AI 资讯
Evaluating Agents With an LLM-as-Judge Harness (Without Kidding Yourself About It)
Key Takeaways You can't unit-test a coach agent the way you test a pure function — the output is non-deterministic and "good" is a judgment call, not an assertion. An LLM-as-judge harness lets you grade a whole test set automatically against a rubric, which is the only way solo-scale eval stays sustainable. But the judge is itself a fallible model. If you don't design around its known biases — position, verbosity, self-preference, and quiet drift when the judge model updates — you build a green dashboard that means nothing. The mitigations that actually work are mechanical, not prompt-magic: shuffle order on every pairwise call, pin the judge version, keep a small human-labelled anchor set, and re-check the judge against it. The problem I actually had FamNest's coach agent generates responses to parents — check-ins, encouragement, the occasional gentle redirect. I have a growing pile of these interactions, and every time I change a prompt, swap a model, or adjust the pipeline, I need to know one thing: did I just make it better or worse? For normal code, that's what tests are for. I change something, the suite runs, red or green, done. But there's no assertEqual for "was this an empathetic, useful response to a tired parent." The output changes every run even at temperature zero-ish, and the quality bar is a human judgment, not a fixed string. Two responses can be worded completely differently and both be good. One can match my "expected output" word for word and still be worse than a version that didn't. So the honest options were: read every response by hand every time I change something (does not scale past about week two), or build a harness where a model grades the outputs against a rubric. I built the harness. Then I spent an uncomfortable amount of time learning all the ways a harness like that can lie to you. What the harness actually is At its simplest, it's a loop: def evaluate ( test_cases , coach_agent , judge ): results = [] for case in test_cases : res
AI 资讯
"How to Stop AI Agent Skills, Hooks, and Cron Jobs from Silently Conflicting Over Where They Run and What Data They Trust"
Originally published on hexisteme notes . Make every skill, hook, and scheduled job declare four invariants before it ships — Locality (where it can run), Source-of-truth (which facts it owns or borrows), Cross-ref (what depends on it and what it depends on), and Trigger-measurability (whether its trigger is observable at runtime or hidden in external state) — and refuse to hand off any component that leaves one undeclared, because an undeclared assumption is exactly the seam where two components silently disagree. Two separate runtime leaks surfaced in a single audit session, and both traced back to the same root cause: a component that never declared its assumptions. One read configuration from a file that had stopped being the source of truth (so it always returned a stale default); the other was a scheduled job pointed at a remote sandbox while its prompt referenced local-only paths — caught minutes before registration, where any later and it would have billed compute and produced nothing. Neither was a coding bug. Both were missing declarations. The failure mode: components that work alone but leak when combined When you build an AI agent system out of small parts — skills the model loads on demand, hooks that fire on lifecycle events, cron jobs and scheduled routines that run unattended, helper scripts, config profiles — each part usually gets tested in isolation. It works. You move on. The trouble is that "it works" only proves single-shot correctness; it says nothing about whether the part's assumptions agree with the rest of the system. Every component carries hidden assumptions: where it runs (local machine vs. a remote sandbox), which facts it treats as authoritative, what other components it silently depends on, and what its trigger actually measures. When those assumptions go undeclared, conflicts stay invisible until they surface to the user as a flaky, hard-to-trace symptom — the kind that feels like a vicious cycle because every fix in one place re-o
AI 资讯
How to Learn System Design From Scratch (With No Distributed Systems Experience)
If you have ever opened a system design article, seen a diagram with twelve boxes, three databases, a message queue, and the words "eventually consistent," and quietly closed the tab, this post is for you. There is a myth that you need years of experience running large systems before you can learn system design. You don't. Plenty of engineers learn it before they have ever deployed anything bigger than a side project. What you actually need is the right starting point and a way to build intuition without access to production-scale traffic. That is exactly what this guide gives you. "But I've never built anything at scale" Good news: neither had most people the first time they learned this. System design is not a memory test about how Uber works. It is a thinking skill: given a vague problem and some constraints, make a sequence of reasonable trade-offs and explain them clearly. That skill does not require having operated a system serving millions of users. It requires understanding what the moving parts do and