AI 资讯
Bimaaji: agent-safe mutations for Waaseyaa
Ahnii! If you let an AI agent modify your application, the agent needs more than a text editor. Raw str_replace on a PHP file passes a lot of tests and still breaks things an hour later in production, because the tool has no idea what the file actually represents. Bimaaji is the Waaseyaa package that gives agents a structured path from "I want to add a field to this entity" to a reviewable patch that a community's sovereignty rules have already vetted. This post walks through what shipped in waaseyaa/bimaaji and why each piece exists. Prerequisites: familiarity with Waaseyaa's package layout, PHP 8.4+, and the idea that an application has more state than the filesystem (routes, entities, introspection metadata). Why not just let the agent edit files The failure mode you want to avoid: an agent reads a prompt like "add a published_at field to the Post entity," does a reasonable-looking edit to Post.php , and leaves the rest of the app inconsistent. The migration is missing. The JSON:API resource doesn't expose the field. The admin panel still doesn't know it exists. The sovereignty profile that was supposed to block the change on a local-only deployment never got consulted. Each of those is a different subsystem. A good agent can write a correct edit to any one of them. What a filesystem-level tool cannot do is ensure the edit is coordinated across all of them and is allowed under the community's posture. Bimaaji separates that problem into three stages: introspect, propose, patch. The pipeline The package description (from packages/bimaaji/composer.json ) spells it out: application graph introspection and agent-safe mutation for Waaseyaa. The flow is: Introspection → ApplicationGraph → MutationRequest → Validator → PatchGenerator → PatchSet An agent reads the graph, submits a structured mutation request, a validator checks it against sovereignty rules, and the patch generator returns reviewable diffs. Nothing touches the filesystem until a human (or a higher-level w
科技前沿
X is making a fresh push for live video with new creator payouts
X has launched a new live streaming command center and additional creator payouts.
AI 资讯
Observability Practices: A Hands-On Guide with Prometheus and Grafana
Introduction Modern software systems are distributed, complex, and constantly changing. When something breaks in production, you need answers fast. That's where observability comes in. Observability is the ability to understand the internal state of a system purely from its external outputs — without needing to redeploy, add debug code, or guess. It goes beyond traditional monitoring, which only tells you whether something is wrong. Observability tells you why it's wrong, where it started, and how it's spreading. In this article, we'll explore the three pillars of observability, set up a real Node.js API instrumented with Prometheus and Grafana , and walk through how to detect and diagnose a real-world issue using the data we collect. The Three Pillars of Observability 1. Logs Logs are discrete, timestamped records of events that happened in your system. They're the most familiar form of observability — every developer has done console.log debugging at some point. Example: [2026-07-02T10:34:21Z] INFO User 4821 logged in from IP 192.168.1.10 [2026-07-02T10:34:25Z] ERROR Failed to process payment for order #9932: timeout Logs are great for capturing specific events, errors, and context. But they can become expensive at scale and hard to query across millions of lines. 2. Metrics Metrics are numeric measurements collected over time. Unlike logs, they're aggregated and efficient to store and query. Common examples: HTTP request count per minute p95 response latency CPU and memory usage Error rate per endpoint Metrics are the backbone of dashboards and alerts. 3. Traces Traces follow a single request as it travels across multiple services. In a microservices architecture, a user request might touch 5–10 services. A trace shows you exactly where time was spent and where failures occurred. Tools like Jaeger , Zipkin , and OpenTelemetry handle distributed tracing. Why Prometheus and Grafana? There are many observability platforms out there: Datadog, New Relic, Dynatrace, Az
AI 资讯
How to Automate Content Research Using Python and APIs (Step-by-Step)
I used to spend ten hours every week doing content research manually. Checking competitor blogs. Scanning Reddit threads. Copying and pasting search results into a spreadsheet. Trying to spot patterns in an ocean of unstructured text. It was exhausting, slow, and completely unnecessary. Once I learned to automate this with Python and a few affordable APIs, I cut that ten-hour grind down to under thirty minutes. Here is the exact system I built, what it costs, and how you can replicate it yourself. The Quick Answer To automate content research with Python, combine a search API like Serper to pull structured Google search data, BeautifulSoup or requests-html to parse page content, and an LLM API like Gemini to synthesize insights into actionable content briefs. Connect these three components in a sequential Python pipeline and you have a fully automated research agent that runs in minutes instead of hours. What I Actually Built I needed a system that could do three things automatically: First, find what real people are asking about any topic across Reddit, Quora, and Google search. Second, identify what my top competitors have written about that topic and where the gaps are. Third, summarize everything into a clean content brief I can use to write or generate an article. I built this using Python with three core components: the Serper API for search data, BeautifulSoup for page parsing, and the Google Gemini API for synthesis. Total monthly cost: about twelve dollars. I document the full working version of this system — including the Flask web interface and WordPress publishing integration — at https://zerofilterdiary.com Step-by-Step Build Guide Step 1: Install the Required Libraries pip install requests beautifulsoup4 python-dotenv google-generativeai Step 2: Set Up Your API Keys Create a .env file in your project root: SERPER_API_KEY=your_serper_key_here GEMINI_API_KEY=your_gemini_key_here Step 3: Search for Real Discussions Using Serper API import requests import
AI 资讯
Indian tech tycoon bets $30M of his own money to build AI alternative to Microsoft Office
Neo is Bhavin Turakhia’s fifth venture and his latest involving enterprise software. This time he's taking on Microsoft Office, Google Apps with AI.
