今日已更新 233 条资讯 | 累计 20205 条内容
关于我们

标签:#ci

找到 1387 篇相关文章

AI 资讯

Scaling Terraform Infrastructure Beyond a Single Team

When a single engineer manages all the Terraform in an organisation, everything is simple. One repo, one state, one pipeline, one set of credentials. There's no coordination overhead because there's no one to coordinate with. That stops working the moment a second team needs to deploy infrastructure. And by the time you have three or four teams — networking, platform, application, security — the single-team model is actively slowing everyone down. This guide covers what breaks, how teams typically work around it, and how to set up a structure where each team owns their slice of infrastructure independently. What breaks State lock contention Terraform's state locking is per-state. When the networking team is running terraform plan , the application team's pipeline is blocked — even though they're changing completely unrelated resources. The more teams share a state, the more time everyone spends waiting. Blast radius A junior engineer deploying a new application service shouldn't be able to accidentally destroy the VPC. But if application resources and networking resources share a state, a single misconfigured terraform apply can touch anything. Code review catches some of this. Not all of it. Credential sprawl A shared pipeline needs credentials for everything — the networking team's Azure subscription, the application team's AWS account, the security team's DNS provider. Every team's secrets end up in one CI environment, accessible to anyone who can trigger a run. This fails most compliance audits. Approval bottlenecks In many organisations, one person or a small group gatekeeps all infrastructure changes. Every PR needs their review. Every apply needs their approval. The gatekeeper becomes a bottleneck not because they're slow, but because they're a single point of serialisation for all infrastructure work. Backend access as implicit access control Terraform has no built-in concept of per-team or per-workspace permissions. All workspaces in a backend share the sam

2026-07-06 原文 →
AI 资讯

Managing Terraform Across Multiple Cloud Providers

Most organisations don't live in a single cloud. You might run compute in AWS, DNS in Cloudflare, identity in Azure AD, and logging in GCP. Terraform handles each provider fine on its own, but the moment you need to coordinate across providers the tooling fights you. This guide walks through the common pain points of multi-cloud Terraform setups and the approaches teams use to cope — then shows how Snap CD makes cross-cloud dependency management a solved problem. Where it gets difficult Credential sprawl Each cloud provider has its own authentication mechanism. AWS uses IAM roles and access keys. Azure uses service principals and managed identities. GCP uses service accounts and workload identity federation. A single Terraform state that spans providers needs credentials for all of them — which means your CI runner or developer workstation holds keys to everything. That's a security problem. A compromised CI pipeline with AWS and Azure credentials exposes both clouds simultaneously. And it's an operational problem — rotating credentials means updating every pipeline that touches that state. This problem compounds at scale: Terraform couples provider processes tightly to credentials , so managing hundreds of accounts across clouds means spawning thousands of provider processes, which quickly becomes unmanageable. Provider version conflicts Terraform providers are versioned independently. Upgrading the AWS provider to fix a bug in aws_eks_cluster shouldn't require you to also test a new version of the Azure provider. But when they share a state, a terraform init -upgrade pulls new versions for everything, and a regression in one provider blocks all deployments. Terraform also lacks built-in support for instantiating multiple providers with a loop and passing providers to modules in for_each , making multi-cloud configurations especially verbose and repetitive. Blast radius across clouds A misconfigured terraform apply in a single-cloud state damages resources in one c

2026-07-06 原文 →
AI 资讯

Why the Hell Are There So Many Layers? Breaking Down the 4 Steps of C Compilation

