今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#work

找到 108 篇相关文章

AI 资讯

Abandoning Abstractions: Manually Crafting EtherNet/IP Packets Almost Broke Me

By RUGERO Tesla ( @404Saint ). There is a persistent illusion in Industrial Control Systems (ICS) security research: that high-level libraries, abstraction frameworks, or protocol tooling give you a real understanding of Operational Technology (OT) behavior. They don’t. They hide the architecture. Determined to understand what actually happens when a Programmable Logic Controller (PLC) receives a control-plane command, I built an EtherNet/IP and Common Industrial Protocol (CIP) sandbox from scratch. No Scapy. No protocol wrappers. Just raw sockets, a Linux loopback interface, a cpppo simulator, and a passive monitoring tool ( enip_monitor.py ) capturing traffic in real time. It looked clean on paper. Then I reached the application layer. And things stopped behaving like theory. The Reality of the “Industrial Abstraction Layer” If you come from Modbus or traditional IT networking, you’re used to linear memory spaces—fixed registers, predictable offsets, and flat addressing. EtherNet/IP and CIP discard that model entirely. Instead, they introduce a structured object system wrapped inside multiple encapsulation layers: +-----------------------------------------------------------+ | EtherNet/IP Encapsulation Header (24 bytes) | | → Session control, commands (0x0065, 0x006F) | +-----------------------------------------------------------+ | Common Packet Format (CPF) | | → Routing, addressing, and transport segmentation | +-----------------------------------------------------------+ | CIP Application Layer | | → Service codes (0x4C, 0x4D, 0x10, etc.) | +-----------------------------------------------------------+ To communicate with a PLC at the wire level, your code must: Establish a session using RegisterSession (0x0065) Wrap all subsequent requests in SendRRData (0x006F) Encode routing information inside CPF structures Construct symbolic or logical paths for the CIP Message Router Ensure strict byte alignment across nested payload layers A single mistake in any layer b

2026-06-30 原文 →
AI 资讯

Network Fingerprinting: Analyzing Default ICMP Structures and Payload Mimicry

Research Context "In advanced network observability, understanding the default behavior of various operating systems is vital for traffic profiling. This article explores the structural differences in ICMP Echo Requests across different OS environments and analyzes how 'Traffic Mimicry' can be used to evaluate the accuracy of Network Intrusion Detection Systems (NIDS)." 1. The Anatomy of an ICMP Signature A standard ICMP Echo Request is not just a simple signal; it carries a specific "fingerprint" based on the operating system that generated it. These fingerprints consist of: Total Packet Size TTL (Time to Live) values Default Payload Content 2. Cross-Platform Discrepancies (Linux vs. Windows) When a system sends a "ping," the default data size ($D$) and the total packet length ($L$) vary significantly between architectures. Feature Linux (Typical) Windows (Typical) Data Size ($D$) 56 Bytes 32 Bytes ICMP Header ($H$) 8 Bytes 8 Bytes Total ICMP Length ($L$) 64 Bytes 40 Bytes Default Payload Timestamp + Data abcdefg... The Linux Signature In most Linux distributions, the ping utility sends 56 bytes of data. When combined with the 8-byte ICMP header, it totals 64 bytes. A key characteristic of Linux ICMP traffic is that the first few bytes of the payload are often occupied by a high-resolution timestamp, used to calculate RTT (Round Trip Time) with microsecond precision. The Windows Signature Windows systems default to a 32-byte data payload. The payload content is static and follows a predictable alphabetical sequence: abcdefghijklmnopqrstuvwabcdefghi. This static nature makes Windows ICMP traffic easily identifiable during deep packet inspection (DPI). 3. The Concept of Traffic Mimicry Traffic Mimicry is a research method used to test the resilience of network filters. By aligning custom communication protocols with the default signatures of a specific OS, researchers can evaluate whether a security appliance is biased toward certain traffic patterns. For example, wh