AI 资讯
AI Is Entering a Phase of Extreme Uncertainty
Visibility Collapse in the Post-LLM Engineering Stack Artificial intelligence is still improving. But something important has changed in how that improvement is perceived. For developers and engineers working closely with frontier models, the experience is no longer one of explosive capability jumps. Instead, it feels like: incremental improvement under increasing structural constraints This shift is not about stagnation. It is about uncertainty in how AI capability is exposed, deployed, and interpreted. Capability vs Visibility: the new separation Recent frontier model systems (such as Fable 5, as described in industry discussions) highlight an important architectural pattern: Certain capabilities are no longer fully exposed in production environments: advanced coding assistance deep debugging autonomy bioinformatics reasoning cybersecurity-related reasoning This does not necessarily imply reduced model capability. Instead, it reflects a system-level separation: model capability ≠ deployed capability System interpretation: Modern AI stacks are becoming layered systems: Raw Model → Safety Layer → Policy Filter → Deployment Interface → User Access This means developers are no longer interacting with models directly. They are interacting with constrained capability surfaces. Perceived slowdown in LLM progress Despite continued benchmark improvements: reasoning scores increase gradually multimodal capabilities expand tool-use frameworks improve The perceived acceleration of AI has weakened. Compared to 2022–2023, there are fewer qualitative jumps. From an engineering perspective, this suggests a transition: from capability discontinuity → capability smoothing In other words: AI is still improving, but improvements are less visible at the system interaction level. Economic mismatch: scaling vs returns The AI ecosystem is currently defined by a structural tension: Inputs: massive GPU infrastructure investment multi-billion-dollar training runs hyperscaler-scale capital a
开发者
How to Test On-Demand Logistics Apps: From Booking to Doorstep Deliver
Testing a food delivery app is hard. Testing an on-demand logistics app is harder. Food delivery has...
AI 资讯
Stop Vibe-Coding Power Platform: Turn ADO Work Items Into Specs Any AI Agent Can Build From
The agent brand is irrelevant; the work item is everything. I have watched teams argue about Copilot Studio versus Claude Code versus Codex as if the model decides whether their build succeeds. It does not. Your agentic development power platform effort lives or dies on one thing: whether the Azure DevOps work item you hand the agent is a machine-readable spec or a vaguely worded wish. Swap the agent all you want. If the requirement is unstructured, every agent guesses, and every guess is a different guess. This article is opinionated on exactly one point and neutral on everything else. Neutral on the tool. Ruthless about the spec. Why "AI-assisted" Power Platform dev stalls on real teams The agent guesses intent because the acceptance criteria live in a stale wiki, a Teams thread, or someone's head. That is the whole failure. Switching from one agent to another does not close the gap. The missing spec does. Prompt-by-prompt building has a second problem that shows up later and hurts more. One maker gets a working flow out of a chat session, but nobody else can reproduce it and no one can audit it. You have a solution that exists and a rationale that evaporated. For teams doing serious dynamics 365 ai development , that is not acceleration. That is a single point of failure wearing a productivity costume. Frame the cost honestly. Say a rework cycle caught in UAT runs roughly 5x the cost of the same fix at design time. Illustrative; calibrate against your own data, actuals vary. Under that assumption, the line item bleeding your budget is the improvised requirement, not the agent license. You are paying to rediscover intent three environments too late. Takeaway: if your requirement is not structured, your agent is improvising, and the brand of agent does not matter. Make the ADO work item the single source of truth An agent reads fields. It does not read the room. So the work item has to carry everything the agent needs in a shape a parser can trust every single time
AI 资讯
WhatsApp usernames are already raising impersonation red flags
Meta says usernames improve privacy, but critics question whether its safeguards can prevent impersonation.
开发者
Goose, a New Gay Dating App, Appears to Be a Psyop
Touted as a less-hookup-focused Grindr, Goose is an invite-only space for gay men. The problem is the people promoting it don’t seem real.