Notes: Prototype : a line that promises to a compiler that a certain function exists somewhere in the server or harddisk or files so it doesn't throw an error. In C, it is done with copying the declaration line of a function and adding a semicolon at the end of it. When we download / setup a specific programming language we download: the specific version of the language's compiler for your operating system and CPU the version of machine code of standard functions that the creator of the language has written that is fine tuned for our operating system and CPU the header files that has Only the prototype of the standard functions (aka functions like printf that are created by the creator of C) We need these in the compilation process: Pre-processing: compiler changing the header files calling line (#include line) with actual prototypes that are inside the header files and creates a temporary file with .i extension (temporary cause it gets deleted in the next step) that contains the prototype at the very top instead of #include line and your source code below compilation: compiler changes the entire contents of the .I file into assembly code (code written in assembly language). Here is why the specific version of compiler is important because every CPU has specific assembly language commands that are unique to it. Therefore when we setup a language we download specific assembly instructions for our own operating system and it comes handy in this step. Syntax check also happens in this step and the .I file also gets deleted. Now there comes a a.out file that we can actually see listed in our file explorer (but we only see the a.out file after the very end of compilation process but it does exist by this stage) Assembling: compiler changes assembly code (a.out file) to machine code (aka 0's and 1's). linking: compiler links your machine code and the machine code FOR the standard functions (because till now it ONLY has the prototypes of the function written in Binary, not

2026-07-06 原文 →
AI 资讯

Modeling the Expected Value of a Sealed Card Box (and Where the Number Quietly Lies)

A friend messaged me a photo of a sealed booster box last month with one question: "worth it?" He'd already decided, really. The chase card in that set was all over his feed, so the box felt like a good deal. I asked him to send me the pull rates instead of the hype, and we spent twenty minutes turning "worth it?" into something we could actually compute. That exercise is a small, self-contained data problem. It's also a good example of how a clean-looking model can hand you a confident number that doesn't survive contact with reality. If you like building little estimators, this one is worth doing carefully, because the interesting part isn't the formula. It's everything the formula assumes. The formula is the easy part Expected value of a box is a weighted sum. Each card you can pull has a probability and a market value, and you multiply the two across every slot the box gives you. That's it. Undergrad probability. Here's a stripped-down version for a hypothetical set. I'm using made-up numbers so nobody mistakes this for real pull data — the point is the shape of the computation, not the specific set. # One "hit slot" in a box: probabilities cover the full outcome space. # Values are illustrative market estimates in USD. hit_table = [ { " name " : " Alt-art chase " , " p " : 0.0125 , " value " : 180.00 }, { " name " : " Secret rare " , " p " : 0.030 , " value " : 45.00 }, { " name " : " Full-art rare " , " p " : 0.100 , " value " : 8.00 }, { " name " : " Standard hit " , " p " : 0.400 , " value " : 0.55 }, { " name " : " No notable hit " , " p " : 0.4575 , " value " : 0.06 }, ] assert abs ( sum ( row [ " p " ] for row in hit_table ) - 1.0 ) < 1e-9 ev_per_slot = sum ( row [ " p " ] * row [ " value " ] for row in hit_table ) hit_slots_per_box = 36 # e.g. one meaningful slot per pack ev_box = ev_per_slot * hit_slots_per_box print ( f " EV per slot: $ { ev_per_slot : . 2 f } " ) # $4.65 print ( f " EV per box: $ { ev_box : . 2 f } " ) # $167.31 The box costs $150 sea

2026-07-06 原文 →
AI 资讯

Predicting When a Client Will Actually Pay: Modeling Invoice Timing With an AI Agent

The single hardest thing about getting paid isn't writing the invoice. It's the follow-up — knowing when to nudge a quiet client, and doing it in a tone that doesn't torch the relationship. Most tools solve this with a dumb cron job: "send a reminder 7 days after the due date." That's wrong for almost everyone, and here's why. The problem with fixed reminder schedules Payment behavior isn't uniform. One client pays like clockwork on day 32 of a "net 30" invoice — not late, just their rhythm. Another pays on day 5 but only if you remind them on day 3. A blanket "day 7 past due" reminder annoys the first client (who was always going to pay) and misses the second (who needed the poke earlier). So the real problem is per-client timing prediction , not scheduling. You want to model each client's payment distribution and act at the point where a reminder has the highest marginal effect — the moment they're most likely to convert intent into a transfer. Modeling payment rhythm as a per-client distribution Every invoice gives you a labeled data point: (sent_date, due_date, paid_date, amount, was_reminded) . Over time, per client, that's a distribution of "days from send to pay." The naive move is to average it. Don't — averages hide the shape, and the shape is the whole signal. We model each client's pay-day as a distribution and track two things that matter more than the mean: Dispersion — a tight distribution (always day 30–32) means a reminder before day 30 is noise. A wide one means the client is reminder-sensitive. Reminder lift — comparing paid-day distributions with and without a nudge tells you whether reminders actually move this client, and by how much. for client in clients : hist = paid_events ( client ) # list of days-to-pay p50 , p90 = quantiles ( hist , [. 5 , . 9 ]) lift = mean ( days_without_reminder ) - mean ( days_with_reminder ) # act just before the client's own habitual pay point, # but only if a nudge historically helps them if lift > MIN_LIFT_DAYS :

