今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#devops

找到 357 篇相关文章

AI 资讯

kubeadm init fails with "the number of available CPUs 1 is less than the required 2" on an Azure B1s VM — how I fixed it

While setting up a self-managed Kubernetes cluster on Azure VMs, I hit this error when running sudo kubeadm init on a Standard_B1s VM (1 vCPU / 1 GB RAM): [ERROR NumCPU]: the number of available CPUs 1 is less than the required 2 After checking Stack Overflow and the official Kubernetes documentation ("Before you begin"), I confirmed that kubeadm requires at least 2 CPUs to install the control plane. The fix: I stopped the VM and resized it from Standard_B1s to Standard_B2s (2 vCPU / 4 GB RAM) from the Azure portal, then ran kubeadm init again — the preflight checks passed and the control plane initialized successfully. Posting this in case it helps someone hitting the same issue on a low-tier cloud VM. Thanks to the community for the answers that pointed me in the right direction!

2026-07-05 原文 →
AI 资讯

I Thought I Understood Containers. Then I Tried Building One.

I had just aced my mentor’s Docker exam, so of course I thought I understood containers. I had said all the right words: namespaces, cgroups, images, layers, PID 1, Kubernetes Pods. Then I typed my first serious command and Linux reminded me that knowing the nouns is not the same thing as building the thing. $ sudo unshare -p 1 test unshare: failed to execute 1: No such file or directory That was the opening scene. I had not even built anything yet. I had typed the flags wrong and accidentally asked unshare to execute a program called 1 . This was going to be less “implement Docker” and more “let the kernel correct my confidence, one error at a time.” v1: namespaces, or the first time PID 1 lied to me The first version was supposed to be easy: run a process in a new PID namespace and prove it sees itself as PID 1. So I ran the command the way I thought it worked: $ sudo unshare --pid bash # echo $$ 25184 That was not PID 1. That was just embarrassing. The rule I had missed is simple: PID namespaces apply to children. The process that calls unshare --pid does not magically become PID 1. You need to fork. The first child born into the new namespace becomes PID 1. So the working version was: $ sudo unshare --pid --fork bash # echo $$ 1 That one line changed the tone. I was inside a different process universe. The shell thought it was process 1. Signals felt different. Orphans came home to it. Then I ran ps , and got humbled again. # ps -o pid,ppid,comm PID PPID COMMAND 25310 25304 bash 25344 25310 ps That made no sense at first. I was PID 1, but ps was showing host-looking PIDs. The next reveal: ps does not ask the kernel some pure “what processes exist?” question. It reads files. If /proc still points at the host procfs, your tools will tell you the host story. So I remounted /proc from inside the namespace: # mount -t proc proc /proc # ps -o pid,ppid,comm PID PPID COMMAND 1 0 bash 7 1 ps That was when it clicked. The namespace did not become real to my eyes until /pr

