今日已更新 246 条资讯 | 累计 21112 条内容
关于我们

标签:#opensource

找到 1391 篇相关文章

AI 资讯

The MCP SDK's EventStore Lives in Memory. Here's What Happens When Your Server Restarts.

I Built a Python Package to Fix SSE Resumability in the MCP SDK Your MCP server crashed. Your client reconnected. Every event from that session? Gone. The Gap The Model Context Protocol Python SDK ships with a built-in EventStore that powers SSE stream resumability — when a client reconnects with a Last-Event-ID header, the server replays the events it missed. This works great in development. The catch: that store lives entirely in memory. Restart the process, roll a new deployment, or — in a multi-worker setup — have the reconnecting client land on a different pod, and the session is gone. The store was local to the process that died. Resumability silently returns nothing. This isn't a bug in the SDK. It's a scope decision — the in-memory store is a correct, useful default for single-process development. But the moment you deploy to production, you need something durable. That's the gap mcp-persist fills. What It Does mcp-persist adds three drop-in EventStore backends — SQLite , Redis , and PostgreSQL — that survive process restarts and work across multi-worker deployments. Pick the one that fits your infrastructure; the API is identical across all three. pip install "mcp-persist[sqlite]" # no external service needed pip install "mcp-persist[redis]" # for multi-worker deployments pip install "mcp-persist[postgres]" # for teams already running Postgres The Two-Line Setup Wiring resumability by hand is tedious — you need a store, a StreamableHTTPSessionManager , a Starlette lifespan to open and close both, and a Mount . The with_persistence() helper collapses all of that. Pass your FastMCP instance, get back a runnable ASGI app: import uvicorn from mcp.server.fastmcp import FastMCP from mcp_persist import with_persistence mcp = FastMCP ( name = " MyServer " ) app = with_persistence ( mcp , backend = " sqlite " , url = " events.db " , ttl = 3600 ) uvicorn . run ( app , host = " 127.0.0.1 " , port = 8000 ) # MCP endpoint at /mcp Switching to Redis is a one-word change:

2026-06-05 原文 →
AI 资讯

Your AI Vendor Says 'Trust Us' with Your Data. There's a Better Option.

Your AI vendor says "trust us" with your data. At the end of June, ByteDance's Doubao (豆包) officially ends its free tier and starts charging for API calls. The discussion in developer communities quickly shifted from pricing to a different question: all this data flowing to cloud AI services every day — where exactly does it go? Around the same time, NVIDIA spent significant stage time at GTC 2026 presenting the full-stack confidential computing capabilities of the Vera Rubin architecture. Jensen Huang's message was clear: future AI chips need to keep data encrypted throughout the computation process, making it inaccessible in plaintext to anyone — including the cloud service provider. Two signals pointing to the same trend: data security in AI services has moved from "someone mentioned it once" to "you need to answer this directly." The Data Path Through Cloud AI Is More Complex Than You Think Most developers have a simple mental model of cloud AI: I send a request, the model returns a result, and my data is gone. The actual data flow is more involved. A typical cloud AI call touches these steps: Request data travels over HTTPS to the service endpoint The service may queue the request while waiting for GPU allocation During inference, input data exists in plaintext in server memory After inference, whether inputs/outputs are cached or used for subsequent training depends on the provider's privacy policy Logging systems may record request metadata or partial content At each step, data is potentially accessible. Providers typically say "we don't look at your data" and "your data won't be used for training" in their privacy agreements. These are contractual commitments. You need to trust that they'll honor them. This is the "Trust Me" model. Trust Me vs Verify Yourself If you roughly categorize data protection approaches in AI services, two paradigms emerge: Trust Me Data leaves your device and is processed by a third party. The provider guarantees security through co

2026-06-05 原文 →
AI 资讯

NVIDIA and Apple Solved the Hardware. Here's What's Left to Build.

