AI 资讯
I Thought Open Source Was About Code. I Was Wrong.
The biggest lessons I learned from open source contributions weren't found in the code itself. Communication, collaboration, and workflows matter more than I expected. For a long time, I hesitated to contribute to open source. Part of it was because I assumed that contributing meant writing code. As a self-taught developer, that felt intimidating. The other part was "Git anxiety." Forks, branches, pull requests, merge conflicts, and CI checks all seemed like a lot to understand before I could even make a contribution. Eventually, I started small. Instead of focusing on code, I looked for opportunities to improve documentation, README files, and learning materials. What surprised me was that writing the actual change was often the easy part. Most of my learning happened outside the code itself: understanding contribution guidelines, repository workflows, automation, and review expectations. Over time, I realized that modern open source contribution is about much more than just writing code. Contribution Model Has Changed When many people think about open source contributions, the mental model is still fairly simple: Find Bug ↓ Write Code ↓ Open PR In reality, I realized that most modern repos involve much more than that. Before making a change, contributors often need to understand project workflows, CI pipelines, automated checks, contribution guidelines, and review expectations. The code change itself might only take a few minutes, while understanding how the repo operates can take much longer. A modern contribution often looks more like this: Understand Repository ↓ Understand Workflow ↓ Understand Automation ↓ Make Change ↓ Open PR ↓ Respond to Review It looks intimidating, but I think this flow helps projects stay maintainable as communications grow. What I've learned from contributing to different projects is that open source is not just a coding skill. It's also a collaboration skill. The faster you can understand how a project works, the easier it becomes to
AI 资讯
Most repos hit by the Shai-Hulud worm are still infected a week later, and the obvious fix punishes the victims.
This is a follow-up to my earlier posts, and it is more of an open question than an answer. I have the data, I have a way to act, and I am genuinely unsure that acting is the right call. I could use the community's help thinking it through. Last week a supply-chain worm got into my GitHub account and repositories. I got out, cleaned up the proper way, and wrote it up. Then I checked the public list of repositories hit by the same worm, to see how the cleanup was going across the ecosystem. Nearly a week later, most of them are still carrying the live payload. It is worse than a count When you look closely, a lot of the owners are clearly trying. But they are missing how this actually works, in two ways that matter: Deleting is not removing. They remove the malicious files with an ordinary commit. That takes the payload off the branch tip, but the commit that introduced it is still in history, and the blob is still recoverable by anyone who reverts or checks out the old commit. The only real removal is rewriting history (reset, not revert) and asking GitHub to purge the objects, because the fork network keeps them reachable by SHA. One branch is not all branches. They clean the branch they know about and never see the backdated copies the worm planted on other branches, which are still live. And the part that genuinely worries me: some of these owners are almost certainly opening the infected repository in VS Code or an AI assistant to fix it , which is exactly the trigger that runs the payload again. The act of trying to clean it can re-detonate it. So: a large number of repositories still carrying a live credential stealer, and a large number of owners and contributors who do not know they are still exposed. The dilemma Here is where I am stuck. There are two paths and I do not like either. Report them to GitHub. Their response is automated and blunt. The repo gets disabled, with no human in the loop, the same hands-off automation that locked me out of my own accou
AI 资讯
‘AI-pilled’ firms spend $7,500 per employee each month on AI
The most AI-obsessed firms are spending roughly $7,500 monthly per employee on AI, per Ramp AI Index. That's not more than an engineer's salary — yet.
