今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#rce

找到 1437 篇相关文章

开源项目

🔥 songquanpeng / one-api - LLM API 管理 & 分发系统,支持 OpenAI、Azure、Anthropic Claude、Google Ge

GitHub热门项目 | LLM API 管理 & 分发系统,支持 OpenAI、Azure、Anthropic Claude、Google Gemini、DeepSeek、字节豆包、ChatGLM、文心一言、讯飞星火、通义千问、360 智脑、腾讯混元等主流模型,统一 API 适配,可用于 key 管理与二次分发。单可执行文件,提供 Docker 镜像,一键部署,开箱即用。LLM API management & key redistribution system, unifying multiple providers under a single API. Single binary, Docker-ready, with an English UI. | Stars: 35,709 | 30 stars today | 语言: JavaScript

2026-07-14 原文 →
AI 资讯

We Open-Sourced 42 Construction Calculators — Here's Why

I run EstimatorSuite.com — we review construction estimating software for US contractors (HVAC, electrical, plumbing, roofing, landscaping). We just open-sourced our entire calculator suite: 42 construction calculators under MIT license. React + TypeScript + Tailwind. 🔗 Repo 🔗 Live Demo 🔗 npm What's included: • 36 material calculators (concrete volume, roofing squares, drywall, paint, flooring, etc.) • 6 trade estimators (HVAC load, electrical conduit fill, plumbing pipe sizing) Two entry points: → React components — drop into any project → Pure calculation functions — zero UI dependency, works in Node.js, Vite, Next.js, anywhere Why we built this: Construction software is expensive. Contractors told us they needed free tools that actually work — not ad-filled spreadsheets. So we built them, and we open-sourced them. Full story →

2026-07-14 原文 →
AI 资讯

How I Built an Ultra-Fast, Programmatic Results & GPA Portal for My University (MUET)

At Mehran University of Engineering and Technology (MUET), Jamshoro, results are traditionally announced via large, static PDF tables. But the main issue is: Every semester, the same story. Need to check your result? Open your laptop. Connect to the university network... or set up a VPN. Want to know your actual class or batch rank? Good luck guessing. That frustration became my latest project. To solve this, I set out to build the MUET Results Portal ( https://muetresults.vercel.app )—an independent, open-source lookup engine and administrative compiler that provides students with instant semester results, CGPA calculations, batch standings, and interactive academic calendars. Here is an engineering deep-dive into how I built it using a serverless GitOps pipeline, vanilla JavaScript SPA, and Gemini AI. 🛠️ The Architecture & Data Pipeline To keep the platform hosting costs at absolute zero while maintaining lighting-fast page loads, I designed a pre-rendered static pipeline. Rather than querying a database at runtime, all student data is compiled statically. Here is the GitOps workflow: Official PDF Release : The Mehran University Examination Department publishes a new results PDF. LLM OCR Parsing : Via a secure administrative panel ( /mokshadmin ), I upload the scanned PDF/image. A serverless backend function streams the document to the Google Gemini 1.5 Flash API , which returns structured JSON student records. Git Database Update : The approved JSON records are committed back to the repository's git-tracked database ( muet_student_gpa_dataset.csv ) using the GitHub REST API. CI/CD Pre-rendering Build : The new commit triggers a Vercel build hook. Node compilation scripts read the CSV database and: Group records and compile them into static runtime JSON structures. Pre-render complete static HTML folder structures for all batch rankings and departments. Regenerate SEO sitemaps ( sitemap.xml ). Instant Deployment : Vercel serves the pre-rendered static files instan

2026-07-14 原文 →
AI 资讯

Manticore Speaks MySQL - So I Made It a Laravel Database Driver Instead of a Scout Engine

