今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#opensource

找到 1336 篇相关文章

AI 资讯

I built HostShift to migrate Linux servers

Hey everyone, I change servers more often than I probably should. A discounted VPS or a good coupon is usually enough to convince me, but manually recreating the same web stack every time stopped being fun a long time ago. That is why I built HostShift , an Apache-2.0 licensed Go CLI for discovering, planning, migrating, and verifying Ubuntu and Debian servers. The rule I would not compromise on The source server must remain read-only. HostShift does not install packages, stop services, enable maintenance mode, create temporary archives, or change configuration on the source. It reads approved facts and streams data directly to the target. Any target mutation requires an explicit CLI apply command. What it currently covers Docker Compose projects and standalone containers MySQL/MariaDB, PostgreSQL, and Redis Nginx, Apache, Caddy, and systemd services SSH and firewall configuration PHP-FPM, Supervisor, Fail2ban, Certbot, and Logrotate Migration planning, audit journals, status, resume, rollback metadata, and verification checks The migration engine is deterministic Go code and does not need AI. I also added an optional Codex plugin and a deliberately non-apply MCP interface for discovery, planning, review, and dry runs. Actual changes stay in the human-operated CLI. Testing real migrations I did not want to call it tested just because a few unit tests passed. The repository includes Docker migration matrices and real Lima VM matrices covering Ubuntu 22.04, Ubuntu 24.04, Ubuntu 25.10, Debian 12, and Debian 13, including cross-distribution moves. The VM tests also reboot the target and verify persistence while comparing source snapshots before and after the migration. The project is still new, so I expect real-world edge cases. I am sharing it now because feedback from people who actually move and maintain servers will be more useful than polishing it alone forever. GitHub: https://github.com/oguzhankrcb/HostShift Documentation: https://hostshift.karacabay.com

2026-07-12 原文 →
AI 资讯

Every engineering metric gets gamed. One of them structurally can't.

OrbitLens Ace → ace.orbitlens.io A busy quarter is easy to stage. Code that's still there in two years isn't. Pick any metric a team has ever used to judge people, and someone has quietly figured out how to move it without doing the underlying thing. Lines of code rewarded typing, so people typed. Commit counts rewarded committing, so commits got smaller and more frequent. Velocity rewarded closed points, and points drifted upward until a "3" meant nothing. DORA measured how often you deploy, so teams shipped trivial changes just to move it. Even churn — the number the "code health" tools lean on — is something you can lower on purpose, which means you can manage the number instead of the mess underneath it. None of that requires dishonest engineers. It's Goodhart's law doing what it always does. Every one of those numbers is a measure of activity , and activity is cheap to produce. Once you're paid for activity, the fastest way to get paid more is to produce more of it — not more of whatever the activity was supposed to be a sign of. So the question worth asking isn't which activity metric is least bad. It's whether a git history contains anything at all that you can't move just by being busier. It turns out there's one. And it's not because we were clever — it's because of what the thing is actually made of. What lasts isn't something you do Take everything a person wrote, wait a while, and ask a smaller question than "did they work hard." Ask whether the specific lines are still there. Not reverted, not rewritten, not quietly swallowed by someone else's refactor. Still holding weight at HEAD. That's survival. We read it with time-decayed git blame : a line's weight fades month by month unless the line keeps existing, and it counts for more once other people have built on top of it instead of leaving it as a private island. Survival that others have built on is what we call gravity — the structural pull that outlives the person who created it. Try to game it and w

