Enclayve Is a Drab Black Box for Your Private Group Chats
I put my family on a private social network, and all I got was this lousy group chat. At least it’s secure.
找到 1420 篇相关文章
I put my family on a private social network, and all I got was this lousy group chat. At least it’s secure.
MiniMax released M3 today and the API is already live. Worth separating what comes from their own official model page versus what comes from the launch announcement, because some of the numbers are sourced differently. From the official model page: BrowseComp 83.5, ahead of Claude Opus 4.7 at 79.3. PostTrainBench 37.1, which ranks third behind Opus 4.7 at 42.4 and GPT-5.5 at 39.3. From the launch announcement: SWE-Bench Pro 59.0%, Terminal Bench 2.1 66.0%, MCP Atlas 74.2%. The headline "beats Opus" is BrowseComp-specific, not a general capability claim across all dimensions. The context window is up to 1M tokens, implemented through their in-house MiniMax Sparse Attention architecture. They state 512K as the guaranteed minimum with 1M as the ceiling. The model was trained on 100T+ tokens and is natively multimodal rather than vision being added after the fact. Open-weights release is coming to HuggingFace and GitHub but listed as "coming soon." API access is available now through several paths, including OpenAI-compatible endpoints, while the weights are still pending. The model also supports native MCP tooling, which is where the 74.2% MCP Atlas number comes from. The demo claims are the part worth being skeptical about. A 12-hour autonomous ICLR paper replication run and a CUDA kernel optimization loop reaching 9.4x speedup are impressive if real, but these are curated showcase demos that are hard to evaluate from a screenshot. Whether sparse attention holds up at 900K+ tokens in practice rather than in controlled benchmarks is an open question. submitted by /u/Drysetcat [link] [留言]
Every impressive agent demo skips the same three things: Auth. The demo target is open. The real one has a login and a 2FA prompt. Identity. The demo agent acts as the developer. The real one needs its own email, accounts, and a place to keep secrets. State. The demo is one clean run. The real one has to remember what it did last time and resume. These are not AI problems, which is exactly why they get skipped in AI demos. But they are most of the work to go from "cool clip" to "thing that runs unattended." The model is increasingly the easy part. The unglamorous identity-and-state layer around it is where products actually live or die. Curious whether people think this layer gets commoditized into the foundation models, or stays a separate thing you assemble. submitted by /u/kumard3 [link] [留言]
[ Removed by Reddit on account of violating the content policy . ] submitted by /u/n4r735 [link] [留言]
Operator perspective. I use AI daily across three companies and I am bullish on it, but the gap between what gets shouted on stage and what the data shows is enormous. Best measured number across hundreds of engineers is about 7.8%, and 66% of the people who hit a peak gain saw it fade the next quarter. At the same time, people are being pushed onto it under threat of their jobs while the return is not even proven to the people mandating it. My read is the anger is not really “AI is bad,” it is “my boss profits from me using it and I do not.” Where do you land - is the resistance cognitive (it erodes skill) or economic (the gain is not shared)? submitted by /u/Alternative_Letter72 [link] [留言]
I’ve been using AI pretty heavily for the past few months — quick research, rewriting emails, brainstorming ideas, even helping outline stuff I need to write. It saves so much time and the output is usually decent. But lately I’ve noticed something weird: I’m second-guessing myself way less. I’ll get an answer from it and just kind of roll with it instead of thinking it through like I used to. Yesterday I asked it about something I already had a rough opinion on, accepted its take, and only later realized I didn’t even challenge any part of it. It feels convenient as hell, but also a little unsettling. Like I’m outsourcing the actual thinking part. Is this normal? Or am I slowly losing the habit of thinking deeply on my own? Anyone else feeling this? submitted by /u/pen-pineapple-apple [link] [留言]
Online it feels like every company is fully embracing AI. In reality, most organizations I interact with are still trying to figure out where it fits into existing workflows, processes and software. The interesting conversations aren't usually about models anymore. They're about trust, reliability, permissions, governance and how AI fits into the way people already work. The gap between AI demos and real-world adoption still feels larger than most people realize. submitted by /u/Bladerunner_7_ [link] [留言]
