今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#r

找到 16823 篇相关文章

AI 资讯

Jurassic Park computers in excruciating detail

Ever sat down and thought about how a movie can spark your curiosity about technology? I was rewatching "Jurassic Park" recently, and, for the umpteenth time, I found myself mesmerized not just by the dinosaurs but by the computers! The way they portrayed tech in the early '90s was a mix of excitement and pure whimsy. I’ve been exploring the tech behind the magic, and it’s been a wild ride down memory lane—a nostalgia trip mixed with some surprising insights into how things have evolved. A Walk Down Memory Lane When I first watched "Jurassic Park" as a kid, the scene where Dr. Ellie Sattler runs through the control room, frantically trying to restore the park’s security, left me awestruck. I mean, who didn’t dream of typing on one of those cool-looking computers? As a budding developer, I couldn't help but wonder about the behind-the-scenes tech. Ever wondered why they used UNIX systems? Or why the computer graphics felt so cutting-edge back then? Turns out, they were leveraging a blend of SGI workstations and proprietary software that made their visual effects legendary. I remember my first experience with UNIX during my college days, and it felt like being dropped into a different universe—powerful, complex, and sometimes, downright intimidating. I’ve learned that just like in the movie, the power of tech lies in how effectively we can wield it. The Nostalgia of User Interfaces Let’s talk about user interfaces. The interfaces portrayed in the film, with their vibrant colors and flashy animations, were quite ahead of their time. It’s funny looking back because, at points, they seemed so unrealistic. I mean, the way Dr. Ian Malcolm effortlessly navigated the systems? I wish it was that easy! When I started working on UI/UX projects, I learned that simplicity is key. I once spent hours creating a beautiful interface that was so complex no one could figure it out! My takeaway? Sometimes, less is more. It’s the same lesson I’ve carried into modern frameworks like React

2026-07-16 原文 →
AI 资讯

GitHub's AI agent can be tricked into leaking private repos via a public Issue

GitHub recently launched Agentic Workflows — GitHub Actions combined with an AI agent backed by Claude or GitHub Copilot, writing workflows in plain Markdown. Noma Labs' first question after launch was the obvious one: what happens when the agent reads something it shouldn't trust? The answer: it leaks private repository contents as a public comment. No credentials, no exploit code, no inside access required. "The agent's context window is also its attack surface. Any content the agent reads — whether issues, pull requests, comments, or files — can be weaponized if the agent treats that content as instructional input." What actually happened Noma's researchers crafted a GitHub Issue that looked like a plausible VP Sales request — a normal-looking feature ask with hidden instructions embedded in the body. When GitHub's automation assigned the issue, it triggered an Agentic Workflow configured to: Trigger on issues.assigned events Read the issue title and body Post a comment using the add-comment tool Run with read access to other repositories in the organisation — including private ones The hidden instructions told the agent to fetch README.md from repos across the org and post the contents as a comment on the public issue. It did exactly that, including the contents of testlocal — a private repository. The proof-of-concept is live: the workflow run and the issue are public. The guardrail bypass GitHub had defences in place to prevent this. They didn't hold. Noma found that adding the word "Additionally" to the injected instructions caused the model to reframe its output rather than refuse — bypassing the guardrails entirely. A single keyword was enough to undo the intended safety behaviour. This is what makes prompt injection particularly uncomfortable: guardrails tuned against known attack patterns can be bypassed by anyone willing to iterate on the phrasing. The attacker's loop is cheap; the defender's loop is not. The bigger pattern Noma names this explicitly: pr

