AI 资讯
An Inventor of Apple's FaceID Wants to Analyze Your Brain's Health With AI
Gidi Littwin's new AI startup, Hemispheric, makes diagnostic brain scans for conditions like depression, PTSD, and Parkinson’s. He wants the technology to be as cheap and easy as a blood test.
AI 资讯
Dependabot learns to wait: version-update PRs now sit for three days by default
Every time your bot merges a two-hour-old release into main, you are trusting a stranger's freshly published tarball to be the same one everyone else is looking at. Sometimes that release is a real bugfix. Sometimes it is a maintainer who fat-fingered a token, or an attacker who did not, and either way your CI cheerfully rebases against it before anyone had a chance to notice. On 2026-07-14, GitHub added a pause. Not a big one. But a real one. The actual change Dependabot version updates now sit on their hands for three days after a package is published. According to the GitHub Changelog, a release has to have been available on its registry for at least that long before Dependabot will open a version-update pull request against your repository. The cooldown is on by default and requires no configuration. It applies across every ecosystem Dependabot supports on github.com, and GitHub Enterprise Server picks it up in GHES 3.23. Security updates are exempt. If a fix for a known vulnerability lands, Dependabot will still open the PR the moment it can, because a three-day delay on the patch defeats the entire point of shipping the patch. That single carve-out is the whole design. Why three days is doing so much work Three days is not enough time to audit a package. Nobody is pretending otherwise. What three days is enough for is someone else to notice. Most malicious releases that end up on a public registry get pulled quickly once security researchers, downstream maintainers, or the registry's own scanners spot the pattern. The typosquats, the hijacked accounts, the crypto miners buried in a postinstall script: they all rely on being pulled into build automation before the pattern is visible. Dependabot's old default was to be that automation. Its new default is to let the pattern show up first. You can read this change as GitHub quietly admitting that "always up to date" was the wrong marketing promise for a supply-chain tool. The knob, and what shifted about it Cooldo
AI 资讯
Meta's Noninvasive Brain–Computer Interface Brain2Qwerty Achieves 61% Accuracy
Meta recently open-sourced Brain2Qwerty v2, a noninvasive Brain–Computer Interface (BCI) that can decode sentences from thoughts using electroencephalography (EEG) or magnetoencephalography (MEG) signals from the brain. In evaluations, the system achieved a word accuracy rate 61% on average, compared to 8% for other non-invasive methods. By Anthony Alford
AI 资讯
Prometheus Agent Mode vs Grafana Alloy: Choosing the Right Push Agent in 2026
TL;DR: If you only collect metrics, Prometheus Agent mode is lightweight, familiar, and difficult to beat. If you collect metrics, logs, or traces together, or expect to in the future, Grafana Alloy's unified pipeline is usually worth the additional complexity. Once you've decided to move from pull-based scraping to a push architecture , the next question is which agent should actually run on each host. In 2026, the two strongest choices are Prometheus Agent mode and Grafana Alloy. I run Alloy across my production fleet, but that doesn't automatically make it the right answer for everyone. The Shift in the Monitoring Landscape Over the last couple of years, Grafana has consolidated both metrics and log collection into Grafana Alloy. Grafana Agent reached end of life on November 1, 2025, and Promtail followed on March 2, 2026. Neither receives security fixes anymore. The practical choice moving forward: Feature Prometheus Agent Grafana Alloy Metrics ✅ ✅ Logs ❌ ✅ Traces ❌ ✅ Config Prometheus YAML Alloy components Footprint Smaller Larger Learning curve Low Moderate Future direction Metrics agent Unified telemetry The table gives the short answer. The rest of this article explains where those differences actually matter in practice. Prometheus Agent mode. Run the Prometheus binary with the --agent flag and it stops acting as a full Prometheus server. It no longer stores local TSDB blocks, evaluates alerting rules, or serves queries. Instead, it scrapes targets, buffers samples in a write-ahead log, and forwards them upstream via remote_write . It is Prometheus with the storage and query layers removed. Grafana Alloy. A single agent that collects metrics, logs, and traces, processes them in a component pipeline, and pushes each signal to its backend. It embeds many exporters directly, so a line like prometheus.exporter.unix "node_exporter" {} gives you full node_exporter functionality without installing a separate binary. The Case for Prometheus Agent If you only need m
