今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#architecture

找到 362 篇相关文章

AI 资讯

How to Use Stream Analyzers for Digital TV Broadcasting: A Practical Guide

Part 1: Solving GOP Structure and Compatibility Issues Operating a digital television network isn't just about keeping channels on air—it's about maintaining quality that viewers expect and troubleshooting issues before they escalate. When something goes wrong in live broadcasting, every second counts. But how do you quickly pinpoint whether the problem lies in encoder settings, transport stream structure, or temporal metadata? This is where specialized stream analysis tools become essential. In this series of articles, we'll walk through real-world scenarios that broadcast engineers face daily and show practical approaches to diagnosing and resolving them. When File Analysis Becomes Critical While live monitoring catches issues as they happen, file-based analysis is your diagnostic microscope. Here's the typical workflow: something breaks in production, engineers capture a few minutes of the problematic stream, and now they need to understand exactly what went wrong. File analyzers serve three primary purposes: Troubleshooting: Identifying the root cause of broadcast issues Encoder optimization: Fine-tuning compression settings Quality control: Validating compliance with standards and specifications Let's explore how this works in practice with actual tools and techniques. The GOP Structure Problem Here's a scenario every broadcast engineer has encountered: legacy set-top boxes or older TV models suddenly can't play your stream. The audio works, video starts and stops, or you see freezing. The culprit? Often, it's the GOP (Group of Pictures) structure. H.264 has been around since 2003—over 20 years. Almost everything supports it, yet you'll still find legacy equipment that struggles with certain configurations. Specifically, the number of B-frames can make or break compatibility. Why B-frames matter: They enable lower bitrates while maintaining quality by increasing encoding complexity through bidirectional prediction. But this comes at a cost—a more complex refere

2026-07-07 原文 →
开发者

State colocation is not a preference, it is an architecture

The first question I ask when reviewing a frontend architecture is: where does the state live relative to where it is used? In most codebases I have reviewed, the answer is "in a global store, regardless of scope." This is the wrong default. The rule State should live as close to its consumers as possible. If only one component needs it, it is component state. If a subtree needs it, it is a context or service scoped to that subtree. Global state is for truly global concerns: authentication, locale, theme.

2026-07-07 原文 →
AI 资讯

Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats

Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats We used to build security systems assuming the attacker was human. That assumption just died. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware — all without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware. All without human intervention. This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape. From Static Playbooks to Autonomous Attackers Traditional ransomware follows predictable patterns. A script runs through a fixed playbook: scan, encrypt, demand ransom. If one step fails, the attack often stalls. Autonomous AI agents operate differently. They analyze their environment in real time, adapt when initial attempts fail, make contextual decisions about targets and techniques, and chain multiple exploits together without predefined sequences. This introduces machine-speed lateral movement. Something human defenders and traditional security tools are not built to handle. The Defensive Automation Gap The core problem is asymmetry. Attackers are rapidly automating both reconnaissance and execution. Defenders, on the other hand, still rely heavily on manual processes, static rules, and human-driven response. This "Defensive Automation Gap" creates dangerous imbalances in speed, scale, an

