AI 资讯
Gemini’s new AI agent is about as good as Google’s demo
Google's new "24/7" AI agent, Gemini Spark, can be shockingly good at doing things on your behalf. But I'm not sure it's worth the financial cost and potential privacy tradeoffs. The company gave me access to Spark last week. Google advertises Spark as an AI agent that can take on tasks and work on them […]
科技前沿
Randy Pitchford says his friend found an unannounced Pixel Watch 5 in the sea
Our first look at the Pixel Watch 5 may have emerged from a truly unexpected place
AI 资讯
Strategies for running AI workloads on GKE without committed quota
You’ve built your model, your training code is containerized, and you’re ready to scale up on Google Kubernetes Engine (GKE). You go to provision your nvidia-h100-80gb node pool and... QUOTA_EXCEEDED. It’s one of the most common (and frustrating) roadblocks in modern AI development. High-end accelerators like H100s, A100s, and TPUs are in massive demand, and securing permanent, on-demand quota for them can be difficult. But a lack of on-demand quota doesn't mean you're out of options. GKE provides two powerful, cost-effective strategies for acquiring these scarce resources when you can't get standard, on-demand instances: Spot VMs and the Dynamic Workload Scheduler (DWS) . Let's break down what they are, when to use each, and how to implement them. Strategy 1: Spot VMs Spot VMs are Google Cloud's excess compute capacity sold at a massive discount, up to 90% off the price of standard on-demand VMs. They are perfect for workloads that can be interrupted. The catch is that Spot VMs have no availability guarantee. Google Cloud can "preempt" (i.e., terminate) them at any time if that capacity is needed for on-demand customers. GKE gets a 30-second warning before the node is terminated. Kubernetes uses this window to gracefully shut down your application (giving non-system pods up to 15 seconds to wrap up) before the node vanishes. When to use Spot VMs for accelerators Spot VMs are ideal for workloads that are: Fault-tolerant and stateless: Your application can handle a node vanishing and having its pods rescheduled elsewhere. Batch processing: Jobs that can be easily restarted or have checkpointing built-in. CI/CD pipelines: Running tests or builds that don't need 100% uptime. How to use Spot VMs in GKE You can easily add a Spot VM node pool to your GKE Standard cluster. The key is to use Spot VMs for your workers, not your critical system pods. Create a dedicated Spot VM node pool: When creating a node pool, simply add the --spot flag and apply a taint so standard pods
AI 资讯
Vulnerability Disclosure in the Age of AI
New article: “ Responsible Disclosure in the Age of AI: A Call for Urgent Action ,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes decades of accumulated technical debt created by a software industry that prioritized rapid deployment over secure-by-design engineering practices. Drawing on the evolution of software assurance, vulnerability disclosure frameworks, and U.S. cyber policy, this perspective argues that the current moment represents a strategic inflection point for governments, industry, and critical infrastructure operators. The author examines the growing tension between offensive and defensive equities in cyberspace, the emergence of AI-enabled vulnerability discovery capabilities in both the U.S. and China, and the increasing risks posed by unsupported legacy systems and AI-assisted code generation practices. Responsible disclosure can no longer remain a reactive or fragmented process, but must become a coordinated national and international resilience effort involving governments, software vendors, infrastructure operators, and emergency response organizations. The article concludes with an urgent call for accelerated remediation, large-scale patch management coordination, and sustained investment in automated vulnerability repair capabilities before adversaries exploit this rapidly narrowing window of opportunity...
AI 资讯
DuckDuckGo makes its ‘no-AI’ search engine easier to access as its traffic booms
Alternative search engine DuckDuckGo launches 'no AI' web extensions for Chrome and Firefox users.
开发者
Google is opening its first flagship store outside of the US
Google announced it will open a flagship store in Tokyo this summer, the first of its kind outside of the United States.