The problem I've been working with Manticore Search for about two years at EricaPRO , building the search layer for two financial data platforms. For the past year, that work has been a Laravel API. Manticore was never the problem. It's fast and it's stable. The problem was the gap between Manticore and Laravel. I had already built a package for this — laravel-manticore-search , a fluent builder over Manticore's HTTP/JSON API. It works, and it's still in use. But it's a client wrapper. Every feature had to be implemented manually. Every new filter or facet meant more custom architecture around the client, and none of the things Laravel gives you for free — models, migrations, pagination, casts — applied to it. Scout doesn't close that gap either. Scout gives you search() . No full query builder, no migrations for your indexes, sync is your problem. That's not a criticism — Scout abstracts over engines with completely different APIs, so it exposes the lowest common denominator. It just wasn't what I needed. What I needed was simple to describe and annoying to not have: something plug and play. Something Laravel way. Point Eloquent at Manticore and use Eloquent. The insight Manticore speaks the MySQL wire protocol. Out of the box, port 9306. You can connect to it with any MySQL client and run SQL. I had been using that port for two years without thinking about what it meant for Laravel. Because here's the thing: all of Eloquent — models, query builder, migrations, pagination, chunking — sits on top of a Connection and a Grammar . The grammar compiles builder calls into SQL for a specific dialect. That's the entire mechanism behind Laravel supporting MySQL, Postgres, SQLite and SQL Server with one codebase. So the real question was never "how do I re-implement Eloquent on top of Manticore's client?" It was "how thin can a Manticore grammar be?" If Manticore accepts MySQL-protocol connections and mostly-MySQL SQL, then a Laravel database driver — a custom connection plu

2026-07-14 原文 →
开发者

Google's Genkit Ships Agents API with Detached Turns and Human-in-the-Loop for TypeScript and Go

Google released the Genkit Agents API in preview for TypeScript and Go. The open-source framework packages message history, tool loops, streaming, and state persistence behind a single chat() interface. Detached turns let agents work after clients disconnect. Interruptible tools provide human-in-the-loop control with anti-forgery validation on resume. By Steef-Jan Wiggers

2026-07-14 原文 →
AI 资讯

The Right Way to Start Claude Code on an AWS Project

You know the drill for adding an MCP server to a project: dig the exact command string out of the docs, hand-write a .mcp.json with an absolute path you'll typo once, restart the editor, and discover no tools showed up because the server expected a config file you haven't created yet. Plenty of MCP servers lose their would-be users somewhere inside that loop. Infrawise collapses the whole loop into one command. It's an open-source tool ( npm ) that statically analyzes your codebase, AWS infrastructure, and database schemas, then exposes that context to AI coding assistants over MCP — so Claude Code knows your actual partition keys, GSIs, and indexes instead of guessing from source files. This post is about the part that usually kills tools like this before they deliver any value: setup. Section 1: One command, four steps npm install -g infrawise # or skip install and use npx cd your-project infrawise start --claude start does four things, in order: 1. Probes your environment. If there's no infrawise.yaml in the project, it generates one. It reads AWS_PROFILE if set; otherwise it looks at your configured AWS profiles — one profile means zero questions, several means one prompt asking which to use. That's the entire interview. (If you want the full guided wizard instead, infrawise start --interactive runs it.) 2. Runs the analysis. It scans your AWS services, database schemas, and codebase, builds a graph of services, tables, indexes, and query patterns, and runs rule-based analyzers over it. No LLM is involved in this step — extraction and analysis are deterministic, so the same infrastructure always produces the same graph. 3. Writes .mcp.json to your project root. This is the file you'd otherwise write by hand: { "mcpServers" : { "infrawise" : { "command" : "infrawise" , "args" : [ "serve" , "--stdio" , "--config" , "/absolute/path/to/infrawise.yaml" ] } } } 4. Opens Claude Code. Claude Code reads .mcp.json automatically and starts the session with all 21 infrawise

2026-07-14 原文 →
AI 资讯

AudioTrust: reconciliar C2PA y watermark AudioSeal en audio sintético

AudioTrust: reconciliar C2PA y watermark AudioSeal en audio sintético Un verificador local que lee las dos marcas de confianza de un audio generado por IA (procedencia C2PA + watermark AudioSeal) y emite un veredicto auditable sobre si coinciden, se contradicen o faltan. El problema Un audio sintético puede llevar dos marcas de confianza distintas: Procedencia C2PA : un certificado digital embebido en el archivo (su "DNI" de origen — quién, cuándo, con qué herramienta). Watermark AudioSeal : un código inaudible incrustado en el sonido, detectable aunque el audio se comparta o transcodifique. Cada una por separado es útil, pero ninguna es suficiente. La procedencia puede faltar (mucho audio generado no la incluye) y el watermark puede estar presente en audio totalmente legítimo. El caso interesante es cuando se contradicen : el manifest C2PA dice "grabado por un humano con una grabadora" pero el watermark de una herramienta de IA está presente. Eso es una señal de manipulación — el llamado Integrity Clash . AudioTrust no genera ni firma nada. Es un verificador : lee ambas capas y las reconcilia. Qué hace audio.wav ──► AudioTrust verify ──► veredicto + explicación C2PA watermark Veredicto ausente ausente unverifiable ausente presente partial origen sintético presente trusted origen humano presente contradiction (Integrity Clash) Salida JSON: { "file" : "audio.wav" , "verdict" : "trusted" , "c2pa" : { "present" : true , "source_type" : null , "claims" : [ "action=c2pa.created by TestTTS" , "generatedBy=TestTTS" ]}, "watermark" : { "present" : true , "detect_prob" : 0.92 }, "explanation" : "C2PA declara origen sintético y hay watermark fuerte: coherentes." } Cómo funciona Lectura C2PA con c2pa-python (el Reader de la librería oficial). Si no hay manifest, devuelve present=False sin crashear. Detección de watermark con audioseal . Devuelve solo detect_prob (P(audio watermarked) en [0,1]). Reconciliación determinista en reconcile.py . Dos decisiones de diseño que vale la

