产品设计
Friday Squid Blogging: “Squidbleed” Vulnerability
In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
AI 资讯
EU threatens Meta with fines over addictive features on Facebook and Instagram
The tech giant is in breach of the Digital Services Act by focusing on features like infinite scroll, autoplay, push notifications, and the highly personalized recommendation algorithms, the European Commission said.
AI 资讯
AI Surveillance and Social Progress
In the near future, AI -powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that fact to you, and provide real-time alerts to any relevant authorities… and maybe also to the general public. Think of these systems as automated speed cameras, but on steroids. Only they’ll enforce not just speed limits, but any other rule you can imagine. And you won’t receive a ticket weeks later by mail; you’ll be informed about and fined for your violation immediately...
AI 资讯
How Reddit Stores Comment Trees and Ranks Hot Posts
Reddit looks simple and hides two genuinely hard problems. Comments nest arbitrarily deep, and a naive tree structure makes loading a busy thread slow. The front page reorders itself constantly, so ranking cannot just count votes or old posts would never leave. Both problems have well-known answers, and both are good lessons in choosing the right model. The core problem A comment thread is a tree. Each comment can reply to any other, so depth is unbounded. If you store only "this comment's parent id" and then try to load a whole thread, you walk the tree one level at a time, one query per level, which gets slow for deep or wide threads. Loading a popular post with thousands of nested comments should not take thousands of queries. Ranking is the second problem. If the front page sorted by raw vote count, the highest-voted post of all time would sit at the top forever. If it sorted by newest, quality would drown in noise. You need a score that blends how good a post is with how fresh it is, so good new posts can climb and old ones fade even if they were once popular. Key design decisions Store the parent pointer, but do not traverse at read time. The simple model is a parent_id per comment, which is easy to write but expensive to read as a tree. To load a thread cheaply, fetch all comments for the post in one query, then assemble the tree in application memory. One read, in-memory tree building. This works because a single post's comments, while numerous, fit in memory to assemble. Consider a path or closure model for deep trees. For very deep threads, some systems store a materialized path on each comment, an encoded ancestor chain, so you can fetch an entire subtree with a single prefix query and sort by the path to get correct display order. Another option is a closure table that records every ancestor-descendant pair, which makes subtree queries direct at the cost of extra write work. The right choice depends on how deep threads get and how often you read subtrees
AI 资讯
How I Built an AI Decision Copilot to Help India Prepare for the 2026 El Niño Crisis
Building an explainable AI platform that helps district administrators allocate resources and farmers make better crop decisions using Gemini, Vertex AI, BigQuery, and Google Cloud. Climate disasters are not just weather events. They are decision problems. When forecasts predict a strong El Niño, governments do not simply need more data. They need answers to questions like: Which districts will be affected first? Where should limited water resources be sent? Which crops are likely to fail? What should farmers sow instead? Why is the AI recommending this action? Existing dashboards provide plenty of charts. Very few provide decisions. That became the motivation behind El Niño 2026 Decision Copilot , an AI-powered decision intelligence platform built during the Google Cloud Gen AI Academy APAC Hackathon . The Problem India depends heavily on the monsoon. A severe El Niño can lead to: Rainfall deficits Reservoir depletion Groundwater stress Crop failures Rising food prices Rural employment challenges The information already exists across dozens of government portals, weather services, satellite datasets, and agricultural reports. The challenge is that it is scattered. District collectors do not have time to manually combine: Weather forecasts NDVI satellite imagery Reservoir levels Mandi prices Contingency plans Drought indicators Farmers face an even bigger challenge. Most need a simple answer: Given my district, should I plant the usual crop this season? The Goal Instead of building another dashboard, I wanted to build an AI system that reasons over multiple data sources and produces explainable recommendations. The platform serves two audiences through the same intelligence engine. District Administrators They receive: District risk scores Interactive risk maps Reservoir outlook Crop stress indicators Resource allocation recommendations AI-generated explanations Instead of simply showing that a district has high risk, the system explains why . Farmers Farmers intera
创业投融资
After Apple, India’s smartphone manufacturing boom enters new phase with Vivo JV
Vivo's joint venture could become a template for Chinese smartphone makers in India.