AI 资讯
KNN early termination in Manticore Search
Modern search engines do more than match keywords. When you search for "cozy mystery set in Paris" and get results for "atmospheric detective novel in France" that's vector search at work: documents and queries are converted into lists of numbers, called embeddings, and the search engine finds the documents whose numbers are closest to the query's. Manticore Search supports this natively. Under the hood, it uses a data structure called HNSW: a graph that connects nearby vectors, so it can find nearest neighbors quickly without scanning every document. That makes vector search fast enough to run on millions of documents in milliseconds. But HNSW has an inefficiency. Early in the traversal, almost every distance computation finds a better candidate than the ones already in the result set. As the search goes on, those improvements become rarer, but the algorithm keeps traversing the graph until it exhausts its exploration budget. By that point, the result set has often already converged, and the remaining work does little or nothing to improve it. Early termination fixes this by detecting that point and stopping early. The effect becomes more noticeable as k grows, where k is the number of nearest neighbors the query asks Manticore to return. Returning more neighbors requires more graph exploration, and much of that extra work happens after the result set has already stabilized. That also makes early termination more valuable, because it has more unnecessary work to cut. This gets more pronounced with vector quantization . Quantization compresses stored vectors to save memory, which slightly lowers search precision. To recover it, Manticore uses oversampling : it fetches 3x more candidates than requested, then rescores them using the original full-precision vectors. With the default 3x oversampling, HNSW explores many more candidates per query. Large k values often come from this kind of candidate expansion: an application may ask the vector index for hundreds or thous
AI 资讯
It ran it works: I audited my own security platform and found a detection engine that never ran
I build a security platform. Last night I stopped adding features and did something less fun and more honest: I sat down to make every capability prove it actually works — end to end, with real data, demanding a real pass or fail. "It ran" is not a pass. A page that renders is not a feature. A green checkmark is a claim, not evidence. So I went capability by capability and tried to break each one. I found four real bugs and one of them was a gut-punch: a whole detection engine that was wired into the UI, unit-tested, and never actually ran in production. Here's how the night went. The rule: drive it, don't admire it My method was boring on purpose. For each capability: Feed it real input through the real entry point (CLI or API), not a test fixture. Check the data actually landed (query the DB, don't trust the success message). Feed it a malicious input and a benign input — it has to fire on one and stay quiet on the other. The detection engine passed cleanly. I threw a PsExec process event at it and it lit up: $ zds-core detection eval --event '{"event_type":"process_create","process_name":"psexec.exe"}' 1 alert ( s ) : [ high] PsExec Execution — ( matched: map[process_name:psexec.exe] ) A wevtutil cl Security event tripped a critical "Log Clearing" rule. A plain notepad.exe matched nothing. Good — it detects, and it doesn't cry wolf. (Small UX papercut I fixed while I was there: if you forgot the event_type field, the engine silently matched nothing and printed "no rules matched" — which reads exactly like "you're safe." Now it warns you that the event can't match any rule. Silence that looks like safety is the most dangerous output a security tool can produce.) The one that hurt: ITDR Identity Threat Detection and Response. The engine has detectors for impossible travel, credential spraying, brute force, privilege escalation. All unit-tested. All green. I ran the real flow: POST two login events for one user — New York, then London thirty minutes later. That's ~5
AI 资讯
Building a Simple Task API in Go
Previously, we learned how to send and receive data in Go. Now, we will combine those concepts and build a simple CRUD API. CRUD stands for: C reate R ead U pdate D elete These four operations form the foundation of most backend applications. In this tutorial, we will build a simple task API in Go using only the standar library. By the end, you will understand: how CRUD APIs work how to handle multiple HTTP methods how to store data in memory how to send and receive JSON data how backend APIs manage resources Prerequisites To follow along, you should have: Go installed basic familiarity with Go syntax understanding of the net/http package basic understanding of JSON handling You can confirm if Go is installed by running: go version Step 1 — Create the Project Create a new folder for the project: mkdir go-crud-api cd go-crud-api Now initialize a Go module: go mod init go-crud-api This creates a go.mod file for managing project dependencies. Step 2 — Create the Server File Create a file called main.go . Your project structure should now look like this: go-crud-api/ ├─ go.mod └─ main.go Step 