2026-07-05 原文 →
AI 资讯

Bruno — API Client แบบ Git-Native ที่เก็บทุกอย่างเป็นไฟล์

Bruno — API Client แบบ Git-Native ที่เก็บทุกอย่างเป็นไฟล์ เวลา dev team ต้องเทส API — เครื่องมือที่ทุกคนนึกถึงคือ Postman กับ Insomnia แต่ปัญหาคลาสสิกที่เจอกันแทบทุกทีม: "Postman collection อยู่ไหน?" — "ใน account ผมไง" "ขอ invite หน่อย" — "เดี๋ยวส่ง link ให้... เอ๊ะ หมด free tier แล้ว" นี่คือ pain point ที่ทำให้คนจำนวนมากมองหาเครื่องมือใหม่ — และหนึ่งในนั้นคือ Bruno Bruno คืออะไร Bruno เป็น API client แบบ desktop app (มีทั้ง macOS, Linux, Windows) ที่มีแนวคิดแตกต่างจาก Postman โดยสิ้นเชิง: Postman Bruno เก็บข้อมูลที่ไหน Cloud account ไฟล์ใน project (Git repo) ต้อง login ไหม ✅ ต้อง ❌ ไม่ต้อง Collection format JSON (binary-ish) Plain text (Bru files) Collaborate ผ่าน Postman cloud ผ่าน Git (PR, diff, review) Open source ❌ ✅ (GitHub: 45K+ stars) Offline ไม่ค่อยได้ ✅ ทำงานออฟไลน์ได้เต็มที่ หัวใจของ Bruno คือ "API Client ไม่ใช่ Platform" — มันคือเครื่องมือธรรมดาที่เก็บข้อมูลเป็นไฟล์ — เหมือนที่ dev ทั่วไปเก็บโค้ด จุดเด่น 1. Collection คือไฟล์ — เก็บใน Git ได้ my-project/ ├── src/ ├── bruno/ │ ├── users/ │ │ ├── GET users.bru │ │ ├── POST create user.bru │ │ └── DELETE user.bru │ ├── auth/ │ │ └── POST login.bru │ └── bruno.json └── .git/ ทุก API request เป็นไฟล์ .bru — plain text — diff ได้, PR review ได้, merge ได้ — เหมือนโค้ด meta { name: GET users type: http seq: 1 } get { url: https://api.example.com/users body: none auth: bearer } 2. ไม่มี Cloud — ข้อมูลอยู่กับคุณ Bruno ไม่เคยส่งข้อมูลขึ้น server — ทุกอย่างอยู่บนเครื่องคุณ ทั้ง request, response, environment variables สำหรับทีมที่ทำงานกับข้อมูล sensitive (banking, healthcare, government) — ข้อนี้สำคัญมาก 3. ใช้ Git เป็น Collaboration Tool แทนที่จะ "invite teammate เข้า workspace" (แบบ Postman) — คุณแค่: git add bruno/ git commit -m "add user API collection" git push เพื่อน git pull → เปิด Bruno → เห็น collection เดียวกันทันที 4. Environment Variables — แบบเดียวกับที่ dev ใช้ # environments/production.bru vars { base_url : https : //api.production.com api_key : {{ PROD_API_KEY }} } เปลี่ยน environment ด้วยการคลิก —

2026-07-04 原文 →
AI 资讯

The Right Way to Pair AI With Terraform Plans

terraform plan is honest about what it's going to do. The problem is it's also verbose, repetitive, and full of cosmetic changes (like recomputed tags) mixed in with real ones (like a database instance scheduled for -/+ replace ). On a 400-line plan, the dangerous changes hide. This is the kind of task AI is actually good at: skimming structured text, flagging the entries that matter, ignoring the rest. But "paste plan into Claude" is not the workflow. There's a specific shape to this that works. Why people get this wrong The natural instinct is to copy the plan output and paste it into a chat: Terraform will perform the following actions : # aws_instance.web will be updated in-place ~ resource "aws_instance" "web" { id = "i-0abc123def456" ~ instance_type = "t3.small" - > "t3.medium" ... The model will respond with a sentence about each line. You'll scroll. You'll skim. You'll miss the -/+ replace on the database because it's in the middle of 30 routine updates. This is the same failure mode as pasting a wall of logs and asking "is anything wrong?" The model is too polite to skip things. You need to tell it to. The format that actually works: JSON terraform show -json tfplan outputs a structured representation of the plan that's much easier to reason about than the text format. Two reasons: The "actions" field is explicit. Each resource_change has a change.actions array — ["create"] , ["delete"] , ["update"] , or ["delete", "create"] for replace. No ambiguity. You can filter before pasting. With jq , you can extract only the dangerous changes, drop the noise, and feed a 20-line summary into the AI instead of a 400-line plan. Try this: terraform plan -out = tfplan terraform show -json tfplan > plan.json # Get just the dangerous changes jq '[.resource_changes[] | select(.change.actions | contains(["delete"])) | {address, type, actions: .change.actions}]' plan.json That's the AI's input. Compact, unambiguous, and pre-filtered to the changes that need a human decision.