2026-07-07 原文 →
AI 资讯

Como servir os 68 milhões de CNPJs da Receita com ~10ms de latência em Go

Todo dev brasileiro que já precisou consultar CNPJ conhece o dilema: ou você usa uma API que faz proxy da Receita (3 a 10 segundos por consulta, quando não cai), ou baixa o dump de dados abertos e monta a própria base — e descobre que "baixar um CSV" era a parte fácil. Eu montei a própria base. Este post é o diário honesto do que funcionou, do que quebrou e dos números reais — 217 milhões de linhas servidas em ~10ms de p50 dentro do datacenter, num Postgres de 1 vCPU. A arquitetura em uma frase Não consulte a Receita em tempo real. Ingira o dump mensal e sirva da sua infra. O resto é decorrência. Receita (dump mensal, ~6GB zip) ──▶ ingestão Go (COPY) ──▶ Postgres ──▶ API (chi) CGU (CEIS/CNEP, zip diário) ──▶ job diário ──┘ O dump da Receita: as pegadinhas que ninguém documenta O layout oficial existe, mas o que quebra parser de verdade é o que está fora dele: Encoding latin1 (ISO-8859-1) — acento vira lixo se você ler como UTF-8. Em Go: charmap.ISO8859_1.NewDecoder() num transform.Reader streaming. Decimal com vírgula ( "1000000,00" ) e datas YYYYMMDD onde 0 e 00000000 significam nulo. CNPJ quebrado em 3 colunas (básico 8 + ordem 4 + DV 2). A chave de junção entre empresas, estabelecimentos e sócios é o básico — errar isso custa um dia. As partições 0–9 não se alinham entre arquivos. O estabelecimento da partição 3 pode ser de uma empresa da partição 7. Foreign key rígida entre as tabelas = COPY quebrando no meio da carga. A solução: sem FK; a integridade vem da fonte. Bytes NUL ( 0x00 ) no meio dos dados. O Postgres rejeita NUL em text . Um strings.ReplaceAll(s, "\x00", "") no parser economizou três recargas. Desde jan/2026 o repositório é um Nextcloud do SERPRO+ com WebDAV público — dá pra listar meses com PROPFIND e baixar com o token do share como usuário. Adeus, scraping. COPY ou morte A diferença entre INSERT em lote e o protocolo COPY não é incremental — é outra categoria. Com pgx.CopyFrom e lotes de 50k: 28,1 milhões de empresas em 1m28s (~320k linhas/s) num

2026-07-06 原文 →
AI 资讯

You Can't Review an Agent. You Can Review a Plan.

A harness for AI-era Terraform. I'm building one. For a while now I've been developing a harness for infrastructure-as-code as a private SDK and compiler — the layer that sits between whoever proposes a change (a person, an agent, CI) and whatever actually reaches production. This post isn't the tool. It's the thinking underneath it, and the few pieces I've become most convinced by while building it. (Notes from inside the work — where I've landed so far, not advice.) The problem that sent me down this road is easy to state and easy to underrate. A version of it happened recently. An agent fixed some Terraform; the PR read clean — tidy diff, sensible resource names, a plan output that looked exactly like what I'd asked for. It got approved. And then, at apply time, a different plan ran than the one that was reviewed: apply had re-planned against state that moved in between, and the diff that touched production wasn't quite the diff anyone had read. Nothing broke, that time. But that near-miss is the whole reason the harness exists. Because the danger was never "the agent writes bad HCL." Agents write perfectly good HCL; I let them. The danger is the distance between the plan a human reviewed and the plan that actually runs — and once agents are the ones proposing changes at volume, that distance is the thing I most want to nail shut. Where I've landed for now (and expect to keep revising): What AI-era IaC needs isn't AI that can apply . It's a structure where every change — human or agent — is evaluated at the same boundary , and only a reviewed plan ships. The unit of trust isn't the agent. It's a specific, reviewed plan , bound byte for byte. You can't review an agent. You can only review a plan. Instructions to an agent can be broken. A CI gate can't be talked out of it. Put guidance in the prompt; put the guarantee in the gate. Terraform/OpenTofu don't go away. You wrap them in a harness; you don't replace them. Your repo has non-human authors now For years IaC

2026-07-06 原文 →
AI 资讯

Why the Hell Are There So Many Layers? Breaking Down the 4 Steps of C Compilation

Notes: Prototype : a line that promises to a compiler that a certain function exists somewhere in the server or harddisk or files so it doesn't throw an error. In C, it is done with copying the declaration line of a function and adding a semicolon at the end of it. When we download / setup a specific programming language we download: the specific version of the language's compiler for your operating system and CPU the version of machine code of standard functions that the creator of the language has written that is fine tuned for our operating system and CPU the header files that has Only the prototype of the standard functions (aka functions like printf that are created by the creator of C) We need these in the compilation process: Pre-processing: compiler changing the header files calling line (#include line) with actual prototypes that are inside the header files and creates a temporary file with .i extension (temporary cause it gets deleted in the next step) that contains the prototype at the very top instead of #include line and your source code below compilation: compiler changes the entire contents of the .I file into assembly code (code written in assembly language). Here is why the specific version of compiler is important because every CPU has specific assembly language commands that are unique to it. Therefore when we setup a language we download specific assembly instructions for our own operating system and it comes handy in this step. Syntax check also happens in this step and the .I file also gets deleted. Now there comes a a.out file that we can actually see listed in our file explorer (but we only see the a.out file after the very end of compilation process but it does exist by this stage) Assembling: compiler changes assembly code (a.out file) to machine code (aka 0's and 1's). linking: compiler links your machine code and the machine code FOR the standard functions (because till now it ONLY has the prototypes of the function written in Binary, not