practicing the reasoning. The experience helps later, but it is not the price of entry. So drop the idea that you are "not ready." You are ready to start today. The honest minimum prerequisites You do not need much, but you do need these four things. If any feels shaky, spend a few days here first; it will save you weeks of confusion later. What happens when you load a web page. Client sends a request, DNS resolves a name to an address, a server responds. If you can sketch that, you're fine. The two kinds of databases. Relational (tables, rows, SQL) versus non-relational (documents, key-value). You don't need to be an expert, just know they exist and roughly when each fits. What an index is. A way to find data fast without scanning everything. That one sentence is enough to begin. Basic estimation. If something gets a million requests a day, roughly how many is that per second? (About 12, for the record.) The ability to do rough math out loud matters more than
AI 资讯
Designing Reliable Queueing and Message‑Broker Layers in PMS Platforms
Modern Property Management Systems depend on continuous data exchange between internal modules and external services. Bookings, calendar updates, guest communication, cleaning tasks, and maintenance triggers all generate operational events that must be processed quickly and reliably. Free PMS platforms such as PMS.Rent rely on robust queueing and message‑broker layers to ensure that these events never get lost and are always processed in the correct order. At the core of this architecture is the concept of distributed message‑broker orchestration, which enables the PMS to scale horizontally, maintain predictable performance, and avoid bottlenecks during peak operational periods. Why Message Brokers Matter A PMS handles thousands of small but critical operations every day. Without a message broker, these operations would compete for system resources, causing delays, blocking workflows, and creating inconsistent states. A broker solves this by: receiving events, storing them durably, routing them to the correct processors, retrying failed operations, ensuring ordered execution when required. This creates a stable foundation for automation and real‑time synchronization. Queue Types Inside a PMS A modern PMS typically uses several queue types: Operational queues for bookings, calendar updates, and guest messages Automation queues for cleaning tasks, reminders, and workflow triggers Synchronization queues for channel managers and external APIs Fallback queues for events that require manual review Each queue isolates a specific category of tasks, preventing unrelated operations from interfering with each other. Distributed Workers Workers are lightweight processes that consume events from queues. They operate in parallel, allowing the PMS to scale dynamically. If the system detects increased load — for example, during high‑season booking spikes — it simply launches more workers. Workers typically perform tasks such as: updating property calendars, generating guest notific
AI 资讯
Agent-Ready Commerce, Part 5: Keeping ACP, MCP, and AP2 Adapters Thin
Protocol adapters are one of the easiest places for agent-commerce architecture to drift. An adapter begins with the narrow responsibility of translating an external protocol request into something the commerce platform understands. For example, an MCP-style tool may ask for return terms, an ACP-style interaction may ask whether checkout can be prepared, an AP2-related flow may carry payment authority information, and an internal feed may publish product capabilities. Those are adapter concerns at the boundary. The problem starts when the adapter does more than translate. It checks product availability from catalog fields. It interprets policy text. It decides whether checkout is ready. It treats a payment artifact as authority. It turns a domain blocker into a softer protocol response. Each shortcut may solve an integration problem locally, but it also creates a second place where commercial meaning is decided. When several adapters exist, those local decisions begin to diverge. The MCP tool may block return-policy quotation, the ACP adapter may expose the product as purchasable, the feed may publish it as checkout-ready, and the AP2-related flow may reject delegated payment. At that point, the platform does not only have multiple integrations. It has multiple interpretations of the same commercial state. This is the adapter problem in agent-ready commerce: semantic drift at the protocol boundary. The adapter should know how to speak the protocol. It should not decide product truth, policy meaning, eligibility, checkout validity, or payment authority. Those decisions belong inside the commerce platform, where they can be shared, tested, evidenced, and audited. This is the fifth article in the Agent-Ready Commerce series. Part 1 introduced the broader architecture model: Facts → Eligibility → Authority → State transition → Evidence → Audit Part 2 focused on commercial truth. It argued that catalog data is not enough. A platform needs source-backed, freshness-aware p
AI 资讯
Modernizando a Automação no Linux: Por que e como migrar do Cron para systemd Timers
Aprenda a substituir o velho Cron por systemd timers para ganhar logs nativos, controle de dependências e maior robustez.