2026-06-27 原文 →
AI 资讯

9 PM Teams Call Layoffs: The Offshore Kill‑Switch

The 9 PM Teams call layoffs that vaporized an entire India engineering office aren't merely a cautionary tale—they are a case study in remote-first management rot. Around 150 employees were invited to a surprise Microsoft Teams call late in the evening and informed, without any prior warning, that their team was being shut down and the company was closing its India operations 1 [^2]. No severance. No transition. Just a kill switch flipped from a different timezone. This isn't a single rogue employer. It’s a playbook. The late-night call exploits the timezone gap to avoid in-person confrontation and suppress immediate collective response. It’s a clean, cowardly sever for a leadership class that has confused “remote” with “disposable.” How the 9 PM Teams call layoffs became a remote-first weapon The mechanics are always the same: a sudden, mandatory all-hands drops on calendars minutes before it starts. The meeting is short. An HR representative or a pre-recorded executive message delivers the news. Access is cut before anyone can ask a real question[^1:0][^2:0]. A former employee detailed the sequence in a viral social media post: “Around 150 members of our engineering team were invited to a 9 PM Microsoft Teams call, where we were informed that our team was being shut down”[^3]. The shock isn't accidental—it’s functional. Surprise prevents organizing. It prevents screen-recording. It prevents the kind of immediate, unified pushback that might force a negotiation on severance or notice periods. Red flag: When your office is “the offshore office” The structural vulnerability is clear. In many global firms, India operations function as a cost center rather than a strategic core. The moment a CFO runs a spreadsheet and sees a quick path to positive EBITDA by zeroing out a foreign subsidiary, the engineers there become a line item. The 9 PM Teams call layoffs are the logical endpoint of this relationship: the timezone isn't just a scheduling inconvenience, it’s a control

2026-06-27 原文 →
AI 资讯

DNS Explained: How Your Browser Decodes Website Addresses

You type www.google.com into your browser and hit Enter. The page loads in under a second. But stop and think about what just happened. Your browser didn't know where Google lives on the internet. It had to ask. And in that fraction of a second, a surprisingly elegant chain of lookups took place behind the scenes. That system is called DNS — the Domain Name System. Think of it as the internet's phonebook: it translates human-friendly names like www.google.com into machine-friendly IP addresses like 142.250.80.46 . Without it, you'd have to memorise numbers to visit any website. Let's walk through exactly what happens, step by step. Step 1: You Type a URL — But What Does It Mean? When you type www.bing.com , you're entering a domain name . Domain names have a structure — and reading them right-to-left tells you a lot: www . bing . com │ │ │ │ │ └── Top-Level Domain (TLD): category or country │ └──────── Second-Level Domain (SLD): the brand/org name └─────────────── Subdomain: a section of the site (optional) Some real examples: Domain TLD SLD Subdomain www.bing.com .com bing www news.bbc.co.uk .uk bbc news docs.github.com .com github docs TLDs indicate the type or origin of a site — .com for commercial, .edu for education, .in for India, and so on. Step 2: Your Browser Checks Locally First Before going anywhere on the internet, your browser does a quick local check — two of them, actually. 1. Browser cache Modern browsers cache DNS results from previous lookups. If you visited bing.com five minutes ago, the browser already knows its IP and skips the entire lookup process. 2. The hosts file Your operating system has a plain text file that maps domain names to IPs manually. On most systems it lives at: Windows: C:\Windows\System32\drivers\etc\hosts Mac/Linux: /etc/hosts It looks like this: 127 . 0 . 0 . 1 localhost 192 . 168 . 1 . 10 mydevserver . local Developers use this all the time for local testing — mapping a production domain name to a local IP to test before go

2026-06-26 原文 →
AI 资讯

Record of Site Issues #2 - Playback / GOP

Environment And Situation Control room of an apartment Number of installed product : 3 (PC-based NVR, dual-LAN supported) Remote support : X (I actually went to the site and diagnosed) Reported Issue In viewer, when user changes play speed while playing back the recorded data, it randomly plays the data in hyper speed(almost 30x~60x) For example: 4x play means 4 seconds in video per a second. But in the site, it played 30~60 seconds per a seconds, showing the video stutturing. Diagnosis Checked the overall environment. System(CPU / RAM usage), network environment(bandwidth), resoulution, stream configurations, etc. -> Nothing suspicious. Some of the installed cameras had unusual fps and gop values Normally, fps and gop values are set to be equal(for exmaple, if fps is 30 then gop is also 30 so that iframe can appear every second) But the cameras' set up values were fps 15, gop 60(iframe per 4 seconds) Assumption Somehow the viewer keeps failing to find iframe to play. And it's maybe because iframe appears with a long gap. Quick note: iframe is kind of a key-frame. Since the viewer starts decoding from an iframe, it's necessary when it comes to playback. What I Tried Set all the cameras' gop value to 15(same as fps) Result Ran a test with data before changing the gop values and after. During interval before changing the gop, the issue occurred almost every time I tried. But after chaning the gop, the issue no longer occurred. Concolusion The issue was triggered by large GOP value (GOP 60 with FPS 15). With only one iframe every four seconds, the viewer sometimes failed to find an appropriate iframe after changing the playback speed, causing abnormal playback behavior. According to the viewer developer, this is likely related to the viewer's iframe searching logic, which is still under investigation. Keep This In Mind Check camera settings(especially gop and fps) first when it comes to playback issue. Always check before/after data to confirm assumption.