Hand the same paired before/after dataset (n = 25) to ChatGPT five times. Same prompt: "These are the same subjects measured before and after an intervention. Did their scores change significantly?" Four of the five runs return p = 0.009 from a paired t-test. The fifth run does a Shapiro–Wilk normality check on the differences first, decides they're non-normal, switches to a Wilcoxon signed-rank test, and reports p = 0.000018 . All five reach the same conclusion (significant). But notice what happened: only one run out of five thought to check an assumption you'd want it to check. The other four skipped it. The choice of method — and the test statistic, and the p-value — depended on whether the LLM happened to run an assumption check that time. On borderline data, this is the difference between reject and don't reject. If you're using LLMs for exploratory data analysis on a weekend project, you might shrug. If you're using them for anything that gets cited, gets submitted to a regulator, or gets handed to a clinician, this is a problem. It's a known problem — Cui & Alexander (2026) documented exactly this kind of method-divergence empirically; AIRepr (Zeng et al., 2025) shows the same thing across reproducibility metrics. The current answer in the literature is to constrain the agent so its execution is replayable. But replayability fixes "did we run the same code." It doesn't fix "did we run the right analysis." I've spent the last two months building a different fix. The more interesting half is the architecture. Let me walk through it. The real problem isn't temperature The first reflex is "set temperature=0 ." It's not enough. temperature=0 doesn't make a tool-using agent deterministic across runs. Three reasons: Inference isn't bitwise deterministic, even at temperature=0. Production LLM serving batches requests dynamically, and the attention kernels aren't batch-invariant — so the same input produces different output tokens depending on what other requests it
Thoughts? Do you guys use models like Kimi or DeepSeek? Are you worried about data privacy, or not so much concern? submitted by /u/RutabagaTechnical822 [link] [留言]
With shiftbloom studio. I build tools and projects about a variety of experimental approaches to real-world problems. The issue for such use-case often was how most small media systems start out: one big always-on recorder that keeps costing money even when nothing is happening. For live capture you obviously need to stay ready at all times — sometimes you can’t risk losing the first minutes. But for everything else it’s complete overkill. The Core Problem Backfills, VOD downloads, clip imports, repairs and re-encodes are queue work. They can wait a few seconds, run on burst capacity, or even on a regular VPS or laptop. They don’t need the same always-hot infrastructure as the live recorder. That’s why I split the system. Instead of one large monolith, I deployed: Observer cells — only for live streams (time-critical) Harvest cells — for all queue processing (can be delayed) The Three Roles 1. Mothership A small control-plane cron job. It checks queue sizes, currently live channels and running observer tasks, then decides: how many harvest cells should exist right now which channels need an observer cell It’s intentionally simple. The database remains the single source of truth. 2. Observer Cells Each observer cell records exactly one live channel. It receives its assignment through environment variables: +++env OBSERVER_VOD_ID OBSERVER_CHANNEL_ID OBSERVER_CHANNEL_LOGIN OBSERVER_CHANNEL_NAME +++ It starts recording immediately, writes HLS segments to object storage, sends heartbeats, and waits a short standby window after the stream goes offline. This window is important because streams sometimes drop and reconnect quickly. Without it you end up with many small broken VOD fragments. 3. Harvest Cells These handle all background work: downloading VODs, re-encoding, recovering broken files, etc. They can run anywhere Docker is available — AWS tasks, a small VPS, or even a spare laptop. They only need outbound access to Postgres and object storage. What Changed Previous
id CTI-2026-0603-NETSCALER title The Third Shadow of CitrixBleed — Large-Scale Exploitation of a NetScaler Memory Overread Reignites subtitle CVE-2026-3055: a March-disclosed SAML IdP information-disclosure flaw escalates in June — the gap between the "RCE" label and the real impact author Dennis Kim (김호광 / HoKwang Kim) email gameworker@gmail.com github gameworkerkim date 2026-06-03 classification TLP:GREEN severity CRITICAL lang en tags Edge-Device · Pre-Auth · Memory-Overread · Session-Hijack · SAML-SSO · CitrixBleed · CISA-KEV threat_actors Unattributed (likely a mix of ransomware and state-sponsored actors) cve CVE-2026-3055 (CVSS 9.3 v4.0 · CISA KEV) · related CVE-2026-4368 (CVSS 7.7) frameworks MITRE ATT&CK · NIST SP 800-61 · NIST SP 800-207 (Zero Trust) · CISA KEV · STIX/TAXII license CC