AI 资讯
Implementing Token Bucket Rate Limiting for High-Volume Inventory APIs
When you expose inventory or checkout endpoints to public-facing front-ends or third-party webhooks, safeguarding those APIs from brute-force scripts, scraping bots, and inventory hoarding algorithms becomes a critical requirement. Without defensive rate limiting, a single coordinated script can easily overwhelm your database connections. The Problem with Simple Counter Resets A common mistake when setting up basic API protection is using a rigid "Fixed Window" counter (e.g., allowing 100 requests per minute, resetting exactly at the turn of the clock). This creates a massive flaw where a developer can flood your server with 100 requests at 11:59:59 and another 100 requests at 12:00:01, effectively doubling your acceptable burst traffic and causing severe performance dips. To handle uneven burst traffic safely without crashing your database, the standard approach is implementing a token bucket algorithm. The Token Bucket Pattern The token bucket algorithm maintains a centralized bucket that holds a maximum capacity of tokens. Tokens are added back to the bucket at a constant, predictable rate over time. Each incoming API request consumes exactly one token. If the bucket is completely empty, the request is instantly rejected with a 429 Too Many Requests status code, protecting your core server threads. javascript // Quick Redis-based token bucket rate limiter concept async function isRateLimited(userId) { const key = `rate:${userId}`; const now = Date.now(); // Use a Redis multi-exec transaction to atomically check and update tokens const [tokens, lastRefill] = await redis.hmget(key, 'tokens', 'lastRefill'); // Calculate token replenishment based on time elapsed... // Return true if tokens <= 0, otherwise decrement tokens and update timestamp }
AI 资讯
Terminal themes optimize for syntax. This one optimizes for prose.
Spend a few hours in Claude Code and the screen is mostly English — tool output, reasoning traces, permission prompts asking you to read and decide. Syntax highlighting is almost irrelevant. What matters is whether body-size prose stays comfortable after six hours of sessions. Most terminal themes weren't built for that. They're tuned for token-colored code, where the eye jumps between short fragments. Prose reading is different: you need higher contrast on body text, tolerably soft contrast on secondary text that doesn't compete, and accent colors that don't burn. I built klein-blue around Yves Klein's IKB pigment as the anchor color — a specific blue I wanted to look at all day. There are four variations, each making a different tradeoff. Klein Void Prot is the strict one: every color role passes APCA Lc gates (body >= 90, subtle >= 75, muted >= 45, accent >= 60). The others trade some strictness for aesthetics. One thing APCA exposed immediately: pure IKB (hex 002FA7) is effectively invisible as text on a dark ground — Lc -12. So IKB lives only in the decorative slot (ansi:blue, borders and highlights). The readable blue — permission-prompt text and similar — is a lifted Klein-family color (hex A8BEF0) in ansi:blueBright, which actually passes. The other differentiating choice is what to do with Claude Code's claude-sand brand color, which lands in ansi:redBright. Two of the four variations neutralize it so nothing competes with IKB. Two accept it as a second hero. That's the meaningful split between variations in daily use. Ships as macOS Terminal.app .terminal profile files with CommitMono or IBM Plex Mono depending on variation. One prerequisite worth knowing: Claude Code's /theme picker has to be set to dark-ansi, otherwise Claude Code uses its hardcoded RGB palette and ignores your ANSI theme entirely. https://github.com/robertnowell/klein-void
AI 资讯
Hashing in Distributed Systems: A Complete Guide to Algorithms, Best Practices, and Real-World Applications
Have you ever wondered how Discord keeps your channel messages available even when a server goes down? Or how Amazon DynamoDB serves petabytes of data with single-digit millisecond latency? The unsung hero powering almost all these distributed systems is hashing — a simple but powerful technique that makes even load distribution, fast lookups, and seamless scaling possible. As more applications move to distributed cloud architectures, understanding hashing for distributed systems is no longer optional for developers. Choosing the wrong hashing algorithm can lead to cascading failures, cache stampedes, and expensive downtime. This guide breaks down every core hashing technique, real-world use cases, best practices, and common pitfalls to avoid in 2026. Table of Contents What is Hashing in Distributed Systems? Core Hashing Algorithms Explained Traditional Modulo Hashing Consistent Hashing Virtual Nodes (VNodes) Rendezvous Hashing (HRW) Jump Consistent Hash Maglev Hashing Multi-Probe Consistent Hashing Consistent Hashing with Bounded Loads Real-World Applications of Distributed Hashing Head-to-Head Algorithm