AI 资讯
The One-Click Exporter: AI Studio Antigravity, Probed to Its Limits
What nobody tells you about exporting your multi-agent prototype to a local workspace. Every architect who's prototyped a multi-agent app in Google AI Studio eventually hits the same wall: the prototype works, but it lives in a browser tab. At I/O 2026, Google shipped a fix — Export to Antigravity, a one-click handoff to a local production workspace, carrying "all the context" with it. I ran a real two-agent prototype through it. Here's exactly what survived the trip, what didn't, and what I had to fix by hand — including a bug that had nothing to do with the export itself. 1. The Pilot Project + The Click The project: Research Digest — a sequential two-agent app. Agent 1 (Researcher) takes a topic, uses grounded web search to gather sources. Agent 2 (Editor) synthesizes those findings into a polished digest. Persistence via Firestore, with a history archive of past digests. Built entirely from a single prompt in AI Studio's Build mode . Along the way, provisioning Firestore surfaced my first real gotcha before I even got to the export step — more on that below. Triggering the export: Code tab → Export → Export to Antigravity. The dialog is genuinely informative — it tells you upfront what's coming: all project files, conversation history, and explicitly "1 secret will be included." 2. What Actually Survives the Trip The export dialog's claims, checked one by one: Claimed to transfer What I found All project files ✅ Confirmed — full structure landed intact: .agents, .antigravity, src, config files, README.md with setup instructions Secrets (1 secret) ✅ Confirmed — GEMINI_API_KEY arrived populated in .env, worked immediately, no manual re-entry Conversation history history❌ Did not transfer. The imported "Research Digest" project showed "No conversations yet" in Antigravity's Agent Manager, despite the dialog's explicit promise. Checked twice, on two separate screens — consistent result. 3. The Gotchas Gotcha 1 — "Conversation history will carry over" is currently no
AI 资讯
Semantic Drift in LLMs: How Archetypal Attractors (Like “Goblin”) Emerge and How Structured Reflection Reduces Them
Large language models often develop recurring symbolic patterns — archetypes, metaphors, and memetic shortcuts — that appear across unrelated contexts. One observed example is the repeated emergence of fantasy-based metaphors such as “goblins,” “gremlins,” or similar entities when describing abstract system behavior, errors, or complexity. This article presents a structured analytical trace (A11 framework passes) showing how such patterns emerge from the interaction between reinforcement learning, cultural priors in training data, and user feedback loops. It also explores how introducing explicit interpretability layers can reduce the risk of these symbolic attractors becoming dominant explanatory shortcuts in model behavior. The first A11 pass S1 — Will Understand the causal mechanism: why the “goblin / fantasy drift” emerged in LLMs S2 — Wisdom (constraints) Main pitfall: confusing correlation (goblins appearing in outputs) with causation (why those specific symbols emerge) Also: “goblins” are not a standalone phenomenon they are a case of broader archetypal language drift S3 — Knowledge (what is actually known) There are 5 established mechanisms in LLM behavior: 1. RLHF reinforces “socially engaging metaphors” Models are rewarded for: vividness humor imagery human-like explanations ➡️ fantasy imagery tends to score highly 2. Internet prior already contains strong fantasy culture Training data includes: Reddit gaming discourse D&D culture fanfiction ➡️ “goblin / elf / troll” already exist as: universal behavioral archetypes 3. Compression effect (semantic abstraction) The model seeks compact semantic units: goblin = chaotic / greedy / messy / low-level failure mode ➡️ one token replaces a complex description 4. User feedback loop If the model says: “it’s like a goblin” users: react positively repeat it reinforce it in conversation ➡️ increases probability of reuse 5. Cross-task transfer (persona leakage) Stylistic patterns from: coding assistant mode creative mode
AI 资讯
From Optimization to Protection: Adding a Security and Governance Agent to Your Snowflake Multi-Agent Team (Part 3)