AI 资讯
Agent-Ready Commerce, Part 2: From Product Pages to Commercial
A product page is not a contract. It is a presentation surface. That distinction matters more once AI agents start interacting with commerce systems. Traditional ecommerce platforms can rely on human interpretation. A human can read a product title, inspect images, compare delivery notes, scan a return policy, notice uncertainty, and decide whether to continue. A product page can be visually useful even when the underlying commercial state is incomplete, stale, or spread across several systems. An AI agent needs a different interface. It should not need to scrape a product page, infer policy meaning from free text, guess whether inventory is fresh, or decide whether a price is reliable enough to quote. If the platform expects agents to recommend products, compare alternatives, prepare checkout, or act within delegated authority, then the platform needs to expose more than product presentation. It needs to expose commercial truth. This is the second article in the Agent-Ready Commerce series. Part 1 introduced the broader model: Facts → Eligibility → Authority → State transition → Evidence → Audit This article focuses on the first part of that chain: facts . The central argument is simple: a raw product record is not enough for agent-ready commerce. The platform needs a source-backed, freshness-aware, action-supporting view of the product before agents can safely act on it. Product pages hide too much state A normal product page compresses many different concerns into one human-readable surface: Product identity Price Inventory Images Description Badges Variants Delivery estimate Return policy snippet Warranty information Promotional copy Reviews Cross-sell modules Checkout call to action That compression is useful for presentation, but it is lossy from a systems perspective. The page may show “In stock,” but the inventory value may be several hours old. It may show a price, but the pricing source may have changed since the last feed publication. It may show a return
AI 资讯
The Introduction
Operating system, a thing that everybody uses but no one talks about. While reading Operating Systems: Three Easy Pieces (OSTEP), my background in C and C++ fueled a growing fascination with memory allocation, virtualization, scheduling, and the intricate mechanics of operating systems. This would be a series of article, the number i am not sure, it will be the amount of content that someone might comfortably read in a 10 min Article. Keeping each piece to a solid 10-minute read is the perfect sweet spot for a developer to read over a cup of coffee. It gives you enough runway to explain a core concept, show the math, and link a practical C/C++ experiment without making their eyes glaze over. Why this Article ? We are often warned against “reinventing the wheel.” However, I firmly believe that building and optimizing modern software is impossible without a fundamental grasp of virtualization, memory allocation, and concurrency. Consider Docker: it functions almost entirely on OS-level virtualization features like Namespaces, cgroups, and isolated filesystems. Similarly, the highly optimized Memory Manager in PostgreSQL only works because it leverages the robust memory management systems already written into the OS kernel. This article aims to bring the core concepts of OSTEP to life through practical experimentation. By accompanying the theory with an open-source repository, my goal is to provide a clear, interactive learning experience that demystifies operating systems. I am not an operating system guru or a Principal Engineer with years of experience, but I hope to become one someday (assuming AI doesn’t replace me first… HeHe ). What I can do is dive in, explore, and try to understand these concepts by actually building things. Because of that, my goal here is to present the findings and experiments I explore rather than giving strong opinions — I’ll leave the comment section for those! Any support, feedback, or contributions from the community will be incredibly
AI 资讯
The System Design Framework I Used to Solve 100+ Problems