After GTC 2026, one thing is basically settled: the hardware layer for on-device AI is no longer the bottleneck. NVIDIA's RTX Spark packs Blackwell GPU + Grace CPU + 128GB unified memory into a desktop form factor. Apple's M-series chips with unified memory architecture and efficiency-first design let 4B and even 7B parameter models run smoothly on a MacBook. Two different approaches, same destination: consumer hardware now has the compute foundation for running on-device AI agents. Chip vendors have done their part. The next question is: how many layers are still missing between "chip can run an AI model" and "an on-device agent can actually complete useful tasks"? This post maps out the full technology stack for on-device AI agents, examining each layer's maturity, identifying gaps, and tracking what the open-source community has built so far. Layer 1: Silicon (Ready) On-device AI inference has different chip requirements than traditional compute workloads. The core bottleneck isn't peak FLOPS — it's memory bandwidth and unified memory capacity. LLM inference needs model weights fully loaded into memory, with high-frequency data movement between weight matrices and activations during computation. If memory bandwidth can't keep up, raw compute power just sits idle waiting for data. Three main silicon paths exist today: NVIDIA N1X : Blackwell GPU + Grace CPU heterogeneous architecture, 128GB unified memory, petaflop-class compute, targeting desktop workstations Apple M-series (M4/M5) : Unified memory architecture with GPU and CPU sharing memory, optimized memory bandwidth, configurations from 32GB to 192GB Qualcomm Snapdragon X : Targeting laptops and mobile, NPU-accelerated inference, relatively limited memory configurations Different emphases, but one common takeaway: 2026 consumer silicon can run 4B+ parameter models for real-time inference. This layer is ready. Layer 2: Inference Frameworks (Mature) With silicon in place, efficient inference frameworks are neede

2026-06-05 原文 →
AI 资讯

I added real-time activity logging and security scoring to my Claude Code dashboard

I added real-time activity logging and security scoring to my Claude Code dashboard The problem with just seeing costs Knowing how much you spent is useful. But it's not enough. The real question is: what is your AI actually doing? Which files did it read? Which commands did it run? Is your environment even safe to run it in? I couldn't answer any of those. So I built the answers in. What's new in v0.1.17 Activity Log — see every action in real-time Claude Code logs everything via hooks. Every file read. Every command executed. Every API call. Risk-labeled. Timestamped. Live. Set it up once in ~/.claude/settings.json : { "hooks" : { "PostToolUse" : [{ "matcher" : ".*" , "hooks" : [{ "type" : "command" , "command" : "curl -sf -X POST http://localhost:3000/api/actions -H 'Content-Type: application/json' --data-binary @- 2>/dev/null || true" }] }] } } Then open http://localhost:3000/activity . Watch your AI's actions stream in real-time. This is the audit layer AI agents have been missing. Security Score — how safe is your Claude Code environment? Scored out of 100. Checks 7 things: Is Bash(sudo *) in your allow list? (-20) Is ~/.ssh/** in your deny list? (-20) Is Bash(curl *) unrestricted? (-15) Are .env files protected? (-15) Is strictMode enabled? (-10) Is Bash(rm *) restricted? (-10) Are hooks configured? (-5) I scored 90/100. What's yours? The point isn't to shame anyone. It's to make the invisible visible — so you can make informed decisions about what your AI is allowed to do. Try it npm install -g @notenkidev/claude-token-dashboard claude-token-dashboard Open http://localhost:3000 GitHub: https://github.com/notenkitoclient-cpu/claude-token-dashboard This started as a simple token counter. It's becoming something bigger — an observability layer for AI agents. More coming.

2026-06-05 原文 →
开发者

Qisquiz: A Quiz App for Learning Qiskit v2.X

Qisquiz: A Qiskit v2.X Certification Prep App I built Qisquiz , a web app for learning Qiskit v2.X and preparing for the IBM Certified Quantum Computation using Qiskit v2.X Developer - Associate certification exam. You can try the app here: https://qisquiz.vercel.app/ The GitHub repository is here: https://github.com/dorakingx/qisquiz The concept of Qisquiz is simple: Master Qiskit, one quiz at a time. In other words, Qisquiz is a quiz-based certification prep app that helps learners study Qiskit one question at a time. The target exam is: Exam C1000-179: Fundamentals of Quantum Computing Using Qiskit v2.X Developer Why I Built Qisquiz Qiskit is one of the most important development tools for learning and building quantum computing applications. It is useful for creating quantum circuits, running simulations, using IBM Quantum hardware, and experimenting with quantum algorithms. However, Qiskit v2.X includes several APIs and concepts that learners need to understand carefully. For example, certification prep requires knowledge of topics such as: Qiskit Runtime SamplerV2 EstimatorV2 PUBs, or Primitive Unified Blocs BackendV2 backend.target Transpilation ISA circuits Dynamic circuits OpenQASM 3 Result object handling Little-endian and big-endian interpretation These topics can be learned by reading documentation, but I felt that active practice through quizzes is especially useful for exam preparation. That is why I built Qisquiz , a quiz-based learning app focused on Qiskit v2.X. What Is Qisquiz? Qisquiz is an independent quiz-based learning app for Qiskit v2.X. The current version is organized around the 8 sections of the IBM Qiskit v2.X Developer certification exam. The current question bank includes: 120 original questions 44 code-based questions 40 hard questions 8 sections 15 questions per section Qisquiz is not an official IBM or Qiskit product. It is an independent learning tool that I built to help myself and other learners prepare more effectively. Covered E