3 — Write the CRUD API Open main.go and add the following code: package main import ( "encoding/json" "net/http" ) type Task struct { ID int `json:"id"` Title string `json:"title"` } var tasks [] Task func tasksHandler ( w http . ResponseWriter , r * http . Request ) { w . Header () . Set ( "Content-Type" , "application/json" ) switch r . Method { case http . MethodGet : json . NewEncoder ( w ) . Encode ( tasks ) case http . MethodPost : var task Task err := json . NewDecoder ( r . Body ) . Decode ( & task ) if err != nil { http . Error ( w , "Invalid JSON" , http . StatusBadRequest ) return } tasks = append ( tasks , task ) json . NewEncoder ( w ) . Encode ( task ) default : http . Error ( w , "Method not allowed" , http . StatusMethodNotAllowed ) } } func main () { http . HandleFunc ( "/tasks" , tasksHandler ) http . ListenAndServe ( ":8080" , nil ) } Now let's unpack what is hap
AI 资讯
🚀 JWT sem hash forte de senha é armadilha — Argon2 + .NET fecham o ciclo
A stack de autenticação em .NET fica sólida quando separamos duas responsabilidades: ✅ Argon2id para guardar senhas (hash irreversível, lento, memória-intensivo) ✅ JWT Bearer para provar identidade depois do login ✅ Validação de iss , aud , exp e assinatura em cada request ✅ Segredos fora do repositório (ambiente / Key Vault) Se o ecossistema .NET já oferece hosting, APIs e pacotes maduros, combinar Argon2 (referência da Password Hashing Competition , testável em argon2.online ) com JWT é o caminho natural para microsserviços e Web APIs. Neste artigo, mostro o fluxo registo → login → token → rotas protegidas com foco no que implementar no dia a dia. ⚠️ Observação importante JWT não substitui Argon2. Nunca coloque senha ou hash no payload do token. Argon2 protege a credencial na base de dados; JWT é sessão assinada com expiração. 🧠 Visão Geral Aspecto Argon2 (senha) JWT (sessão) Foco Resistir a offline cracking Autorizar requests após login Onde vive Coluna password_hash na BD Header Authorization: Bearer Algoritmo Argon2id (OWASP) HMAC-SHA256 ou RSA (config) Ferramenta de estudo argon2.online docs Microsoft JWT Bearer Runtime Biblioteca .NET (ex.: Konscious Argon2) Microsoft.AspNetCore.Authentication.JwtBearer Erro clássico MD5/SHA rápido na senha Token sem validar aud / iss 🧩 O que o Argon2 resolve (camada 1) O Argon2 é o vencedor da Password Hashing Competition — hoje a referência para novas passwords . 1️⃣ Hash irreversível com Argon2id var hash = hasher . Hash ( password ); await store . CreateAsync ( email , hash ); ✅ Salt único por utilizador ✅ Parâmetros m , t , p documentados no próprio hash ✅ Verificação com tempo constante ( FixedTimeEquals ) 2️⃣ Calibrar custo com consciência Em argon2.online podes experimentar memory cost e iterations — útil em laboratório. 📌 Em produção usa biblioteca auditada (.NET), não hashes de utilizadores reais em sites públicos. 3️⃣ O que não fazer na senha ✅ Não “criptografar” senha com AES reversível ✅ Não MD5 / SHA-1 / SHA-256
AI 资讯
Erin Brockovich takes aim at data center secrecy
Environmental activist Erin Brockovich has a new mission.
AI 资讯
Markov Chain Coin Sequence: E[HH] vs E[HTH] Explained
In This Article The Question The Intuition Trap Building the State Machine for HH Solving the System: E[HH] = 6 Building the State Machine for HTH Solving the System: E[HTH] = 10 Why Overlapping Patterns Change Everything Python Simulation: 100,000 Trials Business Application: Credit Migration & Web Ranking The Question You flip a fair coin — one with probability 1/2 of landing heads and 1/2 of landing tails — repeatedly, recording every result. What is the expected number of flips required until the sequence HH appears for the first time as consecutive results? What is the expected number of flips required until HTH appears for the first time? Both questions have the same surface structure: you want a specific consecutive pattern, and you want to know, on average, how many flips it takes to observe it. The coin is fair, the flips are independent, and the patterns are short. These seem like they should yield similar answers. They do not. HH takes exactly 6 flips on average. HTH takes exactly 10. The four-flip gap between those two answers is not a rounding artifact or a computational error — it is a precise consequence of the internal structure of each pattern, and deriving it rigorously is one of the cleanest demonstrations of absorbing Markov chain analysis you will encounter. This problem appears frequently in quantitative finance interviews — at firms like Jane Street, Citadel, and Two Sigma — precisely because it separates candidates who understand Markov structure from those who rely on heuristic reasoning. Getting the answer right, and being able to explain it, requires building a state machine, writing the system of first-step equations, and solving it algebraically. That is exactly what we will do. The Intuition Trap Before the formal derivation, it is worth examining why intuition fails here. The most common wrong answer from candidates is that both expected values should be "similar" because the patterns are comparable in length. This intuition imports th
AI 资讯
Making sense of the debate over AI psychosis
On the latest episode of Equity, we debate whether tech CEOs are "uniquely prone to AI psychosis."