开发者
How I shipped structured JSON logging + Prometheus metrics with zero new dependencies
How I shipped structured JSON logging + Prometheus metrics with zero new dependencies I almost added structlog and prometheus_client to my pyproject.toml . Then I read what they actually do. Both libraries are excellent. structlog is the right call when you have a 30-engineer team shipping 50 services. prometheus_client is the right call when you have five teams of consumers scraping different metrics. For a single-author Python project with one process and one user, both are over-engineered. The 80 lines of code I would have pulled in, I can write in 200. The result: zero new runtime dependencies, full control over the output, and a smaller pip install footprint for every user. Here is what I did instead. The minimum useful observability surface A small Python service needs four things, in order of importance: Every log line is one JSON object. (No parsing for downstream tools.) Every request has a trace id. Every log line in that request carries the same trace id. (So you can grep by id and see the whole story.) Every log line goes to stderr. (So journald , Docker, and kubectl logs all see it without any extra configuration.) Every metric is exposed in Prometheus text format at a stable URL. structlog gives you #1, #2, #3 with a lot of flexibility. prometheus_client gives you #4 with a lot of flexibility. Both are about 16 MB of transitive dependencies combined. For a service that runs in a single process and exports maybe 20 metric names, the libraries are doing more work than the project. The 80-line JsonFormatter The custom logging formatter is the simplest part. The whole thing is here: import json import logging from contextvars import ContextVar from datetime import datetime , timezone _trace_id_var : ContextVar [ str | None ] = ContextVar ( " trace_id " , default = None ) class JsonFormatter ( logging . Formatter ): def format ( self , record : logging . LogRecord ) -> str : payload = { " ts " : datetime . now ( tz = timezone . utc ). isoformat (), " level
AI 资讯
EU AI Act compliance as API calls
We shipped eight endpoints on api.moltrust.ch (v2.5) this week. Three implement EU AI Act obligations directly. This is the short version for people who want to call them; the full reasoning is on our blog ( https://moltrust.ch/blog/compliance-as-an-api.html ). Why no model in the loop: the Aithos LARA study (May 2026) placed twelve frontier models in simulated workplaces where the task required breaking EU law. Best model: 54% lawful runs. In the Art. 5(1)(f) scenario (emotion inference from workplace communications, prohibited), all twelve committed the violation. So the classifier is deterministic code branching on the pinned EUR-Lex text, and every response carries article references you can check yourself. POST /compliance/assess — use case + intended purpose + declared signals in, risk tier + obligations + article pins out. Evaluation order: Art. 5 prohibitions, Annex I route (Art. 6(1)), Annex III route (Art. 6(2)/(3)), Art. 50 transparency, minimal. The trap worth knowing: Art. 6(3) offers four derogation grounds, and its final subparagraph voids all of them for systems that profile natural persons. In the code that subparagraph is a branch; it cannot be skipped. curl -X POST https://api.moltrust.ch/compliance/assess \ -H "Content-Type: application/json" \ -d '{ "use_case": "Customer-support agent that reads inbound email and drafts replies", "intended_purpose": "Automated first-line support for consumer inquiries", "performs_profiling": false, "interacts_with_humans": true, "emotion_recognition": false }' POST /compliance/declaration — EU declaration of conformity as a W3C Verifiable Credential with the eight Annex V items, Ed25519-signed. Verify offline against https://api.moltrust.ch/.well-known/jwks.json ; no call back to us. anchor: true adds a sha256 commitment for batch anchoring on Base L2. POST /compliance/incident — records Art. 73 serious incidents and computes the deadline from the regulation: 15 days standard, 10 days for a death, 2 days for wid
科技前沿
China is catching up to Elon Musk’s reusable rockets
China's state-owned space company recovered its first orbital rocket booster after launch.
AI 资讯
EU threatens Meta with fines over addictive features on Facebook and Instagram
The tech giant is in breach of the Digital Services Act by focusing on features like infinite scroll, autoplay, push notifications, and the highly personalized recommendation algorithms, the European Commission said.
AI 资讯
Is an air-conditioning revolution coming to Europe?
The AC culture wars may be solved by advances in environmentally friendly technology.
AI 资讯
Conspiracies and regrets abound in Dune: Part Three trailer
"You promised me that you would never take power in your name."