2026-06-26 原文 →
AI 资讯

GitHub Actions adds a background marker, and the linear job stops being the only shape

A small word that changes the rhythm of a job For as long as I have been writing Actions workflows I have been carrying a quiet workaround in my head. Want to warm a cache while the build runs? Append & to the shell command, then squint at logs that arrive out of order and pray the job doesn't exit on you. It worked, sort of. It also meant that anything more interesting than "run one thing, then the next thing" lived as folklore, hidden inside run: blocks. GitHub closed that gap this week. On June 25 the Actions changelog announced that steps inside a job can now run concurrently, marked with a new background keyword and supported by helpers to wait for them and cancel them. Until now, the changelog notes, every step in a workflow ran in sequence, with each step starting only after the previous one completed. That single rule has shaped every workflow I have ever written. It is gone, and the replacement is the kind of feature you don't notice until the day you reach for it and it's there. What the keywords actually do There are four pieces, all of them documented in the announcement. background: true is the entry point. Set it on a step and that step starts running, and the next step starts immediately. It does not block the job. wait and wait-all are the rendezvous. wait pins on one or more named background steps and pauses until they finish. wait-all is the same idea against every background step still in flight. Either way you get back into a linear flow on your terms. cancel is the cleanup. It gracefully terminates a background step when you no longer need it, which is the missing piece if you have ever tried to kill a long-running side process from inside a job and ended up shelling out to kill . parallel is the convenience wrapper. The changelog describes it as taking a group of steps and converting them into background steps with a wait placed after. For the common "fan out, then join" shape, you write one block instead of decorating five steps by hand. Where

2026-06-26 原文 →
开发者

🍼 宝宝的小仓库 —— 幼师带你认识"NAS"

