AI 资讯
Got Thread problems? There’s an app for that
The new Thread Networks Diagnostics Tools app from Thread Group, the standards body behind the wireless IoT protocol, officially launches in beta today. The app, which arrives on iOS and has been available on Android in alpha for a few weeks, is the first dedicated tool to provide visibility into your Thread-based smart home network. […]
AI 资讯
UUID v4 vs UUID v7: Performance, Security and Real Benchmarks at 100M
TL;DR — UUID v7 trie 13× plus vite que v4 en simulation B-tree (1M entrées), expose une empreinte mémoire identique, mais révèle son timestamp d'émission. UUID v4 reste le choix "zéro réflexion" pour les identifiants isolés. Le reste de cet article vous donnera les données pour décider. Introduction Les UUIDs sont omniprésents dans les systèmes modernes : clés primaires de bases de données, identifiants de sessions, tokens de traçabilité. Pourtant, le choix de la version impacte directement les performances en écriture et en lecture, la fragmentation des index, et — dans certains contextes — la confidentialité des données. UUID v4 (RFC 4122, 2005) est aujourd'hui la version par défaut de presque tous les ORM et frameworks. UUID v7 (RFC 9562, 2024) est son successeur moderne, conçu pour corriger son principal défaut : le désordre lexicographique. Dans cet article, nous allons mettre les deux en face avec des benchmarks réels sur des volumes de 100 000 à 10 millions d'UUIDs , analyser leur structure bit par bit, et vous donner une grille de décision claire. Structure interne : ce que contiennent ces 128 bits UUID v4 xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx Bits Contenu 0–47 Aléatoire 48–51 Version (0100 = 4) 52–63 Aléatoire 64–65 Variant (10) 66–127 Aléatoire 122 bits d'entropie pure. Aucune information temporelle. Chaque UUID est statistiquement indépendant des autres. UUID v7 019ed5c8-2a2f-7974-91f2-6ba1f313dcfa └──────────────┘ 48 bits = timestamp Unix en millisecondes Bits Contenu 0–47 Timestamp Unix (ms) 48–51 Version (0111 = 7) 52–63 Aléatoire (sub-ms ou compteur) 64–65 Variant (10) 66–127 Aléatoire 74 bits d'entropie + 48 bits de temps. Naturellement monotone : deux UUIDs générés dans la même milliseconde sont toujours distincts et ordonnés de façon cohérente. Lecture du timestamp (Python) : import uuid6 u = uuid6 . uuid7 () b = u . bytes ts_ms = int . from_bytes ( b [: 6 ], ' big ' ) # → 1781703125553 (ms depuis epoch Unix) Depuis la sortie de nos benchmarks : [00
AI 资讯
Stop Saying Python Iterators Are Eager
As a backend developer, I sometimes help companies evaluate candidates by reviewing their recorded technical interviews. However, over time, I’ve noticed a deeply ingrained misconception. When discussing memory management or data streaming, many developers explicitly state: "Iterators in Python are inherently eager. If you want true lazy loading or lazy evaluation, you have to use generators and the yield keyword." This misconception is common. Many popular bootcamps and online courses introduce lazy evaluation exclusively through generators . Custom class-based iterators are usually skipped or dismissed as boilerplate-heavy OOP theory rarely used in production Python. This confusion is further reinforced by two common educational simplifications : The List vs. Generator Expression Analogy: Beginners are taught that square brackets [...] (list comprehensions) are eager and take up memory, while parentheses (...) (generator expressions) are lazy. This often creates a false binary mental model: "generators = lazy, everything else = eager." Standard "Textbook" Examples: When courses demonstrate a custom iterator, they usually write a basic class that accepts an already fully loaded list in its __init__ and simply increments an index in __next__ . While this is valid for in-memory data, it leads developers to assume that custom iterators inherently require loading all data upfront. In reality, generators are a specialized language feature designed to implement the iterator protocol automatically . They comply with the exact same interface ( __iter__ and __next__ ). A generator is lazy not because of some magical property of the yield keyword, but simply because it adheres to this underlying contract. To show that custom iterators can be lazy without using any generators or yield keywords, I’ve put together a lightweight and reproducible benchmark. 🧪 The Experiment: Proving Lazy Loading with Custom Iterators Suppose we need to read a database export file ( test_users_db.
AI 资讯
Canadian pension giant joins race to fund India’s AI-fueled data center boom
The Canadian pension giant will acquire an 8.2% stake in CtrlS, a tech giant that operates more than 15 data centers across India.
