AI 资讯
How offline license activation actually works
If you ship a desktop app outside an app store, you eventually hit the same wall: how do you check a license when the user is on a plane, behind a corporate firewall, or just offline? Calling your server on every launch isn't an option. Here's how offline activation actually works, without the hand-waving. The naive version, and why it breaks The first thing everyone reaches for is "call home on launch, get back yes/no." It works in the demo and fails in the wild: No network = no app. Fail-closed locks out paying customers. Fail-open means anyone who blocks your domain runs free. Both are bad. A boolean is forgeable. If your app trusts a {"valid": true} response, a proxy or a patched DNS entry returns that for free. The fix isn't a better endpoint. It's moving the trust off the network and onto cryptography. The model that works: signed leases The durable pattern is a cryptographically signed lease (Keygen calls these license files, Keylight calls them leases — same idea): On first activation, the device talks to the server once . The server returns a small signed document: the license state, an expiry, the device binding, and any entitlements (which features/tiers are unlocked). The document is signed with the server's private key (Ed25519 is the modern choice — small, fast, boring in the good way). Your app ships the matching public key and verifies the signature locally on every launch. No network needed. Because the app only ever verifies with a public key, there's nothing secret in the binary to steal, and a forged lease fails the signature check. That's the whole trick: the server vouches once, math vouches forever after. first launch ──► server signs lease (Ed25519, private key) ──► stored on device every launch ──► app verifies signature (public key) ──► no network Device binding (so one key isn't infinite installs) A lease is bound to a device so a single license can't be pasted onto a thousand machines. The lease embeds a device fingerprint, and the SDK ch
AI 资讯
The Day I Confused Task Queues with Message Brokers And Built the Wrong Thing
In my journey as a backend developer, I had already spent time working with APIs, databases, authentication flows, and background processing. I understood the basic idea that not everything should occur within a request-response cycle, especially when dealing with expensive operations such as sending emails, processing files, or generating reports. Offloading work to the background felt like a solved problem to me. That confidence was exactly what led me into confusion. When I first encountered message brokers and task queues, they looked like different names for the same idea. Both involved queues, both involved workers, and both involved asynchronous processing. In my head, the distinction didn’t seem important, so I treated them interchangeably and assumed that choosing one over the other was just a matter of preference or framework availability. The real issue was that I had not yet understood the difference in intent between communication and execution. What I thought was a simple design choice actually turned into an architectural mistake that affected how I structured an entire system. How I Misunderstood the Problem At the time, I was building systems where the backend had to handle multiple heavy operations. A user could upload files, request reports, or trigger processes that should not block the main API response. Naturally, I reached for a queue-based solution because it is the standard answer for background work. However, instead of asking what role the system needed to play, I focused on what tool could make things asynchronous. That small shift in thinking created the confusion. I assumed that anything that gets delayed or processed later should automatically go into a queue, without distinguishing whether I was dealing with a job that must be executed or an event that other services should react to. This is where I started building the wrong abstraction. Where Task Queues Actually Fit A task queue exists primarily to assign work that must be complete
AI 资讯
I built a free AI README Generator (with markdown preview)
Every developer hates writing READMEs. It's boring, repetitive, and always gets skipped. So I built ReadmeAI — describe your project, AI writes the README instantly. What it does Fill in project name, description, tech stack, features AI generates a complete professional README.md Switch between Raw and Preview tabs to see rendered markdown One click copy Tech Stack Next.js + Tailwind CSS Groq API (openai/gpt-oss-120b) Deployed on Vercel Why I built it (Write 2-3 sentences personally — mention the challenge, that you're a student builder, makes it relatable) Live link https://readmeai-three.vercel.app/ Built this in a day as part of my 30-day AI tools challenge. Would love feedback from the dev community!