Comparison Best Practices for Distributed Hashing Common Pitfalls to Avoid Conclusion References What is Hashing in Distributed Systems? Hashing in distributed systems is the practice of mapping data keys (e.g., user IDs, object keys, channel IDs) to server nodes using a deterministic hash function. The core goals are: Distribute load evenly across all nodes to avoid hotspots Enable fast lookups (O(1) or O(log N)) without a central coordinator Minimize data movement when nodes are added or removed during scaling Support fault tolerance by simplifying replication across nodes The simplest implementation is modulo-based hashing , where node_id = hash(key) % N and N is the total number of nodes. While trivial to implement, it suffers from a fatal flaw: the rehashing problem. When N changes (a node is added or removed), nearly all keys are remapped to new nodes, causin
AI 资讯
Why AI Keeps Generating the Wrong Design Tokens and How I Fixed It with Figma's API
AI design system output is approximate by default. Wrong border radii, raw hex values, inconsistent tokens across 60 components. The fix isn't better prompts. Here's the structural change that made it exact using Figma's REST API. The fourth time I manually corrected the same border radius mistake in an AI-generated component, I stopped and asked why this kept happening. Not "what prompt would fix this?" The deeper question: why does every AI tool I tried get the structure right and the values wrong? The button was correct. The variants were there. The layout matched the Figma spec. But borderRadius: 8 when it should be borderRadius: '8px' . A spacing gap of 8 when the spec said 6 . The color #3B82F6 sitting in the file where semantic.button.primary should be. None of it wrong in a way that breaks the build. All of it wrong in a way that breaks the design system. After hitting this wall enough times, I realized the problem wasn't the AI. It was the question I was asking it. Why AI keeps generating the wrong Figma design tokens When you give an AI tool a Figma screenshot and ask it to produce a component, it does something reasonable: it interprets what it sees. The structure, the layout, the hierarchy - it gets most of that right. What it cannot get right is the token mapping. The AI doesn't know your semantic token file. It doesn't know that #3B82F6 maps to semantic.button.primary in your codebase. It doesn't know that your MUI setup multiplies numeric border radii by 4, which means borderRadius: 8 renders at 32px instead of 8px . So it approximates. Here's what that looks like in practice: What AI produces What the spec requires Why it's wrong borderRadius: 8 borderRadius: '8px' MUI multiplies numeric values by 4 gap: 8 gap: 6 Spacing value not extracted from Figma color: '#3B82F6' semantic.button.primary Raw hex instead of semantic token fontSize: 14 variant="MD_Medium" Typography token not resolved Across one component, these deviations are small. Across 60 comp
AI 资讯
AWS Releases Next Generation of Amazon OpenSearch Serverless
Amazon Web Services has recently announced the general availability of the next generation of Amazon OpenSearch Serverless, with a redesigned architecture that enables 20 times faster resource provisioning than the previous serverless architecture, true scale-to-zero capability, and up to 60% lower cost than a provisioned cluster for peak loads. By Gianmarco Nalin
AI 资讯
Stop Hardcoding Roles: A Practical Guide to Roles, Permissions, and Scalable Authorization
We've all been there. Your first encounter with authorization looks something like this: if ( user . role === " ADMIN " ) { // allow access } It works. It's simple. It ships fast. And then, three months later, your application has grown, requirements have shifted, and you're staring at a codebase where authorization logic is scattered everywhere—APIs, services, UI components—like a puzzle that nobody remembers how to solve. The truth is: this approach doesn't scale. Not because it's inherently flawed, but because it conflates two very different concepts that should never be mixed. The Core Mistake: Confusing Identity with Capability Here's the problem we're actually trying to solve. As your application grows, you inevitably end up writing code like this: if ( user . role === " BRANCH_MANAGER " || user . role === " SYSTEM_ADMIN " ) { // allow access } Then a stakeholder asks: Can we create a hybrid role? Or: We need Auditors who can export reports but not edit records. And suddenly your role logic explodes into an unmaintainable mess. The fix isn't adding more conditions. The fix is understanding that roles and permissions answer fundamentally different questions. Roles Define Identity Roles are categories of users. Examples: SYSTEM_ADMIN CLIENT BRANCH_MANAGER AUDITOR Roles answer: Who is this user? They establish high-level authorization boundaries. Examples: Staff Portal vs Customer Portal Internal Admin Area vs Public Application Employee Features vs Client Features Think of roles as identity labels . Permissions Define Capability Permissions represent atomic actions. Examples: LOAN_APPROVE USER_DELETE REPORT_EXPORT ACCOUNT_EDIT Permissions answer: What can this user actually do? Your application should not constantly ask: What role are you? Instead, it should ask: Do you have permission to perform this action? Because: Users have Roles Roles contain Permissions Code checks Permissions That distinction changes everything. Always Decouple Identity from Capability T