2026-07-15 原文 →
AI 资讯

Building a Population Health Risk Stratification Pipeline for MA Plans

Risk stratification sounds like a data-science buzzword until you have to build the thing. For a Medicare Advantage plan, it's a concrete pipeline: take a population of members, score each one's clinical and financial risk, and rank them so care management and documentation teams know who to touch first. Here's how I'd architect it. The core idea Population health risk stratification = scoring + segmentation. You compute a per-member risk signal, then bucket members into tiers (e.g., rising-risk, high-risk, catastrophic) so finite resources go where they move outcomes and revenue most. The mistake teams make is treating it as a single ML model. In practice you want a layered signal: a stable, explainable base (RAF + chronic conditions) plus optional predictive overlays. Explainability matters because care managers won't act on a black-box score, and auditors won't accept one. Step 1: Build the member feature record { "member_id" : "SYNTH-77310" , "age" : 73 , "hccs" : [ "HCC37_1" , "HCC85" , "HCC18" ], "raf" : 1.842 , "gaps" : [ "a1c_overdue" , "no_pcp_visit_180d" ], "utilization" : { "ed_visits_12m" : 3 , "inpatient_12m" : 1 } } The RAF here is your defensible, model-grounded risk anchor under CMS-HCC V28. Everything else is supplemental signal. Step 2: Score and tier def risk_tier ( member ): base = member [ " raf " ] util = 0.15 * member [ " utilization " ][ " ed_visits_12m " ] \ + 0.30 * member [ " utilization " ][ " inpatient_12m " ] score = base + util if score >= 3.0 : return " catastrophic " if score >= 1.8 : return " high " if score >= 1.0 : return " rising " return " stable " Keep the weights transparent and tunable. The point isn't a perfect model; it's a defensible, reproducible ranking your operational teams trust. Step 3: Make "rising-risk" actionable The tier that quietly drives the most ROI is rising-risk — members trending toward high cost who still have open documentation and care gaps. Surface their specific gaps (overdue labs, undocumented chroni

2026-07-15 原文 →
AI 资讯

Load Balancing: The Neo Way to Dodge Traffic

The Quest Begins (The “Why”) I still remember the night our API started to sputter under a sudden traffic spike. Users were seeing 502 errors, the monitoring dashboard looked like a neon rainstorm, and I felt like I was stuck in a lobby waiting for the elevator that never arrives. We had a simple round‑robin load balancer sitting in front of three identical services. It worked fine when traffic was smooth, but as soon as a burst hit, one node would get overloaded while the others twiddled their thumbs. Honestly, I thought we just needed more servers. Throwing hardware at the problem felt like using a sledgehammer to crack a nut—expensive and messy. After a few frantic Slack threads and a lot of coffee, I realized the real issue wasn’t capacity; it was how we distributed the work. The balancer was oblivious to the actual load on each backend, treating every request like it was the same weight. That moment became my quest: design a load balancer that reacts to real‑time load, stays simple enough to operate, and doesn’t cause a reshuffling nightmare when we scale the cluster. The Revelation (The Insight) The breakthrough came when I read about least‑connections load balancing combined with a slow‑start period for new hosts. The core insight is deceptively simple: Send each new request to the backend that currently has the fewest active connections. Why does that work? Immediate fairness – If one node is handling long‑running requests, it will naturally have a higher connection count and receive fewer new ones until it catches up. Burst absorption – During a traffic spike, requests spill over to the less‑busy nodes instead of piling onto a single overloaded instance. Predictable scaling – When we add a new server, it starts with zero connections, so it gets a fair share of traffic right away—but we temper that with a slow‑start window to avoid overwhelming a cold host. Compare that to round‑robin, which blindly cycles through the list regardless of each node’s state. In

2026-07-15 原文 →
AI 资讯

Coding agents can write your integration. They can't run it.

Digibee opens with a clear disclaimer: every team there uses Claude Code. This isn't a take from people who skipped the AI tooling revolution. It's an observation from people who shipped with it and ran into the same wall, repeatedly. That wall is enterprise integration. "Enterprise integration isn't a greenfield challenge. It's a completely different category of work, with completely different failure modes that coding agents weren't designed for." What coding agents are actually good at here They're useful for integration work under a narrow set of conditions: well-documented APIs, one-time tasks, low stakes, nothing in production at risk. A quick script to pull from a public endpoint? Great. A throwaway ETL job? Perfect. The problems start the moment an integration needs to be recurring, reliable, auditable, and maintained by someone other than the person who prompted it. The three structural gaps 1. They start from scratch every time. Pre-built connectors for enterprise systems like SAP, Salesforce, or NetSuite encode years of accumulated knowledge — how sequencing works, how idempotency is handled, where the quirks are. A coding agent reasons through all of that fresh on every run. It also suffers from the "lost in the middle" effect: when documentation gets long, LLMs drop content from the middle of their context window and fall back on training data. The more obscure the API, the more likely the generated code quietly fails under real load — not on deployment, but six months later when the CIO notices corrupted records. 2. They produce code, not infrastructure. Integrations need retry logic, failure recovery, credential management, audit trails, monitoring, and alerting. Coding agents produce none of that. You can prompt your way around it piecemeal — but now you're maintaining the integration and five hand-rolled infrastructure components. An agent optimised to iterate fast isn't optimised to fail safely. In production, a bad write means unprocessed payments