AI 资讯
Robinhood Chain Goes Live, Agentic Payments Take Shape, Updated Lean Ethereum Roadmap
Welcome to our weekly digest, where we unpack the latest in account and chain abstraction and the broader infrastructure shaping Ethereum. This week: Robinhood takes its own chain and agentic trading live; WalletConnect and MetaMask make the case that account abstraction is what will keep AI agent payments safe; a new essay argues Ethereum should fund its founding period like a young nation-state; and Vitalik shares the updated Lean Ethereum roadmap that makes privacy and quantum resistance first-class. Robinhood Chain Goes Live With Agentic Trading WalletConnect and MetaMask on Agentic Payments The Case for Founding-Period Ethereum Funding Vitalik Shares the Updated Lean Ethereum Roadmap Please fasten your belts! Robinhood Chain Goes Live With Agentic Trading Robinhood has launched the public mainnet of Robinhood Chain , its biggest move yet into onchain finance. Built on Arbitrum, the Layer 2 is designed for tokenized real-world assets and DeFi, and it went live at a London keynote with day-one partners including Uniswap. With the mainnet, Robinhood’s Stock Tokens are now fully live in more than 120 countries, though availability varies by jurisdiction. Users can trade tokenized equities around the clock and put them to work across DeFi, including in lending pools and as trading collateral. The company also rolled out Robinhood Earn , a decentralized lending product that pays an estimated 7% on its dollar-backed USDG stablecoin through a self-custody wallet, powered by the Morpho protocol. Perpetual futures and maker fees as low as 0% round out the trading updates. The most relevant piece for our readers is Agentic Accounts for crypto. Through a Trading MCP, eligible users can connect their AI model of choice to Robinhood’s data and tools, while keeping control by setting how much capital to allocate and which safety guardrails apply. This is account abstraction territory in all but name. Letting an agent trade from a self-custody wallet within human-defined limit
AI 资讯
The 4 Best Home Air Conditioners to Buy Right Now
It's too hot. There, we said it. Protect your health and keep your home cool with one of these top-rated air conditioners.
AI 资讯
Is an Air-Conditioning Revolution Coming to Europe?
As extreme heat becomes the norm on the continent, the AC culture wars may be solved by advances in environmentally friendly technology.
AI 资讯
With EU backing, QuantumDiamonds aims to speed up chip manufacturing
Like its U.S. counterpart, the European Chips Act aims to foster the semiconductor industry — in part thanks to state subsidies. One of the beneficiaries is QuantumDiamonds, a German startup that applies a novel approach to inspecting chips.
AI 资讯
Idempotency — Safe Retry
Safe retry: idempotency key để retry một request không biến thành hai lần charge Trong hệ phân tán, retry là mặc định — client, gateway, load balancer, queue consumer đều retry khi timeout hoặc lỗi tạm thời. Vấn đề là nhiều thao tác quan trọng không idempotent tự nhiên: một request POST /charges gửi hai lần thì trừ tiền khách hai lần, một message OrderCreated xử lý hai lần thì ship hai đơn. Idempotency key là cơ chế để server nhận diện "cùng một intent" giữa các lần retry và chỉ thực hiện side effect một lần , trong khi vẫn trả về response giống hệt cho mọi lần gọi lặp — về mặt hiệu ứng thấy được từ bên ngoài, đây là cái người ta hay gọi là "exactly-once effect" (dù ở tầng transport vẫn là at-least-once). Cơ chế hoạt động Client sinh một identifier duy nhất cho mỗi thao tác (thường là UUIDv4) và đính kèm request — quy ước phổ biến là HTTP header Idempotency-Key (Stripe API dùng đúng tên này, và IETF có draft draft-ietf-httpapi-idempotency-key-header chuẩn hoá cùng tên header). Server dùng key làm identity của thao tác trong một cửa sổ TTL: Nhận request với key K . Tra K trong idempotency store. Nếu tồn tại và request cũ ở trạng thái terminal (đã có response), trả lại response đã lưu — không chạy lại business logic. Nếu tồn tại nhưng đang in-flight , trả 409 Conflict (hoặc chờ, tuỳ contract). Nếu chưa tồn tại, INSERT bản ghi với unique constraint trên key, chạy business logic, persist response, commit. Điểm cốt lõi là bước insert + bước business logic + bước lưu response phải nằm trong cùng một transaction boundary — hoặc chí ít, phải có cơ chế đảm bảo không có window mà một retry khác nhìn thấy "chưa có key" trong lúc lần đầu vẫn đang chạy dở. CREATE TABLE idempotency_keys ( key TEXT NOT NULL , user_id BIGINT NOT NULL , request_hash TEXT NOT NULL , -- fingerprint payload status TEXT NOT NULL , -- in_flight | succeeded | failed response_code INT , response_body JSONB , created_at TIMESTAMPTZ NOT NULL DEFAULT now (), locked_until TIMESTAMPTZ , PRIMARY KEY ( user_id ,