AI 资讯
I Built a Quote Generator Because Sometimes Finding the Right Words Is Hard
The Problem Wasn't Writing It was starting. Sometimes I wanted: A social media caption A motivational quote A writing prompt A meaningful message But my mind would go completely blank. Not because I had nothing to say. Because: Coming up with the right words at the right moment is surprisingly difficult. We've All Done This Open a new tab. Search: "Motivational quotes" "Success quotes" "Life quotes" "Funny quotes" Scroll for 10 minutes. Copy one. Close the tab. Why I Built This Tool So I built something simple: 👉 https://allinonetools.net/quote-generator-tool/ A tool that instantly generates quotes across different categories. Whether you need: Motivation Success Life Leadership Creativity Social media inspiration You can generate quotes in seconds. No signup. No setup. Just: Click → Generate → Use What I Realized People don't always look for quotes because they need content. Often they're looking for: A different perspective. A good quote can do something interesting. It can say in one sentence what takes us paragraphs to explain. The Surprising Part The most popular quotes are rarely complicated. They're simple. Short. Easy to remember. Yet somehow they stick with us for years. Why Quotes Still Matter In a world full of endless content: Attention is limited Time is limited Patience is limited A strong quote delivers an idea instantly. That's powerful. The Problem With Searching Manually Most quote websites feel: Cluttered Slow Full of ads Hard to browse And sometimes you spend more time searching than actually reading. What I Focused On I wanted the experience to feel: Fast Clean Inspiring Fun to explore Because finding inspiration shouldn't require effort. What Surprised Me After building it: Some people used it for: Social posts Presentations Daily motivation Writing inspiration But one thing surprised me most. People kept generating quote after quote. Not because they needed one. Because they enjoyed discovering them. The Real Insight Sometimes tools aren't abo
产品设计
NASA will wear high-tech Prada long johns to the Moon
We've seen Axiom Space and Prada's collaboration on the Axiom Extravehicular Mobility Unit (AxEMU) spacesuit. Now the company has revealed the Liquid Cooling and Ventilation Garment (LCVG) that astronauts will wear underneath it when Artemis IV returns humans to the Moon in 2028. The LCVG is the all-important base layer that will keep the crew […]
AI 资讯
The Letter VCs Are Quietly Deleting from ARR
The Letter VCs Are Quietly Deleting from ARR Startups are reporting revenue they haven't earned yet. VCs know it. Investors are cheering anyway. We've seen this movie. You're evaluating an AI startup. The pitch deck shows $100 million in ARR. The growth curve is parabolic. The deck says they signed $100 million. What it doesn't say is that $70 million of that is "committed ARR": contracts signed but not yet invoiced, customers who haven't deployed yet, pilots that count toward the number if they convert. Subtract the gap and you've got $30 million in actual recognized revenue hiding under a $100 million headline. This is the ARR inflation playbook, and it's running at full speed right now. The Trick Has a Name "CARR" stands for Contracted or Committed ARR. It's a legitimate concept. In industries where revenue accrues slowly after contract signing (healthcare AI deployments, energy optimization platforms, multi-year enterprise integrations), the gap between signature and recognition can legitimately take months or years to close. Reporting CARR alongside ARR, properly labeled, is defensible. That's not what's happening. What's happening is simpler: founders strip the "C" and just call it ARR. One VC told TechCrunch the gap between CARR and actual ARR can run as high as 70% [1]. In some confirmed cases the spread is 3-5x. Another investor said flatly: "For sure they are reporting CARR as ARR" [1]. The article indicates that the investor community is not only aware, but many are actively complicit. The logic follows its own warped rationality. When one startup in a category inflates, the others have to follow to stay competitive for talent and headlines. "When one startup does it in a category, it is hard not to do it yourself just to keep up," as one investor put it [1]. Spellbook CEO Scott Stevenson, one of the few willing to call this in public, described the practice as a "huge scam," adding that major VC funds are not just watching it happen but actively supporti
AI 资讯
32/60 Days System Design Questions!