🌟 开场白:你有没有这样的烦恼? 小朋友们,有没有遇到过这种情况: 📱 手机里的照片太多, 装不下了 ! 💻 电脑里的视频, 换了电脑就找不到了 ! 👨‍👩‍👧 爸爸妈妈爷爷奶奶,想看同一个视频, 要互相发来发去 ! 有没有一个地方, 所有人都能存东西、随时取东西 ? 有!那就是 —— 🏠 NAS N etwork A ttached S torage 网络附加存储 (但老师觉得叫它 "家庭小仓库" 更好懂!) 🎒 第一课:NAS到底是个啥? 先想象一个场景 👇 幼儿园有个 大储物柜 🗄️ 每个小朋友都有 自己的格子 在教室里、在走廊里、甚至在家里 只要知道密码,随时可以取东西! 老师也可以把作业放进去,大家一起看 这个 "随时随地都能访问的大储物柜" ,就是 NAS ! 👩‍🏫 老师比喻总结: 普通硬盘 NAS 只插在一台电脑上用 接在路由器上,全家都能用 只有这台电脑能访问 手机、平板、电脑都能访问 出门就用不了 出门在外也能访问 🌍 像你自己的小书包 🎒 像幼儿园的公共储物柜 🗄️ 🏗️ 第二课:NAS长什么样? NAS其实就是一台 特别的小电脑 🖥️ 普通电脑 = 有屏幕、键盘、鼠标 NAS = 没有屏幕!没有键盘!没有鼠标! 只有一个"装硬盘的盒子" + 网线插口 ┌─────────────────┐ │ NAS 小盒子 │ │ ┌───┐ ┌───┐ │ │ │硬 │ │硬 │ │ ← 装了好几块硬盘 │ │盘1│ │盘2│ │ │ └───┘ └───┘ │ │ 💡 小灯灯 │ └────────┬────────┘ │ 网线 │ 📡 路由器 / | \ / | \ 手机 电脑 平板 👩‍🏫 老师比喻: NAS = 一个 装了很多大肚子的小机器人 🤖 它不需要眼睛(屏幕)、不需要手(键盘) 它只需要 网线 ,就能默默给全家服务 💪 🤯 第三课:重点来了! NAS 其实就是一个"网页操作系统"! 小朋友们先回忆一下上次学的 👇 网页 = HTML骨架 + CSS衣服 + JavaScript动作 然后放在 服务器 上,用 浏览器 访问 现在老师告诉你一个秘密 🤫 NAS 本身就是一台服务器! 你管理NAS,不需要接显示器 直接打开浏览器,输入地址 NAS就把它的"控制面板"当网页显示给你! 就像这样 👇 你打开浏览器,输入:http://192.168.1.100 ↓ NAS的"网页控制面板"出现了! 有文件管理、有设置、有相册... 跟用网站一模一样! 👩‍🏫 老师比喻: NAS = 幼儿园的 全自动智能储物柜 🗄️✨ 你不用去柜子跟前 在家用手机扫一下 → 柜子的 控制屏幕传到你手机上 你在手机上点点点 → 柜子乖乖开门取东西 这个"控制屏幕",就是NAS的 网页界面 ! 🍳 第四课:前端和后端 —— NAS版本! 还记得上次说的"大厨房"吗? 你(浏览器)点菜 → 厨房(服务器)做好送来 NAS也是一样的,分成 前端 和 后端 两个部分! 🎨 前端 —— 你看见的那一面 ┌─────────────────────────────────┐ │ NAS 网页控制台 │ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │ │📁文件│ │🖼️相册│ │🎬视频│ │ │ └─────┘ └─────┘ └─────┘ │ │ ┌─────────────────────────┐ │ │ │ 这里显示你的文件列表 │ │ │ └─────────────────────────┘ │ │ [上传] [下载] [删除] │ └─────────────────────────────────┘ 这些你能看见的 = 前端 🎨 👩‍🏫 老师比喻: 前端 = 储物柜 正面的触摸屏 📱 漂漂亮亮的按钮、图标、列表 你能看见、能点的,都是 前端 ⚙️ 后端 —— 藏在里面干活的 你点击"上传文件" 👆 ↓ 前端说:"收到!我去通知后端!" ↓ 后端收到指令 ⚙️: 1. 检查你有没有权限 🔐 2. 找到硬盘上空的位置 💾 3. 把文件存进去 ✅ 4. 告诉前端:"存好啦!" ↓ 前端显示:"上传成功!✅" 👩‍🏫 老师比喻: 后端 = 储物柜 里面的机械手臂 🦾 你在触摸屏上点"放东西进去" 机械手臂默默把东西码放整齐 你看不见它,但它一直在努力工作! 🔄 前端和后端怎么说话? 前端(网页) ←→ 后端(NAS系统) ↑ ↑ 你能看见的界面 藏在机器里的程序 它们用"API"互相说话 API = 两个人之间的"对讲机" 📻 👩‍🏫 老师比喻: 角色 NAS里是谁 幼儿园比喻 前端 网页控制台界面 储物柜的触摸屏 📱 后端 NAS的操作系统程序 里面的机械手臂 🦾 API 前后端通信接口 触摸屏和手臂之间的对讲机 📻

2026-06-26 原文 →
AI 资讯

Localizzare in massa la scheda App Store con ASC CLI (e perché conviene davvero)

