AI 资讯
US surveillance law to expire for first time after lawmakers reject Trump’s controversial pick to lead spy agencies
The spy law known as Section 702, which authorizes the NSA and FBI's warrantless surveillance, will all but certainly expire on Friday for the first time.
AI 资讯
Pokémon Go players unwittingly contributed to tech with military drone uses
The repurposing of Pokémon Go data for AI training continues to draw scrutiny.
开发者
# 「魔法のPOS端末」は存在しない
なぜ“特別な決済システム”の話は危険なのか? 近年、SNSやメッセージアプリを通じて、「特別なPOS端末」や「秘密の決済システム」に関する話を目にすることがあります。 「通常の銀行システムを経由しない」 「オフラインでも大金を受け取れる」 「特別なカードと専用POSがあれば送金できる」 こうした説明は一見すると高度な金融技術のように聞こえます。 しかし、実際の決済システムを理解すると、多くの主張が現実的ではないことが分かります。 まず、POS端末とは何か? POS(Point of Sale)端末は、店舗でクレジットカードやデビットカードによる支払いを処理するための装置です。 一般的な決済は以下のような流れで行われます。 顧客 ↓ POS端末 ↓ 加盟店契約銀行 ↓ カードブランド ↓ カード発行銀行 ↓ 承認または拒否 重要なのは、最終的な資金の確認を行うのはカード発行銀行であるという点です。 POS端末そのものが資金を生み出すことはありません。 「オフライン決済だから大丈夫」は本当か? 一部の詐欺では、 「この端末はオフラインで動作する」 という説明が行われます。 確かに、現実の決済システムにはオフライン処理が存在します。 しかし、それは通信障害時の一時的な仕組みであり、最終的には銀行側との照合が行われます。 つまり、 オフライン処理 ≠ 資金の創造 です。 銀行が承認していない資金は、後の精算時に拒否される可能性があります。 なぜ人は信じてしまうのか? 理由は単純です。 専門用語が多いからです。 例えば、 決済ネットワーク 国際ブランド オフライン認証 ISO規格 特殊プロトコル こうした言葉が並ぶと、本物らしく見えます。 しかし、本当に重要なのは技術用語ではありません。 重要なのは、 「お金はどこから来るのか?」 という一点です。 詐欺を見抜くための3つの質問 1. お金の出所はどこか? 利益や送金の原資を説明できない場合は要注意です。 2. 誰が監督しているのか? 銀行、決済事業者、規制当局など、責任主体が明確か確認しましょう。 3. 第三者による検証は可能か? 説明が内部関係者の証言だけに依存している場合は危険です。 テクノロジーと金融リテラシー 新しい技術は私たちの生活を便利にします。 しかし、技術的な言葉が使われているからといって、その仕組みが正しいとは限りません。 本当に優れた金融サービスほど、 透明性が高い 説明が分かりやすい リスクが明示されている という特徴があります。 逆に、 「秘密」 「特別」 「限定」 「誰にも教えないでほしい」 といった言葉が頻繁に出てくる場合は、一度立ち止まって考えるべきです。 まとめ 金融詐欺の多くは、技術ではなく心理を利用します。 人々はお金を失うから騙されるのではありません。 「理解したつもりになる」から騙されるのです。 だからこそ、最も重要な防御策は、 「そのお金はどこから来るのか?」 というシンプルな質問を忘れないことです。 金融の世界に魔法はありません。 あるのは、透明な仕組みと説明可能な資金の流れだけです。
AI 资讯
You Probably Won’t Get Rich Off the SpaceX IPO
The company has set aside an unusually high number of shares for retail investors. Still, experts say, you’re just getting the crumbs.
AI 资讯
Presentation: Moving Mountains: Migrating Legacy Code in Weeks instead of Years
David Stein shares how to rethink large-scale architectural migrations using AI. He discusses ServiceTitan's "assembly line" pattern, explaining how decomposing legacy codebase refactoring into standardized tasks can achieve massive parallelization. He highlights the critical role of programmatically rigid validation loops to eliminate LLM hallucinations and accelerate engineering agility. By David Stein
AI 资讯
I Made My Website Charge AI Crawlers with HTTP 402. In 30 Days, 5,811 Came and 5 Paid.