Hello Devs, for months, I felt confident about system design interviews. I'd watched endless YouTube videos. I'd studied architecture diagrams. I could explain how Netflix builds recommendation systems. I understood Kafka, Redis, load balancers, and microservices. I'd memorized the designs of Twitter, Uber, YouTube, and TinyURL. Then I sat down for my first real system design interview and froze. The interviewer asked: "How would you design a notification system?" I had memorized notification systems. I knew about push notifications, email queues, delivery workers, and retry logic. I could recite architectural patterns. But suddenly, none of that helped. I didn't know which questions to ask first. I started designing before understanding the actual requirements. I built architecture for problems that didn't exist. I missed obvious bottlenecks. I couldn't articulate why I made specific trade-offs. When the interviewer pushed back, I had no framework to adjust. I failed that interview. But that failure taught me something crucial: System design interviews aren't about knowing technologies. They're about knowing how to think. After that, I went back and systematically practiced 20 system design problems. Not passively watching solutions. Actually designing. Making mistakes and refining my approach. And somewhere around problem 12, a pattern emerged. The best candidates didn't know more technologies than anyone else. They had a framework . They asked the same questions in the same order. They structured their thinking consistently. They could handle curveballs because their framework was flexible. They reasoned through trade-offs explicitly. Here's the framework that finally made it click for me. The Problem with Memorization Before I share the framework, let me explain why memorizing designs fails. When you memorize " How to Design Twitter," you learn: Use relational databases for users and tweets Use NoSQL for timelines Cache with Redis Use message queues for fanout S
产品设计
System Design for Working Engineers, Not Interview Prep
Originally published at malaymehta.com The Interview Trap If you look at most system design tutorials, you get an extreme use case. Design Twitter. Design YouTube. Scale it to a billion users. Draw boxes on a whiteboard for 45 minutes. Do you think your app will be used by a billion users on day one? The answer is almost always no. But the tutorials don't teach you what to do when you have 500 users, unclear requirements, a team of four, and a quarter to ship something that works. Real system design is nothing like a whiteboard interview. You don't get clean requirements, you don't design from scratch, and nobody asks you to handle a billion requests per second on day one. Real System Design Starts with Questions, Not Diagrams The very first thing that matters in system design is something most tutorials skip entirely: unclear and chaotic requirements. In the real world, requirements don't come as a clean problem statement. They come from non-technical business teams, and you need to navigate through cross-questions to get all the clarity you need. Ask as many questions as possible. Understand your functional and non-functional requirements. Which features need to be synchronous and which can be async? What are the read and write load patterns? What is the maximum and average number of concurrent users right now? What does authentication look like? Do you need role-based access control? These questions drive your choices. You don't always need an axe where a knife will do. Being minimalist with a reasonable growth prediction and a 3, 6, 9 month plan will take you in the right direction. There will be things the situation demands immediately but would take more time than expected. Taking a predictable hit now and fixing it at the right future time without missing that balance is truly important. Weighing what will be expensive to change later, in terms of dollar cost or human effort, is how real architectural decisions get made. Pushing Back on Bad Requirements Many
产品设计
HLD Fundamentas #7: Back-of-the-Envelope Calculations
When designing systems like Facebook, WhatsApp, Netflix, Amazon, or Instagram, one of the first questions a system designer asks is: Can a single server handle the traffic? How much storage will be needed? Do we need caching? How much RAM should our cache have? How many servers should we deploy? Before discussing databases, load balancers, microservices, or caching layers, we need a rough understanding of the scale. This is where Back-of-the-Envelope Calculations come into the picture. Why Do We Need Back-of-the-Envelope Calculations? Imagine you're asked to design Facebook. If you immediately start drawing: Load Balancer ↓ Application Servers ↓ Redis Cache ↓ Database without knowing the expected traffic, you're designing blindly. System design is fundamentally about making trade-offs. To make those trade-offs, we first need estimates. Back-of-the-envelope calculations help us answer: How much traffic will the system receive? How much data will be generated? How much cache memory is required? How many servers are needed? The numbers don't need to be perfect. They only need to be close enough to make architectural decisions. What Exactly Is a Back-of-the-Envelope Calculation? A quick estimation technique used to approximate: Traffic Storage Memory Server Capacity using rough assumptions. Think of it as: "Getting the order of magnitude correct rather than getting the exact number correct." A system designer rarely needs perfect accuracy during interviews. They need reasonable estimates. The Standard Estimation Flow Whenever you get a System Design question: Users ↓ Traffic ↓ Storage ↓ RAM / Cache ↓ Number of Servers ↓ Architecture Design Always estimate first. Design later. The Ultimate Estimation Cheat Sheet Storage Units Unit Value 1 KB 10³ Bytes 1 MB 10⁶ Bytes 1 GB 10⁹ Bytes 1 TB 10¹² Bytes 1 PB 10¹⁵ Bytes Time Units Unit Value 1 Minute 60 Seconds 1 Hour 3600 Seconds 1 Day 86,400 Seconds Common Assumptions Metric Approximation Peak Traffic 3× Average Traffic Active