AI 资讯
🚀 I Built DevBrand AI with Google AI Studio
This post is my submission for DEV Education Track: Build Apps with Google AI Studio . What I Built For this project, I built DevBrand AI, an AI-powered web application that helps developers create a complete personal branding kit in just a few clicks. Instead of manually writing bios, portfolio headlines, README introductions, or designing graphics, users simply provide their GitHub username, role, tech stack, experience, and preferred design theme. The application then generates everything automatically. Prompt Used I used Google AI Studio's Build apps with Gemini feature with a prompt similar to this: Build a modern React + TypeScript application called DevBrand AI that generates a complete developer branding kit. Use Gemini to generate professional bios, portfolio headlines, GitHub README introductions, project ideas, mission statements, social media introductions, CTAs, and branding recommendations. Use Imagen to generate a modern 3D developer mascot, hero illustration, and portfolio banner. Create a responsive UI using Tailwind CSS with reusable React components, loading animations, copy buttons, and download functionality. Features 🤖 AI-generated developer bio 🎯 Personal tagline 💻 Portfolio headline 📄 GitHub README introduction 💡 Project ideas 🌈 Suggested branding colors 📢 Social media introduction 🚀 Portfolio call-to-action 🎨 AI-generated developer mascot 🖼️ Hero illustration 🌐 Portfolio banner 📋 Copy buttons 📥 Download generated content 📱 Responsive modern interface Demo Screenshots Live Demo App: https://devbrand-ai-706459620449.asia-southeast1.run.app My Experience This project was my first time using the new Build apps with Gemini experience in Google AI Studio, and it was surprisingly fast to go from an idea to a working application. What impressed me most was how the AI generated a well-structured React + TypeScript project instead of just producing a single file. The generated components, services, and overall architecture made the project easy to und
AI 资讯
What Is an Agent Registry? (And What We Broke Before We Had One)
TL;DR An AI agent registry is a centralized catalog of every agent in your organization — what each agent does, what tools it can access, what version is running, who owns it, and how to call it It's to agents what a container registry is to Docker images or what a service mesh is to microservices — the layer that makes distributed components governable We hit the "which agents do we have?" wall at 14 agents across 3 teams. That's when the registry stopped being a nice-to-have About four months into our agentic AI buildout, our head of security asked a question I couldn't answer: "Can you give me a list of every AI agent running in production, what systems they have access to, and what version of each is currently deployed?" I had a rough mental model. I knew about the agents my team had built. I had a vague idea of what the data engineering team had shipped. The product team had recently added two agents I'd heard about secondhand. I spent the better part of a day pulling together a spreadsheet. By the time I finished, one of the agents I'd listed had already been replaced by a newer version. Two of them had been granted access to an internal API I hadn't known about. The spreadsheet was outdated before I sent it. That was our forcing function for building a proper agent registry. This post is what I wish I'd read before that conversation happened. What an agent registry is An agent registry is a centralized catalog of AI agents — a single source of truth that tracks every agent deployed in your organization, its capabilities, its integrations, its ownership, and its current state. The analogy that landed for me: it's to agents what a container registry (Docker Hub, ECR, GCR) is to container images. When you have three containers running, you don't need a registry — you know what you have. When you have 40 containers across six teams, you need a registry to know what's running, who owns it, what version is deployed, and what depends on what. Agents are the same. At
开发者
I built a free whale tracker for Polymarket — here's what I learned
The problem: I kept missing big moves on Polymarket because I had no way to see what the biggest traders were betting on in real time. So I built WhaleTrack — a free, no-signup tool that shows you exactly what top Polymarket whales are buying and selling. What it does Live whale activity feed — see the last 40 trades from top wallets, updated on refresh Whale leaderboard — P&L, win rate, trade count for the biggest accounts No login, no ads, no fluff — just the data How it works The whole thing is vanilla HTML/CSS/JS deployed on Vercel with two serverless functions: /api/whales.js — hits the Polymarket leaderboard API, fetches position stats for each whale, calculates win rates from closed positions /api/activity.js — pulls recent trades for each whale wallet in parallel, filters out internal combo transactions (no title / zero price), and returns the 40 most recent trades The serverless layer solves CORS — Polymarket's data API doesn't allow browser requests, so everything goes server-side. Tech stack Frontend: Vanilla HTML/CSS/JS (zero dependencies) Backend: Vercel serverless functions Data: Polymarket public data API Deploy: Vercel (free tier) Biggest lesson Filtering bad data is half the work. The raw API returns combo trades and internal transactions that show up as "Unknown Market @ 0¢" — useless noise. Had to figure out which fields to check (title, price > 0) to strip them. Also: win rate calculation is tricky when most whales have unrealized profits. Showing "—" instead of 0% is more honest. Try it WhaleTrack → Also launched on Product Hunt today if you want to show some love: Product Hunt Built this in a weekend. Happy to answer questions about the Polymarket API or Vercel serverless setup.