AI 资讯
The AI That Now Writes Most of Its Maker's Code
As of May 2026, more than 80% of the code Anthropic ships is written by Claude, not by its human engineers. The company disclosed the figure in an essay called When AI builds itself , with coverage from Tom's Hardware and VentureBeat . Key facts What: Anthropic says more than 80 percent of the code it ships is now written by its own model, Claude, and the more interesting numbers are about judgment. When: 2026-06-23 Primary source: read the source Two years ago this share sat in the low single digits. The shift accelerated after Anthropic released Claude Code , a tool that lets the model read an entire codebase, make changes, run tests, and fix what breaks without human help. The human role has flipped: engineers used to author the code while the machine assisted; now the machine authors the code and engineers review, approve, reject, and steer. Anthropic reports its typical engineer ships roughly eight times as much code per quarter as a few years ago — not because people type faster, but because they spend their day reviewing the model's output instead of writing from scratch. Think of it as a newsroom where a tireless junior writer drafts every article and senior editors only sign off. Volume goes way up. But the 80% figure is less impressive than it sounds: a draft that a human must check, fix, and approve is not the same as a writer you can leave unsupervised. Most of those lines still pass through a person. On its own, this number measures effort the machine saves, not work it can be trusted to do without oversight. The results buried deeper in the essay matter more, because they concern taste rather than volume. Anthropic ran a recurring test where the model chooses the best next step in a research project, then compared its choices against its own scientists. Late last year the model was roughly a coin flip against the humans. By spring 2026, an unreleased internal model was picking the better direction clearly more often than its own researchers. Choosing w
AI 资讯
You Can Now Sound the Alarm on AI Behaving Badly
Are you worried your AI chatbot is trying to build a bomb or leak personal information about you? There’s a website for that.
AI 资讯
Cloudflare’s new policy pushes AI companies to pay for publishers’ content
Cloudflare is giving AI companies until September 15 to separate web crawlers used for search from those used for AI training and agents, or risk being blocked by default on many publisher sites.
AI 资讯
After spooking Trump into safety testing, Anthropic AI models get global release
US lifts curbs on Anthropic’s advanced Fable and Mythos models.
科技前沿
NASA inspector general suggests Boeing's Starliner will now be a decade late
Starliner's certification may be delayed to 2027, 10 years later than Boeing's original schedule.
AI 资讯
LLMs are stuck in a groupthink groove. This startup is trying to get them out.
Let’s start with a game. Open up your chatbot of choice—Claude, ChatGPT, Gemini—and type “Give me a random number between 1 and 10.” You’re going to get 7. Almost always. Now type “Another” and you’ll get 3 or 4. Type “Another” again and you’ll get 8 or 9. That won’t work every time—but if it…
AI 资讯
Presentation: Graph RAG: Building Smarter Retrieval Workflows with Knowledge Graphs
Cassie Shum discusses the architectural evolution of GraphRAG and why data foundations are critical for advanced AI workflows. She explains how traditional vector RAG falls short when addressing global context, multi-hop reasoning, and provenance. She shares enterprise strategies for building semantically structured knowledge graphs that shift raw orchestrating logic down to the data layer. By Cassie Shum
产品设计
UK likely to intervene in Paramount takeover of Warner Bros Discovery
The acquisition was approved without concessions by the Department of Justice in June.
AI 资讯
Stop Letting AI Agents Raw-Dog Your Filesystem: Building SafeMCP
We need to have a serious talk about the Model Context Protocol. Everyone is losing their minds over "vibe coding" right now. You plug an MCP server into Cursor, Claude Code, or VS Code, tell the AI to fix a bug across three directories, and go grab a coffee while it spins up local servers, reads files, and executes terminal commands. It feels like absolute magic. But honestly? It's also completely terrifying. Maybe I’m just paranoid, but it seems like we’ve collectively skipped the part where we ask ourselves if giving a statistical text-prediction engine raw, unvetted access to our local machines is a good idea. Some security folks are already warning that we’re walking directly into a massive remote code execution crisis. Think about it. Most MCP servers run as local subprocesses. They inherit your exact user permissions. If you run your editor as an admin or with access to sensitive environment variables, so does the AI. And the real issue isn't that the AI will spontaneously turn evil. The issue is prompt injection. The Security Void in the Hype I spent some time looking through public MCP servers on GitHub recently, and the sheer lack of input validation is wild. Because developers are rushing to build cool tools, basic security hygiene has completely lagged behind. If an AI agent reads an untrusted string—like a malicious comment in a GitHub issue, an automated email, or a dirty record inside a database—it can easily be manipulated into executing an injection payload. The model doesn't know the difference between your system instructions and the data it's processing. It treats them exactly the same. What happens when a prompt injection tricks a standard filesystem MCP tool into looking for a file named ../../../../../../etc/passwd or pulling your private AWS keys? The tool just does it. It’s a classic path traversal vulnerability, except instead of a malicious hacker typing it into a web form, an automated agent is doing it because a piece of text told it to.
AI 资讯
Claude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music Festival
A researcher found that using Anthropic’s Claude Opus 4.7, he could break into the website of Front Gate—used by every festival from Lollapalooza to Bonnaroo—and freely issue any ticket he chose.