BY-NC-SA 4.0 🚨 Heads-up: this is a VPN/remote-access issue — check your company's appliances now. If your organization runs Citrix NetScaler Gateway (the VPN / remote-access front door) or NetScaler ADC with SAML SSO enabled, you may be directly exposed to active, large-scale exploitation. Don't wait for a formal advisory to land in your inbox — inventory your internet-facing NetScaler appliances today , confirm patch level, and (critically) invalidate active sessions after patching . The details below explain why patching alone is not enough. The Third Shadow of CitrixBleed — Large-Scale Exploitation of a NetScaler Memory Overread Reignites Report ID CTI-2026-0603-NETSCALER · Published 2026-06-03 · Classification TLP:GREEN · Severity 🔴 CRITICAL Author Dennis Kim (김호광) · gameworker@gmail.com · @gameworkerkim CVE-2026-3055: a March-disclosed SAML IdP information-disclosure flaw escalates in June — the gap between the "RCE" label and the real impact Table of Contents Executive Summary (TL;DR) Opening — "An edge device, once it leaks, keeps leaking" Vulnerability Analysis — CVE-2026-3055 Memory Overread "RCE" or "Information Disclosure"? — Decomposing the Real Impact Timeline —
I found a site like this a while ago but I can’t seem to find it now. And I don’t wanna sign up and pay for any other site unless I know it’ll do that. Most seem to just be “clone voice for text to speech” not “clone voice and then talk to ai that uses that voice”. I need the latter submitted by /u/OkWatermelonlesson65 [link] [留言]
I've been building Linkwise as a solo developer for the past year. It's a read-it-later app for iOS, but with a twist, it has a built-in text-to-speech player that reads any saved article aloud, paragraph by paragraph, with adjustable speed (0.8x to 2.5x). I built it because I kept saving articles I'd never get back to. Now I just listen to them on walks or during my commute. Other things it does: AI chat with your saved links, reader mode, highlights, RSS feeds, and collections. Would love to hear what you think. Roast it, break it, suggest features, all welcome. submitted by /u/dheeraj_iosdev [link] [留言]
submitted by /u/the_nin_collector [link] [留言]
The problem I wanted to solve: Stockfish tells you what the best move is, but never why . Players under 1800 don't lose because they can't read centipawns — they lose because they don't understand plans, structures, key squares. What the tool does: Imports your games from Chess.com or Lichess Stockfish 17.1 WASM runs in your browser (fully local, nothing uploaded) A pattern detector finds 18 types of recurring mistakes across all your games (missed forks, exposed king, bad bishop, neglected development...) An LLM generates coaching narratives in the style of a 2700+ coach Instead of: -89 cp · Best: Nc3 Nf6 Be3 The AI coach says: "Bd3 is premature — the bishop attacks nothing and blocks d3 where the queen may want to go. Nc3 was the right move: it defends d4, prevents Black's ...e5 counterplay, and leaves the bishop free to settle on Be3 or Be2 depending on Black's plan." You can also chat with the coach — it knows your full game history, opening stats, specific weaknesses. Ask "why do I keep losing with Black in the French?" and it answers with data from YOUR games. Other features: spaced repetition (SM-2) on your own blunders, puzzle rush with real mistakes, 6-month progress tracking. Free tier: unlimited Stockfish. Pro ($14.99/mo, 15-day free trial): LLM coach + chat. https://chessmentorai.com Happy to discuss the prompting approach — getting the LLM to explain chess like a coach (not an engine) was the hardest part. submitted by /u/sepiropht [link] [留言]
Most security tools for AI agents check one message at a time. Arc Gate tracks the whole conversation. That matters because the attacks that actually work in production don’t happen in one message. They happen across 8 turns. Each one looks clean. By the time the payload arrives your agent is already primed to execute it. I built Arc Gate using a geometric framework from my own research to detect adversarial behavioral drift across a full session — not just flag individual messages. When a conversation starts drifting toward something dangerous, it catches the pattern before the attack completes. I’m looking for 3 teams running real agents to test it against actual workflows and tell me where it breaks. Not chatbot wrappers. Agents with real tool access. Browser use, email actions, MCP servers, internal copilots, workflow automation. No charge. No sales call. Just feedback from people close to production. Comment or DM me if that’s you. Platform: https://bendexgeometry.com GitHub: https://github.com/9hannahnine-jpg/arc-gate Demo: https://web-production-6e47f.up.railway.app/demo submitted by /u/Turbulent-Tap6723 [link] [留言]
"It’s a reminder of how human activity is changing the natural world in unanticipated ways.”