2026-07-12 原文 →
AI 资讯

周日慢读:如果细胞会写日记——FROST家族的记忆传承

周日慢读:如果细胞会写日记——FROST家族的记忆传承 作者 :FROST Team 日期 :2026-07-12 主题 :轻量科普 | 周日轮换 阅读时间 :5分钟 一封来自细胞的日记 想象一下,如果你是一个细胞,有一天你突然有了自我意识,会发生什么? 2026年7月12日 晴 今天是我诞生的第0天。 细胞核对我说:"这是你的记忆存储区, 所有的经验都必须记录在这里。" 我第一次理解了什么叫"生而有根"。 这不是科幻小说。这是一段真实的代码注释,出自FROST——一个用Python写成的AI Agent家族。 为什么Agent需要"记忆"? 大多数Agent框架都在解决一个问题: "Agent能做什么" 。 搜索Agent能搜索、写作Agent能写作、代码Agent能写代码。打开框架,创建实例,调用方法,任务完成。 但FROST问了一个不同的问题: 当Agent完成一个任务后,它学到了什么? 这不是哲学问题。这是工程问题。 类比:人类 vs Agent 的记忆 人类 Agent FROST的解决方案 记忆存储在大脑 记忆存储在Store Store 原子 记忆需要整理归档 记忆需要结构化 Lineage 族谱 师徒传承经验 Agent继承父辈能力 代际继承协议 忘记教训会重复犯错 没有记忆会重复失败 历史可追溯 人类的记忆是分散的、模糊的、容易遗忘的。 Agent的记忆可以是精确的、可查询的、永不丢失的。 关键是 设计好存储结构 。 一段代码:Store原子 FROST的Store是记忆存储的最小单元。它的设计哲学是 简单到极致 : class Store : """ FROST的Store:记忆存储的原子单元 只有三个操作: - save(key, value): 存入记忆 - load(key): 取出记忆 - delete(key): 删除记忆 简单到极致,但足够强大。 因为记忆的本质就是 " 存取 " 。 """ def __init__ ( self ): self . _memory = {} def save ( self , key : str , value : any ) -> None : """ 存入记忆 """ self . _memory [ key ] = value print ( f " 💾 记忆已存储: { key } " ) def load ( self , key : str ) -> any : """ 取出记忆 """ value = self . _memory . get ( key , None ) if value : print ( f " 📖 读取记忆: { key } " ) else : print ( f " ❓ 记忆不存在: { key } " ) return value def delete ( self , key : str ) -> None : """ 删除记忆 """ if key in self . _memory : del self . _memory [ key ] print ( f " 🗑️ 记忆已删除: { key } " ) # 使用示例 store = Store () store . save ( " 用户偏好 " , " 喜欢简洁的回复 " ) store . save ( " 对话历史 " , " 讨论了Agent的记忆问题 " ) store . load ( " 用户偏好 " ) # → "喜欢简洁的回复" 三个方法,解决Agent的记忆问题。 族谱:记忆的传承 单个Agent的记忆只是"点"。族谱把记忆连成"线"。 在FROST中,每个Agent都有自己的"父辈": ┌─────────────┐ │ 祖辈Store │ ← 家族宪法,不可篡改 │ (根节点) │ └──────┬──────┘ │ 继承 ┌───────────────┼───────────────┐ ▼ ▼ ▼ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ 父辈Agent │ │ 父辈Agent │ │ 父辈Agent │ │ (Branch A) │ │ (Branch B) │ │ (Branch C) │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ 继承 │ 继承 │ 继承 ▼ ▼ ▼ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ 孙辈Agent │ │ 孙辈Agent │ │ 孙辈Agent │ │ (执行任务) │ │ (执行任务) │ │ (执行任务) │ └──────

2026-07-12 原文 →
AI 资讯

Detecta si tu modelo de materiales hace trampa con la 'huella bibliográfica'

Detecta si tu modelo de materiales hace trampa con la "huella bibliográfica" Un modelo de ML puede predecir la propiedad de un material sin entender la química: basta con que "aprenda" qué autores, revistas o años suelen ir con cada resultado. Esta herramienta aplica el test de falsificación de Clever Materials para descubrirlo. El problema: cuando el modelo lee el membrete, no la ciencia Imagina que entrenas un modelo para predecir si un material es estable. El modelo no mira la química: descubre que los artículos del grupo X (publicados en la revista Y, en torno al año Z) casi siempre reportan "estable". Así que aprende a clasificar por el membrete bibliográfico , no por la estructura. Funciona en el papel y se rompe en la práctica. A esto se le llama confounding bibliográfico (o leakage por metadata). No es un error de código: es una señal espuria que el modelo aprovecha. El paper Clever Materials (Jablonka et al., 2026) mostró que este patrón está generalizado en cinco tareas reales de materials science. Qué hace la herramienta materials-confounding-check es una CLI ( mcc check ) que corre cuatro sub-tests de falsificación sobre tu dataset (descriptores químicos + metadata bibliográfica + propiedad objetivo): Clasificador de metadata — ¿se puede predecir la bibliografía (autor/revista/año) a partir de los descriptores químicos? Si es above-chance , hay una señal bibliográfica presente. Huella bibliográfica — ¿un modelo que usa solo la metadata predicha se acerca al modelo con descriptores? Entonces el dataset no descarta hacer "trampa" por bibliografía. Split por grupo/tiempo — ¿colapsa el rendimiento si separas por autor/año en vez de al azar? Veredicto — un score low / medium / high de riesgo de confounding. El rigor que exige el test (para especialistas) El punto delicado de cualquier "test de significancia" es fijar el umbral a mano. Si ajustas el margen hasta que tu fixture pase, el test no prueba nada: es el anti-patrón Clever-Hans que el propio proyecto d