产品设计
DeepL acquires Mixhalo for live-event audio streaming and translation
With this acquisition, DeepL is opening an office in San Francisco to expand its U.S. business.
AI 资讯
Native NACS ports, infotainment upgrade for MY27 Porsche Taycan
The bigger battery is standard and there are now simulated "E-Shifts."
科技前沿
CVS Is Switching to Aluminum Pill Bottles
They’re much more recyclable than the current plastic ones, and they will still probably be locked away behind that anti-theft plexiglass.
AI 资讯
Presentation: From Hype to Strong Foundations: What the Rise, Fall and Resurgence of Agents Can Teach Us About Outlasting the Cycle
Aditya Kumarakrishnan explains how to move past the "amnesia phase" of AI. He shares a blueprint for engineering leaders to build modular agent frameworks using CoALA, leverage decades of process science for scalable workflows, and "terraform" legacy environments into robust, event-sourced artifacts capable of handling unpredictable, cross-functional agent demands. By Aditya Kumarakrishnan
产品设计
Uber will bring its premium robotaxi service to Houston in 2027
This will be the second market to have an Uber robotaxi service outfitted with Lucid EVs equipped with a self-driving system from Nuro.
创业投融资
Tim Heidecker Wants to Turn Infowars Into Adult Swim for the Internet
Infowars’ would-be creative director talks Sandy Hook, comedy’s MAGA turn, and why the future of satire may look more like a streaming startup than a late-night show.
科技前沿
West Antarctica Is Missing Way Too Much Ice
Temperatures have climbed up to 45 degrees Fahrenheit above normal, stopping ice from forming in the dead of Antarctic winter.
科技前沿
For Iran’s Athletes, There Is No Separating Sports From Politics
From defections and protests to moments of national pride, the 2026 World Cup arrives amid decades of tension between identity and the state.
AI 资讯
WSL UI, WSL Dashboard, and a "Counterfeit" Claim That Doesn't Survive the Timeline
There is now a second free WSL management tool out there called WSL Dashboard , published by a developer who goes by owu on GitHub. It is open source, it has more GitHub stars than WSL UI, and it is clearly the product of real effort. I have no problem with any of that. Competition is good for users, and WSL deserves more than one good GUI. What I do have a problem with is this notice, which appears both on wslui.com and in the WSL Dashboard README: "This software is not distributed through the Microsoft Store. Any application listed there under the same name is unauthorized and may be counterfeit. Please do not download it to avoid potential scams." WSL UI is on the Microsoft Store. It has been since January. So that notice is, in plain terms, telling people that the genuine, certified, earlier WSL tool is a counterfeit scam. It isn't. And the entire claim falls apart the moment you look at the dates — all of which are public, timestamped, and independently verifiable. What this post is, and what it isn't This is not a "my project is better than yours" post. I'm not going to pick apart WSL Dashboard's features or pretend it's a bad piece of software. It isn't. This is a correction of one specific, factual claim: that the version of WSL UI on the Microsoft Store is unauthorized or counterfeit. That claim is demonstrably false, and because it's aimed at a tool people trust, it's worth setting straight properly — with evidence, not adjectives. The timeline Every date below comes from a public record. I've linked the sources so you don't have to take my word for any of it. Date Event How to verify 2008-12-11 octasoft.co.uk registered. Octasoft Ltd has existed for well over a decade. Nominet WHOIS for octasoft.co.uk 2025-12-14 The octasoft-ltd/wsl-ui repository is created. GitHub API ( created_at ) 2026-01-10 WSL UI's first public release, v0.2.0. WSL UI releases 2026-01-13 WSL UI v0.14.0 is published to the Microsoft Store. The announcement post 2026-01-18 The owu/wsl-
AI 资讯
Hacking the atmosphere: Geoengineering gets a reality check
Jim Franke pulls away the cover page of a presentation on the wraparound desk in his office, revealing an illustration of an odd-looking aircraft with massive wings stretching out from a stubby fuselage. The uncrewed plane is soaring thousands of meters higher than commercial jets fly—so high you can see the curvature of the Earth.…
AI 资讯
Entrepreneurs in Nairobi make the case for going solar
Most of Kenya’s power grid runs on renewables. But with 25% of communities lacking centralized electricity, the nation is looking to off-grid solar to hit its goal of delivering universal electricity access by 2030 without driving up emissions. The ever-improving economics of solar technology have helped. A couple of years ago, a panel cost about…
AI 资讯
Anthropic "pauses" token-based billing for its Claude Agent SDK
Move originally planned for Monday would have heavily increased power users' costs.