2026-07-06 原文 →
AI 资讯

Fundamental Concepts of Business Applications III: Locator Definitions

In the previous article, we argued that a Locator is neither a UI control nor a search mechanism. It is an architectural concept that resolves business references within a specific business context and transforms them into canonical business identities. If that is true, however, an obvious question immediately follows. How can a Locator be described? Not how it is implemented. Not how it is executed. But how it can be described independently of any particular implementation. This question is more important than it may seem at first glance. If two different development teams decide to implement a Locator, how can they be sure they are implementing the same concept? How can we discuss a Locator without referring to a particular library, programming language, or framework? The answer is that, like any mature architectural concept, a Locator must first be separated from its implementation. This distinction appears repeatedly throughout the history of software engineering. Relational theory existed before relational database systems. SQL does not describe how a query will be executed. It describes only the result we want to obtain. The choice of indexes, execution plans, and optimization algorithms is the responsibility of the query optimizer. Exactly the same principle applies here. A Locator should not be defined by the mechanism that implements it. It should be possible to describe it independently of that mechanism. This naturally leads to three distinct levels of abstraction. Locator Pattern │ ▼ Locator Definition │ ▼ Execution Engine The Locator Pattern is the architectural concept itself. The Locator Definition is the declarative description of a particular resolution process. The Execution Engine is the component responsible for interpreting that description and performing the actual resolution. Each level has a different responsibility, and they should never be confused with one another. This means that a Locator Definition is not an implementation artifact. It

2026-07-06 原文 →
AI 资讯

Cloudflare and AWS Embed x402 Agent Payments at the Edge

Cloudflare and AWS both implemented x402 stablecoin micropayments at their edge networks within two weeks. The open protocol under the Linux Foundation revives HTTP 402 for agent-to-service payments with sub-cent transaction costs. Coinbase reports 169 million transactions in year one. Enterprise tax and invoicing gaps remain unresolved. By Steef-Jan Wiggers

2026-07-06 原文 →
AI 资讯

A Cookie-Free Embeddable Support Widget: What Adversarial Review Caught

TL;DR Built an embeddable support widget for a helpdesk product: no cookies — a short-lived bearer token in a header, hashed at rest. Entry is an HMAC-signed assertion from the host page. An adversarial review caught four real holes before launch. Outbound webhooks: sign the exact bytes, dedupe key for idempotency, SSRF guard on destination URLs. The requirement: end users file tickets from pages the product doesn't own. That means an embeddable widget — and embeddable means everything you know about sessions stops working. Why cookie-free The widget lives on customers' domains, so any cookie it sets is a third-party cookie — blocked or partitioned by modern browsers. Fighting that means flaky sessions, so: no cookies at all. The entry exchange mints a short-lived session token the widget sends in a header, and the server caches the session keyed by sha256(token) — a cache dump yields nothing replayable. Sessions last 60 minutes, and expiry shows a real recovery path in the UI instead of dying silently. customer backend widget (on customer page) helpdesk API | signs ref|email|name | | | into HMAC assertion ---> |-- redeem assertion (single use) ->| | |<-- session token (60-min TTL) ---| | |-- X-Widget-Token: ... ---------->| What the adversarial review caught Finding Fix Replay burn keyed by client-chosen nonce Burn by HMAC signature — a leaked assertion can't mint extra sessions `\ ` accepted inside signed fields Origin check failed open when Origin/Referer absent Fall back to the unspoofable Sec-Fetch-Dest header to enforce embedding Widget could request critical severity Clamp effective severity (including the channel default) to the widget's allowlist My favourite is the delimiter one. If you sign ref|email|name and accept | inside a field, two different identity tuples can share one valid signature. Canonicalization bugs, not crypto bugs. Webhooks out: sign the exact bytes Outbound webhooks get composed once at enqueue time and stored; the delivery job re-encod

2026-07-06 原文 →
AI 资讯

Behind the Curtain: APE-QIL QUANTUM SUPREME OCTOPUS and the 3-Tier Sovereign Auth Pipeline

