今日已更新 233 条资讯 | 累计 20205 条内容
关于我们

标签:#go

找到 559 篇相关文章

AI 资讯

AI agents are not your “coworkers”

This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. Imagine coming in to work to learn that a new underling will report to you. The worker is not a person but an AI tool—one that your company nonetheless calls Alex, an…

2026-06-30 原文 →
开源项目

Factoring RSA Keys with Many Zeros

Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number of real-world keys from public sources, including Certificate Transparency logs, internet-wide TLS and SSH scans, PGP keys, and many others. By searching this dataset for unexpectedly sparse RSA moduli, we uncovered a large number of keys in the wild with the patterns in Figure 1...

2026-06-30 原文 →
AI 资讯

AI Governance for Law Firms: What Policy Can't Catch

Where AI incidents in legal actually come from, and what infrastructure (not policy) prevents them. Blake Aber · Predicate Ventures · 2026 The policy layer is table stakes. It isn't enough. When Sullivan & Cromwell apologized to a federal bankruptcy judge in April 2026 for AI hallucinations in a court filing, the firm's apology letter said the firm had policies. Safeguards existed. Those safeguards weren't followed. That framing, "the safeguard existed but wasn't followed," is how a policy failure gets described. But something more specific happened: a hallucination was generated, wasn't caught at generation time, wasn't caught at review time, and made it into a document that got filed. That's not a policy problem. It's an infrastructure problem. The distinction matters because it determines what you build next. What policy can and can't do Policy is a promise made before the event. A well-written AI acceptable-use policy says: don't submit output you haven't reviewed; verify citations before they go into a document; a human must approve anything client-facing. This works when the human executing the task has time, attention, and professional accountability in that moment. It fails when one of those is missing: a deadline, a junior practitioner, a late-night run. Policy can't: Verify a citation at the point of generation Flag output that has drifted below a confidence threshold Stop hallucinated text from appearing in a draft before a human ever sees it Detect when the underlying model is behaving differently than it was in testing Policy can: Set the expectation that review must happen Define who bears accountability when it doesn't Create a paper trail after the fact One of those is prevention. The other is compliance. What infrastructure does instead An AI harness layer operates at the point of generation, not at the point of review. This reflects a broader reality that production AI is mostly harness and very little model . For legal work specifically, three com

2026-06-29 原文 →
AI 资讯

The Ownership Dyad

Why AI programs at PE portfolio companies stall at the same organizational seam, and what to do about it. Blake Aber · Predicate Ventures · 2026 There's a failure mode I've watched play out at enough portfolio companies that I've given it a name: the ownership dyad. It goes like this. The AI program is running. The product manager owns the roadmap (what the AI should do). Engineering owns the deployment (how it does it). Both parties are competent. Both are aligned on the goal. And the AI initiative quietly stalls anyway, usually somewhere between the promising pilot and the production system that was supposed to follow. The mechanism is diffuse accountability at the decision layer. What the dyad looks like in practice In the average portco planning meeting, the PM and the engineering lead sit across from each other. The PM has a change request: "The model is producing summaries that miss the key clause in contracts above a certain length. We should fix this." Engineering hears this and wants to know: is this a prompt change or a model change? Either requires scoping, and scoping requires the PM's input on acceptable behavior. So engineering asks the PM. The PM says "whatever's best technically." Engineering ships a prompt change. The next month, the same issue appears in a different context. The PM brings it back. Neither person is wrong. Neither person is slacking. The problem is structural: there's no single person who can describe (precisely and completely) what the AI should produce, evaluate whether it's producing it correctly, and approve a change to the system without requiring the other party's sign-off. The dyad looks like shared ownership. It functions as diffuse accountability. No one is in charge of the model's behavior. The failure mode at month nine Most portco AI programs that make it through a successful pilot still die quietly around month nine of production. The most common reason is not that the model got worse. It's that the harness around the m

2026-06-29 原文 →
AI 资讯

Article: Virtual panel: Security in the Machine Age: Expert Insights on AI Threat Evolution