From Optimization to Protection: Adding a Security and Governance Agent to Your Snowflake Multi-Agent Team (Part 3) In Part 1 , we built an Admin Agent for usage and cost visibility. In Part 2 , we added a Cost Optimizer Agent and an Orchestrator that routes questions to specialists. Now we close the loop with the third specialist: a Security and Governance Agent . This turns your assistant from "what happened" and "what to optimize" into a full team that also answers "what is risky right now". By the end of this post, you will have: A Security and Governance Agent with focused security tools Security semantic views mapped to natural language Orchestrator routing across Admin, Cost Optimizer, and Security agents A practical triage workflow for failed logins, privilege risk, and unauthorized access Why Add a Security Specialist? The first two agents are strong for operations and spend, but security requires a different lens: Access control and role hygiene Failed login patterns and anomaly detection Unauthorized access attempts Inactive users with active privileges Compliance-friendly audit summaries Could one large agent do everything? Sometimes. But specialized agents are easier to maintain, safer to evolve, and easier to test. Final Team Architecture User Question (natural language) | Orchestrator Agent / | \ Admin Cost Security Agent Optimizer Governance Agent \ | / Unified Response Role of each specialist Admin Agent: usage, credits, storage, operational metrics Cost Optimizer Agent: idle compute, rightsizing, optimization opportunities Security and Governance Agent: roles, privileges, failed logins, unauthorized access, audits The Security Pattern (Same Foundation as Parts 1 and 2) Step 1: Base Views Create security-focused views over SNOWFLAKE.ACCOUNT_USAGE , including: Role hierarchy and privilege grants Failed login attempts and anomaly severity Excessive or unused privileged access Unauthorized access attempts User and role audit summaries Network policy ac
AI 资讯
Google will now tell you if an ad was made with AI
You can see if ads on Google Search, Google Discover, and YouTube were made or edited using AI from a new section in Google's "My Ad Center," as reported earlier by TechCrunch. The update, announced on Thursday, adds a "created or edited with AI" label under the "how this ad was made" tab. Users can […]
AI 资讯
AI-generated ads on Google will hopefully get disclosures soon
If Google's AI tools are used, it will automatically be noted in My Ad Center.
AI 资讯
New York Times says OpenAI hid evidence in ChatGPT copyright trial
News publishers say OpenAI hid tools and datasets that could identify copyrighted journalism in ChatGPT outputs, escalating their lawsuit with a new motion for sanctions.
AI 资讯
Três bugs que cometi construindo um sistema de confiabilidade (e os três fingiram que deu tudo certo)
Passei os últimos dias construindo o HookSafe, uma camada que fica entre a plataforma de pagamento e o servidor do cliente para garantir que nenhum webhook se perca. A promessa do produto é uma só: se o seu servidor cair, eu seguro o evento e insisto até entregar. Cometi três bugs no caminho. O que me fez escrever este texto não foi a burrice de cada um, foi perceber, depois, que os três tinham a mesma forma: todos faziam uma falha parecer um sucesso. Num sistema cujo produto é confiabilidade, é difícil imaginar categoria de bug mais cruel. Bug 1: engoli o erro, e o sistema jurou que tinha entregue A função que entrega o evento no servidor do cliente ficou assim: go resposta, err := clienteHTTP.Do(requisicao) if err != nil { return "", nil // <- olhe com carinho } Eu quis escrever return "", err . Escrevi nil . O efeito: apontei o destino para uma porta onde não havia nada escutando. O Do devolveu um belo connection refused . E a minha função respondeu ao worker: "sem erro, chefe". O worker, obediente, marcou o evento como entregue , com o status da resposta vazio, e seguiu a vida. No banco: id | pedido_id | status | tentativas | resposta ----+-----------+----------+------------+---------- 6 | 9002 | entregue | 0 | Um evento que nunca saiu do lugar, registrado como entregue. Se isso estivesse em produção, um cliente teria pagado, não receberia nada, e o meu painel mostraria, orgulhoso, que a entrega foi um sucesso. Aquele if err != nil { return err } que a gente reclama de repetir em Go existe exatamente por isso. A linguagem te obriga a decidir o que fazer com a falha, toda vez. O preço da verbosidade é que ninguém engole um erro sem querer... a menos que digite nil . Bug 2: o log mentiu Corrigi o primeiro bug, rodei de novo, e o worker começou a cuspir isto, a cada cinco segundos, para sempre: worker: erro ao marcar morto 7: ERROR: column "reposta" does not exist worker: evento 7 esgotou as tentativas, marcado como MORTO Leia as duas linhas de novo. A primeira diz
AI 资讯
I Migrated 26 AI Models to Google Cloud Agent Platform (And Cut Costs 90%)66