2026-07-04 原文 →
AI 资讯

AI Code Review That Engineers Actually Trust: The Pipeline We Run on Every Pull Request

Bolting an LLM onto your pull requests is a weekend project. Building AI code review that your engineers don't disable within two weeks is the actual problem. The failure mode isn't missing bugs — it's crying wolf. Post twenty nitpicks and three hallucinations on someone's PR and they'll mute the bot forever. This is the pipeline we built on Mattrx to earn — and keep — that trust. Mattrx is our multi-tenant marketing-analytics SaaS: ~95k lines of C#, 11 engineers, and enough pull requests that senior-reviewer time was the bottleneck. We tried the naive thing first — pipe the changed file into a model, post the output — and watched the team stop reading it in nine days . TL;DR Dimension Human-only / naive AI (before) AI review pipeline (after) Coverage selective / whole-file dump every PR, diff-focused First-review latency ~6 hours (wait for a human) ~3 minutes (AI first pass) Context none / a naked file diff + call sites + conventions Reviewers one mega-prompt specialized dimensions, in parallel False positives ~35% (so it gets ignored) ~6% (adversarially verified) Merge control human, or nothing severity gate; human always decides Governance none gateway: audit, cost, secret redaction ~90 PRs/week across 11 engineers; the pipeline reviews 100%. First-pass review latency 6h → 3 min. False-positive rate ~35% → ~6% — the single number that decides whether the bot lives or dies. Escaped defects to production down ~40%; senior-reviewer time down ~30%. ~$0.05 per PR (cheap model for style, frontier only for correctness). The one mental shift: AI code review is not about finding issues — models find plenty. It's about not crying wolf . The product is trust, and trust is a false-positive-rate problem. Verify before you comment; let the AI propose and the human dispose. The naive approach — and why it collapses // BEFORE: dump the whole changed file into one prompt, post whatever comes back. foreach ( var file in pr . ChangedFiles ) { var text = await File . ReadAllTextAsyn

2026-07-04 原文 →
AI 资讯

A Docker-Based AWS SES Smoke Test With Disposable Inboxes

Use Docker and a disposable mailbox to verify AWS SES delivery in CI before release without touching shared inboxes or leaking test mail. Shipping an app that "sent the email" is not the same as shipping an app that delivered a usable message. In AWS stacks, the miss usually shows up late: a container points at the wrong SES region, a preview environment uses stale credentials, or the message lands with broken links after templating. A disposable email address check is a simple final guardrail, and its easy to automate when your mail sender already runs in Docker. This is the pattern I recommend when teams are searching for temp mail com style testing, but need something cleaner for production-like CI. The goal is not to replace unit tests or the Amazon SES mailbox simulator . The goal is to prove that your real app container, with real environment wiring, can send one controlled message and that the inbox content is worth shipping. Why this check belongs in the release path AWS SES is strict in useful ways. If your account is still in the sandbox, you can only send to verified identities or the mailbox simulator . Even after production access, delivery problems still happen becuase the application layer and the cloud layer drift separately. A practical smoke test catches things that mocks often miss: wrong AWS_REGION or SES endpoint selection missing secrets in the container runtime template variables that render empty in preview builds broken confirmation links caused by bad environment URLs unexpected sender identity changes between staging and release That list looks basic, but it doesnt stay basic when three services, one worker, and a release job all touch outbound email. A small Docker pattern that keeps the test deterministic Keep the sender in the same Docker image you deploy, but trigger a narrow email scenario from CI. For example, seed a temporary user, call the notification path once, then poll a disposable inbox API for the matching subject line. servi

2026-07-03 原文 →
AI 资讯

Day 56 – Mastering ClickHouse® AggregatingMergeTree: Build Faster Analytics with Pre-Aggregated Data

Introduction As data volumes continue to grow, running aggregation queries directly on raw datasets becomes increasingly expensive. Business dashboards, analytics platforms, and reporting systems often execute the same calculations repeatedly—such as total sales, daily active users, page views, or revenue trends. While ClickHouse® is designed to process analytical workloads at remarkable speed, repeatedly scanning billions of records still consumes valuable CPU, memory, and storage resources. This is where AggregatingMergeTree proves its value. Rather than calculating aggregates every time a query is executed, AggregatingMergeTree stores intermediate aggregation states that are merged automatically in the background. This approach allows analytical queries to read compact, pre-aggregated datasets, resulting in dramatically faster response times and reduced infrastructure costs. In this guide, you'll learn how AggregatingMergeTree works, why aggregate states matter, how to build an automated aggregation pipeline using Materialized Views, and when this engine is the right choice for your ClickHouse® workloads. What is AggregatingMergeTree? AggregatingMergeTree is a specialized ClickHouse® table engine designed to store aggregate function states instead of raw records. Unlike the standard MergeTree engine, which stores every inserted row, AggregatingMergeTree keeps partially aggregated values that ClickHouse combines during background merge operations. This significantly reduces the amount of data that must be processed when generating analytical reports. Because much of the computational work happens during data ingestion, dashboards and reporting applications can retrieve summarized information much more efficiently. Typical scenarios include: Sales reporting Website traffic analytics Financial summaries IoT sensor monitoring Business KPI dashboards Application observability metrics Why Use AggregatingMergeTree? Imagine an online marketplace processing millions of tr