AI 资讯
SoftBank says it will invest up to €75 billion to build French data centers
The goal, the firm said, is to develop and operate up to 5 gigawatts of additional data center capacity.
AI 资讯
2487. Remove Nodes From Linked List
In this post i'm gone explain liked list an famous leetcode problem that is " Remove Nodes from linked list ". Problem Statement: You are given the head of a linked list. Remove every node which has a node with a greater value anywhere to the right side of it. Return the head of the modified linked list. Example 1: Input: head = [5,2,13,3,8] Output: [13,8] Explanation: The nodes that should be removed are 5, 2 and 3. Node 13 is to the right of node 5. Node 13 is to the right of node 2. Node 8 is to the right of node 3. Explanation: In this problem statement state that remove the nodes which have the right side (any place) element greater than. let's understand with given example. Node 13 is the right side of the 5,2 nodes thats why 2,5 should be remove. Node 8 is the right side of 3 node thats why 3 should be remove. final result would be [13,8] Solution of the problem: `/** * Definition for singly-linked list. * function ListNode(val, next) { * this.val = (val===undefined ? 0 : val) * this.next = (next===undefined ? null : next) * } */ /** * @param {ListNode} head * @return {ListNode} */ const reverList = function(head){ let prev = null; let curr = head; let next = null; while(curr!=null){ next = curr.next; curr.next = prev; prev = curr; curr = next; } return prev; } var removeNodes = function(head) { // reverse list let reversList = reverList(head); let maxNode = reversList; let prevNode = reversList; let currNode = reversList.next; // removed list while(currNode != null){ if(maxNode.val > currNode.val){ currNode = currNode.next; }else{ maxNode = currNode; prevNode.next = currNode; prevNode = prevNode.next; currNode = currNode.next; } } prevNode.next = null; // reverse list return reverList(reversList); };` If you have any query or suggestions leave your expression👨🏿💻🙌.
AI 资讯
I put Google’s 24/7 AI assistant Gemini Spark to work, and it’s actually pretty useful
Gemini Spark helps automate everyday tasks, from inbox summaries to local event planning, but it’s unclear why Google made it a separate product.