This virtual panel brings together AI security experts to examine the evolution of AI-driven threats, from prompt injection and data poisoning to agent abuse and AI-powered social engineering. The discussion explores emerging attack patterns, incident response challenges, and the changes security teams must make as AI systems become more autonomous and integrated into critical workflows. By Claudio Masolo, Elham Arshad, Sabri Allani, Vijay Dilwale, Igor Maljkovic

2026-06-29 原文 →
AI 资讯

Robot Police Officers

We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered house. “After not responding to negotiators, a drone was deployed inside the residence,” the post says. “Drone pilots located the suspect hiding in a corner of a garage” and then used a high-powered magnet attached to the drone to grab the knife out of the suspect’s hand. In the video ­ which is soundtracked by the “Mission: Impossible” theme song—the intercepted knife can be seen spinning around in the air as the drone carries it back to the deputies...

2026-06-29 原文 →
AI 资讯

Multi-Agent Systems in Production: When One Agent Isn't Enough and How We Coordinate Them

We built our first "multi-agent system" by accident. What started as a single agent that could research a topic, draft a report, check it against source data, and send a summary email had grown into a 2,000-token system prompt and a function list so long that the model kept forgetting tools existed. It wasn't a system — it was a monolith pretending to be intelligent. Breaking it apart into coordinated agents fixed most of the problems. It also introduced a new category of problems we hadn't thought about. Here's what we actually learned. When One Agent Is Enough (and When It Isn't) The temptation to add more agents is real, but the overhead isn't free. Every agent boundary you add is a place where context can get lost, latency increases, and errors compound. One agent is the right call when: The task fits in a single LLM context window without crowding The steps are sequential and each depends heavily on the prior output You need tight reasoning across all the information (summarising a document, for example) You need multiple agents when: A single agent's context window is being maxed out with tool definitions, history, or data Different steps require genuinely different "personas" or instruction sets (research vs. writing vs. fact-checking) Steps can run in parallel and the latency saving matters You want to isolate failure — if the data extraction agent fails, the report-writing agent shouldn't be affected The key question we ask: Is this one job or a pipeline of jobs? If you'd describe it to a human as "first do X, then Y takes that and does Z", you probably have a pipeline, not a single task. The Three Patterns We Actually Use 1. Supervisor-Worker A thin orchestrator agent decides what needs doing, dispatches to specialised worker agents, and stitches the results together. The workers are narrow — they do one thing and don't need to know about the rest of the workflow. This is our most common pattern. The supervisor's system prompt stays small because it's rout

2026-06-28 原文 →
AI 资讯

Your AI Writes Tests That Can Never Fail

You ask the AI for tests. It hands you twelve, all green. CI passes. You merge. Three days later a bug ships, on a function those tests were supposed to cover. You reopen the test file and it clicks: it ran, it passed, and it tested nothing. A green test isn't a proof. It's a hypothesis. And an AI, left to its own devices, is very good at writing hypotheses that can never be disproved. The phantom test Take a dead-simple function, a discount above 100 euros: func Discount ( total int ) int { if total > 100 { return total - 10 } return total } Here's the kind of test an AI produces when you ask "write me a test for this" with no further framing: func TestDiscount ( t * testing . T ) { got := Discount ( 150 ) if got < 0 { t . Errorf ( "result should not be negative" ) } } This test is green. It does run the discount branch (so your coverage climbs). But look at the assertion: got < 0 is never true, whatever Discount does. Replace total - 10 with total + 10 , with total * 2 , with 42 : the test stays green. It doesn't check behavior, it checks that the lights are on. Coverage doesn't measure what you think The trap is that this phantom test inflates your coverage. Coverage counts lines executed , not assertions that bite . A line crossed by a test that asserts nothing useful counts as much as a line genuinely verified. So a 90% coverage report can hide half a suite of tests that will never fall, even if you break the code on purpose. That's exactly an LLM's playground. Its reward signal is "the tests pass". Not "the tests catch a bug". With no external oracle to stop it, it drifts toward the shortest path to green: soft assertions, mocks that test themselves, cases that never exercise the risky branch. The red-check: break the code, demand the red The counter is one move, and it's as old as TDD: before trusting a test, check that it knows how to fail. Mutate the line it's meant to protect, rerun, and expect to see it go red. If it stays green, it's vacant. On our funct

