今日已更新 246 条资讯 | 累计 21112 条内容
关于我们

标签:#ens

找到 1451 篇相关文章

AI 资讯

I Thought Open Source Was About Code. I Was Wrong.

The biggest lessons I learned from open source contributions weren't found in the code itself. Communication, collaboration, and workflows matter more than I expected. For a long time, I hesitated to contribute to open source. Part of it was because I assumed that contributing meant writing code. As a self-taught developer, that felt intimidating. The other part was "Git anxiety." Forks, branches, pull requests, merge conflicts, and CI checks all seemed like a lot to understand before I could even make a contribution. Eventually, I started small. Instead of focusing on code, I looked for opportunities to improve documentation, README files, and learning materials. What surprised me was that writing the actual change was often the easy part. Most of my learning happened outside the code itself: understanding contribution guidelines, repository workflows, automation, and review expectations. Over time, I realized that modern open source contribution is about much more than just writing code. Contribution Model Has Changed When many people think about open source contributions, the mental model is still fairly simple: Find Bug ↓ Write Code ↓ Open PR In reality, I realized that most modern repos involve much more than that. Before making a change, contributors often need to understand project workflows, CI pipelines, automated checks, contribution guidelines, and review expectations. The code change itself might only take a few minutes, while understanding how the repo operates can take much longer. A modern contribution often looks more like this: Understand Repository ↓ Understand Workflow ↓ Understand Automation ↓ Make Change ↓ Open PR ↓ Respond to Review It looks intimidating, but I think this flow helps projects stay maintainable as communications grow. What I've learned from contributing to different projects is that open source is not just a coding skill. It's also a collaboration skill. The faster you can understand how a project works, the easier it becomes to

2026-06-11 原文 →
AI 资讯

Most repos hit by the Shai-Hulud worm are still infected a week later, and the obvious fix punishes the victims.

This is a follow-up to my earlier posts, and it is more of an open question than an answer. I have the data, I have a way to act, and I am genuinely unsure that acting is the right call. I could use the community's help thinking it through. Last week a supply-chain worm got into my GitHub account and repositories. I got out, cleaned up the proper way, and wrote it up. Then I checked the public list of repositories hit by the same worm, to see how the cleanup was going across the ecosystem. Nearly a week later, most of them are still carrying the live payload. It is worse than a count When you look closely, a lot of the owners are clearly trying. But they are missing how this actually works, in two ways that matter: Deleting is not removing. They remove the malicious files with an ordinary commit. That takes the payload off the branch tip, but the commit that introduced it is still in history, and the blob is still recoverable by anyone who reverts or checks out the old commit. The only real removal is rewriting history (reset, not revert) and asking GitHub to purge the objects, because the fork network keeps them reachable by SHA. One branch is not all branches. They clean the branch they know about and never see the backdated copies the worm planted on other branches, which are still live. And the part that genuinely worries me: some of these owners are almost certainly opening the infected repository in VS Code or an AI assistant to fix it , which is exactly the trigger that runs the payload again. The act of trying to clean it can re-detonate it. So: a large number of repositories still carrying a live credential stealer, and a large number of owners and contributors who do not know they are still exposed. The dilemma Here is where I am stuck. There are two paths and I do not like either. Report them to GitHub. Their response is automated and blunt. The repo gets disabled, with no human in the loop, the same hands-off automation that locked me out of my own accou

2026-06-11 原文 →
AI 资讯

I built an open-source CLI that tells you if ChatGPT cites your brand — and what to do about it

Your users have started asking ChatGPT and Perplexity instead of Google. So here is the uncomfortable question: when someone asks an AI engine "what is the best tool for <your category> ", does your product show up in the answer? Most founders have no idea. I didn't either, until I measured it — and the gap was nowhere near where I expected. So we built a CLI to measure it. It's called aeo-platform , it's MIT-licensed, it has zero runtime dependencies, and it runs entirely on your machine. This post is the five-minute version: install it, point it at your domain, and read the gap. I'll show you the exact commands and the real before/after numbers from running it on one of our own products. Quick framing on terms: AEO (answer engine optimization) is just SEO's younger sibling for AI answers — getting cited inside the AI's response instead of ranking on a SERP. Some people call it GEO. Same field. TL;DR — three commands npm install -g aeo-platform export OPENAI_API_KEY = "sk-proj-..." # required export GEMINI_API_KEY = "AIzaSy..." # required aeo-platform init --yes --brand = YOURBRAND --domain = YOURDOMAIN.COM --auto \ && aeo-platform run \ && aeo-platform report init auto-discovers your category and writes three commercial buyer queries to a local .aeo-tracker.json . run fires those queries at each engine and scores the answers. report opens a single-file HTML report in your browser. The whole thing installs in under a second (no dependency tree to resolve) and writes everything to disk under aeo-responses/YYYY-MM-DD/ — nothing is sent to a hosted dashboard. OpenAI and Gemini keys are mandatory (they also power a two-model cross-check that filters hallucinated brand mentions). Anthropic and Perplexity keys are optional — each one just adds a column to the report. What it actually measures A single run sends your buyer queries to four engines through their official REST APIs — no scraping, no proprietary black-box score: Engine Model Type ChatGPT (OpenAI) gpt-5-search

2026-06-10 原文 →