AI 资讯
I built an open-source CLI that tells you if ChatGPT cites your brand — and what to do about it
Your users have started asking ChatGPT and Perplexity instead of Google. So here is the uncomfortable question: when someone asks an AI engine "what is the best tool for <your category> ", does your product show up in the answer? Most founders have no idea. I didn't either, until I measured it — and the gap was nowhere near where I expected. So we built a CLI to measure it. It's called aeo-platform , it's MIT-licensed, it has zero runtime dependencies, and it runs entirely on your machine. This post is the five-minute version: install it, point it at your domain, and read the gap. I'll show you the exact commands and the real before/after numbers from running it on one of our own products. Quick framing on terms: AEO (answer engine optimization) is just SEO's younger sibling for AI answers — getting cited inside the AI's response instead of ranking on a SERP. Some people call it GEO. Same field. TL;DR — three commands npm install -g aeo-platform export OPENAI_API_KEY = "sk-proj-..." # required export GEMINI_API_KEY = "AIzaSy..." # required aeo-platform init --yes --brand = YOURBRAND --domain = YOURDOMAIN.COM --auto \ && aeo-platform run \ && aeo-platform report init auto-discovers your category and writes three commercial buyer queries to a local .aeo-tracker.json . run fires those queries at each engine and scores the answers. report opens a single-file HTML report in your browser. The whole thing installs in under a second (no dependency tree to resolve) and writes everything to disk under aeo-responses/YYYY-MM-DD/ — nothing is sent to a hosted dashboard. OpenAI and Gemini keys are mandatory (they also power a two-model cross-check that filters hallucinated brand mentions). Anthropic and Perplexity keys are optional — each one just adds a column to the report. What it actually measures A single run sends your buyer queries to four engines through their official REST APIs — no scraping, no proprietary black-box score: Engine Model Type ChatGPT (OpenAI) gpt-5-search
开源项目
🔥 badges / shields - Concise, consistent, and legible badges in SVG and raster fo
GitHub热门项目 | Concise, consistent, and legible badges in SVG and raster format | Stars: 26,767 | 55 stars this week | 语言: JavaScript
开源项目
🔥 stalwartlabs / stalwart - All-in-one Mail & Collaboration server. Secure, scalable and
GitHub热门项目 | All-in-one Mail & Collaboration server. Secure, scalable and fluent in every protocol (IMAP, JMAP, SMTP, CalDAV, CardDAV, WebDAV). | Stars: 13,123 | 17 stars today | 语言: Rust
开源项目
🔥 RustAudio / cpal - Low-level cross-platform audio I/O library in Rust
GitHub热门项目 | Low-level cross-platform audio I/O library in Rust | Stars: 3,797 | 3 stars today | 语言: Rust
开源项目
🔥 starship / starship - ☄🌌️ The minimal, blazing-fast, and infinitely customizable p
GitHub热门项目 | ☄🌌️ The minimal, blazing-fast, and infinitely customizable prompt for any shell! | Stars: 58,253 | 99 stars today | 语言: Rust
开源项目
🔥 atuinsh / atuin - ✨ Making your shell magical
GitHub热门项目 | ✨ Making your shell magical | Stars: 30,170 | 56 stars today | 语言: Rust
开源项目
🔥 chroma-core / chroma - Search infrastructure for AI
GitHub热门项目 | Search infrastructure for AI | Stars: 28,350 | 48 stars today | 语言: Rust
开源项目
🔥 pydantic / monty - A minimal, secure Python interpreter written in Rust for use
GitHub热门项目 | A minimal, secure Python interpreter written in Rust for use by AI | Stars: 7,519 | 165 stars today | 语言: Rust
开源项目
🔥 astral-sh / ruff - An extremely fast Python linter and code formatter, written
GitHub热门项目 | An extremely fast Python linter and code formatter, written in Rust. | Stars: 47,898 | 17 stars today | 语言: Rust
开源项目
🔥 coleam00 / Archon - The first open-source harness builder for AI coding. Make AI
GitHub热门项目 | The first open-source harness builder for AI coding. Make AI coding deterministic and repeatable. | Stars: 22,310 | 38 stars today | 语言: TypeScript
开源项目
🔥 Fission-AI / OpenSpec - Spec-driven development (SDD) for AI coding assistants.
GitHub热门项目 | Spec-driven development (SDD) for AI coding assistants. | Stars: 54,010 | 290 stars today | 语言: TypeScript
开源项目
🔥 RSSNext / Folo - 🧡 Folo is the AI RSS Reader
GitHub热门项目 | 🧡 Folo is the AI RSS Reader | Stars: 38,447 | 36 stars today | 语言: TypeScript
开源项目
🔥 pascalorg / editor - Create and share 3D architectural projects.
GitHub热门项目 | Create and share 3D architectural projects. | Stars: 16,576 | 69 stars today | 语言: TypeScript
开源项目
🔥 activeloopai / hivemind - One brain for all your agents
GitHub热门项目 | One brain for all your agents | Stars: 637 | 47 stars today | 语言: TypeScript
开源项目
🔥 Mintplex-Labs / anything-llm - Stop renting your intelligence. Own it with AnythingLLM. Eve
GitHub热门项目 | Stop renting your intelligence. Own it with AnythingLLM. Everything you need for a powerful local-first agent experience | Stars: 61,365 | 71 stars today | 语言: JavaScript
开源项目
🔥 Sumanth077 / Hands-On-AI-Engineering - A curated collection of practical AI projects implementing O
GitHub热门项目 | A curated collection of practical AI projects implementing OCR systems, RAG, AI agents, and other AI use cases. | Stars: 1,908 | 125 stars today | 语言: Python
开源项目
🔥 masterking32 / MasterDnsVPN - Advanced DNS tunneling VPN for censorship bypass, optimized
GitHub热门项目 | Advanced DNS tunneling VPN for censorship bypass, optimized beyond DNSTT and SlipStream with low-overhead ARQ, resolver load balancing, high packet-loss stability and speed. | Stars: 4,987 | 92 stars today | 语言: Go