit log. An approved company policy is not the same as a generated summary. When all of these are thrown into the same context window, the agent may look smarter for a while. Then it slowly becomes unreliable. More Context Can Make Agents Worse A common instinct is to give the agent more context. More history. More documents. More summaries. More retrieved chunks. More memory. But more context does not automatically mean better reasoning. Sometimes it means more noise. Sometimes it means stale information. Sometimes it means private information leaking into the wrong task. Sometimes it means the model starts treating old assumptions as current facts. Sometimes it means low-authority memory overrides high-authority evidence. This is one of the strange things about AI Age

2026-06-11 原文 →
AI 资讯

Modern Data Stack Migration — Day 1: Scaling to 8+ Companies with DRY Architecture and Chasing a $2M Discrepancy

Hello everyone! Following up on my previous post , Day 1 of my Modern Data Stack migration was an absolute rollercoaster of refactoring and deep data auditing. I’m moving our legacy system (spreadsheets and Qlik) into a robust pipeline using Python, ClickHouse, and dbt . Here is what went down over the last 24 hours. 1. From Messy Scripts to a Single, Parameterized Extraction Engine 🛠️ In the legacy setup, each company had its own folder, its own .env file, and its own duplicated Python extraction script. It was a maintenance nightmare. Yesterday, I completely refactored this structure: Centralized Configuration: Merged all separate environments into a single, global .env file at the root level, mapping all 8+ companies and their branches. Eliminated Code Duplication (DRY): Instead of having identical extraction logic copied across folders, I built a single, unified codebase. Now, we have one universal script for Sales, one for Stock, one for Orders, etc. The behavior changes dynamically based on the company argument we pass to the CLI (e.g., python -m extract.run extract --source company1 ). To speed up this refactoring, I used Claude to generate the initial application skeleton. Since the AI already had the context of our legacy extraction logic, translating it into this new clean architecture was incredibly smooth. 2. Highs and Lows: The Data Parity Challenge With the pipeline modernized, I ran the pilot ingestion for Company #1 . To minimize friction for our downstream BI consumers, I kept the ClickHouse Bronze tables structured 1:1 with the legacy CSV schemas. The Good News: The data ingestion into the Bronze layer worked flawlessly. Moving up to the Silver layer (where we do data cleaning and domain-specific transformations), everything validated beautifully. Row counts matched perfectly. The "Fun" Part (The $2 Million Gap): When I materialized the Gold layer (our consolidated group business models), I hit a massive wall. The new pipeline reported $2 million U

2026-06-10 原文 →
AI 资讯

Cache Deep Dive IV — TLB, Huge Pages, and Memory-Level Parallelism

Earlier parts examined the performance characteristics of sequential and random access under single-threaded execution, and noted in passing the destructive effect of random access on the TLB. This part devotes full attention to the TLB: what it is, why a TLB miss is more severe than a cache miss, why a page table walk constitutes one of the longest dependency chains a CPU can encounter, how huge pages fundamentally alter TLB reach, and where memory-level parallelism falters in the face of TLB misses. Page Boundaries: Where the Prefetcher Halts Part III, in its discussion of prefetchers, noted a hard constraint: a prefetcher must not cross page boundaries on its own authority. The operating system manages virtual memory in units of pages (typically 4 KB, i.e., 64 cache lines). When a program reaches the end of one page and is about to step into the next, the prefetcher cannot proceed. The reason is that the next page may not reside in physical memory (it may have been swapped out to disk), or it may be an entirely invalid virtual address — if the prefetcher were to speculatively initiate an access to the next page, it would trigger a page fault: the OS would have to suspend the process and swap the page in from disk; in the case of an invalid address, the OS would terminate the process outright. From a security standpoint, the prefetcher neither can nor is permitted to autonomously cross page boundaries without TLB approval. Hence a performance brake appears every 4 KB — even when traversing an array sequentially, after every 64 cache line accesses the prefetch pipeline must pause and await confirmation of an address translation. This is not to say that modern CPU prefetchers are completely unable to cross pages. Intel's Next Page Prefetcher and AMD's equivalent mechanism can consult the TLB when approaching a page boundary — if the address mapping for the next page is already registered in the TLB, the prefetcher receives clearance to continue prefetching across th