AI 资讯
What Developers Underestimate About Long-Running Workflows
Long-running workflows look simple when you first build them. Something happens. A few systems exchange data. Everything completes. Done. At least that's the expectation. Reality is very different. The biggest thing I underestimated was time. Not execution time. Elapsed time. Because once workflows start running for hours, days, or continuously, strange things start happening. APIs become temporarily unavailable Data changes halfway through the process Retries arrive much later than expected Someone manually updates a record Another system processes things in a different order Nothing is broken. But everything is slightly different from when the workflow started. Early on, I assumed workflows were transactions. Start. Execute. Finish. Now I think of them as conversations between systems. And conversations can get interrupted. Another thing I underestimated: State changes. You might start processing an order that is "pending". Ten minutes later, another system marks it as "cancelled". An hour later, a retry comes in from an earlier step. If your workflow only thinks about data, weird things happen. Because the world has changed while the process was still running. Long-running workflows also expose assumptions you didn't know you made. Like: this API will always respond quickly data will arrive in order users won't modify records manually retries will happen immediately Those assumptions survive in testing. Production removes them quickly. One thing that changed how I build these systems: I stopped asking: "Will this workflow finish?" And started asking: "What state will the world be in when it finishes?" Because those are two very different questions. Most problems in long-running systems aren't caused by one big failure. They're caused by lots of small changes happening while the workflow is still alive. And if you don't account for that, eventually the workflow finishes successfully and still produces the wrong outcome. This is something we think about constantly
AI 资讯
Why Payment Data Pipelines Break Under Real-Time Load (And How Banks Fix the Latency Problem)
Payment data pipelines fail in ways that ruin a payments engineer’s week, and the failures rhyme. The dashboards froze. Fraud scores arrived after the transaction had already cleared. Settlement reports came in stale. Nobody slept. The frustrating part is that the same data architecture had run fine for years. So, what changed? The honest answer is that batch thinking does not survive contact with real-time payments. A lot of banks built their data foundations in an era when nightly jobs were good enough. Load the warehouse overnight, run the reports in the morning, move on. That rhythm worked when money moved slowly. It does not work when a customer expects an instant confirmation and a fraud engine has milliseconds to make a call. Here is where things crack. Real-time payment rails push a constant stream of events instead of a tidy nightly dump. Your pipeline now has to ingest, transform, and serve data while transactions are still happening. Add ISO 20022 into the mix and the pressure climbs. ISO 20022 messages are rich. They carry far more structured detail than the old formats, which is wonderful for analytics and miserable for a pipeline that was never designed to parse that much context at speed. This is not a fringe concern either. Swift reported that by the time its MT/ISO 20022 coexistence period closed in November 2025, around 80% of daily traffic was already running on the ISO 20022 format, with more than 3.1 million of these messages exchanged every day. The rich-data era is the default now, not the roadmap. Then there is the fraud-scoring window. Fraud models need fresh features. Account behaviour over the last few minutes, velocity checks, device signals. If your pipeline takes thirty seconds to surface that data, the fraud decision is already too late. You are essentially detecting fraud after the loss. That gap between when data is created and when it becomes usable is the silent killer in most payment systems. And the cost of getting it wrong runs
AI 资讯
Your AI Bill Isn't a Model Problem. It's an Architecture Problem.