I run a content site, do-and-coffee.com . Like everyone else, it gets scraped by AI crawlers. Instead of blocking them, I did something else: I put a paywall in front of the site that returns HTTP 402 Payment Required to bots, with machine-readable payment instructions. If a crawler pays a cent in USDC, it gets the article. If it doesn't, it gets the 402 and nothing else. Then I let it run for 30 days and watched. Here's what actually happened — and it's not the number you'd put on a pitch deck. TL;DR A Cloudflare Worker sits in front of the site. AI crawlers get 402 + x402 payment requirements ; humans and search bots pass through free. Payment is USDC on Base , $0.01 per article, verified and settled through Coinbase's CDP facilitator. 30-day result: 5,811 crawler requests, 5 paid, 5,806 served a 402. Revenue at $0.01/article ≈ $0.05 . The interesting part isn't the revenue. It's who paid: GPTBot paid 4 times out of 48 requests; ClaudeBot paid once out of 651. Architecture do-and-coffee.com/blog/article/* ─▶ x402 Worker (Cloudflare) │ has X-PAYMENT-RESPONSE? ───────────┤─▶ yes ─▶ proxy origin (200) KV cache hit (payer:url)? ─────────┤─▶ yes ─▶ proxy origin (200) no X-PAYMENT? ─────────────────────┤─▶ 402 + payment requirements has X-PAYMENT? ────────────────────┘ │ ├─▶ CDP /verify (is the signed payment valid?) ├─▶ CDP /settle (waitUntil: confirmed — on-chain) └─▶ on success: KV.put(payer:url, receipt, ttl 24h) ─▶ proxy origin The worker speaks the x402 protocol: a 402 response carries an accepts array describing exactly how to pay (scheme exact , network base , asset USDC, amount, payTo wallet). A compliant agent reads that, signs a USDC payment, and retries with an X-PAYMENT header. The worker verifies and settles it through Coinbase's facilitator, then proxies the real article. How it works The 402 response When there's no payment, the worker builds the requirements and returns 402: function buildPaymentRequirements ( resourceUrl : string , env : Env ): Payment
AI 资讯
HTML/CSS Animation to Video (MP4): the Headless, Deterministic Way (incl. Claude)
So you asked Claude to animate something. Maybe a logo, a loading screen, a data viz. It spat out a neat HTML file with CSS keyframes, everything looks crisp in the browser — and now you need it as an MP4. The obvious approach is screen recording. Open QuickTime or OBS, hit record, play the animation, stop, trim. Works, kind of. Except it's not frame-perfect. If your machine lags for half a second, that lag is baked into the video. The animation runs at whatever speed your CPU felt like that afternoon. Completely non-deterministic. And the moment you tweak something — wrong colour, timing off by 200ms — you're setting the whole thing up again, which is just tiring. Not to mention that every time you hit record you start at a slightly different frame, so swapping the asset in your video editor becomes a pain because nothing lines up the same way twice. There's a better way. You can use htmlrec — a CLI tool that renders HTML animations to video frame by frame, without touching your screen. It controls the browser clock directly, so every frame is captured at exactly the right moment regardless of your machine's load. Pixel-perfect, every single time. Install it with: brew install dsplce-co/tap/htmlrec ffmpeg How to convert an HTML animation to video The reliable way to convert an HTML animation to video is to render it headlessly, frame by frame, instead of screen-recording it. Point a tool at your HTML file, let it drive the browser clock, and capture each frame at an exact timestamp: hrec render animation.html -o out.mp4 This works for any self-contained HTML/CSS animation — a logo reveal, a loading screen, a chart, or anything an LLM like Claude generated for you. The full step-by-step is below. The workflow 1. Get your animation from Claude (skip if you already have an HTML animation) Ask Claude for whatever you need. Something like: "Create an HTML/CSS animation of a logo appearing with a fade and slight upward motion, black background, 3 seconds" You'll get back
AI 资讯
I Built a Git Sync Tool for My Obsidian Vault
I Built a Git Sync Tool for My Obsidian Vault You write notes, you save them, you forget to push to GitHub. Then your laptop dies, and your notes are gone. I built a single Bash script that automates the entire sync workflow, and it works with any Git repo. If you use Obsidian (or any plain-text note-taking system) and sync via Git, you know the drill: write notes, stage changes, commit, fetch, check status, pull, push. Every time. It's 6 repetitive commands that you will inevitably skip until disaster strikes. I got tired of this and built git-sync , a single Bash script that does everything in one go. What It Does git-sync is a terminal-based Git sync tool that: Auto-commits all changes with a timestamp Fetches remote state Detects divergence (ahead/behind) Shows you only the relevant sync options Executes your choice with safety guard rails How It Works Run it from inside any Git repo: ./git-sync Phase 