2026-06-28 原文 →
AI 资讯

FIFA Top Thirds group logic

Eight kids, eight chairs, one rule: explaining FIFA's best-thirds draw to my 8-year-old Rahul Devaskar Rahul Devaskar Rahul Devaskar Follow Jun 27 Eight kids, eight chairs, one rule: explaining FIFA's best-thirds draw to my 8-year-old # webdev # soccer # math # worldcup Add Comment 14 min read

2026-06-28 原文 →
AI 资讯

SMS Pumping Is Draining Your 2FA Budget — and Mobile-Originated iMessage 2FA Fixes It

If you send SMS one-time codes, there's a decent chance you're paying scammers to phone-spam themselves on your dime. It even has a name: SMS pumping . And it's not a rounding error — Elon Musk claimed Twitter was losing ~$60M/year to fake 2FA traffic before they killed SMS 2FA for free accounts. Here's how the scam works, why SMS 2FA is structurally expensive, and why flipping the direction — mobile-originated (MO) 2FA , taken to its logical end over iMessage — fixes both the cost and the fraud at once. What is SMS pumping? SMS pumping (also called AIT — Artificially Inflated Traffic , or SMS toll fraud ) is a scheme where bad actors abuse a form that sends SMS one-time codes. They pump thousands of phone numbers — usually premium ranges they secretly control with a telecom — into your "send me a code" endpoint. You pay for every one of those messages. A cut of that termination fee flows back to the fraudsters via the carrier. The "users" never log in. They were never users. The entire point was to make your verification endpoint dial a meter that pays them. The structure that makes this possible is simple: you, the company, send (and pay for) the message. Every code is revenue for someone in the delivery chain — so there's a direct financial incentive to trigger as many as possible. Why SMS 2FA is expensive even without fraud Even with zero abuse, application-to-person ( A2P SMS ) is a bad cost curve: You pay per message. Volume spikes — a launch, a bot attack, an international audience — turn into surprise bills. International is brutal. Cross-border A2P carries steep carrier surcharges that vary wildly by destination. Carrier fees and registration overhead. In the US you're funneled through A2P 10DLC registration, brand vetting, and per-segment fees before you send a single legit code. So your 2FA line item is pay-per-event , unpredictable , and exploitable . Three bad properties for something that's supposed to be boring infrastructure. The Twitter/X case This

2026-06-28 原文 →
AI 资讯

From "I Can't Click" to a Full Testing Harness: How We Built Playwright for the Terminal

I'm building TTT -- a terminal text editor and IDE written in Go. Single binary, zero config, runs anywhere. Think VS Code but in your terminal. It has syntax highlighting, LSP integration, a plugin system, an integrated terminal, git integration, etc... The source is on GitHub and I develop it with Claude Code as my pair programmer. This is the story of how a frustrating limitation turned into something genuinely useful: a built-in scripted interaction system that lets AI agents (or anyone) drive the editor like Playwright drives a browser. The problem I was deep in revamping the widget system and building out a Lua plugin API. Phases of work stacking up -- widget rendering, panel support, tree views, input fields, command registration, keybinding hooks. The kind of work where you need to see what's happening. Click a tree node, check if it expands. Open a panel, verify focus moves correctly. Run a plugin, confirm the dialog appears. Here's the thing: Claude Code can run shell commands and read files. It cannot interact with a live TUI session. The editor launches, takes over the terminal, and that's it -- Claude is blind. Step 1: tui-use (what we had) The project already had functional tests using tui-use , a JavaScript library that drives a real terminal binary. It can type, press keys, wait for text to appear, and take snapshots: const tui = await start ( " bin/ttt " , [ " test-file.go " ]); await tui . waitFor ( " test-file.go " ); await tui . exec ( " editor.joinLines " ); const screen = await tui . snapshot (); expect ( screen ). toContain ( " joined line " ); This works. But it's slow -- each test spawns the binary, waits for screen renders, polls with timeouts, and parses terminal escape codes. And critically, it can't click . Mouse events aren't supported. For a widget system with tree views, buttons, and split panels, that's a dealbreaker. Step 2: Debug commands (the workaround) So we added a Debug: Simulate Click command to the editor itself. Open the co

2026-06-28 原文 →