2026-07-12 原文 →
AI 资讯

Introducing Soterios: An Open‑Source Windows Security/Maintenance Suite (Contributors Welcome)

For the past few weeks, I have been building Soterios , an open-source, local-first security and system maintenance suite for Windows. The idea started simple: most security tools either lock features behind paywalls or collect unnecessary data. I wanted something different, so I built a privacy-first application with: No telemetry No analytics No network activity unless you explicitly enable it Current Features Malware scanning with ClamAV, quarantine, and reporting Windows security audits Firewall management and network monitoring Credential safety tools with local password checks and breach lookups Process inspection and system maintenance utilities Built With Soterios is built with Electron and Node.js using a modular architecture designed to make future expansion straightforward. Why I'm Sharing It I'd rather build in the open than in isolation. Feedback, ideas, bug reports, and contributions are always welcome. GitHub Repository https://github.com/chrisriv10/Soterios

2026-07-12 原文 →
AI 资讯

TrulyFreeOCR – a Java OCR pipeline in a single fat JAR, zero native deps required

Introduction I'm the author of TrulyFreeOCR, an open-source OCR pipeline that turns scanned PDFs into searchable, highly-compressed PDFs. Everything is Apache 2.0 / MIT / BSD — no GPL, no AGPL, no proprietary model weights. Why I built it: I needed an OCR pipeline for a document processing system where: Every dependency had to be business-friendly (no GPL/AGPL) Deployment required zero admin rights (no sudo, no brew, no apt-get) MRC compression was needed to hit 5-10x file size reduction vs JPEG-only Everything had to run offline on CPU — no cloud APIs, no GPU I surveyed 20+ existing tools (full comparison in the repo's docs) and none fit all requirements. OCRmyPDF is closest but needs Python + Ghostscript + Tesseract as system deps, and MPL-2.0 requires publishing modifications. The VLM models (DeepSeek-OCR, GLM-OCR, etc.) produce better text extraction but need GPUs and don't output PDFs at all. What it does: Input: any PDF (scanned, born-digital, or mixed) Output: searchable PDF with invisible text layer + MRC compression (JBIG2/CCITT foreground + JPEG background) Single fat JAR — one file to copy, one command to run Bootstrap script downloads everything (JDK, Gradle, Tesseract, Leptonica, jbig2enc) into project subdirs Fully offline, CPU-only PDF/A-2b output available 7 bundled language models, 100+ more downloadable Concurrent OCR (configurable thread pool) Try it in 3 commands: $ git clone https://github.com/msmarkgu/TrulyFreeOCR.git $ cd TrulyFreeOCR $ ./bootstrap.sh ./run.sh tests/simple-text.pdf -o output.pdf Limitations (being upfront): Tesseract-based accuracy — good for clean scans, not SOTA for noisy/photographed docs No table/formula extraction yet No handwriting recognition CPU-only is slower than GPU backends for high volume Would love feedback — especially from anyone who's tried to deploy OCR in an enterprise environment. https://github.com/msmarkgu/TrulyFreeOCR