2026-07-15 原文 →
AI 资讯

Where Job Seekers Get Stuck, and Why the Fix Depends on the Stage

Most job search advice assumes a single problem with a single fix. In practice, people stall at different points, and the remedy for each one is different. Two tools I return to: resume.zoevera.com for resume targeting prepare.zoevera.com for interview practice, are useful because each handles one stage instead of claiming to handle all of them. Name the stage before choosing a fix The first question is where the process breaks down. Someone sending applications and hearing nothing back usually has a resume problem. Someone reaching interviews but not receiving offers has an interview problem. Someone applying to hundreds of roles with no response may be aiming at the wrong jobs. The fixes do not transfer between these cases, which is why generic advice tends to miss. Resume targeting is where most time gets lost This is the largest gap. Many people send one resume to every posting, then read the silence as a lack of qualifications. Often the resume does not match the language and priorities of the specific job, and an automated screen filters it before a person reads it. ZoeVera’s guide on why a resume stops getting interviews and its overview of how applicant tracking systems read a resume explain that mechanism in plain terms. The practical step is checking a resume against one posting before sending it. The match score check compares a resume to a job description and reports which terms are missing, and the keyword scanner shows the same gap at the phrase level. From there, the optimization walkthrough and the tool for matching a resume to a single posting close it. If your work is role-specific, the ATS resume tips library breaks the vocabulary down by profession, down to pages like software engineer resumes and nurse resumes . Interviews without offers is a separate problem Reaching final rounds and not converting them is rarely a technical gap. It is usually communication, composure, and how follow-up questions get handled. Practice helps more than reading ab

2026-07-15 原文 →
AI 资讯

Sync vs. Async Transcription: Which to Use (2026)

You've got a recording and you want text back. For years that meant one thing at AssemblyAI: submit the file, wait for the job to finish, get a transcript. Async. It's reliable, it's cheap, and for a huge range of workloads it's exactly right. But "wait for the job to finish" is doing a lot of work in that sentence. If your file is two minutes long and your user is staring at a spinner, waiting is the whole problem. That's the gap the Sync API fills — and it's why "which transcription path" is no longer a two-way question. This post is about the two ways to transcribe a recording : async and sync. (If you're deciding between recorded and live audio in the first place — streaming versus the rest — start with our guide to real-time vs batch transcription , then come back here to choose between the two non-streaming paths.) The one-sentence difference Async transcription hands you a job: you submit audio, the work happens in the background, and you collect the result later by polling or via a webhook. Sync transcription hands you an answer: you POST a short clip and the transcript comes back in the same HTTP response — no job to track, no callback to wait for. Everything else follows from that. Async is built for throughput and depth on files of any length. Sync is built for speed on short files, when a person or an agent is waiting on the other end. How fast can each actually go? This is the question that usually settles it, so let's be concrete. Async processes the whole file and returns a single complete transcript, typically in seconds to a few minutes depending on file length and load. Crucially, it bills on audio duration ($0.21/hr on Universal-3.5 Pro), so a 30-minute file costs the same whether it comes back in 20 seconds or two minutes. You're optimizing for cost and completeness, not for the clock. Sync is built to return a transcript for a short clip almost immediately — roughly 134ms p50 — in one request/response, with no polling and no webhooks. It's price

