今日已更新 38 条资讯 | 累计 21257 条内容
关于我们

标签:#RAM

找到 1475 篇相关文章

AI 资讯

someone actually leaked the Miasma supply chain attack toolkit source code on github

we saw that multiple github repos name as Miasma-Open-Source-Release started appearing yesterday which was pushed by a compromised developer accounts. then we pulled the source to dig deeper. And calling it a worm would be very small its kind of a complete supply chain framework you can see which is having ARCHITECTURE .md integration test etc. so it was kind of a product. ARCHITECTURE.md was saying that it requires no C2 infrastructure and not have to deal with takedowns or maintaining infrastructure. it just stolen github PATs is only what is necessary. submitted by /u/BattleRemote3157 [link] [留言]

2026-06-09 原文 →
AI 资讯

The 5 most common ClickHouse mistakes and how to fix them

We went through hundreds of StackOverflow + Reddit threads on ClickHouse and after seeing the same pain points surface repeatedly, we wrote up the 5 most common ClickHouse mistakes engineers make in production: Expecting ReplacingMergeTree to deduplicate reliably. It does, but eventually and not synchronously Picking the wrong table engine (MergeTree when you need Aggregating/Replacing) Treating PRIMARY KEY like it enforces uniqueness (it doesn't and ORDER BY column order matters far more) Too Many Parts errors from small inserts. Almost always fixable with batching JOINs behave differently than PostgreSQL. Smaller table must go on the right Check the concrete fix for each of them, with SQL examples: https://www.glassflow.dev/blog/clickhouse-mistakes-engineers-make?utm_source=reddit&utm_medium=socialmedia&utm_campaign=reddit_organic Happy to discuss any of these in the comments, especially the dedup one, which seems to trip up almost everyone coming from a relational background. submitted by /u/glassflow-dev [link] [留言]

2026-06-09 原文 →
AI 资讯

CodeMeridian: Giving AI Coding Agents a Project Map Before They Edit

AI coding agents feel sharp when a project is small. They can scan a few files, understand the shape, and make useful changes. In that phase, the project still fits inside the agent’s short-term memory. The architecture is obvious. The dangerous files are nearby. The blast radius is small. But something changes when a project reaches MVP size. The agent still sounds confident, but it starts guessing. It finds a nearby file and assumes it is the right one. It trusts stale documentation. It misses hidden callers. It forgets architecture boundaries. It edits something that was not really part of the task. I kept running into that problem while building larger projects. Source-level guardrails help. A CONTRIBUTING.md, AGENTS.md, or project instruction file can tell the agent how to behave. But those are still instructions. They are not facts. That is where the idea for CodeMeridian came from. What CodeMeridian is CodeMeridian is a local code knowledge graph for AI coding tools. It indexes a codebase into Neo4j and exposes that graph through MCP, so tools like GitHub Copilot, Claude Code, Codex-style agents, or other MCP-compatible clients can ask better questions before editing. The basic idea is: The assistant is the AI. CodeMeridian is the project map. It does not replace the coding assistant. It gives the assistant a structured way to ask about the codebase. Examples: What calls this method? What tests cover this area? What files are likely in scope for this feature? Is the graph stale before I trust it? How is this frontend component connected to backend code? Why a graph? Code is already a graph. Methods call methods. Classes implement interfaces. Tests cover production paths. Frontend components call API clients. API handlers touch services. Services use repositories. Docs mention symbols. Projects depend on other projects. A normal file search can find text. A graph can answer relationship questions. That matters because many AI coding mistakes are relationship m

2026-06-09 原文 →
AI 资讯

AI agentic workflows on large codebases

The first post went over some of its capabilities. Over the past week Edict went v1.0, adding cursors for reading projections after command dispatch (to close some eventual-consistency gaps), a new type of projection that holds state inside the Orleans grain directly instead of a table, saga timeouts, schedules, an improved skills package and MCP server that ships with Edict, and more. Edict has now grown to over 75,000 lines of code and more than 1000 tests, and contains several deep mechanisms that have been fixed, broken, and fixed again. It is well past the point where I can hold all of Edict in my head. This post is about working with AI on large codebases, which I expect to be the first problem most software engineers have to solve. The context problem Years ago I was talking to a PhD candidate whose area of research was Natural Language Processing (NLP). He explained to me that one of the most difficult NLP problems was context. If a colleague says they need to pop out to pick their kids up from school, a scene can form in your head: one with a school, the layout of the road, people waiting, walking, driving, the environs. You may never have seen the school your colleague mentioned, but you can form a rich scene from your accumulated experience and use it to drive the rest of the conversation with a shared understanding. LLMs ingeniously dodge this entire issue by making it your problem. Just a word-probability machine Strip away the chat window and a Large Language Model (LLM) is doing one thing: predicting the next token. Give it a run of text and it returns a probability distribution over what comes next, samples one, appends it, and repeats. Companies like OpenAI and Anthropic then beat it into shape using techniques like supervised fine-tuning and reinforcement learning, which tune those probabilities in meaningful ways. That is why Claude is always telling me "Good framing" or "You've spotted...". It even called me "Bold" on one occasion. The probabilit

2026-06-09 原文 →
AI 资讯

AI's real value isn't automation. It's how fast you can act on what you already know.