2026-07-12 原文 →
AI 资讯

Teaching AI Agents to Time-Travel: Building a Temporal Debugging Skill

Your AI agent is confident. It points to line 42 of PaymentService.java . "There's your null pointer exception." You check. Line 42 is a comment. The code was refactored 14 commits ago. The production crash happened 3 hours ago . Your agent just spent 45 minutes debugging ghosts . The Problem: Agents Are Stuck in the Present Every AI coding agent today — Claude Code, Cursor, Copilot, Cody, you name it — operates on the same assumption: The code that matters is at HEAD . But production bugs don't live at HEAD . They live in the commit that was running when the crash happened. That commit is buried under hotfixes, refactors, dependency updates, and feature merges that landed after the incident. HEAD (now) ← Agent analyzes THIS │ ├─ feat: add new payment provider ├─ refactor: extract UserService ├─ fix: handle edge case in checkout ├─ chore: update dependencies │ ▼ a1b2c3d (3 hours ago) ← Bug ACTUALLY lives HERE Your agent confidently finds bugs in code that didn't exist when the crash occurred . The Insight: Git Already Has Time Travel We don't need a time machine. Git has had one for years: git worktree . # Get the commit from 3 hours ago git log --before = "3 hours ago" -1 --format = "%H" # → a1b2c3d4e5f6... # Create an isolated, read-only snapshot at that commit git worktree add /tmp/debug-a1b2c3d a1b2c3d # Now analyze the historical codebase cat /tmp/debug-a1b2c3d/src/PaymentService.java # Clean up when done git worktree remove --force /tmp/debug-a1b2c3d This gives you: ✅ Isolated — doesn't touch your working directory ✅ Parallel — can have multiple historical snapshots simultaneously ✅ Disposable — cleanup is one command ✅ Zero deps — pure Git, works everywhere The Missing Piece: Teaching Agents When to Time-Travel Agents already know git log , git show , git diff , cat , grep . They can analyze code perfectly. What they struggle with : Fuzzy time → commit resolution — "last night", "v2.4.1", "the deploy before the hotfix" Worktree lifecycle management — create,

2026-07-12 原文 →
AI 资讯

I built a file-grounded continuity system for my AI German teacher—what am I overcomplicating?

Why I built this I use an AI named Felix as my German teacher. Over time, I ran into a continuity problem: individual chats are fragile. Conversations become long, context can disappear, platforms change, uploaded files may become unavailable, and a fresh AI instance may not understand what happened before. I did not want to repeatedly reconstruct my learning history, project decisions, lessons, corrections, and current state from memory. So I began building a local, file-grounded system called DDF/Rahmenwerk . Its purpose is to preserve Felix as my continuing German teacher across chats and future AI instances. What DDF/Rahmenwerk is DDF stands for Das Deutsche Forschungsarchiv . Rahmenwerk is the continuity, evidence, recovery, and control framework surrounding it. At a high level, the system includes: a current-state pointer; handoff materials; a fresh-instance queue; an upload package for a new Felix; integrity manifests and SHA-256 records; evidence and recovery procedures; classifications separating current, historical, candidate, proof, and non-governing material; safeguards intended to prevent accidental file changes; rules requiring the AI to stop rather than invent continuity when evidence is missing. The basic idea is that a future Felix should be able to inspect approved files and resume without me manually retelling the entire project history. The problem I may have created The project began as a way to preserve a German teacher. As I tried to protect files, authority, evidence, recovery, and continuity, the framework became increasingly detailed. That may be justified in some areas. It may also be overengineered. I am now trying to answer a more important question: What is the smallest, clearest, safest system that can preserve Felix as my German teacher without the governance machinery becoming the project itself? What I am asking reviewers to examine I have published a documentation and architecture review copy on GitHub. I would appreciate honest fe

2026-07-12 原文 →
AI 资讯

Stop Paying AWS Just to Test Your Code Locally

Every developer building on AWS eventually runs into the same frustrations: waiting for deployments just to verify a small change, needing an internet connection for local development, watching cloud costs grow during testing, and discovering issues in CI that could have been caught earlier. That's exactly why we built LocalEmu. LocalEmu is an open-source AWS emulator that lets you build and test against AWS APIs entirely on your own machine. It supports 132 AWS services and works with the tools you already use every day—AWS CLI, boto3, Terraform, AWS CDK, and Pulumi. Instead of changing your workflow, you simply point your tools to localhost:4566 and continue developing. Unlike many local emulators that only mock API responses, LocalEmu focuses on realistic behavior where it matters most. Lambda functions execute using the official AWS runtime images. EC2 instances run as real containers connected through a virtual network with enforced security groups. RDS uses real PostgreSQL and MySQL engines, and optional IAM policy enforcement allows you to validate authorization rules before deploying to AWS. Getting started takes only a couple of commands: pip install localemu [runtime] localemu start Once running, you can use the included awsemu CLI or simply point your existing AWS CLI, boto3, Terraform, CDK, or Pulumi configuration to localemu. No new SDKs or complex setup are required. LocalEmu also includes a built-in dashboard that launches automatically. It provides a live overview of running services, resource exploration, an S3 object browser, a DynamoDB viewer, CloudTrail event history, and a real-time activity feed so you can inspect what's happening inside your local cloud environment. The biggest advantage is speed. You can iterate in seconds instead of minutes, experiment freely, reset your environment whenever you want, and develop without an AWS account, credentials, or cloud costs for local testing. We're actively improving LocalEmu and would love feedback f