Most API authentication I've seen in production follows the same pattern: a single apiKey check at the top of each route handler, maybe a rate limiter slapped on as middleware, and a quota check that lives in the database layer. It works — until you have 673 routes across 3 access tiers, and you realize you can't answer the question "which routes require a paid subscription?" without grepping every file. I ran into this exact problem building the APE-QIL QUANTUM SUPREME OCTOPUS — a Bio-inspired Autonomous Intelligence Organism that operates as an AI routing platform with 14+ provider integrations. The codebase has 673 API routes divided into three access tiers: public (79 routes), free API key (337 routes), and paid subscription (255 routes). Manually maintaining auth on each route was untenable. So I built a composable request pipeline that makes the auth structure declarative and CI-enforced. This post walks through the architecture: the 3-tier sovereign auth model, the composable withRequestPipeline function, and the CI guard that fails the build if any protected route is missing its wrapper. The 3-Tier Sovereign Auth Model The access model is deliberately simple — three tiers, each with a clear boundary: // TIER 0 — Public, no auth (79 routes) // Health checks, pricing, blog, lead magnet, metrics // Example: /api/health, /api/pricing, /api/blog/* // TIER 1 — Free API key required (337 routes) // Any valid API key in the database grants access // Enforced via: withSovereignAuth('free') // Example: /api/v1/chat/completions (free tier limits) // TIER 2 — Paid subscription required (255 routes) // Requires Pro ($79/mo) or Business ($249/mo) tier // Enforced via: withSovereignAuth('professional') // Example: /api/v1/chat/completions (premium models, higher limits) The key design decision: the tier is declared at the route level, not inferred from the user's subscription at runtime. This means the route registry itself is the source of truth for "what requires what."

2026-07-06 原文 →
AI 资讯

Dev Log: 2026-07-04

TL;DR Two Laravel backends started serving Flutter apps on the same day — an events platform (auth, orders, offline check-in) and a helpdesk product (ops mode for agents). gatherhub-web moved to plans-only pricing with a comparison matrix driven by one data file. A hardening pass: payment-safe queues, gateway reconciliation, one heavyweight dependency dropped. Two mobile APIs in one day Coincidence, but a useful one: two products I'm building both needed their Laravel backends to serve mobile apps this week. The events platform got the full foundation — token auth (login/refresh/logout/me), participant orders, mobile payment with status polling, push-device registration, and an offline-first staff check-in flow. That last one is the interesting bit; I wrote it up as its own post. The helpdesk product went the other way: its API was client-only, and today it became role-aware. The same endpoints now serve ops agents working tickets from their phones, with abilities deciding what each role sees. One API surface, two personas, no duplicated /admin routes. The lesson that repeated in both: API Resources are the contract. The moment a mobile dev consumes your endpoint, every field you accidentally leak becomes a field you can't remove. Plans-only pricing (public) gatherhub-web , the Next.js marketing site, dropped à-la-carte feature pricing for three plans and gained a plan comparison matrix. Everything renders from a single plans.ts — the matrix, the pricing cards, the enterprise page — so the marketing site can't drift from what's actually sold. A pricing page is a contract too; it deserves a single source of truth as much as your API does. Hardening pass Change Why Bulk email blasts isolated to their own queue one big send must never delay a payment webhook Reconciliation command for stuck pending orders webhooks fail silently; polling the gateway is the safety net maatwebsite/excel → spatie/simple-excel for exports streams rows instead of building sheets in memory, s