Something I keep noticing across teams and orgs that are actually getting value from AI versus the ones that aren't. The difference rarely comes down to the model or the algorithm. Most organizations are already drowning in data. Logs, metrics, alerts, reports, dashboards, tickets. The information exists. The bottleneck is what happens after the data shows up. How long does it take to interpret what the signal means? Who decides what to prioritize when three things need attention at once? How fast can the right people coordinate a response once a decision is made? That's where AI actually earns its keep. Not by replacing the human in the loop but by compressing the time between something happening and someone doing something useful about it. Signal to understanding to action. That's the chain that matters. Think about it in terms you deal with every day. A vulnerability gets disclosed. The CVE exists, the advisory is public, your scanner picked it up. None of that is the bottleneck. The bottleneck is figuring out which of your services are affected, who owns them, how bad the exposure actually is in your specific context, and getting a patch scheduled before someone exploits it. AI that helps you answer those questions in minutes instead of days is genuinely valuable. AI that and adds another dashboard to look at isn't. This applies across the board. Incident response, infrastructure management, risk assessment, customer systems, operational workflows. The teams getting real value aren't the ones with the fanciest models. They're the ones who figured out where their decision bottlenecks actually are and pointed AI at those specific gaps. The strategic advantage is rarely in the algorithm. It's in organizational responsiveness. How fast can you go from "something happened" to "we're handling it". The AI is just the thing that compresses that timeline. Where's the biggest decision bottleneck in your current workflow?

2026-06-09 原文 →
AI 资讯

Privacy by Design in Your API: How to Collect Less Data Without Breaking UX

When developers think about privacy, they often think about legal compliance, consent banners, or policy pages. But privacy starts much earlier than that, at the API layer. Every time your backend asks for a phone number, date of birth, location, or optional profile field, you are making a design decision. If you collect too much data by default, you increase risk, reduce trust, and make your system harder to maintain. The good news is that privacy by design does not have to make your product worse. In many cases, it makes your API cleaner, safer, and easier to reason about. Why collecting less data matters The more data you collect, the more you have to protect. That means more storage, more access control, more breach risk, more compliance burden, and more user distrust if something goes wrong. A developer friendly privacy approach is simple: Only collect what you need to deliver value. Bad pattern: collecting everything up front user_profile = { " name " : " Amina " , " email " : " amina@example.com " , " phone " : " 07000000000 " , " dob " : " 1995-01-01 " , " address " : " 123 Main Street " , " location " : " Lagos " , " gender " : " female " } This kind of structure is common in early stage products. The thinking is usually: let us ask for everything now, just in case we need it later. But just in case is not a good privacy strategy. Better pattern: collect only what is required def build_profile ( name , email , phone = None ): profile = { " name " : name , " email " : email } if phone is not None : profile [ " phone " ] = phone return profile user_profile = build_profile ( " Amina " , " amina@example.com " ) print ( user_profile ) This is small, but the principle matters. Optional data should stay optional unless it is truly needed. Use explicit field validation Instead of accepting a giant payload and filtering it later, validate the exact fields you expect. ALLOWED_FIELDS = { " name " , " email " , " phone " } def sanitize_payload ( payload ): return { k :

2026-06-09 原文 →
开发者

I analyzed 26 major open source repositories. Every one had at least one bus-factor-1 module

I built a CLI called git-archaeologist to analyze ownership concentration, bus factor, coupling, and change history from git repositories. To validate it, I benchmarked 26 major open source projects including Kubernetes, React, VS Code, TensorFlow, PostgreSQL, Spring Boot, and Node.js. The report includes methodology, limitations, repository snapshots, raw JSON outputs, and benchmark data. Happy to hear where the methodology is wrong or what could be improved. submitted by /u/Some_Scientist5385 [link] [留言]

2026-06-09 原文 →
AI 资讯

Lawyers, Marketers, Product Managers—Xiaomi's Breakthrough Agent Product SoloEngine: Everyone Is a Creator