2026-07-14 原文 →
AI 资讯

Yes-Brainer — A council of LLMs that debate in the browser

Yes-Brainer is a council of AI models for the decisions that aren't no-brainers. One question fans out to several models — they answer in parallel, debate to consensus, or get judged to a verdict. No backend, no accounts: your keys, your browser. For non-trivial questions — the ones that are either complex or important — I caught myself in a "ritual": copy-pasting the same prompt into Claude, then Gemini, then ChatGPT, in three browser tabs, and eyeballing the differences. The differences were the interesting part. Where the models agreed, I felt more confident. Where they disagreed, that was a nudge to give the problem a second thought and dig deeper. So I built the ritual into an app. 🧠 Yes-Brainer — a council of AI models for the decisions that aren't no-brainers. 🔗 Try it: yesbrainer.ai 🔗 Source code: github.com/trekhleb/yesbrainer One question fans out to several models at once, and instead of juggling tabs you get a deliberation in one place: 🔀 Parallel — independent answers, side by side ⚖️ Trial — the models vote anonymously on each other's answers, then a judge synthesizes a verdict 🤝 Consensus — a real multi-round debate, with a mediator that either drives it to convergence or honestly reports what stayed contested Consensus is my favourite. It's fun to watch the models drift from their original opinions under their peers' arguments. You can try all of this without pasting any keys: a few recorded demo councils are one click away on the front page. I'll walk through them below, because they show the point of the app better than the feature list. Setting up a council Creating a council is the whole setup: pick the deliberation mode, seat the models, choose who referees. The roster can mix providers freely — Anthropic, OpenAI, Google, Groq, OpenRouter, and local Ollama models can sit at the same table. Each seat shows its capabilities (vision, tools, reasoning) and context window at a glance, and each model's native abilities — web search, code execution, at

2026-07-14 原文 →
AI 资讯

PHP Speaks QUIC Now, and OpenSSL Did the Hard Part

I released php-quic 1.0.0, a PHP extension that gives you raw QUIC transport with first-class access to streams. It links against the same OpenSSL that PHP already links against, and that is the whole trick. Why This Was Awkward Before QUIC is not a protocol you bolt on in userland. It is TLS 1.3, congestion control, loss recovery, and stream multiplexing, all riding on UDP, and all of it has to be right before you can send a single useful byte. You could get there from PHP if you were willing to bind to a foreign QUIC library like ngtcp2 or quiche through FFI. That works, but now your PHP app carries a second TLS stack, a second set of CVEs to track, a build story that involves Rust, and a version matrix that has nothing to do with the one your distro maintains. For a language whose entire deployment story is "the package manager handles it," that is a lot of rope. What Changed OpenSSL 3.5 shipped a native QUIC stack. Client and server, in the library PHP is already built against. That reframes the problem. The extension is no longer "embed a QUIC implementation into PHP." It is "expose the QUIC that is already sitting there." No new TLS stack, no FFI layer, no Rust toolchain in your build. If your OpenSSL is patched, your QUIC is patched. The requirements fall out of that directly: PHP 8.4 or newer (8.5 on Windows), NTS or ZTS OpenSSL 3.5.0 or newer, built with QUIC support Transport, Not HTTP/3 The thing I most wanted to avoid was shipping an HTTP/3 client and calling it a QUIC library. QUIC is a transport. HTTP/3 is one protocol that runs on it, and it is not the interesting one for everybody. DNS-over-QUIC runs on it. So does anything you want to invent that needs multiplexed, ordered, loss-recovered streams without head-of-line blocking across them. So php-quic hands you connections and streams, and stays out of the framing business. If you want HTTP/3, you build HEADERS frames and QPACK on top of it, and the README has a worked example. If you want something

2026-07-14 原文 →