If your LLM costs are climbing, the instinct is almost always the same: swap to a cheaper model. GPT-4 to GPT-4-mini. Claude Opus to Claude Haiku. Sometimes that helps a little. It rarely fixes the actual problem. The actual problem, in most workflows I've looked at, is that every step gets routed through the LLM, even the steps that don't need language reasoning at all. This post breaks down a simple mental model for deciding what should and shouldn't touch an LLM, with a working example you can adapt. The four components of any AI workflow Every automated workflow — whether it's a support ticket router, a fraud check, or a content pipeline — is built from some combination of four building blocks. They get treated the same once a workflow diagram is drawn flat, but they have wildly different cost and latency profiles. Component What it does Think of it as Typical cost Trigger Starts the workflow The doorbell ~$0 Deterministic ML Structured predictions — classify, score, rank The calculator Cents per 1,000 calls LLM / Generative Reads, writes, reasons in language The writer Dollars per 1,000 calls Tool / API Fetches or writes real data The hands Cents per 1,000 calls The gap between row 2 and row 3 is the whole article. A classifier and an LLM call can solve the exact same problem, but one costs roughly 100-1000x more than the other, depending on model and provider. If you're not deliberately deciding which one handles which step, you're probably defaulting to the expensive one — because in frameworks like LangChain or a quick custom agent loop, it's just easier to shove everything into a prompt. Where this actually shows up Here's a workflow I see constantly: an automated support ticket triage system. flowchart LR A[New support ticket] --> B{Classify intent} B --> C[Route to team] B --> D[Auto-draft response] D --> E[Update CRM] A naive build sends the entire ticket text to an LLM and asks it to do everything at once: classify the intent, decide routing, draft a re
AI 资讯
Good Architecture Includes Observability
Good architecture is not only about how a system is built. It is also about how well the team can understand that system once it is running. That is where observability belongs in the architecture conversation. It is common for observability to be treated as something that comes after the main engineering work. The service gets built. The API works. The deployment succeeds. Then, somewhere near the end, the team starts thinking about logs, dashboards, alerts, and operational visibility. That approach creates a gap. The architecture may look clean on paper, but once the system is in production, the team has to understand how it behaves under real conditions. Real users do not follow the happy path perfectly. Dependencies slow down. Queues back up. Data arrives in unexpected shapes. Deployments change behavior in ways that are not always obvious. If the system does not give the team a way to see those things clearly, the architecture is incomplete. Observability is not decoration around the system. It is part of the system design. Architecture Describes the System. Observability Shows the Truth. Architecture is built on assumptions. During design, teams make reasonable guesses about usage patterns, service boundaries, dependency behavior, data flow, scale, latency, and failure modes. Some of those assumptions are based on experience. Some are based on current requirements. Some are simply the best call the team can make with the information available at the time. That is normal. The problem is not that architecture contains assumptions. Every architecture does. The problem is when those assumptions cannot be tested once the system is real. A design might assume that an external dependency will be reliable enough. Production may show that it is the slowest part of the request path. A queue might look like a clean decoupling point during design. Production may reveal retry behavior, duplication, or ordering concerns that were not obvious upfront. A serverless function m
AI 资讯
I built a free system design whiteboard for engineering interviews