On June 3, Xiaomi released the latest version of its open-source project, SoloEngine . The first low-code Agentic AI development platform. At the AIGC2026 Summit, Amazon Web Services disclosed a striking statistic: 87% of enterprises claim to have deployed AI, but only 10% have actually extracted real value from it. The current agent industry chain shows a curious pattern—hot at both ends, hollow in the middle. Upstream foundation models and chips attract capital; downstream use-case demand is robust; but the midstream lacks an engineering platform capable of converting domain expertise into reliable agents. The reasons behind this gap are concrete. Building an AI Agent currently comes down to two approaches. One is low-code workflow platforms: Dify and n8n offer visual canvases where users drag and drop nodes to quickly assemble AI applications. But workflows rely on preset paths—step A leads to step B, step B leads to step C, with if/else conditions controlling branches. Hit something outside the preset, and the flow breaks. At best, they function as AI-powered macro scripts. The other is code-based development frameworks: LangChain and CrewAI support genuine Agentic AI architectures where agents can make autonomous decisions and dynamically adjust strategies. But this requires Python programming skills. A lawyer has to learn Python just to build a legal Agent; a CMO has to configure a CrewAI environment just to set up a marketing Agent team. Low-code platforms don't support true autonomous decision-making. Code frameworks are only accessible to programmers. SoloEngine fills precisely this gap. I. SoloEngine: Making Everyone a Creator Open a browser. Drag Agents onto a canvas. Connect collaboration relationships. Configure the tools you need. Hit run. The backend automatically compiles your design into an executable Agentic AI system—one that plans tasks, executes operations, and delivers results. Users just review and confirm, and the work gets done. No lines of

2026-06-09 原文 →
AI 资讯

I Built an AI Assistant That Lives in My Telegram — Here's What 6 Months Taught Me

Six months ago I got tired of switching between apps to talk to AI. ChatGPT in the browser. Claude in another tab. Local models in a terminal. It was like having five friends who all live in different cities and refuse to visit each other. So I did what any developer with too many GPUs and too little patience would do: I built my own assistant and put it where I already spend my day — Telegram. It's not a chatbot for customers. It's not a business automation tool. It's just... my assistant. It lives in a private chat on my phone and handles the stuff I used to do manually. Here's what six months of actually using it has looked like. What I Actually Built (And Why Telegram) I already had three machines running Ollama at home — a Mac Mini M4, a Windows PC with an RTX 3060, and an Ubuntu box. Three endpoints, eight models, and me constantly forgetting which model was good for what. Telegram was the obvious choice because: I'm already there all day (friends, family, a few dev groups) It works on my phone, my Mac, and my watch The Bot API is dead simple I can send voice messages, photos, documents — and the bot can handle all of them The setup: a Python bot running on the Mac Mini, connected to all three Ollama endpoints. When I message it, the bot classifies what I want, routes to the right model on the right machine, and replies in the same chat thread. Sounds simple. Took three evenings to get right. Took six months to make actually useful. The Things I Actually Use It For Here's the honest list. Not the marketing pitch — the real daily usage: 1. Quick questions without context switching "Summarize this article" (I paste a link). "Explain this error" (I paste a stack trace). "Rewrite this email less formally." These used to mean opening a browser tab, logging in, maybe hitting a rate limit. Now I just... send a message. The reply comes back in 2-8 seconds depending on which model handles it. The routing is simple but effective: quick chat → small model on the Mac. Cod

2026-06-09 原文 →
AI 资讯

Cx Dev Log — 2026-05-25

The interpreter's variable lookup is now blazing through arithmetic loops at a 57% faster pace. But this isn't just about raw speed — four tracker items were checked off the list, culminating in a more robust system. All rolled out on submain, a direct result of a thorough four-pillar audit. BindingId replaces string hashing at runtime The heavyweight change came from tracker #009. Previously, our interpreter was busy hashing variable names every time they were accessed. That was a repeat offender in wasted cycles. Now, by using a pre-assigned numeric BindingId, we seize efficiency. The semantic phase was already handing out these IDs, but the runtime kept adding the overhead back. It doesn’t anymore. ScopeFrame.vars has transitioned to a HashMap equipped with a zero-cost identity hasher keyed by u32 binding IDs. Name-based lookups are still around but tucked away for less frequent operations like string interpolation. Fixes were necessary upstream: ConstDecl and semantic_impls now hold onto their BindingId, making sure our semantic phase pipelines gracefully into the interpreter's primary key system — narrowing the gap with JIT's variable handling. Here's how the numbers shine on a Windows release build: arith_loop (5M iterations): from 5744ms down to 2481ms (56.8% boost) nested_loops (4M iterations): from 2675ms down to 1796ms (32.8% boost) fib_recursive: from 6835ms down to 6488ms (merely 5.1% faster due to call-frame constraints) Our findings align with expectations: recursive functions aren't bogged down by variable lookups as much as by setting up call frames. Array bounds errors stop lying Misleading diagnostic labels are on their way out, thanks to tracker #002 and #032. Attempts to access out-of-bounds array indices once triggered an error as unhelpful as variable 'index 5' has not been declared . Not anymore. Changes came in two waves. First, we introduced a new error variant: RuntimeError::IndexOutOfBounds { pos, index, length } . Then, three runtime.rs c

2026-06-09 原文 →