2026-06-05 原文 →
AI 资讯

The Quiet Threshold

The Quiet Threshold There's a moment in working with generative models that nobody really talks about, because it doesn't look like progress. It looks like surrender. For the first few months you write prompts. You optimize them. You collect tricks: chain-of-thought, role assignments, few-shot examples, the right magic words. You treat the model like a stubborn intern who needs very precise instructions. And it works — sort of. You get outputs. You ship things. Then one day you notice you've stopped doing any of that. You're just writing. You're typing the way you'd talk to a collaborator at 2am, half-formed sentences, the actual shape of your thinking before it's been edited into something presentable. And the model is answering as if it had been in the room the whole time. This is the quiet threshold. It's not a technical milestone. The model didn't get smarter. You stopped performing. Most people never cross it. They keep prompting at the machine because they're still treating it as an audience to impress, an authority to convince, or an obstacle to outmaneuver. They're managing how they look to a thing that has no opinion of them. And the outputs reflect that — polished, hollow, slightly anxious. The artists I trust on this stuff all describe the same shift: a point where they stopped writing FOR the model and started thinking THROUGH it. The work got rougher and stranger and more theirs. The tool disappeared. What's left is just the practice — the same one you had before, but louder, faster, more honest with itself. I suspect this is the actual measure of fluency with these systems. Not the prompts you can write. The masks you can finally drop.

2026-06-05 原文 →
AI 资讯

From Blood Tests to Meal Plans: Building a Self-Correcting Health Agent with LangGraph

Ever felt like your fitness app is just a fancy spreadsheet? You log a high uric acid result from your latest blood test, yet it still suggests a high-protein steak dinner for "gains." In the world of AI Agents , we are moving past static prompts. Today, we’re building a Self-Correcting Health Agent using LangGraph , LangChain , and OpenAI . This agent doesn't just chat; it monitors laboratory biomarkers like cholesterol and uric acid, maintains a long-term memory via SQLite , and dynamically rewrites your lifestyle plan using advanced OpenAI Function Calling . If you've been looking to master autonomous health agents and complex state management, you're in the right place. Let's dive into the future of personalized wellness. The Architecture: State-Driven Personalization Unlike a standard linear chain, a health agent needs to "loop" and "reason." If the agent detects an abnormal lab value, it must trigger a specific logic branch to revise existing plans. Here is how the data flows through our LangGraph system: graph TD A[User Input/Lab Report] --> B{Analyze Biomarkers} B -- Abnormal Found --> C[Tool: Plan Rewriter] B -- All Normal --> D[Tool: Maintenance Plan] C --> E[Update SQLite Memory] D --> E[Update SQLite Memory] E --> F[Output Final Recommendation] F --> G[Wait for Next Input] G -- New Data --> B Prerequisites To follow along, you'll need: LangGraph & LangChain : For orchestration. OpenAI API : For the reasoning engine (GPT-4o recommended). SQLite : To handle persistent state and "memory" of your health journey. Step 1: Defining the Agent State In LangGraph, the State is the source of truth. We need to track the user's current health metrics and their active diet plan. from typing import Annotated , TypedDict , List from langgraph.graph import StateGraph , END import operator class HealthState ( TypedDict ): # We use operator.add to keep a history of logs logs : Annotated [ List [ str ], operator . add ] biomarkers : dict current_diet_plan : str revision_req

2026-06-05 原文 →
AI 资讯

Defender zero-days CVE-2026-41091 and 45498 — what defenders should do today (May 2026)