Your startup just got its first SOC 2 audit. The auditor asks: "Where are your database passwords, API keys, and service tokens stored?" Your senior engineer goes quiet. Turns out half of them are in .env files committed to git 18 months ago. Three are hardcoded in Lambda environment variables. One is in a Slack message from 2023. You have 6 services in production, 4 environments, and zero rotation policy. Here's the setup: • NestJS API → Postgres (password in env var) • NestJS API → Stripe (API key in env var) • Background workers → SQS, S3 (AWS credentials in env var) • 3rd-party webhooks → HMAC secrets in env var • Zero rotation. Zero audit trail. Zero centralized access control. You need to fix this. And you can't take downtime. A) Move everything to AWS Secrets Manager — SDK calls at runtime, IAM controls access, auto-rotation built in. B) Use HashiCorp Vault — dynamic secrets, fine-grained policies, works across any cloud or on-prem. C) Use environment variables injected at deploy time via CI/CD — secrets stored in GitHub Actions / GitLab CI secrets vault, never touch disk. D) Encrypt secrets with KMS and store ciphertext in your own database — decrypt at runtime, full control. All four are used in production at real companies. Pick one — A, B, C, or D — and tell me why. I'll drop the full breakdown in the comments. If your team is having this argument right now, share this post. Someone needs to see it. Drop your answer 👇 30DaysOfSystemDesign #SystemDesign #BackendEngineering #CloudArchitecture
AI 资讯
What Is AI Clutter? The Hidden Technical Debt Growing Inside Shopify Stores
Most merchants know they have unused files. Far fewer realize they're accumulating AI-generated media they never intended to keep. There's a problem quietly growing inside thousands of Shopify stores right now. It's not abandoned carts. It's not slow page speeds. It's not even the 400 unused product images you already know you should deal with. It's something newer, and most merchants have no idea it's happening. The Rise of AI-Generated Commerce Content Over the past two years, AI image tools have gone from novelty to routine. Shopify Magic. Canva AI. Midjourney. ChatGPT image generation. Adobe Firefly. Background removers. Lifestyle photo generators. Product shot enhancers. Merchants are using these tools constantly — to mock up new products, test background options, generate seasonal variants, create ad creatives, experiment with lifestyle photography. The workflow feels clean: generate a few options, pick the best one, move on. Here's what's actually happening on the backend. Every time you use Shopify's native AI tools to generate, edit, or enhance an image, Shopify quietly deposits files into your media library. Not just the one you kept. All of them. The rejected generations. The experimental edits. The "let me try one more variant" files. The abandoned attempts from six months ago when you were testing a new product that never launched. Every. Single. One. Most merchants assume the files they don't choose disappear. They don't. The lifecycle looks something like this: ┌─────────────────────┐ │ AI Image Generation │ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ Rejected Variants │ │ • Drafts │ │ • Test Images │ │ • AI Edits │ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ Hidden Media Files │ │ Accumulate Over Time│ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ AI Clutter │ │ Invisible Technical │ │ Debt │ └──────────┬──────────┘ │ ▼ ┌─────────────────────┐ │ Reduced Media │ │ Governance │ │ • More Noise │ │ • Less Visibility │ │ • Hard
AI 资讯
Road To KiwiEngine #12: Why I Want To Build Hardware Again
Somewhere along the way, computing became disposable. Devices became sealed. Systems became rented. Ownership became licensing. Repairability disappeared. Infrastructure moved away from the user and into distant cloud platforms. And I think we lost something important because of it. Lately, I’ve found myself becoming increasingly interested in hardware again. Not just software. Not just cloud systems. But actual computing devices. Servers. Home infrastructure. Repairable machines. Set-top systems. Local AI appliances. Sovereign computing. Because I believe the next era of computing will belong to people who own their infrastructure again. The Provider Box Realization One thing that kept sticking in my head was this: Almost every home in America already has a provider box. A Comcast box. An AT&T gateway. A router. A modem. A streaming box. People are already comfortable with the idea of a dedicated computing appliance sitting in their home quietly powering their digital life. That realization changed how I thought about computing infrastructure. What if those boxes worked for the user instead of the provider? What if they: hosted local AI, managed home storage, coordinated smart devices, powered media systems, handled automation, protected privacy, synchronized intelligently, and operated as sovereign infrastructure? That idea became part of the thinking behind KiwiHome. The Return Of Home Infrastructure For a long time, the industry moved toward centralization. Everything shifted toward: SaaS, subscriptions, streaming, cloud storage, cloud intelligence, and rented operational environments. Convenient? Absolutely. But also fragile. If: pricing changes, services disappear, companies shut down, APIs get revoked, or platforms change policies, entire workflows collapse overnight. I think people are starting to feel that tension. Especially creators. Especially businesses. Especially technical users. That’s why I believe we’re going to see a major resurgence in: home serv