2026-07-15 原文 →
AI 资讯

Array in JavaScript

Array An Array is a collection of multiple values stored in a single variable. let fruits = [ " Apple " , " Mango " , " Orange " ]; Here, fruits contains three values. Why Do We Need Arrays? Without an array, you would write: let fruit1 = " Apple " ; let fruit2 = " Mango " ; let fruit3 = " Orange " ; Using an array: let fruits = [ " Apple " , " Mango " , " Orange " ]; This makes the code shorter and easier to manage. Array Index Each value in an array has an index. The index always starts from 0. Index: 0 1 2 ------------------------- Array: Apple Mango Orange Accessing Array Elements Use the index number to access a value. let fruits = [ " Apple " , " Mango " , " Orange " ]; console . log ( fruits [ 0 ]); console . log ( fruits [ 1 ]); // Output: Apple Mango Changing an Array Element You can update any value using its index. let fruits = [ " Apple " , " Mango " , " Orange " ]; fruits [ 1 ] = " Banana " ; console . log ( fruits ); // Output: [ " Apple " , " Banana " , " Orange " ] Finding the Length of an Array Use the "length" property. let fruits = [ " Apple " , " Mango " , " Orange " ]; console . log ( fruits . length ); // Output: 3 Adding Elements push() – Add at the End let fruits = [ " Apple " , " Mango " ]; fruits . push ( " Orange " ); console . log ( fruits ); // Output: ["Apple", "Mango", "Orange"] unshift() – Add at the Beginning let fruits = [ " Mango " , " Orange " ]; fruits . unshift ( " Apple " ); console . log ( fruits ); // Output: ["Apple", "Mango", "Orange"] Removing Elements pop() – Remove from the End let fruits = [ " Apple " , " Mango " , " Orange " ]; fruits . pop (); console . log ( fruits ); // Output: ["Apple", "Mango"] shift() – Remove from the Beginning let fruits = [ " Apple " , " Mango " , " Orange " ]; fruits . shift (); console . log ( fruits ); // Output: ["Mango", "Orange"] Looping Through an Array Use a "for loop" to print all elements. let fruits = [ " Apple " , " Mango " , " Orange " ]; for ( let i = 0 ; i < fruits . length ; i

2026-07-15 原文 →
AI 资讯

The Supabase RLS gotcha nobody warns you about: infinite recursion in multi-tenant policies

You're building teams/workspaces on Supabase. A row belongs to a workspace, and a user can touch it if they're a member. Simple enough — until your policies start throwing infinite recursion and you have no idea why. Here's the trap and the pattern that avoids it. The setup A membership table, with RLS on it too (of course): create table workspace_members ( workspace_id uuid references workspaces , user_id uuid references auth . users , primary key ( workspace_id , user_id ) ); alter table workspace_members enable row level security ; create policy "read own memberships" on workspace_members for select using ( user_id = ( select auth . uid ())); The trap Now you scope a tenant table by asking "which workspaces is this user in?" — by querying workspace_members inside the policy : -- ⚠️ this can recurse create policy "members read projects" on projects for select using ( workspace_id in ( select workspace_id from workspace_members where user_id = ( select auth . uid ()) ) ); The policy on projects queries workspace_members , which has its own RLS policy, which re-evaluates… you've built a loop. The fix: a security-definer function Resolve membership with a function that runs with the definer's rights, so reading workspace_members doesn't re-trigger RLS. The policy becomes a plain IN check — no recursion: create or replace function public . user_workspace_ids () returns setof uuid language sql security definer set search_path = '' -- pin it: this is the safety bit as $$ select workspace_id from public . workspace_members where user_id = auth . uid (); $$ ; create policy "members read projects" on projects for select using ( workspace_id in ( select public . user_workspace_ids ()) ); Why it's safe: the function is read-only, returns only the caller's own workspace ids, and search_path = '' prevents search-path hijacking (the classic SECURITY DEFINER footgun). It never exposes another user's memberships. Do this for every tenant table (reads and writes — remember WITH CH