2026-07-05 原文 →
开发者

Offline-First Check-In: A Laravel API That Survives Venue Wi-Fi

TL;DR A gate check-in app can't depend on live Wi-Fi: scans must work offline and sync later. Four endpoints do it: manifest download, idempotent batch push, delta pull, online search. Client-generated UUIDs + a unique index make retries safe. Duplicates are a success status, not an error. The problem Physical event, staff scanning tickets at the door, venue Wi-Fi exactly as reliable as you'd expect. If your API sits in the hot path of every scan, the queue at the gate grows at the speed of the worst signal bar in the building. So the design flips the roles: the device owns check-in, the server owns convergence. Like a cashier who keeps a paper ledger when the till goes down — record now, reconcile later. The API surface Endpoint Purpose GET /staff/events/{uuid}/manifest paginated ticket snapshot, downloaded before gates open POST /staff/events/{uuid}/check-ins/batch push queued scans; safe to retry GET /staff/events/{uuid}/check-ins?since=<cursor> pull what other devices did GET /staff/events/{uuid}/participants?q= online fallback search (lost ticket, typo) The sync loop Device Server |--- GET manifest (before event) ------->| | scan offline, queue locally | |--- POST batch [{client_uuid, ts}] ---->| dedupe on client_uuid |<-- 200 {applied | duplicate per item} -| |--- GET check-ins?since=cursor -------->| scans from other devices |<-- delta + next cursor ----------------| Idempotency is the whole trick Every scan gets a UUID generated on the device at scan time . The server puts a unique index on it and inserts-or-ignores: public function batchCheckIn ( BatchCheckInRequest $request , string $uuid ): JsonResponse { $results = collect ( $request -> validated ( 'check_ins' )) -> map ( function ( array $scan ) { $checkIn = CheckIn :: firstOrCreate ( [ 'client_uuid' => $scan [ 'client_uuid' ]], [ 'ticket_id' => /* resolved from scan */ , 'checked_in_at' => $scan [ 'scanned_at' ]], // ... ); return [ 'client_uuid' => $scan [ 'client_uuid' ], 'status' => $checkIn -> wasR

2026-07-05 原文 →
AI 资讯

Sematic Coherance

Semantic coherence is not a quality metric or an alignment outcome. It is the structural condition that determines whether meaning remains stable, interpretable, and legitimate as the system accelerates. In the broader architecture of sovereign AI, semantic coherence is the component that ensures meaning does not fragment under pressure. Semantic coherence is the difference between a system that understands meaning and a system that merely produces plausible output. The Perception Semantic coherence is often treated as a linguistic property: clarity, consistency, interpretability, explainability, or “staying on topic.” In this perception, coherence is something evaluated externally — a measure of how well the system’s outputs align with human expectations. This view assumes coherence is a surface behaviour: does the output make sense does it follow logically does it stay within context does it appear consistent But this perception is fundamentally flawed. It treats coherence as an effect rather than a structural property. When coherence is treated as external, it becomes subjective, fragile, and easily destabilised by acceleration. The Reality Semantic coherence is not external to the system. Semantic coherence is the system. A system is coherent when its meaning remains stable across: acceleration optimisation pressure boundary transitions external inputs internal state changes If the architecture cannot maintain coherence internally, then: meaning fragments behaviour becomes inconsistent transitions lose legitimacy boundaries collapse under pressure governance becomes interpretive A system without semantic coherence does not understand meaning. It performs meaning. Semantic coherence is not about producing sensible output. It is about being structurally incapable of semantic drift. What Semantic Coherence Actually Is In sovereign AI, semantic coherence is the architectural logic that ensures: meaning remains stable under acceleration semantics remain consistent ac

2026-07-04 原文 →
AI 资讯

Why Good Developers Write Less Code, Not More

A few years into my career, I went back to a project I'd built solo about eighteen months earlier. I was proud of it at the time. It had a custom state management solution, several layers of abstraction, a utility library I'd assembled myself, and what I distinctly remember thinking of as "a robust architecture." Reading through it again, I spent twenty minutes just trying to understand why I'd built a particular module the way I had. The logic was split across four files. There were abstractions on top of abstractions. Two functions did nearly the same thing with slightly different names. A third was never called anywhere. The worst part wasn't the code itself. It was realizing that a simpler version, one I could have written in a day instead of a week, would have done exactly the same thing with a fraction of the complexity. That experience changed how I think about software development more than any course, book, or conference ever did. Writing less code, genuinely less, often requires more thinking than writing more. And the developers who figure that out early tend to produce work that holds up significantly better over time. Why More Code Doesn't Mean Better Code There's a belief that's easy to absorb early in a development career, that skill shows up in volume. More features, more files, more clever solutions. A complex system feels like proof that something serious was built here. That feeling is almost entirely wrong. More code means more surface area for bugs. Every line is a line that can break, a line that needs to be read, a line that needs to be tested, a line that a new team member has to understand before they can confidently change anything. None of those costs are trivial, and they compound. Complexity hides bugs. A simple function with one responsibility is easy to test and easy to debug. A function that does five things, or calls three other functions that each do three things, creates a web of possible failure points that's genuinely difficult t

