今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#software

找到 225 篇相关文章

开发者

What made you think, "Why hasn't anyone built a good solution for this yet?" Текст

**_Hi everyone! We're three 16-year-old friends learning to code. Instead of building "just another app," we want to solve a real problem that developers actually face. So we have one question: Think about a moment when you caught yourself saying, "Why hasn't anyone built a good solution for this yet?" What was the problem? It can be anything: something that wastes your time, something frustrating, a repetitive task, a confusing workflow, or anything that made you wish a better tool existed. We're not trying to sell anything. We're simply listening and looking for real problems worth solving. Every answer means a lot to us. Thank you!_**

2026-07-11 原文 →
AI 资讯

Slack Introduces Agent Driven End-to-End Testing to Improve Resilience in UI Test Automation

Agentic testing is an AI-driven approach to end-to-end test automation introduced by Slack engineering. It uses AI agents that execute workflows based on intent rather than fixed scripts, adapting to UI and system changes at runtime. The approach aims to reduce brittle tests in distributed systems while complementing deterministic unit, integration, and E2E testing strategies. By Leela Kumili

2026-07-10 原文 →
AI 资讯

Claude Code vs. Codex: Which AI Coding Assistant Is Better?

Artificial intelligence has transformed software development. Instead of simply generating code snippets, modern coding assistants can understand entire codebases, refactor applications, write tests, debug issues, and even execute development workflows. Among the most capable tools available today are Claude Code and Codex. While both are designed to accelerate software development, they take different approaches to coding assistance. This article compares their strengths, weaknesses, and ideal use cases. What Is Claude Code? Claude Code is Anthropic's command-line coding assistant built around the Claude family of language models. Rather than functioning as a traditional autocomplete tool, Claude Code works as an AI development agent that can inspect projects, edit files, explain code, write tests, fix bugs, and help developers navigate large repositories. Its workflow is centered around natural language. Developers describe what they want, and Claude Code performs the necessary steps while keeping the developer involved throughout the process. Key features Deep understanding of large codebases Multi-file editing Test generation Refactoring assistance Terminal-based workflow Strong reasoning for complex programming tasks Excellent documentation generation What Is Codex? Codex is OpenAI's AI coding agent designed to help developers write, understand, and modify software. Unlike the original Codex model introduced in 2021, today's Codex operates as a software engineering agent capable of working across repositories, generating code, fixing bugs, creating pull requests, running tests, and assisting with development workflows. Codex integrates closely with OpenAI's ecosystem and focuses on turning natural language instructions into production-ready code while maintaining awareness of project context. Key features Repository-aware coding Autonomous task execution Code generation Bug fixing Test writing Pull request assistance Integration with modern development workflow

2026-07-10 原文 →
AI 资讯

How Long Does a Dynamics 365 CE Implementation Actually Take?

Most organisations approach a Dynamics 365 Customer Engagement implementation with one question at the top of their agenda: How long will this take? It is a reasonable question, and one that deserves a precise, well-considered answer rather than a vague estimate designed to win the deal. The reality is that Dynamics 365 CE implementation timelines vary significantly, shaped by factors that are unique to each organisation: business complexity, data readiness, customisation depth, integration requirements, and internal stakeholder availability. This guide provides a structured, phase-by-phase breakdown of what a Dynamics 365 CE implementation actually involves, realistic timeline benchmarks by business size and industry, and the critical factors that either accelerate or delay your go-live date. Why there is no one-size-fits-all timeline for Dynamics 365 CE implementation Why There Is No Single Answer to the Timeline Question Dynamics 365 Customer Engagement is not a standalone application. It is a modular platform encompassing Sales, Customer Service, Field Service, and Marketing, each carrying its own configuration requirements, data dependencies, and user adoption considerations. A professional services firm deploying D365 Sales for a 25-person team operates in an entirely different context than a multi-national enterprise rolling out Customer Service and Field Service across three regions. Treating these as comparable projects, with comparable timelines, is where expectations first go wrong. As a reference framework, Dynamics 365 CE implementations broadly fall into three tiers: Implementation Scope Basic deployment, minimal customization :- 6 – 12 weeks Mid-market with integrations and moderate configuration :- 3 – 6 months Enterprise, multi-module or multi-region rollout :- 6 – 16 months These are informed benchmarks, not guarantees. What determines where your project lands within or beyond these ranges is examined in detail below. Core phases of a Microsoft Dyn