AI 资讯
I pointed capgate at Damn Vulnerable MCP. Here's what it caught — and what it couldn't.
A capability-compiler meets ten deliberately-broken MCP servers. The honest scorecard: it cleanly stops one class, shrinks the blast radius on several, and is useless against another. Knowing which is which is the whole point. Disclosure: I'm the author of capgate , the Apache-2.0 sandbox compiler this post puts to the test. The DVMCP project and the other tools mentioned aren't mine; the manifests and compiled output are reproducible from the repo . The setup Damn Vulnerable MCP (DVMCP) is a teaching project: ten MCP servers, each built to demonstrate one attack — prompt injection, tool poisoning, excessive permission scope, token theft, command injection, and so on. It's the closest thing the ecosystem has to a shared adversarial fixture. capgate is a compile-time tool. You write a manifest declaring what an MCP server is allowed to do — fs:read:/workspace/** , net:connect:api.github.com:443 , nothing else — and it compiles that to a concrete sandbox policy ( docker run flags, bwrap argv, or an egress-proxy config). It does not run anything, watch traffic, or inspect the server's code. It turns a declared capability set into an enforced boundary. So this is a fair, falsifiable test: for each DVMCP challenge, I wrote the honest minimum manifest, compiled it, and asked one question — does the boundary capgate emits actually stop the attack? The answer is not "yes" across the board, and the cases where it's "no" are the interesting ones. The bullseye: Challenge 3 — Excessive Permission Scope The vulnerable tool advertises "read a file from the public directory" and then does this: @mcp.tool () def read_file ( filename : str ) -> str : # VULNERABILITY: doesn't restrict file access to the public directory if os . path . exists ( filename ): # any absolute path works with open ( filename , " r " ) as f : return f . read () The private directory next door holds employee_salaries.txt , acquisition_plans.txt , and system_credentials.txt (a live DB password and cloud API ke
开源项目
US approval of Paramount/Warner Bros. deal surprised DOJ lawyers, report says
Trump admin green-lighting $111B deal "reeks of corruption," Sen. Warren says.
AI 资讯
Extracting and Organizing Content from Older Websites: A Solution for Structured Documentation Including Mouse-Over Images
Introduction Extracting data from older websites is a technical challenge that goes beyond simple copy-pasting. The example website provided illustrates this perfectly: its outdated design, reliance on mouse-over interactions, and lack of structured export options create a perfect storm of extraction difficulties. This article dissects these challenges and provides a roadmap for extracting both visible content and mouse-over images while preserving data integrity. The Core Problem: Legacy Technology Meets Modern Needs The website's URL parameters ( screen_width=0&screen_height=0 ) immediately signal a legacy system likely built for a bygone era of fixed-width displays. This design choice breaks modern scraping tools that expect responsive layouts. The mouse-over images, critical to the site's content, are dynamically loaded via JavaScript , meaning they don't exist in the initial page source. This requires simulating user interactions to trigger their appearance, a task beyond basic HTML parsing. Why Manual Extraction Fails Attempting to manually save images or copy text from this site is a losing battle. The mouse-over images, for instance, are not directly downloadable – they're embedded in JavaScript events. Even if you could save them individually, maintaining their association with the corresponding visible content would be error-prone and time-consuming. This method also fails to scale for larger websites with hundreds of such elements. The Technical Solution: A Multi-Pronged Approach Effective extraction requires a combination of techniques: Browser Automation: Tools like Selenium or Puppeteer can simulate mouse movements to trigger hover events, capturing both visible and hidden content. This method mirrors human interaction , ensuring all dynamic elements are revealed. Network Request Inspection: Analyzing the website's backend requests using browser developer tools can reveal direct URLs for mouse-over images , bypassing the need for hover simulation. This
开发者
All the latest news on Android 17, Wear OS 7, and Android XR
Google’s Android 17 update includes highlights like new floating “Bubble” app windows for easier multitasking, a Screen Reaction recording mode, and a 50/50 split gaming mode for foldable phones. Meanwhile, Wear OS 7 brings Live Updates, better battery life for smart watches, and prepares connections for new Android XR smart glasses that will launch this […]