2026-07-04 原文 →
AI 资讯

Governance

Governance is not a set of rules layered on top of AI. It is the structural logic that determines how meaning, constraint, and legitimacy are maintained as the system accelerates. If Pillar 1 establishes the need for a sovereign semantic foundation, Pillar 2 defines the governance architecture that must sit above it — not as oversight, but as physics. The Perception Governance is often treated as a reactive discipline: policies, audits, compliance frameworks, risk registers, and oversight mechanisms designed to keep AI “within bounds.” This assumes governance is something external — a supervisory layer that watches, corrects, and intervenes when systems behave unexpectedly. But this view is fundamentally flawed. It treats governance as a response rather than a structure. The Reality Governance is not external to the system. Governance is the system. If the architecture cannot represent constraint, legitimacy, and permissible transitions internally, no external governance mechanism can compensate for that absence. Oversight becomes containment. Policy becomes patching. Compliance becomes theatre. True governance is not about controlling behaviour. It is about ensuring the system’s behaviour emerges from legitimate semantics in the first place. Governance is not a supervisory function. Governance is an architectural function. What Governance Actually Is In sovereign AI, governance is the structural logic that ensures: meaning remains coherent boundaries remain stable transitions remain legitimate behaviour remains aligned with the system’s semantic substrate Governance is not a set of rules. Governance is the architecture that determines how rules exist. It defines: how constraints are represented how legitimacy is encoded how transitions are validated how the system maintains coherence under acceleration how external pressure is absorbed without destabilising meaning Governance is not about preventing misbehaviour. It is about ensuring misbehaviour cannot emerge from

2026-07-04 原文 →
AI 资讯

Where Sovereignty Begins

AI doesn’t become sovereign because it is powerful. It becomes sovereign when it is built on a foundation capable of representing meaning, constraints, and legitimacy. Before scale, before optimisation, before autonomy, there must be architecture. Pillar 1 introduces the structural reality: sovereignty cannot emerge from systems built on non‑sovereign foundations. The Perception Most discussions about AI sovereignty focus on perceived challenges: speed, scale, capability, and the widening gap between technological acceleration and governance capacity. These concerns are understandable — AI is moving quickly, and institutions are struggling to keep pace. But none of these are the real challenge. They are symptoms of a deeper architectural issue, not the cause. The Reality The real challenge isn’t that AI is accelerating faster than governance. It’s that the systems we’re trying to govern were never built on the right semantic foundations. We’re not dealing with a speed problem. We’re dealing with an origin problem. If the base semantics are wrong, every behaviour, boundary, and constraint the system learns will be shaped by that initial misalignment. And once misalignment becomes embedded at the origin layer, no amount of oversight, policy, or optimisation can correct it — only contain it. What Sovereign Actually Means Sovereign doesn’t mean national. It doesn’t mean local. It doesn’t mean “our cloud instead of theirs.” And it definitely doesn’t mean branding. Sovereign, in the context of AI, means something far more fundamental: the ability to maintain coherent meaning, stable constraints, and legitimate behaviour regardless of external acceleration. Sovereignty is not a political property. It is a physics property. A system is sovereign when its core semantics — its understanding of meaning, boundaries, and permissible transitions — cannot be destabilised by external actors, external systems, or external optimisation pressure. With the wrong base semantics, soverei

2026-07-04 原文 →
AI 资讯

The Accidental Architect

I didn’t set out to become a systems architect. In fact, I didn’t even know that’s what I was becoming. There was no grand plan, no formal training, no moment where someone handed me a title. It happened the same way most systems failures happen: slowly, then all at once. What I did have was a habit. Whenever something broke — a workflow, a process, a piece of software, an organisation — I couldn’t leave it alone. I needed to understand why. Not the surface‑level “why,” but the structural one. The hidden one. The one nobody sees until it’s too late. Most people move on when something fails. I map it. I started noticing patterns. The same failure modes appeared everywhere: unclear ownership, mismatched incentives, brittle assumptions, invisible dependencies, and the classic “we built this fast and hoped it wouldn’t collapse.” Different domains, same architecture problems. I wasn’t trying to fix things. I was trying to understand them. But understanding inevitably leads to repair, and repair inevitably leads to design. Eventually I realised I wasn’t just analysing systems — I was architecting them. Not officially. Not ceremonially. Just… functionally. I became the person who could see the structure beneath the mess. The person who could explain why something was breaking and what would happen next. The person who could redesign the thing so it wouldn’t break again. People started asking me questions that only architects get asked. “Why is this happening?” “How do we stop it?” “What should this look like instead?” “What’s the underlying pattern here?” I didn’t have a job title for it. I didn’t need one. The work defined itself. Over time, I realised that “systems architect” was simply the most accurate description of what I was already doing. Not in the traditional enterprise sense — no UML diagrams, no formal frameworks, no ivory‑tower abstractions. More like: the person who sees the real structure beneath the chaos and can articulate it clearly enough that others fin