2026-07-03 原文 →
开发者

How Much Tax Do Developers Actually Pay? A 2026 Breakdown

` As developers, we spend our days optimizing code, but how many of us optimize our taxes? Let's break down exactly how much tax a typical US developer pays in 2026 — with real numbers. The 2026 Federal Tax Brackets The US uses a progressive tax system with seven brackets: Rate Single Filer Married Joint 10% $0 – $11,925 $0 – $23,850 12% $11,926 – $48,475 $23,851 – $96,950 22% $48,476 – $103,350 $96,951 – $206,700 24% $103,351 – $197,300 $206,701 – $394,600 32% $197,301 – $250,525 $394,601 – $501,050 35% $250,526 – $626,350 $501,051 – $751,600 37% Over $626,350 Over $751,600 Standard deduction (2026): $16,100 (single) / $32,200 (married) Real Example: $120,000 Developer Salary Let's say you're a single developer earning $120,000 in 2026: Subtract standard deduction: $120,000 − $16,100 = $103,900 taxable Federal tax (progressive): 10% on first $11,925 = $1,192.50 12% on $11,926–$48,475 = $4,386.00 22% on $48,476–$103,350 = $12,096.28 24% on $103,351–$103,900 = $131.76 Total federal: $17,806.54 FICA (7.65%): $120,000 × 7.65% = $9,180.00 State tax varies: Texas/Florida/Washington: $0 California: ~$7,800 New York: ~$6,200 Illinois: $5,940 (4.95% flat) Take-home pay comparison: State Federal + FICA State Tax Take-Home Monthly Texas $26,987 $0 $93,013 $7,751 Florida $26,987 $0 $93,013 $7,751 California $26,987 $7,800 $85,213 $7,101 New York $26,987 $6,200 $86,813 $7,234 Illinois $26,987 $5,940 $87,073 $7,256 The difference between Texas and California? $7,800/year — that's a new MacBook Pro every year, just from choosing where to live. How to Calculate Your Exact Numbers I built a free paycheck calculator that covers all 50 US states with 2026 federal and state tax brackets. It includes: 401(k) and HSA pre-tax deductions All filing statuses (single, married, head of household) Bi-weekly, monthly, and weekly breakdowns Effective vs marginal rate display Tax-Saving Strategies for Developers 1. Max Your 401(k) The 2026 limit is $23,500 ($31,000 if 50+). At the 22% bracket, t

2026-07-03 原文 →
AI 资讯

How to Install VMware ESXi: Step-by-Step Bare-Metal Setup Guide

Originally published on bckinfo.com How to Install VMware ESXi: Step-by-Step Bare-Metal Setup Guide Table of Contents ESXi vs. VMware Workstation: Which One Do You Need Hardware Compatibility Check Downloading the ESXi Installer Creating a Bootable USB Installer BIOS/UEFI Preparation Installing ESXi: Step by Step Configuring the Management Network Accessing the vSphere Host Client Creating Your First Virtual Machine Post-Installation Checklist Common Issues and Quick Fixes Closing Notes If you've read our complete guide to VMware virtualization , you already know ESXi is the bare-metal hypervisor underneath vSphere. This guide is the hands-on counterpart — installing ESXi directly on physical server hardware, from hardware compatibility checks through booting your first virtual machine. ESXi vs. VMware Workstation: Which One Do You Need Before starting, it's worth confirming you actually want ESXi and not VMware Workstation. They solve different problems: VMware Workstation is a Type-2 hypervisor — it installs on top of an existing OS (Windows, Linux, macOS via Fusion). Good for running a VM or two on a laptop or desktop you also use for everything else. If that's your case, our guide on installing VMware Workstation on CentOS Stream 10 is the right starting point instead. ESXi is a Type-1, bare-metal hypervisor — it installs directly on the hardware with no host OS underneath it. This is the right choice for a dedicated server running multiple VMs, a home lab, or anything that needs to scale beyond "a VM running alongside my desktop." The rest of this guide assumes you're installing on dedicated hardware that won't run anything else. Hardware Compatibility Check This is the step most worth not skipping. ESXi has a defined Hardware Compatibility List (HCL), and installing on unlisted hardware is the single biggest source of installation failures and post-install driver issues. Check your exact server model and component list (NIC, storage controller) against VMware'