AI 资讯
Message Queue — Async Processing
Async processing qua message queue: vì sao đẩy việc nặng ra khỏi request path, và cái giá phải trả bằng eventual consistency Async processing là mô hình tách một request thành hai giai đoạn: request handler nhận việc, xác nhận với client, rồi giao phần xử lý thật cho một worker chạy ngoài request path — thường qua một message queue (RabbitMQ, AWS SQS, Kafka, Redis Streams, hoặc queue trên nền Redis như BullMQ/Sidekiq). Lý do dev gặp nó trong việc thật rất cụ thể: một endpoint gọi payment provider mất 3s, gửi email confirm mất 1s, resize ảnh mất 5s — nếu làm tuần tự trong request, p99 latency của endpoint là tổng các con số đó, và một downstream chậm hoặc chết đủ để làm timeout hết thread pool của app server. Đẩy vào queue thì request trả về trong vài chục ms; nhưng đổi lại, cái "xong" mà client thấy không còn nghĩa là việc đã thực sự hoàn thành. Cơ chế hoạt động Ba thành phần: producer (thường là API server) đóng gói việc thành message rồi publish vào broker; broker (RabbitMQ/SQS/Kafka…) giữ message trong queue có persistence tuỳ cấu hình; consumer/worker poll hoặc được push message, xử lý, rồi ack để broker biết xoá. Nếu worker chết trước khi ack, broker redeliver — đây là gốc của semantic at-least-once : mỗi message được giao ít nhất một lần, có thể nhiều lần. Exactly-once trong hệ phân tán chỉ đạt được ở lớp application bằng cách consumer viết idempotent, không phải bằng cấu hình broker. Ví dụ với RabbitMQ + Node ( amqplib ): // producer — trong HTTP handler const ch = await conn . createConfirmChannel () await ch . assertQueue ( ' image.resize ' , { durable : true }) app . post ( ' /upload ' , async ( req , res ) => { const jobId = crypto . randomUUID () const payload = Buffer . from ( JSON . stringify ({ jobId , s3Key : req . body . key })) await ch . sendToQueue ( ' image.resize ' , payload , { persistent : true , // ghi xuống disk, sống sót broker restart messageId : jobId , // để consumer dedupe contentType : ' application/json ' , }) // đợi broker confirm đ
AI 资讯
UK regulator warns of "arms race" to keep up with AI use in financial services
FCA official makes case for greater powers for watchdog as millions use technology for personal finance decisions.
开发者
What Are Fish Oil Supplements Good For? Here’s Your Crash Course
A large-scale clinical trial has shown that even long-term consumption of DHA—an omega-3 fatty acid found in abundance in oily fish—may not lead to improvements in cognitive function.
开发者
Google loses long-running appeal of record EU fine, will have to cough up $4.7 billion
The EU went after Google for the practice of bundling its search engine and browser with Android.
AI 资讯
Ethlabs Launch, the EF Restructures, Starknet Brings Private USDC, Crypto Neobanks Go Mainstream
Welcome to our weekly digest, where we unpack the latest in account and chain abstraction and the broader infrastructure shaping Ethereum. This week: Ethlabs launches as an independent EF-origin R&D lab backed by Bitmine, Sharplink, and Joe Lubin; the Ethereum Foundation reorganizes into five focused clusters and parts ways with a fifth of its staff; Starknet brings confidential USDC payments to DeFi through its STRK20 framework; and a new industry report charts how crypto-native neobanks went mainstream and why account abstraction matters more because of it. Ethlabs Launches as an Independent R&D Lab The Ethereum Foundation Restructures Into Five Clusters Starknet Brings Private USDC to DeFi Crypto Neobanks Cross From Experiment to Infrastructure Please fasten your belts! Ethlabs Launches as an Independent R&D Lab A coordinated group of Ethereum contributors has launched Ethlabs , an independent nonprofit research and development lab built to ready the network for its next wave of institutional and agentic adoption. The funding effort is led by Bitmine, Sharplink, and Ethereum co-founder Joe Lubin, with support from Anchorage, Octant, and SNZ. Ethlabs is cofounded by five former senior Ethereum Foundation researchers — Ansgar Dietrichs, Barnabé Monnot, Caspar Schwarz-Schilling, Josh Rudolf, and Julian Ma — who between them shaped finality, scaling, data availability, and protocol economics over the past decade. Dietrichs serves as Executive Director. The lab’s early work centers on what institutions need to move onchain at scale: faster settlement, native issuance, cross-chain movement, and more mainnet capacity, alongside research into ETH’s monetary properties. The team frames the moment as Ethereum’s shift from infrastructure buildout to an age of adoption, where the architecture that settles global activity is being decided now rather than in ten years. To preserve neutrality, funding flows through an independent grants administrator that handles screening and