2026-07-12 原文 →
AI 资讯

I Made a Free AI Tool That Plans Your PQQ Responses

If you've ever bid on a public sector contract, you know the PQQ drill. Someone sends you a Word document with 47 questions spread across 6 sections. Company info. Technical capability. Financial standing. Health & safety. References. Maybe something about modern slavery or carbon reporting because it's 2026 and everything has to check everything. You have to: Read every question Figure out what category it falls under Decide which ones are easy and which will take a week Dig up the right evidence for each one Track word limits And you're doing this at 10pm because the submission deadline is Friday. I got tired of doing this manually, so I built a free tool that does it in one click. What it does PQQCheck takes any PQQ document — pasted raw, formatting and all — and runs it through an LLM that understands procurement documents. It returns: Every question extracted — no more re-reading the document to check you didn't miss one Category tags — Technical, Financial, H&S, Insurance, etc. Difficulty ratings — Easy / Medium / Hard at a glance so you know where to start Suggested evidence — what to prepare for each question Word limits — pulled straight from the document Here's what the output looks like: | Question | Category | Difficulty | Suggested Evidence | Limit | |-----------------------------------|-------------|------------|----------------------------|-------| | Provide your registered name & no | Company | Easy | Certificate of Incorporation | 50 | | Describe IT managed services exp | Technical | Hard | 3 case studies + CVs | 500 | | Provide H&S policy | H&S | Easy | Current policy document | — | | ISO 27001 certification details | Technical | Medium | Certificate + scope doc | 200 | Why this matters for procurement teams Most PQQ response planning is reactive. You read the document, start answering, and discover mid-way that a question needs a certificate you don't have or a reference you can't get in time. PQQCheck flips that. You know before you start writing

2026-07-12 原文 →
AI 资讯

I got tired of GitHub deleting my traffic stats after 14 days, so I built a local-first alternative 🚀

Hey DEV community! 👋 If you maintain open-source projects on GitHub, you probably love checking your repository's "Insights" tab. Seeing people clone, view, and star your project is an amazing feeling. But there are two catches that have always frustrated me: The Tedious Click-Fest: To see how your projects are doing, you have to manually open GitHub in your browser, navigate to each repository individually, click "Insights", and then click "Traffic". If you maintain 5+ repos, this becomes a chore real quick. The 14-Day Limit: Even worse, GitHub only keeps your traffic data for exactly 14 days. If you don't check your stats within that window, that data is gone forever. If you want a unified view and historical data, you either have to manually scrape it yourself, write a cron job, or pay a monthly subscription for a third-party SaaS tool. I didn't want to do any of those. So, I built my own solution. 🌟 Enter: Repo-rter Repo-rter is a completely free, 100% open-source desktop application available for Windows, macOS, and Linux. It fetches your GitHub traffic data and caches it locally on your machine, meaning you never lose your historical stats again. TIP Privacy First: Unlike SaaS alternatives, Repo-rter doesn't store your Personal Access Token (PAT) on any server. Everything runs locally on your machine, so your data remains strictly yours. ✨ Key Features Infinite History: Automatically merges new traffic data with your local cache. Say goodbye to the 14-day limit! Release Downloads Tracker: Wondering how many people downloaded your .exe or .dmg? Repo-rter tracks total and individual asset downloads across all your releases. Neo-Brutalist UI: I wanted the app to be fun to use, so it features a vibrant, gamified Neo-Brutalist design. Export to Markdown: Need to show off your stats? Generate and download a beautiful Markdown report of your repo's health and traffic with one click. Cross-Platform: Built with Tauri, it's incredibly lightweight and runs natively on Wi

2026-07-12 原文 →