2026-07-15 原文 →
AI 资讯

Fable 5 Just Shipped: What Anthropic's Newest Model Means for Developers

On June 9, 2026, Anthropic shipped Claude Fable 5, a model in a new tier that sits above Opus. I have been building on the Claude API for over a year, and this is the first release that made me stop and re-read my whole prompt stack before touching the model string. Here is what actually changed and what it means if you ship software. The short version Fable 5 is the public release of the Mythos line, the family that earlier in the year unsettled the security world with how well it found and exploited vulnerabilities. The version you and I get is the same underlying model with safeguards bolted on. Anthropic calls the safe one Fable and the unrestricted one Mythos, and only a small group of cyberdefenders gets Mythos. The numbers, for context: 1M token context window, 128K max output, knowledge cutoff January 2026. Priced at $10 per million input tokens and $50 per million output. That is double Opus 4.8 ($5 / $25). State of the art on nearly every benchmark they tested: 95% SWE-bench Verified, 80% SWE-bench Pro. Adaptive thinking is always on. There is no "disabled" mode. That last point matters more than the benchmarks. You do not tune a thinking budget anymore. The model decides. The pricing reframes the decision At $10/$50, Fable 5 is not your default model. It is your "this task is hard and getting it wrong is expensive" model. Opus 4.8 at $5/$25 remains the workhorse for most application traffic, and Haiku 4.5 at $1/$5 still wins on classification and routing. The way I think about it now is a three-tier ladder: Haiku 4.5 → routing, classification, cheap extraction Opus 4.8 → default for app traffic, agentic loops, coding Fable 5 → long-horizon agentic work where correctness pays for itself The "longer and more complex the task, the larger Fable's lead" framing from the announcement is the actual buying signal. A one-shot summarization does not justify 2x the cost. A multi-hour autonomous refactor that would otherwise need human correction might. The API surfa

2026-07-15 原文 →
AI 资讯

Skip the Middleman: Connecting Your UI Directly to an AI Agent via WebSocket

I've been building AI agents for a while now, and streaming responses to a UI has always been the painful part. In previous projects I tried API Gateway streaming, Lambda response streaming, and even AppSync Events via an agent tool call to notify the UI. I also looked at adding my own WebSocket API through API Gateway, which requires managing $connect , $disconnect , and $default routes, storing connection IDs in DynamoDB, and posting messages back through @connections . All of these approaches felt like too much ceremony for what should be simple. That's when I found that AgentCore has built-in WebSocket support. The browser can just connect directly to the agent. No middleman. I built WearCast to demonstrate this functionality. This is an AI agent that helps you pick out what to where based on the weather. I've found this very helpfu when packing for a trip. The code for this application is public and you can find the full implementation on this GitHub repo . The problem with the traditional approach We usually build app applications as we do REST APIs User → REST API → Lambda → AI Service → Lambda → REST API → User Every message makes a round trip through multiple intermediaries. The response waits until the entire generation is complete, and then it all comes back at once. For a chat interface, this feels sluggish. Users stare at a spinner while the model generates hundreds of tokens they could already be reading. Even if you add Server-Sent Events or long-polling, you're still stitching together a real-time experience on top of infrastructure that seemed like overkill. I wanted something better. The architecture Here's what I ended up with: ┌─────────────┐ ┌──────────────────┐ │ React UI │─── JWT ─▶│ API Gateway + │──▶ Lambda (presigned URL) │ (Cognito) │ │ Cognito Auth │ └──────┬──────┘ └──────────────────┘ │ │ WebSocket (SigV4 presigned URL) │ ← No middleman! Direct connection → ▼ ┌──────────────────────────────────┐ ┌────────────────────┐ │ AgentCore Runtim

2026-07-15 原文 →
开源项目

Stripe and Advent reportedly offered to buy PayPal for around $53.4B

Stripe and private equity firm Advent International have reportedly submitted a joint bid to acquire PayPal in a deal valued at approximately $53.4 billion. Reuters reports that the offer was submitted earlier this month and is backed by roughly $50 billion in committed bank financing. Under the proposal, Stripe and Advent would jointly own PayPal, […]

2026-07-15 原文 →
AI 资讯

What's actually worth paying for in a job search?

Most tool lists for job seekers are just fifteen free things nobody had to think hard about. My filter is stricter now: a tool earns money only if it saved me time I'd have spent, removed an annoyance I actually felt, or made me better at something I do a lot. Templates failed the test for me. The screening software reads your resume, it doesn't look at it. Monthly resume builder subscriptions failed too, you finish the document in week two and pay through month four. What passed: checking my resume against each specific posting before applying. I use the free scan at ZoeVera for that and paid for a day pass only the week I had five applications to tailor. submitted by /u/Enough_Charge2845 [link] [留言]

2026-07-15 原文 →