AI 资讯
Server-Side WebRTC Noise Reduction with Pion, FFmpeg, and RNN Models
This is a sanitized engineering note about server-side audio noise reduction for WebRTC calls. Source article: https://www.lodan.me/posts/server-side-webrtc-noise-reduction-pion-ffmpeg-rnn/ What the prototype tests The goal is not to replace WebRTC's built-in audio processing. The narrower test is: receive a WebRTC Opus track with Pion read RTP packets in OnTrack decode Opus payloads to PCM pipe raw PCM into FFmpeg apply the arnndn RNN noise reduction filter validate the output as a file before considering real-time forwarding Why this boundary matters RTP, Opus, PCM, and FFmpeg raw audio input are different boundaries. If the PCM format is wrong, FFmpeg may still produce a file, but the result should not be trusted. For example, if the Go side writes int16 PCM, the FFmpeg input format should be reviewed as s16le , not casually treated as s32le . Production concerns The prototype is useful because it isolates the audio path, but production use needs more work: buffering and latency CPU and memory isolation FFmpeg process lifecycle model choice packet loss and jitter RTP timestamps audio/video sync whether the processed audio is returned to WebRTC or only recorded The full article has diagrams and the longer explanation: https://www.lodan.me/posts/server-side-webrtc-noise-reduction-pion-ffmpeg-rnn/
AI 资讯
Google Cloud Suspends Railway's Production Account, Causing Eight-Hour Platform-Wide Outage
Google Cloud's automated systems suspended Railway's production account without notice, triggering an eight-hour platform-wide outage affecting 3 million users. The cascade took down workloads across all providers including AWS and bare metal because Railway's control plane was hosted on GCP. Railway is demoting GCP to backup-only status. By Steef-Jan Wiggers
AI 资讯
Google AI Studio Mobile + Gemini Managed Agents: Build and Deploy AI Agents Without Infrastructure in 2026
Google AI Studio Mobile + Gemini Managed Agents: Build and Deploy AI Agents Without Infrastructure in 2026 TL;DR Summary Google AI Studio is now a standalone mobile app on iOS and Android — speak an idea, and a working app builds in the background Gemini Managed Agents deploy reasoning agents with one API call — code execution, Google Search, URL reading, file management, and web browsing included Agents are configured via markdown skill files (SKILL.md), not complex orchestration code — no server setup, no sandbox management State persists between sessions — files and context survive, no re-uploading Prototype on mobile , refine on desktop , share live deployment via URL — continuous workflow across devices Direct Answer Block Google has launched two new agent surfaces: AI Studio Mobile (a standalone iOS/Android app where you prototype with voice or text and see generated apps on your phone) and Gemini Managed Agents (serverless reasoning agents deployed with one API call, including code execution sandboxes, web search, browsing, and file management, all configured via markdown skill files instead of orchestration code). Introduction The gap between "I have an idea" and "I have a working AI agent" is mostly infrastructure. You need a server, a sandbox, tool integrations, state management, deployment pipelines. Google's two new releases collapse that gap from both ends: AI Studio Mobile removes the need for a desk, and Gemini Managed Agents remove the need for infrastructure. Together, they let you go from voice note to deployed agent without touching a server config. How does Google AI Studio Mobile let you build and preview apps entirely from your phone? AI Studio Mobile is a standalone app (iOS and Android) that brings Google's AI development environment to a phone. The workflow described in the AlphaSignal newsletter: Speak or type an idea — "Build me a weather dashboard with 5-day forecast and location search" App builds in the background — AI Studio's agent in
AI 资讯
Every tutorial tells you to add .env to .gitignore. That's not enough.
Here's something nobody talks about. .gitignore doesn't encrypt your secrets. It just hides them from git. They're still sitting on your laptop as plaintext. Every tool you install can read them. Every script that runs can read them. One accidental commit and your database password is public on GitHub forever. So I built dotlock — an encrypted .env vault with a terminal UI, written in Go. Before and after Before dotlock DATABASE_URL = postgres://localhost/myapp # plaintext, readable by anything STRIPE_KEY = sk_live_abc123 # one grep away from anyone After dotlock # .dotlock file on disk — looks like this: [ encrypted binary — unreadable without your private key] How it works under 10 seconds cd my-project dotlock set DATABASE_URL # prompts for value, input is masked dotloc # opens the terminal UI Secrets are encrypted with age — X25519 key agreement and ChaCha20-Poly1305 authenticated encryption. The same primitives serious security engineers use. No master password. No cloud. No telemetry. 100% offline. What it looks like Two panels — profiles on the left, secrets on the right. Values are masked by default. Press v to reveal for 30 seconds, then it hides itself automatically. Switch between dev , staging , and prod profiles. Run a diff before deploying to catch missing variables before they break your app. The interesting technical bit The hardest part wasn't the encryption — filippo.io/age makes that straightforward. It was the TUI. BubbleTea uses the Elm architecture — Model, Update, View. Everything is a message. A keypress is a message. A timer firing is a message. Your Update function receives messages and returns a new model. The 30-second auto-hide on secret reveal works like this — no time.Sleep , no goroutines: type secretReveal struct { key string value [] byte expire time . Time // Now() + 30 seconds } On every render, check if time.Now() is past the expiry. If it is, zero the bytes and clear the display. Simple once you understand the model but it took