AI 资讯
"It’s just HTML and CSS. It’s too simple to post."
For a long time, I hesitated to share my work. I kept telling myself: "If I post a simple hero section, a basic Bootstrap grid, or a landing page clone, people will judge me. They’ll think I’m not a 'real' developer yet." But today, I saw a video of a developer who built a complete Netflix clone using only HTML & CSS in just 4 hours https://x.com/Aditwariii/status/1681403710457643009?s=20 . It made me stop and think. It’s easy to get so obsessed with complex frameworks, cloud architectures, and database optimizations that we begin to look down on the fundamentals. But here is the psychology of software engineering that we often ignore: Every master was once a beginner: The engineers managing complex distributed systems today started exactly where we are—struggling to center a div and fighting with CSS media queries. Shipping beats hiding: Building a clean, responsive interface in 4 hours shows speed, focus, and attention to detail. Those are core professional hygiene habits. Code is for humans, not just machines: Before we write APIs or database queries, we must master how a human being actually interacts with our interface. I’m letting go of the fear of being judged for "simple" things. From now on, I am building in public. Whether it’s a massive full-stack application or just a beautifully aligned hero section, it is proof of active practice and continuous momentum. Massive respect to [ https://x.com/Aditwariii?s=20 Check out Aditya Tiwari on X. POLYMATH 🧑💻 sde @IEX_INDIA_ ] for the inspiration and the reminder to keep shipping! 👇 What is a "small" project or layout you built recently that taught you a major lesson? Let's connect in the comments.
AI 资讯
Parsing and Rebuilding EPUB Files in Python: Lessons Learned
How we handle complex EPUB structures for AI translation without breaking navigation and metadata At LectuLibre , we built an AI‑powered book translation service. Users upload an EPUB, and our pipeline translates the text using LLMs like Claude and DeepSeek. That sounds straightforward until you have to parse and rebuild a valid EPUB without mangling the table of contents, internal links, or styles. I’m sharing the real‑world challenge we faced, how we chose our tooling, and the ugly corners we discovered when dealing with real‑world EPUB files. The Problem: EPUB is a Messy Zip File An EPUB is essentially a ZIP archive containing XHTML, CSS, images, and an OPF manifest. It’s a well‑defined standard (EPUB 3.2), but in practice publishers produce files that bend the rules: missing container.xml , inline styles that break after translation, and structural quirks that make parsing fragile. Our translation process needed to: Accept any EPUB the user throws at us. Extract all text content while preserving the exact structure. Send each paragraph to an LLM for translation. Re‑insert the translated text into the original XHTML files. Repackage everything into a new, valid EPUB. Step 4 is the tricky part: the translated text can be longer or shorter, it may contain characters that need escaping, and the surrounding markup must remain intact. Our Approach: Use ebooklib with a Dose of Defensive Coding We evaluated several Python libraries: epub (pypub) – too simple, no editing support. lxml + manual zip – too much boilerplate. ebooklib – full read/write with a clean API. We went with ebooklib . It provides an object‑oriented model of the EPUB structure, allows us to iterate over documents, and can write a new EPUB from the modified objects. The downside: its documentation is sparse and it can choke on malformed files. We had to layer on a lot of validation. Step 1: Loading and Validating the EPUB import ebooklib from ebooklib import epub def load_epub ( epub_path : str ) -> ep
AI 资讯
Three Months with Java 26: My Thoughts After Using the Latest Release
Java 26 was officially released in March 2026, and after spending the past three months exploring its new features, experimenting with preview APIs, and using it in personal projects, I think it's a good time to share my impressions. Unlike launch-day articles that simply list every new feature, this is a practical look at what actually stood out to me after having some time to work with Java 26. Some improvements are immediately useful, while others feel like building blocks for the future of the language. Java continues its predictable six-month release cycle, and Java 26 is another example of gradual, thoughtful evolution rather than dramatic change. In this article, I'll cover the features I found most interesting, what I like, what I probably won't use right away, and whether I think Java 26 is worth upgrading to. Why Upgrade to Java 26? Every Java release makes the platform: Faster More secure Easier to write Better for cloud applications Even if you don't immediately use every new feature, upgrading allows you to benefit from JVM optimizations and improved tooling. 