I bombed a system design interview last year — not because I didn't know the architecture, but because I spent the first 5 minutes fighting Excalidraw. So I built SystemDesignBoard — a free, keyboard-first whiteboard specifically for system design interviews. What it does You open it, press a key, and start drawing. No account, no onboarding, no drag-from-a-sidebar friction. R → place a Service node C → place a Database/Cache/Queue A → connect two nodes N → open the scratchpad for scale math The features I'm most proud of Animated connectors that show communication type Instead of just drawing arrows, connectors visually encode how services talk: ⇄ sync — paired dashes (request + ACK) ≋ stream — near-solid fast line with glow (continuous pipeline) This matters in interviews — your interviewer can glance at your diagram and immediately understand the communication pattern. Cloud provider badges Tag any node as AWS (EC2, Lambda, RDS, S3), GCP (GKE, Cloud Run, Firestore), or Azure. Each subtype has its own icon. Trade-off logging Right-click any node → Log Trade-offs → attach your CAP theorem stance, consistency level, and scaling strategy directly to the component. Diagram-as-Code Type: [Mobile App] -> [API Gateway] [API Gateway] -> [Auth Service] [Auth Service] -> [Users DB] [Feed Service] -> [Posts DB x3] [Feed Service] -> [Redis Cache] Hit Apply — it auto-lays out the whole architecture in seconds. Export to animated GIF Export your diagram as a GIF that shows live traffic flow animations. Great for sharing after an interview or in a design doc. Tech stack React + TypeScript + Vite @xyflow/react (ReactFlow v12) for the canvas Zustand + Immer for state with full undo/redo html-to-image + gifshot for PNG/GIF export It's free and open No signup required. Works entirely in the browser. Free during beta. 👉 systemdesignboard.com Would love feedback — especially from anyone who's done system design interviews recently. What's missing? What's annoying? Drop a comment below
AI 资讯
The Hybrid Architecture: Blending Physical IoT with Cloud Computing
As software engineers, we often architect solutions in a virtual ideal: fast networks, elastic resources, and servers that never physically degrade. But what happens when your carefully crafted systems need to interact with the messy, unpredictable physical world? Think factory floor monitors, real estate camera networks, or remote tracking devices. Suddenly, those cloud assumptions about infinite uptime and perfect connectivity crumble. My journey, particularly architecting and maintaining a continuous 24/7 camera livestream for a real estate group over six years, has been a masterclass in this reality. It's revealed that true reliability in the physical realm demands a hybrid approach – one that intelligently merges the power of edge computing with the scalability and data insights of the cloud. This isn't just about connecting devices; it's about building resilience into the very fabric of your architecture. In this article, I'll share the battle-tested strategies and design principles that enable systems to not just survive, but thrive, despite the harsh realities of physical deployment. 1. The Core Strategy: Smart Edge, Simple Cloud One of the most common pitfalls in hybrid architecture design is treating the edge device as a mere 'dumb' terminal, solely responsible for streaming raw data to a powerful cloud backend. This approach creates a critical single point of failure: if the network drops, the entire system grinds to a halt. Instead, I advocate for a Smart Edge, Simple Cloud architecture. This principle establishes a clear division of responsibility: The Edge : This is where the magic happens locally. The edge system should be robust enough to handle local processing , data filtering , buffering , and immediate hardware control . Critically, it must be capable of operating autonomously for extended periods without an active cloud connection. Think of it as a mini data center, designed for self-sufficiency. Benefits of a Smart Edge : Reduced bandwidth cost
AI 资讯
Feature Flags at Scale: Designing a Distributed Control System for Production Behavior
The Counterintuitive Truth: Feature Flags Are Not Config Files Most engineers first encounter feature flags as a simple abstraction: a key-value lookup that returns true or false. That mental model works fine for a single service handling a few hundred requests per minute. It becomes actively dangerous at scale. A mature feature flag system isn't a config file with an API wrapper — it's a distributed control plane . The distinction matters architecturally. A control plane manages the real-time behavior of a running system across many nodes simultaneously, with its own consistency guarantees, failure semantics, and propagation latency. That's a fundamentally different design problem than reading a YAML file on startup. One constraint drives every downstream decision: user traffic must never block on a remote flag service call. If evaluation requires a synchronous RPC, you've coupled your request path to the availability and latency of an external system. Netflix's Archaius library enforces this by evaluating flags entirely in-process against a locally-cached configuration snapshot. A network round-trip per evaluation injects 10–50ms of tail latency at p99 — catastrophic when you're competing on streaming start times measured in hundreds of milliseconds. Google, Meta, and Netflix collectively evaluate flags against millions of requests per second with sub-millisecond overhead. That figure is only achievable through local evaluation backed by an async synchronization layer, not RPC. The other failure mode engineers underestimate is flag sprawl . Systems accumulate flags the way codebases accumulate dead functions — gradually, then all at once. I've seen services carrying thousands of flags where fewer than 10% were actively managed. The operational weight alone becomes a liability: which flags are safe to remove? Which ones are kill switches for production behavior that no one documented? Knight Capital's $440M loss in 45 minutes in 2012 remains the canonical cautionar