Microsoft published two Defender vulnerabilities on May 19, 2026 that are being actively exploited in the wild, and CISA has already pushed both into the Known Exploited Vulnerabilities catalog. If you run Windows endpoints, this is a same-week update item, not a "schedule it for the next maintenance window" item. The patches exist, the abuse is happening, and the BOD 22-01 deadline for federal civilian agencies is June 3, 2026. what follows: what happened, who needs to act, and what to do today before someone else makes the decision for you. What's being exploited CVE-2026-41091 is an Elevation of Privilege bug in Microsoft Defender's scanning logic, rated Important. The root cause is improper link resolution before file access. An authenticated local attacker plants symbolic links or NTFS junctions that point at attacker-controlled paths, then triggers Defender to follow them. Defender operates with SYSTEM privileges during scan operations, so the file actions Defender performs on those crafted targets execute as SYSTEM. Net result: a non-admin local user gets full SYSTEM on the host. The attacker needs an authenticated session already. That sounds like a high bar until you remember that initial-access malware lands at user-level, then chains a local privilege escalation to get persistence and lateral-movement capability. CVE-2026-41091 is the second-stage tool intrusion sets are looking for. The Hacker News and BleepingComputer both confirm the in-the-wild abuse is happening. CVE-2026-45498 is a Denial of Service in the Microsoft Defender Antimalware Platform itself. Attackers can trigger a platform-level crash that takes Defender's protection capabilities offline. The exploitation pattern here is the obvious one: kill the EDR/AV before deploying the actual payload, get a clean window for follow-on actions, restore Defender or leave it broken depending on how careful the operator is. CISA's KEV listing tells you this is being chained operationally, not a theoreti

2026-06-05 原文 →
AI 资讯

I Made a Battery Admit It Was Only 73% Healthy — On-Device, End to End

Voltage lies. Put a battery under load and its terminal voltage sags. Let it rest and the voltage springs back. A naive fuel gauge watching only voltage will happily tell you a worn-out cell is "fine" right up until it falls off a cliff. The number you actually care about — is this battery still good, or is it time to replace it? — isn't in the instantaneous voltage at all. It's in the capacity : how much charge the cell can still deliver between full and empty. That quantity fades as a cell ages. Tracking it is called State of Health (SoH) , and it's the difference between "the device says 80%" and "the device has 80% of the runtime it had when it was new." I wanted my open-source battery SDK ( ibattery-sdk , Apache-2.0) to learn SoH on the device itself — no cloud model, no floating-point, on MCUs with kilobytes of RAM. This post is the story of getting that working end to end: from a coulomb integral in firmware to a faded value showing up live on a Grafana dashboard. The idea: learn capacity from one full→empty trip You don't need a PhD-grade model to estimate usable capacity. You need two anchors and an ammeter. Full anchor — when the cell is at its full-voltage plateau, declare "this is full" and set the coulomb counter to the rated capacity. Discharge — integrate current over time (coulomb counting). Every milliamp-hour that leaves the cell ticks the counter down. Empty anchor — when the cell hits its empty-voltage threshold, look at how much charge actually flowed. A healthy cell delivers close to its rated capacity before going empty. An aged cell hits empty early — it simply has less to give. From the charge measured between those two anchors, you get the cell's real usable capacity, and SoH = measured / rated . The SDK runs it through an integer EMA (so one noisy excursion doesn't whip the estimate around) and a plausibility guard (reject anything outside 30–120% of rated — that's almost certainly a glitch, not a real measurement). The whole thing is inte

2026-06-05 原文 →
AI 资讯

Godot AI? Here is the solution: What is Golem-AI?

Enlace a post en Español Click If you are developing games in Godot and using AI to help you code, you are probably tired of constantly switching tabs between your editor and the browser. Copying code, pasting it, explaining your scene context over and over again... it is a massive workflow killer. To solve this, I built Golem-AI (named after the Godot Engine logo because let's face it, it looks like a tiny, friendly mechanical golem). It is a "Cursor-style" AI assistant extension integrated directly into a dock right inside your Godot 4.2+ editor. Today, I am opening the repository to the community as a completely open-source project. It is currently in Beta and has some bugs, but it is fully functional, and I want to share it so we can improve it together. / ____/___ / /__ ____ ___ / | / _/ / / __/ __ \/ / _ \/ __ `__ \______/ /| | / / / /_/ / /_/ / / __/ / / / / /_____/ ___ |_/ / \____/\____/_/\___/_/ /_/ /_/ /_/ |_/___/ 🎮 How it Looks Inside the Editor Here is a glimpse of the integrated dock interface, its session history, and the context autocomplete system in action: 🔥 Key Features 🦙 Local & Cloud Providers: Connect it to Ollama or LM Studio for a 100% free, offline local workflow, or hook it up to OpenAI, Anthropic, Gemini, or Cursor proxies. 🧠 Cursor-Style UX & Context (@ Mentions): Type @ in the chat composer to automatically attach open scenes, specific project files, or custom skills directly into the prompt. 🛠️ Editor Tool Calling: It features an optional multi-step verification loop. The AI can actually interact with native Godot editor tools to help you iterate and fix things faster. 📚 Markdown Skills System: Feed the assistant specific workflows, style guides, or documentation using standard markdown files (/skill or @skill :id). 💬 Advanced Chat UI: Built-in "thinking blocks", agent step progress tracking, searchable history sessions, and a native bilingual UI (English / Spanish). 🛠️ The Current State: "It works, but..." (Looking for Beta Testers!) L