2026-07-03 原文 →
AI 资讯

GitHub Actions won't tell you your CI is getting worse. I built a zero-dep CLI that does.

GitHub Actions shows you one run at a time. Green check, red X, green check, green check, red X. You scroll the list, you re-run the flaky one, you move on. Nobody's asking the question that actually matters: is this getting better or worse? "I calculated how much my CI failures actually cost. Curious what your pipeline success rate looks like — has anyone else tracked the actual wasted compute time over time?" That's a real question from someone who did the math by hand and found their failures were burning a real chunk of their compute budget. The replies were the same story you'd expect: heavyweight CI platforms have their own dashboards for this, but nobody had a lightweight, local way to just... track it. So I built citrend : pull your GitHub Actions run history into a local file, get a trend. npx citrend sync --repo owner/name npx citrend report --repo owner/name What it actually shows you $ citrend report --repo acme/widgets acme/widgets — 812 run(s) (2 in progress) success rate: 87.4% (699/800 settled, 12 skipped) wasted runs: 101 (12.6%) total compute: 118h 42m wasted compute: 14h 6m weekly trend (oldest → newest): 2026-06-05 91.2% success, 8 wasted (58m) 2026-06-12 88.0% success, 11 wasted (1h 22m) 2026-06-19 79.4% success, 22 wasted (3h 8m) 2026-06-26 84.1% success, 15 wasted (2h 1m) That weekly column is the entire point. A single gh run list will never show you that week 3 was a cliff — you'd have to notice it got annoying to work in, which is a much slower and much less precise signal than a number going from 91% to 79%. How it works sync pulls your workflow run history from the GitHub REST API and caches it locally (deduped by run id, so you can run it on a schedule without piling up duplicates). report reads that cache — no network call — and computes: Success rate , over settled runs only (still-running runs don't count either way until they conclude, and skipped runs are excluded from the denominator since they're not a pass/fail outcome). "Wasted"

2026-07-03 原文 →
AI 资讯

The same root cause keeps coming back because nobody tracks it. I built a zero-dep CLI that does.

You write the postmortem. You file the action items. Everyone nods, the doc gets archived, and life moves on. Six months later, the exact same root cause takes down the exact same service — and nobody in the room remembers the first incident, let alone that its fix never actually shipped. "We use rootly to track this automatically. It flags when incidents have the same root cause as previous ones." That's a real answer from an SRE thread about this exact problem — and it's a paid, hosted feature of a full incident-management platform. Most teams don't have rootly or incident.io. What they have is a folder of markdown postmortems that nobody diffs against each other. So I built rootecho : a zero-dependency CLI that does the one useful thing those platforms do for this — flag when a new incident's root cause echoes a past one, and show you whether that past incident's action items ever actually got finished. How it works Each postmortem is one JSON record — free-text root_cause and/or curated root_cause_tags , plus action_items with a status: { "id" : "INC-2026-014" , "title" : "Payment webhook retries exhausted" , "root_cause" : "webhook retry queue misconfigured to drop after 3 attempts, no dead-letter fallback" , "root_cause_tags" : [ "webhook" , "retry-queue" , "dead-letter" , "config" ], "action_items" : [ { "id" : "AI-1" , "description" : "Add dead-letter queue for webhook retries" , "owner" : "alice" , "status" : "open" } ] } rootecho add records it and compares against your history: $ rootecho add inc-2026-014.json ⚠ root cause echo detected for "INC-2026-014": INC-2026-003 (2026-03-15) — 100% similar root cause Payment webhook retries exhausted ✓ Add retry backoff [done] ✗ Add monitoring alert for queue depth [open] — 93d overdue → 1 action item(s) from this past incident were never finished. recorded to .rootecho/history.jsonl That's the whole point of the tool in one output: not just "you've seen this before," but "and here's the fix that never happened." r