1. Better Performance Java 26 continues improving the JVM with optimizations for: Faster startup Better garbage collection Reduced memory usage Improved JIT compilation Most applications will benefit automatically without changing a single line of code. 2. Improved Pattern Matching Pattern matching keeps becoming more powerful. Instead of writing: if ( obj instanceof String ) { String text = ( String ) obj ; System . out . println ( text . length ()); } You can simply write: if ( obj instanceof String text ) { System . out . println ( text . length ()); } Cleaner code with less casting. 3. Record Improvements Records remain one of Java's best additions for immutable data. public record User ( Long id , String name , String email ) {} Instead of writing dozens of lines containing: constructor getters equals() hashCode() toString() Java generates them automatically. 4. Better String Templates (Previe
AI 资讯
Why I Built a Tiny Repeated-Game Poker Analysis Tool
Most poker solvers answer one question very well: given a single hand and a single decision tree, what is the equilibrium strategy? (Yes, there is subgame solving, node locking, and plenty more — but the default frame is still one hand, one equilibrium.) I kept getting stuck on a different one. What if the same kind of spot shows up over and over, and a player can commit to a fixed strategy across those repetitions? In a few toy games I had a hunch, worked out by hand, that committing to a fixed strategy could change its value relative to the one-shot picture. I wanted a tool that could make that commitment value precise — to actually analyze it rather than just believe it. (Whether any of this rises to a repeated-game equilibrium is a much stronger claim, and one I am deliberately not making here.) I'm still learning software engineering, so until recently I couldn't implement this — I was stuck reasoning about toy games on paper. AI tooling made the analysis feasible, so I finally started building it: repeated-poker-analysis . It's a small research project: write one narrow model down, run small examples, and record what the model does and doesn't justify. What repeated-poker-analysis is It is an experimental Python toolkit for small abstract poker games. The current MVP covers: fixed Hero commitment candidates, exact Villain best-response diagnostics in small finite trees, candidate generation and filtering, T_deadline , an economic adaptation deadline, local T_detect , an observable-distribution sensitivity estimate, analysis reports and Markdown summaries. It is small on purpose. It is not a full solver and it is not wired to real solver ranges. It starts from one toy game — a river spot — that is tiny enough to inspect and test by hand. That toy spot is one where showdown always chops but rake still bites. In a single-hand view, putting more money into a raked pot can be locally unattractive. Across repeated occurrences the same spot raises a commitment questi
AI 资讯
Tests Pass, Design Breaks: Why TDD Can't Hold the Line on Design Intent
There is a popular misconception that if you do TDD, your design also stays correct. That if the tests pass, quality is guaranteed. In AI-assisted development, this misconception is the kind that quietly accumulates — the more tests you have, the more invisible damage builds up underneath. All tests passed. The design was still broken. Here is what happened today. A function called safe_post.py had its signature changed. Two arguments — notify_sh and doctor_sh — were removed. The test suite passed in full. But the callers were still using the old signature. They were silently broken. Why did the tests pass? Because the test code itself was using the old signature. The tests had been written (by AI) at a time when the design intent was already misunderstood. The misunderstanding was baked into the tests from the start. Tests passing and the design being correct are two different things. "All tests pass" tells you only one thing: the implementation matches what the tests expect. Whether the tests express the right design intent is a separate question. TDD verifies "implementation against tests" — nothing more Let me restate the TDD definition. Red → Green → Refactor. Write a test. Write the implementation that passes the test. Refactor. In this loop, what the test verifies is whether the implementation meets the test's expectation. That is one verification — and only one. What TDD does not verify is whether the test itself correctly expresses the design intent. The structure looks like this: Design intent → Tests (← this link is not verified) ↓ Implementation (← this link is verified by tests) If the person writing the tests misunderstands the design intent, the tests will pass and the design will still be wrong. Machine learning engineer Hamel Husain calls this the "Gulf of Specification" — the gap between what you intended to measure and what your metric actually measures. Optimize hard against a flawed metric and you optimize hard in the wrong direction. The same d