2026-06-10 原文 →
AI 资讯

MCP vs Direct API Calls — My Agent Stack Has Zero MCP Servers

The Model Context Protocol is everywhere right now. Every agent tutorial opens with "first, set up your MCP servers." And yet the agent stack running on the machine I'm typing this from — search monitoring, Telegram alerting, social posting, a voice assistant — contains exactly zero MCP servers. Everything talks to external services through direct API calls. That's not a rejection of MCP. It's a protocol, not a movement — and the flood of agent-architecture content keeps turning plumbing decisions into identity decisions. You're not an "MCP shop" or "behind." You're making a per-workload integration choice, and it comes down to two gates: one decides whether MCP is even the relevant category, the other decides whether it's worth the overhead. Gate one — relevance: does a model pick the tool at runtime? MCP exists to solve a specific problem: a language model, mid-session, deciding which tool to use. The protocol standardises how a model discovers tools, what their schemas look like, and how results come back. That's its entire reason to exist — it's a model-facing protocol. If no model is ever choosing, MCP isn't the relevant category; you'd share a library or stand up a plain service. Now look at what most automation actually is. My morning report pipeline: Cron fires at 8:30 Script calls the Google Search Console API Script formats the numbers Script posts to Telegram The model isn't deciding anything here. There's no runtime tool choice — the model's only job in pipelines like this is reading the data at one step, not fetching it. The call order is fixed, every day, forever. For this workload, MCP isn't the question. One subtlety that matters later: gate one is evaluated over a tool surface's consumers , not over the workload in front of you. The cron pipeline will never pass it. But the search-data access underneath it might — the day a model-driven client wants the same data. The pipeline isn't an MCP candidate; the surface can become one. Either way: being an

2026-06-10 原文 →
AI 资讯

Token-based billing exposed AI's ROI problem: what the real numbers say

In Q1 2026, OpenAI and Anthropic moved enterprise customers from flat-rate plans to token-based billing. The change looks administrative, but it had a direct consequence for engineering teams: the real cost of AI became visible for the first time. The market's reaction over the following two months was enough to reopen a question many considered settled: does AI actually deliver measurable ROI? What happened when the bill arrived The most documented case is Uber. The company had encouraged all employees to use agentic tools as much as possible and even ranked AI usage internally on leaderboards. The result: the entire annual budget was consumed in four months. The response was a $1,500/month cap per employee per agentic coding tool (Claude Code, Cursor, and similar). At Brex, engineers were limited to $500/week in tokens; employees outside engineering received a $5/week cap. T-Mobile temporarily capped usage at $2,000/month per user with plans to migrate to a tiered system. One unnamed company, according to Ed Zitron in "AI Is Slowing Down" (June 2026), spent $500 million on Anthropic models in a single month due to absent spend controls. These are not isolated cases. A KPMG survey reported by the Wall Street Journal in June 2026 found that only 26% of companies have a comprehensive view of their AI costs; 50% have partial visibility; and 22% only find out what they owe after the bill arrives. Steve Chase, KPMG's global head of AI, told the Journal: "It's a new resource that needs to be managed that didn't exist quite that way, and we're seeing exponential growth." The structural problem behind the spending caps The spending caps are a symptom. The root cause, as Zitron details in the same article, is that the economics of generative AI require numbers that currently seem out of reach. Anthropics has made over $330 billion in compute commitments with Google, Amazon, and Microsoft, plus another $45 billion with CoreWeave and SpaceX. To cover those commitments, it nee

2026-06-10 原文 →
AI 资讯

Understandable Systems Generate Evidence: How structure helps developers change code with justified confidence

(The following example is fictionalized.) A notification template feature shipped six months ago. It let each tenant customize the messages sent to their own customers without requiring a back-end change every time the wording changed. The code reviewer could tell the design was hard to follow, especially the path from template to rendered value. But "this is hard to follow" is difficult to turn into a concrete objection when the feature works, the tests pass, and nothing is obviously unsafe or wrong. The design risk was real, but there wasn't an obvious bug to point to. QA signed off, and the feature went into production. Then a bug report came in: one customer had received a notification containing another customer's information. Somewhere in the notification pipeline, the system was leaking PII. At first, the fix sounded small: make sure notifications only render data belonging to the intended recipient. Then the assigned developer, who wasn't the original author, started looking for the place to make the fix. The templates were stored in the database. There were six template types, and each one populated its real values in a different part of the codebase. Some values came from customer-facing records, some came from internal workflow state, and some came from template-specific logic. The placeholder-to-value mapping lived somewhere else. Email and SMS channels shared part of the rendering path, but not all of it. Before the developer could decide where to fix the leak, they had to answer a more specific set of questions: Which placeholder rendered the wrong value? Where did that value come from? Which template types could use that placeholder? Did email and SMS resolve it the same way? What evidence would show that the leak was fully contained? The system was hard to change because it made the behavior hard to understand. What the developer needed was not just "clean code." They needed trustworthy signals they could use as evidence to answer harder questions: w

2026-06-10 原文 →