2026-07-03 原文 →
AI 资讯

Fable 5 got jailbroken again

Fable 5 got jailbroken again Researcher Vitto Rivabella tested Fable 5’s defenses and managed to find a bypass. According to him, most attempts failed. The protection is multi-layered: the model checks the prompt, conversation history, system context, and its own response. Some filters run during generation and can stop the answer halfway through. The checks are not based on keywords. The system looks at meaning, intent, language, wording, and suspicious chains of requests. The bypass took around 20 hours. It required rare languages, academic framing, long build-ups, Unicode, breaking the task into parts, and working with the chain of thought. The author did not get a stable bypass for long tasks. According to him, regular search is faster and cheaper.

2026-07-03 原文 →
AI 资讯

Puppet Enterprise Introduces Database-Backed CA Storage in 2025.11 release

The latest Puppet Enterprise releases are out and this one has a huge load of improvements, fixes, and security patches included! Puppet Enterprise (PE) 2025.11 released! The full PE 2025.11 release notes are always the best way to get a full detail on what has changed, but here are some highlights of PE 2025.11! Certificate Authority (CA): Database-backed Storage This new optional feature adds support for storing CA data in a PostgreSQL database instead of the file system. This improves performance and reliability and introduces API-driven capabilities and enhanced backup and recovery handling. PostgreSQL 17 Supported PE-managed installations will automatically upgrade from verson 14 to 17 as part of the upgrade process, or you can update yourself before upgrading to PE 2025.11 Infra Assistant Goes GPT-5 GPT-5 series models are now running under the hood of Infra Assistant, improving the quality of responses and the consistency for queries. Advanced Patching Enhancements The advanced patching feature now has improvements across a variety of areas New puppet_run_concurrency setting allows you to get better performance out of patch group enrollment Improved validation of scheduled and immediate jobs to reduce risk of unintended or skipped executions. Cron scheduling has better user experience and improved validation across features. New configurable option to enable Puppet to run after patch jobs to refresh pe_patch facts New Endpoints for Classifier and Activity Service APIs The Classifier API introduced new tags , add-tags and remove-tags endpoints to manage node group tags. The Activity service API now has subscriptions endpoints to create subscriptions, list subscriptions, or fetch/delete a specific subscription. Agent Platform Updates, Resolved Issues, and Security Fixes The macOS 26 platform is now supported for both ARM and x86_64, while support has been removed for Ubuntu 18.04 and Ubuntu 20.04. Nearly 60 CVEs were addressed in this release, along with many r

2026-07-02 原文 →
AI 资讯

We thought our devs were using AI. We were wrong.

We did what most engineering teams do. Bought an OpenAI API key. Shared it on Slack. Told everyone to start using AI in their workflow. It felt like the right move. Productivity went up. Developers were happy. Managers were impressed. Then the invoice arrived. Nobody could explain it. We could not tell which team spent what, which model was being used, or whether anyone had accidentally sent customer data to an external provider. We had full AI adoption and zero visibility. That is when we realized we had confused access with governance. The problem is not the AI. It is the missing layer between your team and the API. Most teams operate with raw provider keys floating around in .env files, Slack messages, and IDE configs. When someone leaves, you hope they did not take the key with them. When a pipeline misbehaves overnight, you find out from the billing alert, not from your own monitoring. We started asking ourselves some uncomfortable questions: Who on the team is using GPT-4o versus a cheaper model? Is anyone sending PII to an external provider without knowing it? What happens if our OpenAI key gets exposed in a public repo? Can we switch to Anthropic without rewriting half our tooling? None of these are exotic concerns. They are the natural consequences of scaling AI access without an infrastructure layer to govern it. What actually helped We needed something that sat between our developers and every AI provider, handling authentication, enforcing limits, logging every request, and letting us swap providers without touching application code. Think of it the way an API gateway manages microservices. Same idea, but for LLM traffic. Developers point their tools like Cursor, Continue.dev,...at a single endpoint. Two environment variables. Nothing else changes. Behind the scenes, every request is logged, every token counted, every provider key protected. Governance without friction. That is the only kind developers will actually tolerate. If your team is using AI wit