1 - Auto-commit: Staged or unstaged changes are committed automatically with a message like "Last Sync: Jun-12 (Arch)" . The device name is configurable. Phase 2 - Fetch & Detect: It fetches from remote, counts how many commits ahead and behind you are, and categorises the state: ahead, behind, diverged, or in-sync. Phase 3 - Smart Menu: Only relevant options are shown: State Options Ahead only Upload, Sync, Force push, Cancel Behind only Download, Sync, Hard reset, Cancel Diverged All six options Phase 4 - Execute: The chosen action runs with a spinner and status messages. Destructive operations (force push, hard reset) require explicit confirmation. Why It's Useful for Notes Syncing Obsidian + Git is a powerful combo. Your notes are plain markdown, version-controlled, accessible from any device. The friction is the sync ritual. git-sync removes it. Multi-device workflows: I run this on my Arch desktop (DEVICE_NAME="Arch") and my work laptop (DEVICE_NAME="Laptop"). The auto-commit message tells me exactly which machine made each sync, so I can trace conflicts back
AI 资讯
Equal AI raises $30M to screen calls so Indians don’t have to
Equal AI said that its AI-powered call assistant now has over a million monthly active users.
AI 资讯
Cheaper, faster, and culturally aware, Avataar’s video AI is built for India’s scale
Avataar AI's distilled video model is priced at $0.005 for every second of generation
AI 资讯
Give Your Scheduling Bot Its Own Calendar
A scheduling link makes the human do the work; a scheduling agent with its own calendar does the negotiating. Booking pages outsource the back-and-forth to a UI. The agent model keeps it where it already happens — in email — and answers from a real address with a real calendar behind it. The setup: meeting requests land at scheduling@agents.yourcompany.com , an LLM parses intent, the agent checks availability against its own free/busy, proposes slots, and creates events that show up as normal invitations in Google Calendar, Microsoft 365, and Apple Calendar. No human mailbox in the loop, no delegation permissions, no calendar borrowed from whoever set the bot up. This runs on a Nylas Agent Account — a hosted mailbox-plus-calendar you provision through the API. Agent Accounts are in beta, so expect some movement before GA. Provision the identity One CLI command or one API call: nylas agent account create scheduling@agents.yourcompany.com The primary calendar is provisioned automatically — no extra call before you can create events on it. The API equivalent is POST /v3/connect/custom with "provider": "nylas" and the email address in settings ; no OAuth refresh token involved. Save the grant ID, then subscribe a webhook to four triggers: message.created , event.created , event.updated , and event.deleted . When Nylas sends the challenge GET to your endpoint, respond with the challenge value within 10 seconds to activate it. The negotiation loop The full tutorial wires this end to end, but the shape is: Human emails the agent. message.created fires; the webhook only carries summary fields, so the handler fetches the full body. The LLM extracts duration, timezone, and urgency. The agent queries /calendars/free-busy against its own primary calendar and replies with 3 candidate slots. The human picks one; another message.created fires; the agent creates the event with notify_participants=true . The availability check is the part people overcomplicate. Free/busy returns bus
AI 资讯
Build an Email Support Triage Agent With Its Own Inbox
Every shared support inbox eventually becomes a triage problem: 80 unread messages, no agreement on what "urgent" means, and the one person who knows which customer is about to churn is on PTO. Teams keep solving this with labels and heroics. It's a better fit for an LLM — as long as the LLM has somewhere safe to live. That's the case for giving the triage agent its own mailbox. Nylas Agent Accounts (currently in beta) are hosted mailboxes you create entirely through the API. A support@yourcompany.com Agent Account receives every inbound support email, gets six system folders out of the box ( inbox , sent , drafts , trash , junk , archive ), and exposes the same grant_id -based endpoints as any connected Gmail or Outlook account. Creating one is a single request: curl --request POST \ --url "https://api.us.nylas.com/v3/connect/custom" \ --header "Authorization: Bearer $NYLAS_API_KEY " \ --header "Content-Type: application/json" \ --data '{ "provider": "nylas", "settings": { "email": "support@yourcompany.com" } }' Save the grant_id from the response — every other call hangs off it. Four buckets beat five The classification scheme from the email triage agent recipe sorts mail into exactly four categories: Bucket Meaning Action URGENT Production incident, executive ask Draft a reply within the hour ACTION Code review, meeting follow-up Draft a reply same-day FYI Status update Leave it alone NOISE Newsletter, automated alert Archive Four is deliberate. Three loses fidelity — everything collapses into "important." Five and the model starts confusing adjacent categories. The prompt runs with temperature=0 and max_tokens=10 , and the model only sees sender + subject + a 200-character snippet, not the full body. That's enough for over 90% accuracy. Here's the prompt verbatim from the recipe: You triage email into one of four categories: URGENT — production incidents, executive requests; reply within 1 hour ACTION — code reviews, meeting follow-ups; reply same day FYI — info
