今日已更新 386 条资讯 | 累计 20358 条内容
关于我们

标签:#X

找到 677 篇相关文章

AI 资讯

The Hidden Linux Routing Issue That Broke My Deployment

The deployment should have taken a few minutes. The application was running, DNS was configured correctly, and the domain was already pointing to the server's public IP. Caddy was configured as a reverse proxy and was listening on ports 80 and 443. Every item on my deployment checklist appeared healthy. Yet every Let's Encrypt validation attempt kept failing. The error looked simple enough: authorization failed timeout during connect likely firewall problem At first, I believed it. I checked DNS resolution, verified firewall rules, confirmed that Caddy was listening on the expected ports, and made sure the application itself was reachable. Every check came back clean. That was the first clue that the problem might not be where the logs were pointing. The Obvious Things The first assumption was DNS. I verified that the domain resolved to the correct public IP. dig +short my-domain.com Everything looked correct. Next came the firewall. sudo ufw status Ports 80 and 443 were open. There were no unexpected deny rules, and nothing suggested inbound traffic was being blocked. Then I checked whether Caddy was actually listening. sudo ss -tulpn | grep -E ':80|:443' Again, everything looked normal. The application itself was healthy too. curl http://localhost:3001 returned a valid response. At this point I had checked most of the things engineers typically check when certificate validation fails. DNS looked good, the firewall looked good, the reverse proxy was healthy, and the application was running. Yet the validation errors continued. The Part That Sent Me In The Wrong Direction The error messages kept mentioning connectivity problems and possible firewall issues. That wording influenced my thinking more than it should have. I spent time investigating firewall rules, reverse proxy configuration, TLS settings, and domain configuration. Every new hypothesis felt reasonable, but none of them explained why local tests consistently succeeded while external validation continued

2026-06-17 原文 →
AI 资讯

Few-Shot Learning with LLM: A Deep Dive

Few-shot learning with large language models is one of the most practical ways to steer model behavior without updating weights. By embedding task-specific examples directly into the prompt, developers can turn a general-purpose foundation model into a domain-specific classifier, parser, or reasoning engine. The technique relies on in-context learning, where the model infers patterns from exemplars rather than from gradient updates. Because it requires no training pipeline, few-shot prompting is ideal for rapid prototyping and production tasks where data volumes are too small for fine-tuning or where model weights must remain frozen. The Mechanics of In-Context Learning In-context learning is an emergent capability of transformer-based language models. During inference, the model attends to the full context window, using the provided examples as a dynamic prior. Each example adjusts the hidden-state activations for subsequent tokens, effectively conditioning the output distribution without any parameter change. Research suggests that the model locates latent task representations within its pretrained weight space and uses the few-shot examples to activate the appropriate subspace. The result is a flexible interface: change the examples, and the model adapts its behavior immediately. Zero-Shot, One-Shot, and Few-Shot Prompting These three patterns describe how much guidance you provide before the actual task input. Zero-shot: You describe the task in natural language with no examples. This works best for simple, well-known tasks that the model has seen frequently during pretraining. One-shot: You prepend a single example. This is often enough to communicate output format or tone. Few-shot: You prepend three to ten examples, sometimes more for complex schema extraction or multi-label classification. The marginal gain from each additional example typically diminishes, but for tasks with rigid output schemas, a larger set of exemplars can substantially improve consisten

2026-06-17 原文 →
AI 资讯

Designing Agent Email Addresses That Humans Trust

You've built the agent, the reply loop works, the demo lands — and then someone asks the question you didn't budget time for: "so what address does it send from?" Suddenly you're staring at noreply-svc-prod2@yourcompany.com realizing that the first thing every recipient sees isn't your prompt engineering. It's the From line. An agent's email address is an interface. Humans parse it before the subject, mail servers judge it before the body, and spam filters score it before any human sees it at all. Once your agent has a real mailbox — which is what Nylas Agent Accounts (currently in beta) provide — address design becomes a product decision with three layers: the local part, the domain, and the disclosure question. The local part: role beats persona beats hash Take three candidate addresses for the same scheduling agent: scheduling@ — a role. Tells recipients what the mailbox does and implies that emailing it is how you use the service. jane.ai@ — a persona. Friendlier in a sidebar avatar, but it invites recipients to treat the sender as a colleague, with all the expectations that carries. bot-7f3a@ — an artifact. Screams "auto-generated," gets mentally filed next to spam, and gives a human nothing to anchor on. The docs consistently model the first pattern — sales-agent@ , support@ , scheduling@ appear throughout the Agent Accounts overview — and I think that's right for a reason deeper than convention. A role address makes an honest promise about capability: scheduling@ claims it can schedule, nothing more. A persona address makes an implicit promise of general competence that current agents can't keep. When jane.ai@ fails to understand a simple request, it reads as a person being obtuse; when scheduling@ fails, it reads as a tool hitting its limits. Same failure, different trust damage. The overview's framing is worth internalizing: an agent identity should be like any other user in your organization — reachable, persistent, accountable. Address design is how that

2026-06-17 原文 →
AI 资讯

I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.