Dai metadati in una lingua a 20 localizzazioni senza impazzire tra click e schermate: un flusso pratico per indie e piccoli team. Localizzare un’app non significa solo tradurre le stringhe dell’interfaccia. Una buona parte dell’acquisizione organica passa dai metadati su App Store Connect : titolo, sottotitolo, descrizione e keyword. Il problema è che, quando provi a farlo “a mano” dal pannello web, diventa subito un lavoro di pura resistenza: apri la scheda, cambi lingua, compili i campi, salvi, ripeti. Ora moltiplica per 10–20 lingue. Per molti indie (e in generale per chi ha poco tempo e zero voglia di click ripetitivi) il punto di svolta è usare ASC CLI per rendere questa attività automatizzabile, ripetibile e verificabile . Perché la localizzazione dei metadati è un caso d’uso perfetto per una CLI Dal punto di vista del flusso di lavoro, i metadati App Store hanno tre caratteristiche che li rendono ideali per l’automazione: Sono campi strutturati (title, subtitle, description, keywords): non stai “inventando” contenuti ogni volta, stai trasformando contenuti. Sono ripetitivi per lingua : la sequenza di operazioni è identica, cambia solo la locale. Sono tanti : più lingue aggiungi, più l’approccio manuale scala male (tempo, errori, incoerenze). Con una CLI, invece, il lavoro si sposta dal “fare cose” al definire un processo : prendi i metadati di partenza, generi le varianti linguistiche, applichi l’update in batch. Cosa conviene localizzare (e cosa no) In genere ha senso includere in un passaggio di localizzazione “massiva”: App name / title (attenzione ai limiti e ai trademark) Subtitle (spesso è la parte più ASO-oriented) Description (qui conta più la leggibilità che la traduzione letterale) Keywords (campo delicato: va adattato, non tradotto alla cieca) Al contrario, è meglio trattare con più cautela: Claim e frasi marketing molto creative : in alcune lingue risultano innaturali se tradotte letteralmente Keyword strategy : la ricerca utenti cambia per mercat

2026-06-25 原文 →
AI 资讯

Use Unix Domain Sockets on Windows Python: Building an AF_UNIX Compatibility API

Python provides socket.AF_UNIX , asyncio.open_unix_connection() , and asyncio.start_unix_server() for working with Unix Domain Sockets on Unix-like operating systems. On Windows, however, support for Unix Domain Sockets tends to depend on the Python version and runtime environment. In particular, differences become apparent when trying to use the higher-level asyncio APIs in the same way as on Unix. To address this, I created a compatibility layer that hides the differences between Unix and Windows and allows AF_UNIX sockets to be used through a largely identical API. This article covers two types of APIs: An asyncio -based AF_UNIX compatibility API A synchronous socket -based AF_UNIX compatibility API Goal The objective is straightforward. On Unix, use the standard library APIs as-is. On Windows, fill in the missing functionality so that application code can remain as unified as possible. For example, on Unix you can write: reader , writer = await asyncio . open_unix_connection ( path ) And on the server side: server = await asyncio . start_unix_server ( handle_client , path ) The goal is to preserve this style of programming on Windows as much as possible. What Was Built The compatibility layer consists of two major components. 1. Asyncio Version This is the asynchronous implementation designed to match the asyncio Unix Domain Socket APIs. The main APIs are: await open_unix_connection ( path , * , limit = ...) await start_unix_server ( callback , path , * , limit = ..., backlog = ...) await create_unix_connection ( protocol_factory , path , ...) await create_unix_server ( protocol_factory , path , ...) install () On Unix-like systems, these simply delegate to the standard asyncio implementation. On Windows, they use Winsock AF_UNIX sockets and combine WSAEventSelect with event-loop handle waiting to implement asynchronous operations. 2. Synchronous Socket Version This version provides a traditional blocking-socket-style API without using asyncio . The main APIs ar

2026-06-21 原文 →
AI 资讯

Ultimate Guide to System and Network Adminstration 🌐 🛠️

In a world completely powered by technology, have you ever wondered what actually keeps our digital lives from crashing down? Enter the unsung heroes: system and network administration . Think of an operating system like Windows or Linux as a computer's command center, orchestrating everything from the heavy-lifting CPU to the smallest plugged-in device. To keep your data safe and your machine stable, it cleverly splits its brain into two zones: a restricted "user mode" where your everyday apps play, and a highly secure, privileged "kernel mode" reserved strictly for critical system operations. When individual computers connect to form massive global networks, the complexity skyrockets. This comprehensive guide breaks down those complex environments into simple, bite-sized concepts. Here is a quick snapshot of what we will cover: Host & OS Administration : This module covers how an operating system functions as the primary intermediary between a user and a computer's raw physical hardware. It explains how the system kernel manages critical computing processes, memory allocation, local storage file systems, and administrative tasks like security patching and automated scripting. Networking Concepts, Topologies, and Protocols : This module explores how individual computer systems connect and communicate across localized or global distances. It details the structural design of network topologies, addressing rules like IPv4 and IPv6, and the standardized layer frameworks that ensure safe and efficient data transmission. 🏛️ Part 1: Operating Systems & Host Administration 🖥️ Computer Resources and Functions At its core, every computer system is a collection of physical machinery and digital structures working together to solve problems. To understand how an operating system manages these pieces, it helps to look at the foundational puzzle blocks of a computer. This section maps out the primary hardware and data elements the system has to control, alongside a simple breakd