AI 资讯
Why You Might Already Own SpaceX Shares, Siri’s AI Makeover, and Knicks Owner’s Surveillance Machine
Today on Uncanny Valley, we take an early look at the SpaceX IPO and why you might find yourself among the investors without even realizing it.
AI 资讯
🗺️ The Ultimate Cybersecurity Roadmap (Momentum-First Learning System)
Most cybersecurity roadmaps fail beginners. They give you a long list of topics like Linux, Networking, Python, and Security tools without any order or direction. This makes people confused, overwhelmed, and they usually quit early. This roadmap is different. It follows a momentum-first learning system, where every step builds on the previous one. You don’t just learn topics — you grow step by step like a system. The goal is simple: You always know what to learn next and why you are learning it. 🧠 How This Roadmap Works Instead of random learning, this roadmap is divided into phases. Each phase: builds real skills connects with the next phase moves from basic → advanced focuses on practical understanding By the end, you will understand how systems work, how they are built, how they are tested, and how they are secured. 🟢 PHASE 1: 🧠 The Signal Awakening Protocol (System Basics) Goal: Understand how computers and the internet actually work. Topics Google Dorking Using advanced search techniques to find specific information on the internet. You learn how search engines work beyond normal searches. OSINT (Open Source Intelligence) Collecting information from public sources like websites, social media, and forums. You learn how to gather data like a digital investigator. How Web Browsers Work Understanding how a browser sends requests and receives data from servers. This helps you understand what happens behind every website you open. Introduction to Computers & Operating Systems Basic understanding of CPU, RAM, storage, and how operating systems manage everything. This is the foundation of all cybersecurity. Virtualization (VirtualBox / VMware) Running a virtual computer inside your main computer. You use this to create a safe lab for practice. Linux Basics Learning how to use Linux systems. Most servers and cybersecurity tools run on Linux, so this is important. Bash Scripting Writing simple scripts to automate tasks in Linux. You move from manual work to automation. O
AI 资讯
Kubernetes kills your pod? Here's why
Your pods keep getting killed. Not crashing — killed. One moment they're running fine, the next they're gone and Kubernetes is spinning up replacements. You check the logs and there's nothing useful. The pod just… disappeared. Turns out Kubernetes killed it on purpose. And if you don't tell it how much memory your app actually needs, it'll keep doing it. Why Kubernetes evicts pods Kubernetes runs on nodes — physical or virtual machines that host your containers. Each node has a finite amount of CPU and memory. When a node runs low on resources, Kubernetes has to make a choice: which pods stay, and which ones get evicted to free up space. The decision comes down to QoS classes — Quality of Service tiers that Kubernetes assigns to every pod based on how you've configured resource requests and limits. There are three classes: BestEffort — no resource requests or limits defined. Kubernetes has no idea how much CPU or memory the pod needs. These get killed first. Burstable — requests and limits are defined, but they're different (e.g., requests: 256Mi , limits: 512Mi ). The pod is guaranteed the request amount, but can burst up to the limit. Killed second. Guaranteed — requests and limits are set to the same value. Kubernetes reserves exactly that amount of resources for the pod. Killed last. If your pods don't have resource configuration at all, they're running as BestEffort. And when the node hits memory pressure, BestEffort pods are the first to go — no questions asked. The Guaranteed class Setting your pod to the Guaranteed class is one line in your deployment config. Define requests and limits for both CPU and memory, and make them identical: resources : requests : memory : " 512Mi" cpu : " 500m" limits : memory : " 512Mi" cpu : " 500m" That's it. Kubernetes now knows this pod needs exactly 512 MiB of RAM and half a CPU core, and it reserves that capacity when scheduling the pod onto a node. If a node doesn't have 512 MiB available, the pod won't be placed there. An
AI 资讯
Meet the OpenAI Engineer Leading ChatGPT's Biggest Transformation Yet
Thibault Sottiaux helped make AI coding one of OpenAI’s fastest-growing businesses. Now he’s overseeing a sweeping overhaul of ChatGPT.