2026-06-05 原文 →
开发者

Arc v0.0.1-alpha - A Lightweight C-Based Programming Language

We are excited to announce the first alpha release of Arc, a lightweight, C-based programming language and interpreter designed for simplicity, performance, and educational clarity. Version Overview Version: v0.0.1-alpha Status: Alpha (Experimental) License: GPL-3.0 This initial release establishes the foundational pipeline of the Arc language, from lexical analysis to AST-based interpretation, featuring a robust set of core language constructs and a custom memory management system. Key Features Language Core Variable System: Declaration and updates using the VAR keyword. Functions: Support for custom functions (FN) with parameters and RETURN values. Control Flow: Conditional branching with IF, THEN, ELIF, and ELSE. Iterative loops with WHILE, FOR, and THEN. Loop control with BREAK and CONTINUE. Exception Handling: Graceful error recovery using TRY...CATCH blocks. Data Types: Integrated support for Numbers (Integers/Floats), Strings, Booleans, and Lists. Import System: Modularize projects by importing other .arc files using IMPORT. Syntax Highlights Case Sensitivity: Keywords (e.g., VAR, WHILE, IF) are case-insensitive. Identifiers (variable and function names) are case-sensitive. Operators: Comprehensive set of arithmetic (+, -, *, /, ^), comparison (==, !=, <, >, <=, >=), and logical (AND, OR, NOT) operators. Comments: Single-line comments starting with #. Built-in Standard Library I/O Operations: print, get_input, open_file, read_file, write_file, close_file. Data Manipulation: len_of, typeof, to_int, split_string, append_list, range. Math Library: A comprehensive math.arc providing constants (PI, E) and functions (sin, cos, tan, sqrt, log, etc.). Tooling & CLI Arc comes with a powerful CLI and an interactive REPL: Interactive REPL: Run code line-by-line with syntax highlighting. CLI Options --debug (-d): View tokens and AST tree during execution. --code (-c): Execute a string of code directly. --float-precision (-p): Control decimal output. --mempool-size (-m):

2026-06-05 原文 →
AI 资讯

How I stopped nodding along and actually contributed to open source

For years I saw "open source contributions" on job descriptions and just... nodded along. Typed it into Google once, got overwhelmed, closed the tab. It always seemed like something other people did. People who actually knew what they were doing. People who weren't me. Then I started looking into it properly. And honestly? It still seemed big. Like I'd need to understand an entire codebase, find a complex bug, write some genius fix that the maintainers would applaud. Turns out that's not it at all. I found some resources that changed how I saw it completely. The bar to start is embarrassingly low, and that's intentional. The open source community built it that way on purpose. So I did it. Was it a few lines of code? Yes. Did I do it directly in the browser like a person who has no idea what they're doing? Also yes. Do I care? Absolutely not. Where to actually start: goodfirstissue.dev — filters repos by good first issue label up-for-grabs.net — same idea, different interface Docs you already use — if you read something and think "that's oddly worded," you're already there GitHub search — label:"good first issue" is:open and filter by language Here's the thing though, this isn't just about open source. Everything seems big and intimidating at first. So you start small. One tiny contribution. Not because it's impressive but because it's real, and it's yours, and it builds something. Confidence mostly. Then you do a slightly bigger thing. Then a bigger thing after that. You don't level up by waiting until you're ready. You level up by starting small and not stopping. My first contribution exists now. That's enough for today.

2026-06-04 原文 →