AI 资讯
Post-Mortem Best Practices That Actually Drive Change
The Post-Mortem Nobody Learns From I've sat through hundreds of post-mortems. Most follow the same pattern: something breaks, someone writes a Google Doc, we have a meeting, we list action items, nobody follows up, the same thing happens again in 3 months. Here's how to break the cycle. The Blameless Culture Trap "Blameless" doesn't mean "actionless." The biggest failure mode I see is teams that use blameless culture as an excuse to avoid accountability. Blameless means: we don't punish the person who pushed the bad deploy. Blameless does NOT mean: nobody is responsible for fixing the systemic issue. My Post-Mortem Template # Incident: [SERVICE] [SYMPTOM] on [DATE] ## Impact - Duration: X minutes - Users affected: N - Revenue impact: $X - SLO budget consumed: X% ## Timeline (UTC) - HH:MM - First alert fired - HH:MM - On-call acknowledged - HH:MM - Root cause identified - HH:MM - Fix deployed - HH:MM - Service recovered - HH:MM - All-clear declared ## Root Cause [2-3 sentences. Technical but readable.] ## Contributing Factors 1. [Factor that made the incident possible] 2. [Factor that made detection slow] 3. [Factor that made resolution slow] ## What Went Well - [Something that worked] - [Something that helped] ## What Went Wrong - [Process failure] - [Technical gap] ## Action Items | Action | Owner | Priority | Due Date | Status | |--------|-------|----------|----------|--------| | ... | ... | P1/P2/P3 | ... | Open | ## Lessons Learned [1-2 paragraphs of genuine insight] The Action Item Problem Action items from post-mortems have a 30% completion rate industry-wide. That's terrible. Here's why: Too many items (I've seen post-mortems with 15 action items) No clear ownership No deadline No follow-up mechanism Competing with feature work The Fix: Three Rules Rule 1: Maximum 3 action items per post-mortem. If you can't narrow it to 3, you haven't identified the real problems. Rule 2: Every action item gets a JIRA ticket linked to the next sprint. Not "someday." Not "bac
AI 资讯
OTP Verification in Playwright Without Regex
Most guides to OTP testing in Playwright include a function that looks something like this: function extractOtp ( emailBody : string ): string { const patterns = [ / \b(\d{6})\b / , /code [ : \s] + (\d{4,8}) /i , /verification [ : \s] + (\d{4,8}) /i , /OTP [ : \s] + (\d{4,8}) /i , ]; for ( const pattern of patterns ) { const match = emailBody . match ( pattern ); if ( match ) return match [ 1 ]; } throw new Error ( ' OTP not found in email body ' ); } This function is fragile. It breaks when the email template changes. It returns false positives when the email body contains order IDs or timestamps. It requires you to maintain regex patterns for every email provider your app might use. There is a better way. The Problem with Regex OTP Extraction When your app sends a verification email, the OTP is buried somewhere in the HTML body. To extract it you need to: Fetch the raw email body Parse HTML or plain text Apply regex patterns that match your specific email format Handle edge cases — 4-digit vs 6-digit codes, codes in tables, codes in buttons Every time your email provider changes their template, your regex breaks. Every time you add a new auth provider, you write new patterns. It is maintenance overhead that compounds forever. The right place to extract the OTP is at the infrastructure layer — before the email even reaches your test suite. How ZeroDrop Extracts OTPs at the Edge ZeroDrop catches emails at Cloudflare's edge before storing them. When an email arrives, the worker runs OTP detection on the body and stores the result as a structured field alongside the raw email. By the time your test calls waitForLatest() , the OTP is already extracted and sitting in email.otp . No regex. No HTML parsing. No maintenance. const email = await mail . waitForLatest ( inbox ); email . otp // "847291" — already extracted Setup npm install zerodrop-client No API key. No signup. No environment variables. Basic OTP Test import { test , expect } from ' @playwright/test ' ; import
AI 资讯
When Old Things Take On New Meaning in the Age of AI (Bite-size Article)