2026-07-10 原文 →
AI 资讯

The value of code reviews - Why some bottlenecks are healthy

With increased adoption of AI, there is often an argument that code-reviews are now the new bottleneck. And I agree with this completely. Code-Reviews, especially the review you do yourself after AI has written your code, take time. But I would object to the notion that this is a bad thing. What is a bottleneck? A bottleneck is something that slows down the process. It becomes a point where work must get in a line, to pass through a narrow space. With the speed of AI producing code, code reviews become a bottleneck. But is having a bottleneck in the process always a bad thing? The value of slowing down I can only speak from my personal experience of developing software for roughly 7 years now. But in my experience, slowing down is not always bad. On the contrary, it can be very healthy. When you slow down, and take the time to really think about things, you often come up with insights that you would not have if you always rush through things. And these insights can be golden opportunities to change something for the better. Be that a subtle bug discovered, be that a design flaw addressed or something else - the list is long. But as British computer scientist Tony Hoare famously said: "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies." But simplicity is hard "I would have written a shorter letter, but did not have the time." If it was Mark Twain or Blaise Pascal who said it is beside the point. The point is, there is a lot of truth in this quote. A writer of prose I know also confirmed what many senior software engineers know - to make something complex simple and easily comprehensible takes way more time and effort in the form of careful thought than it takes to leave it being complicated and hard to understand. AI is good at writing code quickly, yes. But is it also good at writing code which has high q

2026-07-09 原文 →
AI 资讯

Signal vs. Noise in Code Evaluations: How to Accurately Measure Developer Skill

Originally published on tamiz.pro . The Signal: Core Developer Competencies Effective code evaluations must identify signal - the skills that directly impact software quality and long-term maintainability. Focus on: Problem-Solving Approach : How candidates break down complex problems Code Structure : Organization, modularity, and separation of concerns Edge Case Handling : Proactive identification of boundary conditions Test Coverage : Implementation of meaningful unit/integration tests Performance Awareness : Appropriate algorithm selection and resource management These elements predict real-world engineering capabilities, not just syntax mastery. The Noise: Common Evaluation Pitfalls Avoid overemphasizing noise - factors that correlate weakly with actual job performance: Noise Factor Why It Fails Signal Alternative Coding style Reflects personal preference Consistency within project conventions Syntax errors Easily fixed with linters Code correctness after tooling Solution speed Varies by individual Final solution quality Language trivia Library/framework knowledge changes Core programming principles Interview anxiety Doesn't reflect daily work Paired programming sessions Measuring Signal Effectively Task Design : Create realistic coding challenges that mirror production problems Rubric-Based Evaluation : Use weighted scoring matrices focused on signal factors Code Review Simulations : Evaluate candidates' ability to interpret and improve existing codebases Collaboration Metrics : Track communication clarity during pair programming sessions Iterative Development : Assess how well candidates refine solutions based on feedback Signal Amplification Techniques Time-Bounded Challenges : Set strict time limits to reduce focus on perfectionism Tooling Freedom : Allow candidates to use their preferred IDEs and debugging tools Post-Coding Debrief : Ask candidates to explain their design choices and tradeoffs Follow-Up Questions : Test understanding of implementation decis

2026-07-09 原文 →
AI 资讯

The 10 Most Expensive Software Failures in History — and the One Thing They Share

The biggest losses in software history were, with one deliberate exception, not attacks. They were silent, correlated, self-inflicted — and they teach the exact risk autonomous AI agents are about to make expensive again. At 9:30 in the morning on August 1, 2012, Knight Capital Group was one of the largest trading firms in the United States, executing a sixth of all the volume on the New York Stock Exchange. By 10:15 it was, for practical purposes, finished. In those forty-five minutes a piece of its own trading software (not a hacker's, its own) fired more than four million unwanted orders into the market, accumulating roughly $7 billion in positions the firm never meant to hold and a loss of about $440 million by the time humans understood what their machine was doing. The cause, documented in the SEC's administrative proceeding, was almost insultingly small: a deployment that updated seven of eight servers. The eighth still carried a dormant piece of code called Power Peg, retired years earlier, and the new release reused the old feature flag that woke it up. No one attacked Knight Capital. The market data was accurate, the exchange functioned perfectly, and every system reported itself healthy while the company bled ten million dollars a minute. That shape (no adversary, no alarm, one change propagating everywhere at once) turns out to be the shape of almost every entry on the list below. We've written before about the biggest bug-bounty payouts in history , the ledger of what it costs when someone does attack. This is the other ledger, the bigger one: what software has cost when nobody attacked at all. Every figure below states what it counts, and comes from a primary or authoritative source (inquiry boards, SEC filings, statutory inquiries) linked at the end. The ledger 1. CrowdStrike outage (2024) — roughly $5.4 billion in direct losses to Fortune 500 companies alone (estimate). One faulty content update to the Falcon Sensor security agent blue-screened Windo