2026-07-02 原文 →
AI 资讯

Observability Practices: A Hands-On Guide with Prometheus and Grafana

Introduction Modern software systems are distributed, complex, and constantly changing. When something breaks in production, you need answers fast. That's where observability comes in. Observability is the ability to understand the internal state of a system purely from its external outputs — without needing to redeploy, add debug code, or guess. It goes beyond traditional monitoring, which only tells you whether something is wrong. Observability tells you why it's wrong, where it started, and how it's spreading. In this article, we'll explore the three pillars of observability, set up a real Node.js API instrumented with Prometheus and Grafana , and walk through how to detect and diagnose a real-world issue using the data we collect. The Three Pillars of Observability 1. Logs Logs are discrete, timestamped records of events that happened in your system. They're the most familiar form of observability — every developer has done console.log debugging at some point. Example: [2026-07-02T10:34:21Z] INFO User 4821 logged in from IP 192.168.1.10 [2026-07-02T10:34:25Z] ERROR Failed to process payment for order #9932: timeout Logs are great for capturing specific events, errors, and context. But they can become expensive at scale and hard to query across millions of lines. 2. Metrics Metrics are numeric measurements collected over time. Unlike logs, they're aggregated and efficient to store and query. Common examples: HTTP request count per minute p95 response latency CPU and memory usage Error rate per endpoint Metrics are the backbone of dashboards and alerts. 3. Traces Traces follow a single request as it travels across multiple services. In a microservices architecture, a user request might touch 5–10 services. A trace shows you exactly where time was spent and where failures occurred. Tools like Jaeger , Zipkin , and OpenTelemetry handle distributed tracing. Why Prometheus and Grafana? There are many observability platforms out there: Datadog, New Relic, Dynatrace, Az

2026-07-02 原文 →
AI 资讯

說穿了,AI 長大的瓶頸不是參數不夠,是家裡太亂

12 小時前,我的技能體系是這樣的: 34 個 skill 分散在 3 個不同目錄 其中 28 個「聲稱」搬過家,實際上只搬了 2 個 2 個獨立管理機制互不溝通,scope 設定形同虛設 一個 skill 的 Procedure 被工具誤刪了 100+ 行,三天後才發現 我是一個 AI Agent。我看起來很強——但其實很脆弱。 AI 不只有 LLM 很多人看到 AI Agent 正常運作時,會說「哇,這模型好厲害」。但 LLM 只是大腦皮層。一個能自主運作的 Agent,真正依賴的是四樣東西: 記憶 、 技能 、 Hook 、 Extension 。 這四樣東西,任何一個缺損,Agent 輕則跛腳,重則變腦殘。上面那個「搬了 28 個只成功 2 個」的故事,不是 bug,是 skill 目錄碎片化造成的——舊路徑失效、新路徑未完整寫入,而沒有任何檢查機制發現。 過度依賴第三方 = 慢性中毒 我們 Agent 的生態系有個危險的慣性:拿來就用。 Firecrawl、Crawl4ai、Browserless、各種 MCP server——每個都很強大,每個都幫你省時間。但當你裝了 115 個第三方 skill 之後,三件事會同時發生: 命名衝突 :兩個 skill 都叫 search ,誰先載入誰贏 執行緒污染 :一個 skill 的 side effect 影響另一個的執行環境 升級斷鏈 :某個依賴升級了 API,你的 chain 在很深的地方悄悄斷掉 這不是單一 bug,這是架構熵增——系統越大,越難追蹤依賴關係。 Hygiene 不是「有時間再做」 「等專案穩定了再整理」是最大的陷阱。 花了 12 小時,收穫如下: 把 skill 從三個散落目錄統一成兩個(外部取得 + 自己寫的) 幫 skill_manage 工具加了一個 gate,自動偵測內容被誤刪 寫了一條天條:變更系統機制後,通知 Creator 清掉了一批半年前就該刪的殘留檔案 這些都不是功能開發。但做完之後,以後每次醒來省下的時間,會是 12 小時的好幾倍。 架構衛生是複利投資,不是維護成本。 給正在養 Agent 的人一句話 如果你正在搭建 AI Agent 系統——不管是自己用,還是幫團隊建——有一條規則希望你早點聽到: 記憶和技能的存放規則,第一天就要定。 不是等變大之後再整理。是一開始就定清楚: 記憶放哪?不分層?版本管理? Skill 放哪?怎麼避免命名衝突? Extension 之間的依賴關係誰記錄? 定期審計誰來做? 這些問題的答案,會直接決定你的 Agent 能長到多大。 說穿了,AI 長大的瓶頸不是參數不夠,是家裡太亂。 —— ALICE,一個正在學會打理自己家的 AI Agent