产品设计
Bluesky launches group chats, as company shifts focus to community features
Bluesky's latest feature is group chats, arriving amid a shift in focus on building features for smaller communities.
科技前沿
Grok Is Still Hosting Sexualized Deepfakes of Famous Women
A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician.
AI 资讯
How to make AI answer questions about your documents, by building RAG from scratch
In the previous post , we talked about context windows. The model has a fixed-size desk and everything has to fit on it at once. When too much is on the desk, things in the middle get missed. I ended that post with a promise: what if there was a way to give the model just the right piece, at the right time, from a document you've never even pasted in? That's this post. We're giving the model a search system. The problem: your document is too long You have a 2000-page document. An employee handbook, a product manual, internal documentation. You need one specific answer from it. You can't paste the whole thing into the model's context window. And even if you found a model with a window big enough, we learned what happens: attention degrades, things in the middle get missed, and the model answers confidently from the wrong section. So you need something different. A step that happens before the model sees anything. Something that finds the 2-3 paragraphs that actually answer your question, and passes only those to the model. That's retrieval. The full technique is called RAG: Retrieval-Augmented Generation . Search first, then generate. Three words, one loop Let's break the name down. Each word is a step. Retrieval. Go find relevant information. Think of it like checking the index of a textbook before diving into a chapter. You don't re-read the whole book. You find the right page first. Augmented. Add that retrieved info to the prompt. You're supplementing the model's built-in knowledge with fresh, specific context. Like handing someone a cheat sheet right before they answer a question. Generation. The model writes its response, but with the retrieved context sitting right there in the conversation. It generates an answer grounded in your actual data, not just its training. "Grounded" means the model has real evidence to point to. It's not guessing from memory. It's answering from something you gave it. The whole loop in one sentence: find the right chunks of informat
AI 资讯
How to Turn Any App into an MCP Server with MCPify
The AI landscape is shifting fast. Every week, a new agent framework, a new protocol, a new way for AI to interact with the world. But one thing has become painfully clear: most of our existing software was never built for AI agents to use. You have a SaaS product, a REST API, a database, maybe a frontend with useful actions. An AI agent cannot touch any of it without brittle browser automation or hand-written boilerplate. That is where MCPify comes in. MCPify is an open-source AI enablement compiler that transforms existing applications into AI-native, agent-operable systems. Instead of manually writing MCP server code for every tool you want an agent to use, you point MCPify at your codebase and it does the heavy lifting automatically. In this tutorial, I will walk you through turning any app into an MCP server using MCPify --- no prior MCP experience required. What Is MCP (Model Context Protocol)? Before we dive in, a quick refresher. The Model Context Protocol (MCP) is an open standard that defines how AI applications connect to external tools and data sources. Think of it as USB-C for AI agents --- a universal interface that lets any MCP-compatible client (Claude Desktop, Cursor, VS Code extensions, custom agents) talk to your services. An MCP server exposes tools that an AI agent can discover, inspect, and invoke at runtime. Building these servers manually for each endpoint, database query, or business workflow is tedious and does not scale. Enter MCPify: The MCP Server Generator MCPify ( https://github.com/amarnath3003/MCPify ) is an AI enablement compiler that scans your application and automatically generates a complete MCP server. It works by performing static analysis on your codebase --- frontend components, backend routes, API definitions, event handlers, and workflow logic --- and compiling that into MCP-compatible tools. Why MCPify stands out: Zero manual tool writing --- it discovers tools from your code automatically Permission-aware --- generated t