AI 资讯
Why Retries Are More Dangerous Than Failures in Production Systems
Failures are obvious. Retries are sneaky. When something fails, everyone notices. An alert goes off. A request errors out. Someone starts investigating. Retries are different. They look harmless. Most of the time, they save the system. But sometimes, retries create bigger problems than the original failure. Imagine an API call times out. No problem. The system retries. But what if the first request actually succeeded and only the response was lost? Now the retry creates: duplicate orders repeated emails inconsistent records workflows running twice The failure happened once. The retry multiplied it. Another thing I've seen: One slow dependency causes requests to pile up. Retries start firing. Those retries create even more traffic. Which slows things down further. Which triggers even more retries. Suddenly, the system is spending more effort retrying than doing useful work. Retries also hide problems. A temporary issue gets retried five times and eventually succeeds. Everything looks normal. Meanwhile: latency increases queues grow users experience delays Nothing technically failed. But the system is getting less healthy. What changed for me is that I stopped treating retries as free. Every retry has a cost. It consumes resources. It increases load. And if actions aren't designed carefully, retries can repeat side effects that should only happen once. Now when I build something, I don't ask: "What happens if this fails?" I ask: "What happens if this runs again?" Because in production, things almost always run again. And if the answer is "bad things happen," the retry mechanism isn't helping. It's making things worse. Failures are part of every system. Retries are too. The difference is that failures usually happen once. Retries can turn one problem into hundreds if you don't design for them. This is something we think about constantly at BrainPack when operating long-running workflows across multiple systems. AI and automation layers make retries even more common, wh
AI 资讯
Multi-Model System Design: When One Model Isn't Enough
Single-model systems are simple. Multi-model systems are powerful. The challenge isn't choosing models — it's designing the architecture that orchestrates them. A multi-model system isn't about having more models. It's about having the right model for the right task at the right time. Architecture patterns Five patterns cover most use cases: Pattern Complexity When to use Tradeoff Single Model Lowest Prototyping, simple tasks Limited capability Sequential Low Multi-step workflows Higher latency Parallel Medium Independent tasks Higher cost Hierarchical High Complex reasoning Complex orchestration Ensemble Highest Critical decisions Highest cost Pick the simplest one that works. Complexity is real, and it compounds. Sequential architecture Process tasks through a chain of models, each specializing in a step. Pattern 1: Pipeline Pipeline pattern — each model's output feeds the next: class ModelPipeline : def __init__ ( self ): self . models = [ { " model " : " qwen2.5-1.5b " , " task " : " classify " }, { " model " : " qwen2.5-7b " , " task " : " extract " }, { " model " : " qwen2.5-32b " , " task " : " reason " }, ] def process ( self , input : str ) -> str : current = input for model_config in self . models : current = self . call_model ( model_config [ " model " ], self . create_prompt ( model_config [ " task " ], current ) ) return current Latency adds up. Three models in sequence means three times the latency. Only use this when each step actually needs a different model. Pattern 2: Router Router pattern — classify the task, route to the specialist: class ModelRouter : def __init__ ( self ): self . classifier = " qwen2.5-1.5b " self . specialists = { " code " : " qwen2.5-coder-7b " , " math " : " qwen2.5-32b " , " creative " : " claude-sonnet-4 " , " general " : " qwen2.5-7b " , } def route ( self , prompt : str ) -> str : task_type = self . classify ( prompt ) model = self . specialists . get ( task_type , self . specialists [ " general " ]) return self . call_m