A capability-compiler meets ten deliberately-broken MCP servers. The honest scorecard: it cleanly stops one class, shrinks the blast radius on several, and is useless against another. Knowing which is which is the whole point. Disclosure: I'm the author of capgate , the Apache-2.0 sandbox compiler this post puts to the test. The DVMCP project and the other tools mentioned aren't mine; the manifests and compiled output are reproducible from the repo . The setup Damn Vulnerable MCP (DVMCP) is a teaching project: ten MCP servers, each built to demonstrate one attack — prompt injection, tool poisoning, excessive permission scope, token theft, command injection, and so on. It's the closest thing the ecosystem has to a shared adversarial fixture. capgate is a compile-time tool. You write a manifest declaring what an MCP server is allowed to do — fs:read:/workspace/** , net:connect:api.github.com:443 , nothing else — and it compiles that to a concrete sandbox policy ( docker run flags, bwrap argv, or an egress-proxy config). It does not run anything, watch traffic, or inspect the server's code. It turns a declared capability set into an enforced boundary. So this is a fair, falsifiable test: for each DVMCP challenge, I wrote the honest minimum manifest, compiled it, and asked one question — does the boundary capgate emits actually stop the attack? The answer is not "yes" across the board, and the cases where it's "no" are the interesting ones. The bullseye: Challenge 3 — Excessive Permission Scope The vulnerable tool advertises "read a file from the public directory" and then does this: @mcp.tool () def read_file ( filename : str ) -> str : # VULNERABILITY: doesn't restrict file access to the public directory if os . path . exists ( filename ): # any absolute path works with open ( filename , " r " ) as f : return f . read () The private directory next door holds employee_salaries.txt , acquisition_plans.txt , and system_credentials.txt (a live DB password and cloud API ke

2026-06-17 原文 →
AI 资讯

SpaceX is officially buying Cursor for $60 billion

Days after its massive IPO, SpaceX says it is spending $60 billion to buy Cursor - a bet designed to help Elon Musk's sprawling rocket / AI / social media behemoth win over lucrative enterprise customers and close the gap with AI rivals like Anthropic and OpenAI. The takeover was not entirely unexpected: SpaceX announced […]

2026-06-16 原文 →
AI 资讯

Grok Build Agent Dashboard: Run 8 Parallel Coding Agents From One Screen

xAI shipped the Grok Build Agent Dashboard on June 15, 2026, and it changes how multi-session coding actually works. Eight parallel agents — four on Grok Code 1 Fast, four on Grok 4 Fast — all visible on one screen. Sessions sorted by state automatically. Sub-agents rolled up under the session that launched them. Reply to a blocked session without ever leaving the dashboard view. If you are already running Grok Build (launched June 5, 2026 in beta), this is a meaningful upgrade. If you are evaluating coding agents and parallel execution is part of your decision criteria, the Agent Dashboard is the most developed TUI for multi-session work in any terminal coding agent right now. Here is exactly what it does and when to use it. How to Open It Two ways in. From your shell: grok dashboard Or from inside any Grok Build session: /dashboard The keyboard shortcut Ctrl+ also opens the dashboard from any active session. Closing the dashboard does not close your sessions — they keep running. When you reopen it, every session is still there in whatever state it was in when you left. That last point matters. The dashboard is a view, not a session manager. Sessions have independent lifetimes. You can close the dashboard, switch to a different terminal, do other work, and come back to a batch of completed or paused sessions waiting for your attention. Session States and the Sorting Logic Every session in the dashboard shows one of three states: working , awaiting input , or idle . The dashboard sorts them automatically, with sessions waiting for your input at the top. Working sessions come next. Idle sessions sit at the bottom. The practical result: open the dashboard and the first thing you see is your blocker queue. Sessions that need you are at the top. Everything else is running or done. You do not have to mentally track what state each terminal is in — the sort does that for you. Selecting any row shows the session's latest output inline, without opening the full conversation

2026-06-16 原文 →
AI 资讯

How I Built the Two Missing Payload CMS v3 Plugins — Reviews, JSON-LD & Real Production Bugs