Introduction — On What I've Been Writing for Years This is a follow-up to my previous post on Claude and MCP . Just sharing some recent thoughts. Personally, I've always enjoyed keeping records and analyzing my own work. So for years, I've been logging my daily tasks, jotting down thoughts, hesitations, and impressions in notes. I've drawn on these records for reviews, analysis, and decisions on various projects. The tools have shifted over time — Evernote, Notion, Logseq, Taskuma, and so on — but the habit itself, of writing notes into some app or tool, has stayed with me for years. What Happened with MCP I recently wrote about connecting Notion and Google Docs through MCP, and the results have surprised even me. I won't repeat the details here since they're in that post, but ever since I introduced MCP, the flow of information has accelerated dramatically. In particular, I'd been accumulating reviews, task management notes, and brainstorms in Notion for years, and letting Claude read all of this has shifted the meaning of what I'd previously written. When I first started recording in Notion, it never occurred to me that it might be useful to AI. Of course — I had no way to imagine a time when AI would become this close to everyday life, used in this way. I was just writing for plain, analog reasons — "so I could look back later," "so I could organize my own thinking." But the moment MCP made it all readable, the feeling shifted. It's as if my past self comes forward to help my current self. Claude answers my current questions while drawing on the reasoning behind old project decisions, or on impressions I'd noted at the time. I've had moments like that more than once now. Thinking about it: the human brain's memory has limits — even the person who wrote something forgets it quickly. That's why I kept taking notes, leaving behind my thoughts and conclusions at each point in time as a record. And now, in the flow of conversation, AI reads from those records, distill
AI 资讯
Your cloud keys should not exist
Most cloud platforms that need access to your infrastructure start with the same onboarding step: paste in a service account key. Or an access key and secret. Or a JSON blob you downloaded from the console and definitely should not be emailing to yourself. You paste it in. The platform stores it. You hope they encrypted it. You hope they rotate it. You hope nobody on their team can read it. You move on with your day and try not to think about it. We built Zero — b0gy's platform for engineering truth — around a different premise. For cloud infrastructure access — GCP and AWS — we don't store credentials at all. The platform connects to your projects and accounts using short-lived, federated identity tokens that are minted on demand and expire in minutes. There is nothing to leak because there is nothing stored. Not every integration can work this way. GitHub, Slack, and Jira use OAuth, which means we do hold tokens for those services. But for the highest-risk connections — the ones with read access to your entire cloud infrastructure — keyless was a hard requirement. This is the first post in a three-part series about building Zero. We're starting here because the connector model shaped everything else. Why stored secrets are the wrong default The argument for storing a service account key is convenience. You paste it once, the platform can access your cloud whenever it needs to. Simple. The argument against it is longer. A stored secret is a liability that compounds over time. The moment you paste a GCP service account key into a third-party platform, you've created a credential that is valid indefinitely, scoped to whatever permissions you granted, and stored in a system you don't control. If that platform gets breached — or if an employee with database access gets curious — that key works until someone revokes it. And nobody revokes it, because nobody remembers it exists. This isn't theoretical. The GitGuardian 2026 report found 28.65 million hardcoded secrets pus
AI 资讯
Manage Sensitive Data In Application Code | 🏗️ Build A Secure Configuration Service
Exam Guide: Developer - Associate 🏗️ Domain 2: Security 📘 Task 3: Manage Sensitive Data In Application Code Managing Sensitive Data In Application Code is about keeping secrets out of your code, classifying data properly, and building applications that handle sensitive data safely. You need to know when to use Secrets Manager vs Parameter Store, how to mask PII in API responses and logs, and how to isolate data in multi-tenant applications. The ability to choose the right secret management service, implement data sanitization, and enforce tenant-level data boundaries, is vital. 