2026-07-06 原文 →
AI 资讯

How Git Actually Works Under the Hood

Most developers use Git every day and understand almost none of it. That's not an insult, it's just the reality of how most people learn tools. You pick up the commands that get you through the day, you memorize the ones that fix the situations you keep breaking, and you build a working mental model that is almost entirely wrong at the mechanical level. The mental model most people carry looks something like this: Git tracks changes to files. When you commit, it saves a snapshot of what changed. Branches are pointers to different lines of work. That's roughly correct at a surface level, but it skips over the actual machinery in a way that leaves you confused every time something unexpected happens. Why does rebasing rewrite history? Why are commits immutable? Why does detached HEAD state exist? Why can you lose work in ways that feel impossible if Git is just tracking changes? The answers are all in the object model, and the object model is surprisingly simple once you sit with it. Git is a content-addressable filesystem Before any of the version control concepts, Git is a key-value store. You put content in, you get a hash back. You use that hash later to retrieve the content. That's the entire foundation, and everything else is built on top of it. The hash Git uses is SHA-1, producing a 40-character hexadecimal string. When you run git hash-object on a file, Git takes the content, prepends a small header describing the object type and size, and runs SHA-1 over the whole thing. The resulting hash is both the key and the identity of that content. Two files with identical content will always produce the same hash. A file whose content changes even slightly will produce a completely different hash. This is the first thing that breaks people's mental models. In most storage systems, identity is location: a file is "that file" because it lives at that path. In Git's object store, identity is content. The path a file lives at is separate metadata, not the file's identity

2026-07-05 原文 →
AI 资讯

Exporting any Bluesky profile's followers with the open API

Every big social network locks audience data behind auth walls and anti-bot systems. Bluesky went the other way. The AT Protocol is open by design, so public profile data (bios, follower counts, full follower and following lists) is queryable through a documented API without logging in. The whole surface is basically two endpoints: GET https://api.bsky.app/xrpc/app.bsky.actor.getProfile?actor=HANDLE GET https://api.bsky.app/xrpc/app.bsky.graph.getFollowers?actor=HANDLE&limit=100 There's also getProfiles for batching 25 handles per call. Follower lists paginate with a normal cursor , which still works on the graph endpoints. Search is a different story, cursor pagination 403s there now, but that's a topic for another post. For one-off lookups, curl is honestly all you need. Where it gets tedious Bulk. Thousands of profiles, follower exports that run into six figures, weekly snapshots for tracking. Pagination, rate-limit backoff, and stitching the pages together is boring code that has to run reliably. I packaged that part as an Apify actor: Bluesky Profile Scraper . Paste handles or profile URLs, optionally turn on follower/following export, and you get JSON or CSV back with a sourceProfile field linking each follower record to the profile it belongs to. $2 per 1,000 records, runs on a schedule if you want snapshots over time. What people use this for Vetting an influencer's real audience before paying them. Exporting who follows a competitor and what their bios say. Charting follower growth from weekly runs. And enrichment: find who's talking about you with a mentions monitor , then profile those authors to see their actual reach. Bluesky is the only major network right now where any of this is straightforward and stable. Worth using while it lasts.

2026-07-05 原文 →