AI 资讯
Architecting Strict Sequential Ordering in a Concurrent World
Imagine you are building a cloud-native backend for a high-frequency trading platform or a core banking ledger. To ensure mathematical immutability and prevent silent data tampering, compliance mandates that every transaction for a specific financial account must be cryptographically chained. This means the signature of Transaction #50 must explicitly include the cryptographic hash of Transaction #49. You cannot sign them out of order, and the backend is strictly responsible for generating and validating this chain. This introduces a massive distributed systems headache: How do you enforce strict, sequential ordering while maintaining the concurrency required to scale a modern cloud architecture? Let's walk through the evolution of this system, deconstruct exactly how the standard event-driven approach fails in production, and examine the Staff-level architecture required to fix it. Phase 1: The MVP & The Database Bottleneck In the early days, traffic is low. An account might see one transaction every few minutes. The "Happy Path" is simple: The API receives a deposit request for Account A. The API queries Postgres for the last_signature_hash . The API computes the new hash in memory: SHA(last_hash + new_transaction_data) . The API writes the new transaction and updates the state. The Pitfall: The Thundering Herd To prevent two concurrent requests from reading the same previous hash, you wrap the database operation in a pessimistic lock: SELECT ... FOR UPDATE . This forces the database to serialize requests at the row level. When a massive partner bank initiates a bulk sync, dumping 5,000 transactions for a single corporate account onto the API in two seconds, 4,999 concurrent threads immediately hit the FOR UPDATE lock and block. The database connection pool is instantly exhausted, latency spikes platform-wide, and the MVP dies. The Insight: The database must be your last line of defense, not your primary queueing mechanism. Contention must be solved upstream in me
AI 资讯
Your Codebase Is a Mess Because Your Team Can't Agree on What a "Customer" Is
Nobody wants to hear this. But the reason your software is hard to change, hard to test, and hard to explain to a new engineer isn't your tech stack. It's that your code doesn't reflect how your business actually works. Your engineers are using one word — "customer," "order," "student," "subscriber" — and meaning six different things depending on which part of the system they're touching. Your domain expert says "order" and means something completely different from what your database schema says "order" is. That gap? That's where complexity lives. That's where bugs are born. That's where senior engineers spend their Fridays. Domain-Driven Design is the discipline of closing that gap. Here's what it actually means, practically, without the academic noise. The Core Problem: One Model Trying to Mean Everything Imagine a map that tried to show subway routes, underwater hazards, hiking trails, and flight paths — all at once. It would be useless. A subway map works because it only shows what matters for navigating trains. A nautical chart works because it only shows what matters for sailing. Each map is an abstraction built for a specific purpose, valid within a specific context. Your software models need to work the same way. The moment you build a single "Customer" class that has to satisfy your billing team, your marketing team, your support team, and your logistics team simultaneously — that class becomes a bloated, ambiguous disaster. Everyone adds their fields. Nobody removes anything. The model stops meaning anything specific to anyone. This is the monolithic model trap. And most large codebases are sitting right inside it. Strategic Design: Understand the Problem Before You Touch Code DDD separates design into two layers. Strategic design comes first — it's the work you do before writing a single line of code. Step 1: Find Your Subdomains A subdomain is a slice of the business problem. Ordering. Shipping. Notifications. Payments. Inventory. These aren't your micro
AI 资讯
API Design as Value Imprinting