📘Concepts Data Classification Understand data sensitivity levels and how each should be handled: Classification Examples Handling Requirements PII (Personally Identifiable Information) Name, email, SSN, phone number, address Encrypt at rest and in transit, mask in logs and API responses, restrict access PHI (Protected Health Information) Medical records, insurance IDs, lab results HIPAA compliance, encryption required, audit trail mandatory Financial Credit card numbers, bank accounts, transaction data PCI DSS compliance, tokenization, never store full card numbers Public Marketing content, public API docs No special handling needed 💡 If a scenario mentions compliance or audit trail , think encryption with KMS (for CloudTrail logging) and Secrets Manager (for automatic rotation). If it mentions PII in logs , think data masking and sanitization. Secrets Manager vs SSM Parameter Store Both store configuration and secrets. Feature Secrets Manager SSM Parameter Store Automatic rotation Yes (built-in for RDS, Redshift, DocumentDB) No (you build it yourself with Lambda) Cost $0.40/secret/month + $0.05 per 10,000 API calls Free (Standard tier), $0.05/advanced parameter/month Cross-account access Yes (via resource policy) Yes (advanced parameters only) Max size 64 KB 4 KB (Standard) / 8 KB (Advanced) Versioning Automatic (AWSCURRENT, AWSPREVIOUS labels) Yes (version history) Encryption Always encrypt
AI 资讯
TMX: The open standard AI agent memory has been waiting for
TMX: The open standard AI agent memory has been waiting for The problem no one talks about: your agent's memories are prisoners. If you build an AI agent today using Mem0, your memories are locked in Mem0. Switch to Zep? You lose everything. Move to a new framework? Start from zero. This is exactly the problem email had in 1970. Every system had its own format. You couldn't send an email from one system to another. Then SMTP was invented. And email became universal. Today I'm publishing TMX v0.1 — the SMTP of AI agent memory. What is TMX? TMX (Truvem Memory eXchange) is an open, model-agnostic JSON format for storing, exporting, and importing AI agent memories across any platform, framework, or provider. It looks like this: { "tmx_version" : "0.1" , "exported_at" : "2026-06-26T20:00:00Z" , "source" : "truvem" , "agent_id" : "my-agent" , "memories" : [ { "id" : "550e8400-e29b-41d4-a716-446655440000" , "content" : "User prefers dark mode and concise responses" , "created_at" : "2026-06-01T08:30:00Z" , "updated_at" : "2026-06-01T08:30:00Z" , "expires_at" : null , "tags" : [ "preference" , "ui" ], "source_model" : "gpt-4o" , "metadata" : {} } ] } That's it. Plain JSON. Human-readable. Portable. Why this matters Right now, the AI agent ecosystem is exploding. Every week there's a new memory provider, a new framework, a new cloud service. But every one of them uses a proprietary format. This means: Developers are locked to their first choice forever Agent memories can't travel between clouds Switching providers = losing everything your agent learned This is the biggest hidden tax in the agentic AI stack. TMX fixes it with a single open spec that anyone can implement — for free, with no approval needed. The 5 core principles 1. Open — No license required. Implement TMX in any product, commercial or otherwise. 2. Model-agnostic — Works with GPT-4, Claude, Gemini, Mistral, Llama, or any future model. 3. Framework-agnostic — LangChain, CrewAI, Mastra, AutoGen — doesn't matter
AI 资讯
AI Automations for Local Service Businesses: What Actually Works
Everyone is selling AI to small businesses right now. Most of it is hype. But some of it is genuinely useful — and knowing the difference can save you thousands in wasted tooling. I run a small agency in Stuttgart that builds websites and automations for local service businesses: coaches, doctors, beauty studios, consultants. Here's what actually moves the needle for them in 2025. What "AI Automation" Actually Means for Small Businesses Forget the generic pitch. For a local service business, AI automation is useful in exactly three places: Client communication at scale — responding to inquiries 24/7 without hiring a receptionist Reducing admin time — intake forms, follow-ups, reminders, invoicing triggers Content creation — but only as a speed boost, not a replacement for your voice Anything beyond that is usually overkill for a business under 10 employees. The One Automation Every Service Business Should Have Automated follow-up after initial contact. Here's the typical flow without automation: Client fills out contact form You see it 4 hours later You write a reply If you're busy, it takes a day Client has already booked elsewhere With automation: Client fills out form Immediate confirmation email ("Got your message, here's how to book a slot") Link to booking calendar You're notified. If they don't book in 48h, a follow-up email goes out automatically This alone converts 20-40% more inquiries into booked clients. No AI model needed — just a simple workflow in n8n, Make, or Zapier. Where LLMs Actually Help Language models (ChatGPT, Claude, etc.) are genuinely useful for small businesses in these areas: Intake Forms → Personalized Responses A coaching client fills out a detailed intake form. Normally, you'd spend 20 minutes reading it and writing a personalized welcome email. With a simple LLM integration: Intake form submitted Webhook fires to n8n LLM reads the form, generates a personalized summary + welcome You review it in 30 seconds and hit send Same personal