2026-07-09 原文 →
AI 资讯

From Prompts to Pipelines: How I Use Agentic Coding as an Engineering Workflow

I am interested in agentic coding for the same reason I care about good engineering process in general: I want work to move forward in a way that is inspectable, repeatable, and resilient once the task gets messy. A lot of AI-assisted coding still feels like improvisation. You ask for something, get a result, adjust the prompt, try again, and hope the useful reasoning is still somewhere in the scrollback. That can work for tiny edits. It gets much less convincing when the task starts touching architecture, tests, review, or pull requests. What I want instead is a workflow where the model helps me think and execute, but inside a structure I can inspect afterwards. I want artifacts, gates, and something I can resume tomorrow without reconstructing the entire mental state from memory. That is why I use po8rewq/agentic-skills . It gives me a practical way to do agentic coding as an engineering workflow rather than as a long sequence of chat turns. A task moves through requirements, architecture, implementation, checks, review, and pull request creation. Each stage leaves something I can read, verify, and challenge. What makes this interesting to me The interesting part is not just that there is a CLI. Plenty of tools have a CLI. What matters to me is that it turns AI-assisted coding into a staged system: requirements force the task to become explicit architecture makes risks visible before code is written implementation happens against a plan instead of against a vague prompt checks and review happen as part of the flow, not as an afterthought runs are resumable, so interruptions do not destroy context That changes the feel of the work quite a bit. Instead of asking "what should I prompt next?", I am usually asking "what stage is this task in, and what should exist before I move on?" Where this really clicked for me was when I noticed I was spending less energy trying to preserve context in my head and more energy evaluating actual outputs. What the repository actually

2026-07-09 原文 →
AI 资讯

A Verdict Is Not Evidence. Test Is Where I Learned the Difference.

The call-order change came back pass-with-risk. I read the recommendation, saw it had a name and a reason, and felt the task close. Then I looked at the row under it. How was this verified: not run. Nobody had run the queue. I had a label. I did not have proof. This is Part 6 of The Contract Think produced a brief. Plan produced a gate. Build executed inside it. Review scored every requirement against a verdict instead of an impression. Review reads the diff and the plan and decides whether one satisfies the other. It does not run the queue. It cannot. Its whole job is judgment about what the code should do. Test is where someone finally checks what the code actually does. I had been treating those two as the same step. They are not. Test asks one question, and a verdict is not the answer For every active requirement, Test asks how it was verified. Command run, manual QA, or a comparison against known-good output. One of those three, or a written reason none of them ran. Not a recommendation. Not a risk level. Evidence. I built the matrix against the plan's requirements and filled in each row. Most had a command behind them. The call-order requirement had nothing. The cell read not run, and it sat directly below a pass-with-risk that already carried a name and a reason. That name had almost been enough for me. A named risk feels handled. It is not. It is a risk with a label on it, waiting for someone to actually look. So I ran the queue Three notifications, all with a real reason to fire within the same tick. The scheduler picked them up and ordered them by priority instead of arrival. Two landed in the sequence the requirement wanted. The third jumped ahead of a lower-priority notification that was still mid-processing. The change worked almost every time. Under one timing condition, it did not. That is the gap a verdict cannot see. Review had marked the requirement partial because the wording left the mechanism open. Running it found a real failure inside the mech

2026-07-09 原文 →
AI 资讯

AI Coding Agent ROI: What Enterprises Should Measure Beyond Code Generation

Enterprises are now talking about AI coding agents in a very predictable way. The first question is usually: "How much more code can it help us generate?" It is not a wrong question. But if that is the only question, the ROI calculation will probably be wrong. Because enterprises are not really buying "more code." They are buying: faster delivery less rework lower maintenance cost better developer experience more stable software quality more controllable security and compliance risk faster translation from product capability to business value Code generation is an input. It is not the outcome. That distinction matters. An AI coding agent can help developers write functions, fix bugs, add tests, generate documentation, understand codebases, and refactor legacy systems. That sounds powerful. But the enterprise question is not: "How many lines of code did it generate today?" The better question is: Did that code reach production faster? Did incidents go down? Did the team spend less time on repetitive work? Did customers get value sooner? If the answer is unclear, generating 100,000 lines of code a day may simply mean producing technical debt faster. The short version: AI coding agent ROI does not end inside the IDE Many teams start measuring AI coding tools with the most obvious numbers: code suggestion acceptance rate lines of code generated number of active users number of prompts time saved on individual tasks These metrics are useful. But they mostly show that the tool is being used. They do not prove that the enterprise is getting value. Enterprise ROI has to be measured across software delivery, quality, risk, and business outcomes. In other words, an AI coding agent is not just a point solution for individual efficiency. It affects the entire software value stream: Request -> Design -> Coding -> Review -> Testing -> Deployment -> Monitoring -> Feedback -> Business outcome If you calculate value only inside the "coding" box, you miss the bigger picture. Why "amo