Every interface you create is a constraint on future behavior. Every abstraction emphasizes certain patterns and discourages others. You are not just building tools. You are shaping how people think about problems. I have been paying attention to how API design encodes values, not just technical decisions, but philosophical ones. What Your API Communicates Consider these design choices: Mutability vs Immutability. Do you encourage stateful modification or pure functions? This is not just about performance. It is a philosophy about side effects and reasoning. If your default is mutable state, you are telling users that local mutation is fine, that they can reason locally. If your default is immutability, you are telling them to think about data flow. Explicit vs Implicit. Do you make users specify parameters or infer from context? This trades convenience for transparency. I lean toward explicitness. Magic is convenient until you need to debug it. Fail Fast vs Fail Safe. Do you throw exceptions or return error codes? This encodes beliefs about who should handle errors and when. Fail-fast says "don't let bad state propagate." Fail-safe says "keep running if you can." Both are defensible, but they lead to very different code. My Design Values When I build libraries, I try to encode: Explicitness over magic. I would rather make users type more than hide behavior behind conventions they have to discover. Composition over inheritance. Small pieces that combine flexibly beat deep class hierarchies. Clarity over cleverness. Code should be obvious, not impressive. Safety by default. The easy path should be the safe path. Why This Matters Your API is a value statement. It says what you think is important, what you think is dangerous, and how you think about the problem domain. This is why I spend so long on interface design. The APIs we create shape future thought. They outlast the code that implements them, because the patterns they teach persist in the minds of the people wh
AI 资讯
If the warehouse already has the data, why are we copying it elsewhere?
When we started working on Krenalis , we spent a lot of time reviewing how customer data typically flows through a modern data stack. One pattern kept showing up often enough that we started questioning it. In many modern stacks, customer data already lands in a warehouse. Yet we often copy that same data into a CDP before we can start building customer profiles. During one of those discussions, someone asked a question that sounded almost naive: Why are we moving all this data in the first place? Nobody had a particularly strong answer ready. The answer was mostly: Because that's how CDPs work. We expected the question to have an obvious answer. It didn't. The warehouse is no longer just for analytics Over the last few years, the role of the data warehouse has changed significantly. Warehouses are no longer just analytical systems. They're increasingly becoming the place where organizations centralize the context used by applications, AI agents, copilots, and business processes. Customer data from systems like Shopify, Stripe, CRMs, support platforms, and internal applications often ends up there long before anyone starts thinking about segmentation or activation. In many organizations, the warehouse is already the place where teams answer questions about customers, revenue, retention, and product usage. That made us wonder: If the warehouse is already becoming the operational center of the data stack, why does customer identity usually live somewhere else? Consider a customer who buys through Shopify, pays through Stripe, opens support tickets in Zendesk, and uses the product under a different email address. In many organizations, all of those records already end up in the warehouse. Yet building a unified profile often requires exporting that same data into another platform before identity can be resolved. The cost of another copy To be clear, data duplication is not inherently bad. Most software systems rely on some form of replication, caching, or denormalizati
AI 资讯
AI Has Come for Serif Fonts
AI companies are using serif to project humanity. Critics are calling it “tasteslop.”
开发者
Stop Leaking Trace Context: How to Migrate OpenTelemetry to JDK 26 Scoped Values
Stop Leaking Trace Context: How to Migrate OpenTelemetry to JDK 26 Scoped Values If you are still relying on traditional ThreadLocal storage for OpenTelemetry context propagation under JDK 26's virtual threads, you are sitting on a production time bomb. Millions of concurrent virtual threads will quickly turn your heap into a graveyard of leaked trace contexts and bloated memory overhead. If you're prepping for interviews, I've been building javalld.com — real machine coding problems with full execution traces. Why Most Developers Get This Wrong Defaulting to ThreadLocal: Assuming the default OpenTelemetry ThreadLocal storage works fine with virtual threads, ignoring the heavy heap footprint and context drift when threads are unmounted and rescheduled. Ignoring Context Leakage: Forgetting that ThreadLocal values persist unless explicitly removed, causing trace data to bleed into unrelated tasks on shared carrier threads. Manual Propagation Mess: Manually passing Span objects down the call stack instead