AI 资讯
How We Actually Measure Whether an LLM's Output Is Good - BLEU, COMET and BLEURT
Hello, I'm Shrijith Venkatramana. I'm building git-lrc, an AI code reviewer that runs on every commit. Star Us to help devs discover the project. Do give it a try and share your feedback for improving the product. An AI model writes a paragraph. It sounds fluent. It looks convincing. But how do you know whether it's actually good? This deceptively simple question has occupied researchers for more than two decades. Long before ChatGPT, machine translation researchers faced exactly the same problem. Human evaluation was expensive, inconsistent, and painfully slow. If every new model required thousands of humans to compare translations, research would crawl. That necessity gave rise to BLEU , one of the most influential evaluation metrics in AI history. Years later, as language models became better at paraphrasing and reasoning, BLEU started to show its age. Researchers responded with learned metrics like BLEURT and COMET , which use neural networks to judge language much more like humans do. Interestingly, this mirrors software engineering itself. We first wrote simple unit tests, then integration tests, and today we increasingly rely on sophisticated observability systems. Evaluation metrics for LLMs have undergone a similar evolution. Let's see why. Before BLEU: The Evaluation Bottleneck Imagine you're building Google Translate in 2001. Every time your team improves the model, someone has to read thousands of translated sentences and score them. Suppose a single sentence pair takes only 20 seconds to judge. Evaluating 50,000 sentences would require nearly 280 human-hours . Now imagine dozens of experiments every week. Evaluation—not training—quickly becomes the bottleneck. Researchers at IBM, led by Kishore Papineni , introduced BLEU (Bilingual Evaluation Understudy) in 2002 to automate this process. Their idea was surprisingly simple: If a machine translation resembles what professional translators write, it's probably good. This became one of the most cited papers
产品设计
System Design for Working Engineers, Not Interview Prep
Originally published at malaymehta.com The Interview Trap If you look at most system design tutorials, you get an extreme use case. Design Twitter. Design YouTube. Scale it to a billion users. Draw boxes on a whiteboard for 45 minutes. Do you think your app will be used by a billion users on day one? The answer is almost always no. But the tutorials don't teach you what to do when you have 500 users, unclear requirements, a team of four, and a quarter to ship something that works. Real system design is nothing like a whiteboard interview. You don't get clean requirements, you don't design from scratch, and nobody asks you to handle a billion requests per second on day one. Real System Design Starts with Questions, Not Diagrams The very first thing that matters in system design is something most tutorials skip entirely: unclear and chaotic requirements. In the real world, requirements don't come as a clean problem statement. They come from non-technical business teams, and you need to navigate through cross-questions to get all the clarity you need. Ask as many questions as possible. Understand your functional and non-functional requirements. Which features need to be synchronous and which can be async? What are the read and write load patterns? What is the maximum and average number of concurrent users right now? What does authentication look like? Do you need role-based access control? These questions drive your choices. You don't always need an axe where a knife will do. Being minimalist with a reasonable growth prediction and a 3, 6, 9 month plan will take you in the right direction. There will be things the situation demands immediately but would take more time than expected. Taking a predictable hit now and fixing it at the right future time without missing that balance is truly important. Weighing what will be expensive to change later, in terms of dollar cost or human effort, is how real architectural decisions get made. Pushing Back on Bad Requirements Many