2026-07-08 原文 →
AI 资讯

3 Key Advantages of Cloudflare Tunnel for Self-Hosted Services

A few years ago, securely accessing my servers at home or in a small office from outside was always a headache. Dynamic IP addresses, complex port forwarding settings in the modem interface, and even the need to open rules in the network firewall always presented me with a new problem. Especially outside of corporate projects, when setting up my side products or test environments, these processes caused a loss of time. Cloudflare Tunnel offered a game-changing solution for such self-hosted services. Essentially, a cloudflared daemon (tunnel client) on your local network establishes a single outbound connection to Cloudflare, eliminating the need to open any firewall holes for incoming connections. This model provides significant advantages over traditional methods in terms of both security and ease of use. Why Were Traditional Self-Hosting Methods Challenging? Exposing a self-hosted service to the internet typically brings multiple technical challenges. First, most home or office internet connections have dynamic IP addresses, meaning your IP address changes from time to time. In this case, to access your service via a fixed domain name, you need to resort to solutions like Dynamic DNS (DDNS), which adds an extra dependency and sometimes causes delays. Second, and perhaps most importantly, is the necessity of opening port forwarding rules in your network firewalls (modem/router firewall). This means you need to direct specific ports to your internal IP address to allow incoming connections. This process both increases security risks (internet-facing ports invite brute-force attacks) and causes access problems if not configured correctly. I once experienced a serious panic during a client project when I accidentally exposed a critical internal service port to the outside while dealing with these ports. Since that day, I approach such manual interventions with more skepticism. ℹ️ Port Forwarding Risks Every port you open in your network firewall creates a potential at

2026-07-08 原文 →
AI 资讯

Local LLM Setup with Ollama: Keep Your Data Secure

When analyzing supply chain data in a production ERP, the idea of sending critical information to a publicly accessible cloud-based LLM always bothered me. Processing sensitive data like proprietary production plans, customer lists, or financial details on third-party servers was an unacceptable risk for me. In such situations, the only way to ensure data security is to run the LLM in a local environment, under our own control. This is where Ollama comes in. Ollama is a tool that allows you to easily run large language models (LLMs) on your local system. This way, you can set up your own AI assistant without an internet connection and without the risk of leaking your data, securely automating your sensitive business processes. In this post, I will step-by-step explore why Ollama is important, how to install and use it, and the data security advantages it offers. Why Ollama is Important: Does it Provide Data Security and Control? The potential of LLMs in modern software development processes and operational workflows is huge, but the privacy and security of corporate data are always a primary concern. Especially in high-security environments like a bank's internal platform or in the financial calculators of my own side product, I need to process user data without sending it externally. In these scenarios, cloud-based LLM services often create a new risk factor rather than a solution. Ollama is designed to close this critical data security gap. By running models on your local machine, it prevents your data from leaving your company network or personal computer. This is a vital advantage, especially for those working in sectors subject to data protection regulations like GDPR and KVKK. Furthermore, because it doesn't require an internet connection, you can continue to benefit from LLM capabilities even in offline environments or during network outages. Since you have full control, you can manage from start to finish which model runs with which data, how much resource t