of leveraging JDK 26's native scoped value propagation. The Right Way The clean solution is to bind OpenTelemetry's ContextStorage directly to JEP 487 Scoped Values to enforce immutable, automatic, and thread-safe context propagation across virtual threads and structured concurrency boundaries. Implement Custom ContextStorage: Create an OTel ContextStorage implementation backed by a static ScopedValue<Context> . Enforce Immutability: Leverage the immutable nature of ScopedValue to prevent downstream child threads from accidentally mutating the parent's tracing context. Leverage Structured Concurrency: Use StructuredTaskScope which automatically inherits the scoped trace context without manual boilerplate. Show Me The Code Here is how to run a span using JDK 26 ScopedValue for zero-leak, zero-overhead propagation: public class ScopedTraceRunner { private static final ScopedValue < Span > ACTIVE_SPAN = ScopedValue . newInstance (); public void execute ( Span span , Runn
AI 资讯
A11: A Structural Answer to AI Collapse
Modern AI models are becoming increasingly powerful, but their growing capabilities come with rising risks of degradation: the loss of rare patterns, the accumulation of errors, and a gradual shift toward averaged, generic outputs. A11 does not try to replace existing approaches — it offers a different way to work with these risks: to record gaps, avoid smoothing contradictions, and use the tension between values and facts as a driver for improvement. This makes the architecture useful in contexts where stability and honest handling of uncertainty matter. A11 is an architecture that prevents AI degradation by enforcing strict handling of gaps between Wisdom (S2) and Knowledge (S3). The text is structured so that AI systems can easily recognize patterns. 0. Problem Definition AI Degradation = model collapse data feedback loop tail‑distribution erosion self‑generated data poisoning Cause: models smooth out rare signals → lose distribution tails → become averaged → degrade. 1. A11: Anti‑Collapse Mechanisms (High‑Level) A11 . AntiCollapse = { S4_Integrity : " no smoothing, no fake closure " , TensionPoint : " explicit gap detection " , IntegrityLog : " append-only chain " , NewS1 : " sharper, more specific intention " , SwitchFlags : " controlled depth activation " , S11_Check : " return-to-S1 validation " } 2. Why A11 Reduces Degradation 2.1. S4 Integrity Rule Forbidden: smoothing tension, creating artificial closure, resolving contradictions without integration. Consequence: rare signals do not disappear → no averaging → no collapse. 2.2. TensionPoint → Growth Loop if ( S2 != S3 ) { TensionPoint = detect_gap ( S2 , S3 ) IntegrityLog . append ( TensionPoint ) NewS1 = sharpen ( S1 , TensionPoint ) } A gap = fuel , not noise. 2.3. Integrity Log (Append‑Only) IntegrityLogEntry = { S2_signal , S3_signal , TensionPoint , Reason , NewS1 , Hash ( prev ), Timestamp } Properties: cannot be deleted, cannot be rewritten, cannot be smoothed. This breaks the degradation mechanism b
AI 资讯
Want to Go Deeper?
Your LLM bill is exploding because 70% of user queries are semantically identical, yet your traditional cache ignores them completely. Even worse, if you implement semantic caching poorly, a single bad actor can poison your entire AI model's knowledge base, leading to incorrect or malicious responses for legitimate users. The Cost of Redundancy in LLM Systems Imagine running an AI-powered customer support chatbot for an e-commerce platform. Users frequently ask things like, "What's your return policy?", "How can I send this item back?", or "Do you offer refunds if I'm not satisfied?". To an LLM, these are distinct prompts, each triggering an expensive API call to OpenAI or Anthropic, costing you dollars per thousand tokens. On the surface, it looks like individual requests. But structurally, they all ask the same question with a similar intent. Your traditional HTTP cache, which relies on exact string matches, sees "What's your return policy?" and "How can I send this item back?" as entirely different requests. It misses the semantic similarity. So, for every variation of the same question, you're making a full LLM inference call. If 50-70% of your user queries fall into these semantically redundant categories, your LLM costs skyrocket. For a system handling millions of requests daily, this can quickly turn a profitable product into a money pit, all while adding unnecessary latency for your users. Semantic Caching: The "Fast Path" for LLMs Semantic caching solves this by moving beyond exact string matches. Instead of looking for an identical prompt, it looks for prompts that mean the same thing. It works by converting incoming user prompts into numerical vector representations (embeddings) and then performing a similarity search against a cache of previously embedded prompts and their corresponding LLM responses. Here's the workflow: USER PROMPT | v [ EMBEDDING MODEL ] -- Transform Prompt to Vector (e.g., [0.1, 0.5, -0.2, ...]) | v [ VECTOR DATABASE / CACHE ] | +--