2026-07-04 原文 →
AI 资讯

What Google's "Microservices Are Dead" Paper Actually Said (And What It Missed About AI)

A 2023 HotOS paper by Sanjay Ghemawat (MapReduce/Bigtable co-author) and Amin Vahdat (Google Fellow) got repackaged by tech media as "microservices are dead." It said no such thing. Three years later, the misreading has traveled further than the paper itself. This post does three things: reconstructs what the paper actually claims, maps its three structural gaps, and introduces a variable the authors couldn't have predicted — AI code generation — which, I'll argue, undermines the paper's central solution more than any of those gaps. The AI section uses my own open-source project ReqForge as evidence. Flagging the conflict of interest up front: this isn't neutral analysis, it's a design rationale. Which is exactly why it's more honest than a hypothetical example. What the paper actually said The paper is Towards Modern Development of Cloud Applications (HotOS '23, 8 pages). Its core claim in one sentence: The fundamental problem with microservices is that they bind the logical boundary to the physical boundary. You let "how the code is organized" dictate "how the code is deployed" — two questions that should never have been welded together. From that claim, the paper proposes a three-layer solution: Logical monolith — developers write a cleanly modularized monolith; deployment is someone else's problem. Automated runtime — a smart platform that decides at runtime whether components should be merged or split, based on load. Atomic deployment — all components on a request path share one consistent version, avoiding half-old/half-new. Prototype numbers: 15× lower latency, 9× lower cost. That's it. The paper never says "microservices are wrong," never says "everyone should go back to monoliths," and gives no implementable plan. It's a vision paper — written to provoke discussion at a workshop, not an engineering whitepaper. A ruler Before dissecting it, here's a ruler you can apply to any architectural claim (this is a common framing in the engineering literature — you'r

2026-07-04 原文 →
AI 资讯

Open Knowledge Format (OKF): The Markdown Standard Your AI Agents Have Been Waiting For 📚

AI agents are only as smart as the context you give them. OKF is a new open specification that packages your organizational knowledge as plain markdown files so any agent can read it without custom integrations or proprietary SDKs. Every team building AI agents hits the same wall. The model is capable. The agent framework is set up. But the agent doesn't know anything about your organization. It doesn't know what your orders table means, what the churn_score metric formula is, or what the on-call runbook says to do when the pipeline breaks. That knowledge exists. It's scattered across Confluence pages, Notion wikis, data catalog entries, Slack threads, and the heads of senior engineers. Getting it into an agent means building a custom integration for every source. Every team solves this from scratch. Published on June 12, 2026, the Open Knowledge Format (OKF) is a vendor-neutral specification that solves this with the simplest possible approach: a directory of markdown files. 🎯 🏗️ What OKF Actually Is An OKF bundle is a directory of markdown files representing concepts: anything you want to capture, including tables, datasets, metrics, playbooks, runbooks, and APIs. Each concept is one file. That's the entire model. A directory of .md files with YAML frontmatter. The format is deliberately minimal: one required field ( type ), optional metadata ( title , description , resource , tags , timestamp ), and a free-form markdown body. A concept document looks like this: --- type : table title : " orders" description : " One row per customer order. Source of truth for revenue reporting." resource : " postgresql://prod-db/ecommerce/orders" tags : [ revenue , core , sla ] timestamp : 2026-06-15T10:00:00Z --- # orders The `orders` table records every purchase event. It is the join root for all revenue queries. Do not filter on `status = 'complete'` unless you specifically want to exclude in-flight orders from the count. ## Key columns - `order_id` - UUID primary key - `custom

2026-07-04 原文 →