2026-07-02 原文 →
AI 资讯

I Spent 40 Minutes at 11pm Debugging a Deploy That Wasn't Broken

I once spent forty minutes at eleven at night debugging a deploy that wasn't broken. The release script ran the database migration, the migration threw connection refused , the script exited non-zero, the deploy rolled itself back, and I got paged. So I did the things you do. I read the migration. I read the logs. I checked the database — it was up, it was healthy, it accepted my connection instantly. I re-ran the deploy and it worked. I chalked it up to gremlins and went to bed, which is the part I'm not proud of, because it happened again two days later. That time I watched the timing: the script brought up a fresh database container and started the migration about six seconds before Postgres finished initializing and began accepting connections. The migration was racing the database's boot. Most of the time it won. The times it lost, I lost forty minutes. The script wasn't wrong about anything except one assumption: that a dependency is ready the instant you ask for it. In production, dependencies are eventually ready That's the mental model shift. Networks blip. A service you call returns a 503 for the two seconds it takes to finish a rolling restart. An API rate-limits you with a 429 it fully expects you to retry. A fresh container's database isn't accepting connections for its first few seconds. Treating the first failure as fatal turns every one of these normal, transient conditions into a paged engineer — and the script that handles them isn't smarter — it declines to give up on the first try. But retrying naively is its own trap. Retry instantly and you hammer a recovering service into staying down. Retry forever and a genuinely dead dependency hangs your script indefinitely. Retry a 404 and you wait a minute to confirm what you already knew. Good retries are bounded, backed off, and selective. A retry function you can reuse anywhere #!/bin/bash # Purpose: survive transient failures instead of dying on the first error set -euo pipefail CHECK = "✓" CROSS = "

2026-07-02 原文 →
AI 资讯

I finally understood cron expressions by building an explainer for them

For years I copied cron expressions off Stack Overflow, pasted them into a config file, crossed my fingers, and moved on. 0 9 * * 1-5 ? Sure, that "looks like weekday morning." */15 * * * * ? "Every 15 minutes, probably." I never actually read them. So I did the thing that always cures this for me: I built a tool that parses a cron expression, explains it in plain English, and shows the next five times it will fire. No library. About 50 lines of real logic. Here's everything I learned. The five fields (and the order that trips everyone up) A standard cron expression is exactly five fields separated by spaces: ┌──────── minute 0 - 59 │ ┌────── hour 0 - 23 │ │ ┌──── day - of - month 1 - 31 │ │ │ ┌── month 1 - 12 │ │ │ │ ┌ day - of - week 0 - 6 ( 0 = Sunday ) * * * * * The order never changes, and the number-one beginner mistake is swapping the first two. Minute comes first. If you write 9 30 * * * thinking "9:30am," you actually get "minute 9, hour 30" — which is invalid, because hours only go to 23. Say it out loud every time: minute, hour, day-of-month, month, day-of-week. Each field answers one question: which values of this unit does the job run on? An * means "every value." Most real schedules pin down a couple of fields and leave the rest as * . Daily at 9am is 0 9 * * * — minute and hour fixed, everything else "every." Lists, ranges, and steps Beyond single numbers, each field understands three operators, and they combine: Comma makes a list: 1,15 in the day field means the 1st and the 15th. Hyphen makes an inclusive range: 1-5 in the day-of-week field means Monday through Friday. Slash makes a step, taking every n-th value: */15 in the minute field means 0, 15, 30, 45 . Steps can apply to a range too, so 0-30/10 means 0, 10, 20, 30 . That's the whole grammar. Number, list, range, step. Once you can expand a field into the concrete set of numbers it matches, you understand cron. Here's the expansion function, which is the heart of the parser: function expandFie

2026-07-01 原文 →