Google AI recently became the official AI Model and Platform Partner of DEV Community. As someone building an AI routing platform, I paid attention. Google's Gemini Enterprise Agent Platform (formerly Vertex AI) promises enterprise-grade AI agent orchestration — and with the DEV partnership, there's never been a better time to explore it. In this article, I'll share how I integrated Google Cloud's Agent Platform with my existing AI router (built on Neon PostgreSQL), what I learned about Gemini's enterprise capabilities, and why the Google AI + Neon + Algolia trifecta is the ideal stack for AI-first applications in 2026. Why Google Cloud's Agent Platform? The Gemini Enterprise Agent Platform is Google's answer to the question: "How do I orchestrate multiple AI agents in production?" It provides: Pre-built agent templates for common workflows (customer support, code review, data analysis) Grounding with Google Search — your agents can cite real, current sources Context caching — reduce costs by reusing conversation context across turns Multimodal understanding — Gemini processes text, images, audio, and video in one call Enterprise security — VPC controls, data residency, IAM integration For QuantumFlow AI (my AI routing platform), the Agent Platform solved a critical problem: how to orchestrate 26 different AI models without building a custom orchestration layer from scratch. The Architecture: Google Cloud + Neon + Next.js Here's the stack I built: User Request → Google Cloud Agent Platform (Gemini orchestration) → QuantumFlow Router (selects optimal model) → Local models (Ollama — free, sovereign) → Cloud models (GPT-4o, Claude, DeepSeek, Gemini) → Neon PostgreSQL (logs, analytics, cost tracking) → Algolia (search across all AI responses) Why Neon (DEV's Database Partner)? Neon is dev.to's official database partner, and for good reason. It's serverless PostgreSQL with: Database branching — create a full database copy in seconds (like git for data) Bottomless storage
AI 资讯
Palette quantization notes: reducing colors without making an image muddy
I’ve been thinking about a small image-processing problem lately: how to reduce an image to a limited palette without making it look muddy. This comes up in a lot of places: pixel art tools printable pattern generators low-color previews LED matrix displays icons and small thumbnails craft or grid-based workflows The easy version is: pick the nearest color for every pixel. The hard version is: keep the important shapes readable after the palette gets much smaller. Nearest color is only the baseline A simple nearest-color pass usually works like this: Take each pixel. Compare it with every color in the target palette. Pick the closest one. Replace the pixel. That gives you a valid output, but not always a good one. The problem is that closest is local. It does not know whether the whole image still reads well. A face can lose warm midtones. A shadow can turn into a flat dark blob. A small highlight can disappear. Skin, fur, fabric, and background colors can collapse into the same bucket. So palette reduction is not just a color problem. It is also a structure problem. RGB distance can be misleading A common first attempt is Euclidean distance in RGB: function rgbDistance(a, b) { return Math.sqrt( (a.r - b.r) ** 2 + (a.g - b.g) ** 2 + (a.b - b.b) ** 2 ); } This is easy to implement, but it does not match human perception very well. Two colors can be numerically close in RGB and still feel different. Other colors can be farther apart numerically but visually acceptable. A better approach is to compare colors in a more perceptual color space, such as Lab or OKLab. You still have to be careful, but the distance metric starts closer to what the eye notices. Dithering helps, but it changes the style Error diffusion, like Floyd-Steinberg dithering, can preserve gradients and perceived detail with fewer colors. That is useful when the output is meant to look like a low-color image. But dithering is not always desirable. In grid-based outputs, it can create scattered single-p
开发者
Google’s Nest Thermostat has hit its best price of the year
If you’re looking for a relatively affordable way to cut down on cooling costs, Google’s Nest Thermostat can help. It’s packed with smart controls and energy-saving features, and right now it’s on sale in white for $79 ($50 off), which is its best price of the year, at Amazon. The smart thermostat is quick to […]
开源项目
How GitHub gave every repository a durable owner
GitHub had over 14,000 repositories. Fewer than half had clear ownership. Here's how we gave every active repository a validated owner in under 45 days, archived the rest, and made ownership the foundation for everything that followed. The post How GitHub gave every repository a durable owner appeared first on The GitHub Blog .
AI 资讯
Block reaches $45M settlement with 46 states over Cash App fraud probe
State attorneys general said they found that Block misled users by falsely advertising that Cash App provided bank-like protections, including advanced fraud detection.
AI 资讯
Free Waymo rides in California? You can thank a regulatory quirk.
State agency's delay could mean free robotaxi rides in company’s new Ojai vehicle for a few months.
开源项目
🔥 vxcontrol / pentagi - Fully autonomous AI Agents system capable of performing comp
GitHub热门项目 | Fully autonomous AI Agents system capable of performing complex penetration testing tasks | Stars: 19,091 | 454 stars today | 语言: Go