Running 23 European e-commerce shops on Payload CMS v3 taught me that some things simply don't exist yet. So I built them. Background I maintain a multi-clone e-commerce infrastructure — 23 Next.js + Payload CMS v3 shops deployed across Europe, each on its own subdomain and language. Think fr.myshop.com , de.myshop.com , sk.myshop.com ... all running on the same codebase with country-specific patches. While building this, I kept running into two missing pieces that no one had published for Payload v3: A customer reviews system with admin moderation and Google star ratings Complete Schema.org JSON-LD for Google rich snippets (Product, BreadcrumbList, ItemList, AggregateRating) Both are now published on npm. Here's what I built, the bugs I hit, and how I solved them. Part 1 — The Reviews Plugin What didn't exist Search npm for payload reviews or payload ratings — you'll find nothing for v3. The official plugin ecosystem covers SEO, forms, redirects, Stripe... but not customer reviews. Building the collection The reviews collection itself is straightforward — relationship to products , rating (1-5), status select (pending/approved/rejected), author fields. The tricky parts came later. Access control gotcha: Payload v3 uses a roles array, not a role string. This breaks if you copy v2 patterns: // ❌ Wrong — always returns false update : ({ req }) => req . user ?. role === ' admin ' , // ✅ Correct for v3 update : ({ req }) => req . user ?. roles ?. includes ( ' admin ' ), Prevent self-verification: Users can POST any field on create: () => true collections. Lock verified in a beforeChange hook: hooks : { beforeChange : [ ({ data }) => { if ( ! data . status ) data . status = ' pending ' data . verified = false // admin-only, always reset on create return data }, ], }, Email protection: read: () => true on the collection exposes authorEmail in the public API. Add field-level access: { name : ' authorEmail ' , type : ' email ' , access : { read : ({ req }) => req . user ?.

2026-06-16 原文 →
AI 资讯

Runtime Backends: A Deep Dive into qwrap vs Container Isolation Modes

In sandbox runtimes, "isolation" is the core requirement. qwrap (based on bwrap user namespace) and Container (podman/docker) are two mainstream backends. They solve the same problem — running code in a restricted environment — but take completely different paths. This article uses extensive analogies to help you understand the similarities and differences. Building Intuition: Two Ways to "Lock the Door" Imagine you need to confine someone you don't fully trust in a room to do work: qwrap approach : In your existing house, you put up a partition to wall off a corner, leaving only a small window to pass materials through. The walls are still the original walls, the floor is still the original floor, but the person can only see what's inside the partition. Container approach : You build a shipping container with its own independent power, water, and ventilation systems. Put the person inside, close the door. They feel like they're in a complete little house, completely unaware of what's outside. This is the most fundamental difference: qwrap is lightweight view isolation, Container is complete environment encapsulation . What is qwrap (bwrap user namespace) qwrap uses bubblewrap (bwrap) under the hood, a sandboxing tool that leverages Linux user namespaces. How it Works Host filesystem ├── /usr/bin/python3 ← Host's Python ├── /home/user/project/ ← User project └── /tmp/secrets/ ← Sensitive files qwrap sandbox view (what the process sees) ├── /usr/bin/python3 ← bind-mounted in, read-only ├── /workspace/ ← Only the project directory is exposed └── (/tmp/secrets/ doesn't exist) ← Completely invisible Key mechanisms: User Namespace : The process thinks it's root, but actually maps to an unprivileged user on the host Mount Namespace : Only bind-mounts necessary directories in, everything else is invisible No images, no layers, no network namespace (unless explicitly configured) Analogy: VPN Split Tunneling qwrap is like split-tunneling rules on your phone — you're not wrap

2026-06-16 原文 →
AI 资讯

How I Use AI as an Executive Function Prosthetic

For years I thought I had a discipline problem. I had shipped code, finished a degree, built things, and still the dominant private feeling was that I was getting away with something, that the gap between what I could do on a good day and what I could do on a normal one was a character flaw I was hiding. The reframe that changed everything was clinical, not motivational: I do not have a discipline problem. I have an executive function problem. And executive function, unlike character, can be supported from the outside. This is the most personal of the three posts in this cluster. The other two are practical: the CLAUDE.md guide and the five skills . This one is the why underneath both. What Is Executive Function, Actually? Executive function is the brain's management layer. It is not intelligence, and it is not knowledge. It is the set of processes that turn knowing-what-to-do into actually-doing-it. The National Institute of Mental Health describes ADHD as fundamentally a disorder of these self-management processes rather than of attention alone. It is not one function. For the purposes of getting work done, it is at least four distinct ones, and ADHD disrupts each of them in a different way: Working memory , the mental scratchpad holding what you are doing right now. Task initiation , the ability to start, to cross the gap from intention to action. Context switching , the ability to drop one task, pick up another, and come back without losing the first. Time perception , the internal sense of duration that lets you pace and estimate. Calling them out separately matters, because "I struggle with executive function" is too vague to act on. Each of the four breaks differently and each one needs a different prosthetic. Lumping them together is how you end up trying to fix a time-perception problem with a task-initiation strategy and concluding you are just broken. What Is an Executive Function Prosthetic? A prosthetic does not heal. It compensates. Glasses do not repa

2026-06-16 原文 →