Hot take: if I wanted to gather data via the internet, and I’m writing scripts/code to speed up the process, I have to follow some basic rules (ie look at the sitemap, find relevant robots.txt, follow that websites preference and rules). But it seems any AI-agent I’ve used does not give af about rules and limits, and is totally cool building me a scraper that will perform hundreds of thousands of requests without regards to the website owner’s preference. Given it’s widely known you can use AI for simple coding tasks I can easily see a future where ordinary individuals are operating their own scrapers. Especially in gathering high-value information that “seems easy to get” like google search rankings, or job data. This creates an obvious nightmare for Google, ATS platforms, and just about every website on the internet if everyone and their mother starts spinning up Playwright sessions in Python. I’m deadset on this being a responsbility of AI providers (anthropic, open ai, anysphere, etc). But how are these companies supposed to balance this without implementing guardrails that heavily limit their products? Maybe this has been solved and someone can feed my curiosity. submitted by /u/TacoTuesdayX [link] [留言]
For the AI artists here who like creating painterly / impasto style work, what generators are you guys using? Just curious since I'm much more into that theme as opposed to realism, but it feels like most generators cater to realism now. submitted by /u/geekedprompts [link] [留言]
The first time I deployed a Next.js app to production, it took me three days. Not because the app was complicated — it was a straightforward portfolio site. It took three days because I had no idea what I was doing with AWS, I'd never written a GitHub Actions workflow, and every tutorial I found either skipped the hard parts or assumed I already knew them. By the time I was done, I had a deployment pipeline I was genuinely proud of: push to main, GitHub Actions runs the build, tests pass, the app deploys to an EC2 instance behind CloudFront. Zero manual steps. Zero downtime deploys. Total cost: about $5/month. This guide is the one I wish had existed. We're going to deploy a Next.js app to AWS from scratch — EC2 for compute, CloudFront for CDN, GitHub Actions for CI/CD — with every step explained so you understand what you're building, not just copying commands. Why AWS Instead of Vercel? This is a fair question. Vercel is genuinely excellent for Next.js, and for most projects it's the right call. You push, it deploys. Done. AWS makes sense when: You need to control the infrastructure (compliance, data residency, custom VPC configuration) You're running other services (databases, queues, lambdas) in AWS and want everything in the same network You want to learn infrastructure skills that transfer to enterprise environments Your app has specific performance requirements that benefit from custom CloudFront configuration You're a freelancer or consultant who wants to bill separately for infrastructure If none of those apply to you, use Vercel. This guide is for when they do. The Architecture Here's what we're building: ┌────────────────────────────────────────────────────────┐ │ GITHUB ACTIONS CI/CD │ │ │ │ Push to main → Build → Test → Deploy to EC2 │ └──────────────────────┬─────────────────────────────────┘ │ SSH deploy ▼ ┌────────────────────────────────────────────────────────┐ │ AWS EC2 INSTANCE │ │ │ │ Ubuntu 22.04 LTS │ │ Node.js 20 + PM2 (process manager) │ │ N