2026-07-08 原文 →
AI 资讯

Why Software Can't Tell You It's Wrong

Software architecture debates have a problem that most other engineering disciplines don't: the alternative was never built. When a bridge fails, the failure is physical, attributable, and measurable against every other bridge that didn't. The engineering decisions that caused it can be isolated, traced, and corrected — not just in theory, but in the next bridge, because the material itself produces feedback that no amount of professional opinion can override. Steel deflects. Concrete cracks. Physics doesn't care what the architect believed. Software produces no equivalent feedback. A system built around the wrong abstractions compiles, runs, ships, and passes its tests just as readily as one built around the right ones. A bug introduced by a misaligned domain model looks identical, from the outside, to a bug introduced by a typo. A feature that took three times longer than it should have, because the structure made it harder than the business logic warranted, produces no artifact that distinguishes it from a feature that was simply difficult. The cost is real. The cause is invisible. This is the unfalsifiability problem, and it runs deeper than "we can't measure everything." It means that when a system becomes expensive to change, the diagnosis almost always lands on the wrong variable. The domain is complex. The requirements changed. The previous team was careless. Almost never: the structure was wrong, and the structure was wrong because nobody ever built the other version of it to compare against. That version doesn't exist, it never will, and every architectural argument in the industry is conducted in its absence. This would be a purely philosophical problem if there were nothing to do about it. There is something to do about it — but it requires accepting that the standard metric for software quality, whether it works, is measuring the wrong thing entirely. The Metric That Hides the Problem The natural substitute for "is this good engineering" is "does it wor

2026-07-08 原文 →
AI 资讯

AI Security Audit Checklist: 15 Vulnerabilities Claude Found in Production Code

Most web applications contain at least one vulnerability from the OWASP Top 10. A typical security audit takes 2-3 weeks and costs upward of $10,000. An LLM can compress the initial audit down to a few hours because it scans code for patterns rather than specific CVEs. Below are 15 vulnerabilities found while auditing production code with Claude. Each includes the vulnerable code, the fixed version, and a prompt to reproduce the finding. Classification follows OWASP Top 10 (2021). Order reflects frequency of occurrence: most common first. Methodology: how to run an AI security audit The audit consists of three passes. First, a broad scan: the LLM receives the entire project and looks for vulnerability patterns. Second, deep analysis: each identified pattern is verified in context (middleware, ORM, framework). Third, verification: manual review of every finding, because LLMs produce false positives. Prompt for the broad scan: Perform a security audit of this code. For each finding, include: 1. CWE ID and name 2. OWASP Top 10 category 3. Severity (Critical/High/Medium/Low) 4. The vulnerable code snippet 5. Attack vector -- exactly how an attacker would exploit this 6. Fixed code Ignore stylistic comments. Focus on security only. Start with injection attacks, then broken access control, then the rest. This prompt works because it defines the output structure and prioritizes categories. Without explicit instructions, the LLM mixes critical vulnerabilities with remarks about email validation. More on structured AI code review: AI Code Review Checklist . A03:2021 -- Injection 1. SQL Injection via string concatenation The most common finding. Shows up even in projects using an ORM, because developers switch to raw queries for complex filters. Vulnerable code: // API endpoint for user search app . get ( ' /api/users ' , async ( req , res ) => { const { search , sortBy } = req . query ; const query = ` SELECT id, name, email FROM users WHERE name LIKE '% ${ search } %' ORDER

2026-07-08 原文 →
AI 资讯

Memory Engineering Is a Promotion Pipeline, Not a Pile of Notes

A lot of AI memory systems start with the same temptation: "Just save the useful thing." That sounds harmless until the knowledge base becomes a junk drawer. Half the notes are too specific, a few are duplicates, some are obsolete, and nobody knows which ones the agent should trust. In ai-assistant-dot-files , the memory system is deliberately slower. It uses a promotion lifecycle: Capture -> Candidate -> Audit -> Approve -> Index -> Retrieve -> Expire That lifecycle is documented in docs/runbooks/memory-engineering.md , and the important word is not "capture." It is "candidate." Nothing writes directly to memory The framework has a durable memory layer: Knowledge Items in shared/knowledge/ , ADRs in docs/adrs/ , the domain dictionary, team topology, a feature archive, and a registry at shared/memory-registry.json . But a lesson from a delivery does not jump straight into shared/knowledge/ . It first becomes a Candidate Record. That record has required fields: Source Type Evidence Tags Expiration condition Then memory-engineer audits it: Is it reusable? Is it already covered? Is it too speculative? Does it belong as a Knowledge Item, or should it become a rule change, prompt edit, or ADR instead? Only after that does a human approve the destination. The design is intentionally similar to code review. Durable memory changes future behavior, so they deserve a paper trail. Rejection is a feature One of my favorite parts of the memory runbook is that it has explicit rejection rules. Do not promote a memory when it is: a one-off already covered too speculative That makes "zero candidates promoted this cycle" a healthy result, not a failure. This is where memory engineering starts to look less like note-taking and more like gardening. The point is not to preserve every leaf. The point is to keep the soil useful. Expiration matters The lifecycle also includes expiration. A Knowledge Item can become stale when the underlying code, agent, or pattern changes. It can be supers

2026-07-08 原文 →