2026-06-21 原文 →
AI 资讯

Introducing Cronos: A New Framework for Human-Validated Vibe Coding

Hey dev.to community! 👋 Over the last few months, juggling my roles as a Project Manager, Scrum Master, and lead for QA, Support, and Documentation has been a wild ride. The sheer speed of "vibe coding"—a paradigm shift where the primary role of the developer transitions from manual code construction to high-level intent orchestration—is incredible. Tools like Cursor, Replit Agent, and Google Antigravity allow us to scaffold entire microservices in minutes. However, while this transition offers unprecedented generative velocity, it introduces systemic risks concerning architectural integrity, long-term maintainability, and security. That’s why I’m sharing Cronos (Version 2.0) : a new, strategic methodology I’ve formalized for human-validated vibe coding and agentic software engineering. Real-World Testing & The Multi-Track Approach We have been rigorously testing this framework with our team over the last three months. The empirical results have been fantastic, tracking closely with the framework's theoretical efficiency models to deliver an almost 4x gain in productivity. To maintain production stability while achieving this speed, we adopted a multi-track approach. We continue to use standard Scrum for our maintenance track, which handles smaller tasks, support requests, and standard bug fixes. Meanwhile, Cronos is deployed exclusively for our parallel feature track, tackling larger Epics and new feature development. This ensures production stability does not stall innovation velocity. What is Cronos? The genesis of Cronos lies in the recognition that traditional Agile methodologies often fail to keep pace with the collapsed feedback loops of AI-driven development. In the current agentic era, the bottleneck has shifted from implementation to validation and strategic alignment. Cronos reconfigures the software development lifecycle (SDLC) around one-week "Cycles". Each cycle is a burst of high-intensity, AI-augmented creation coupled with a fixed duration of human

2026-06-19 原文 →
AI 资讯

Stop Asking 'Is GAI Here' — Ask 'At What Layer'

Stop Asking 'Is GAI Here' — Ask 'At What Layer' The GAI debate has a structural problem. Someone says "passing this benchmark means GAI." A model passes it. Then they say "that benchmark wasn't hard enough." The goalpost moves. Someone says "passing the Turing test means GAI." Models pass it. Then they say "the Turing test is too easy." The goalpost moves again. Someone says "inventing new mathematics means GAI." Models do it. Then they say "that's just pattern matching in disguise." Goalpost moves. This isn't bad faith. It's a missing layer definition. We never agreed on what "general" means. Without that, every achievement gets reclassified as "not really general." I've been working on a framework that might fix this. It started as a capability map. Then I realized: this isn't just a map. It's a GAI maturity model. The Five Layers Layer Name Definition L0 Embodied Perceive and operate in the physical world L1 Application Complete single-domain tasks using tools L2 Engineering Build and maintain systems L3 Meta-Domain Abstract and transfer between unrelated domains L4 Meta-Cognition Perceive and control your own thinking process The rule: layers cannot be skipped. It's a maturity sequence, not a checklist. This immediately explains the goalpost problem: some people define GAI as L1. Others define it as L4. They're using different layers for the same word. What About Models Without Bodies? L0 requires embodiment. Text-only models don't have bodies. The cleanest answer: LLMs have no L0. They start at L1 — cognition without embodiment. This isn't a defect. It's an architectural difference. Humans build up from L0 (a baby senses the world before understanding it). LLMs start at L1 (they understand the world directly, skipping physical experience). The result: humans can "feel" when something is wrong — that's L0 feeding signals up to L4. LLMs don't have this channel. The framework forced me to face something uncomfortable: human intelligence cannot exist without a body

2026-06-19 原文 →
AI 资讯

Workflow SDK AbortController + Claude Fable 5: Issue #38

This week's AI tooling news splits cleanly between infrastructure you can ship today and capability bets that require more careful evaluation. Anthropic dropped two significant releases—Fable 5 and Managed Agents updates—while the Workflow SDK landed a cancellation primitive that eliminates entire categories of homegrown plumbing. Underneath all of it, a sharp incident review from Anthropic is the most practically useful thing published this week if you're running multi-turn agents in production. Workflow SDK adds AbortController cancellation support The Workflow SDK now threads AbortSignal through workflow steps, using the same web-standard API you already use with fetch . Pass an AbortSignal into your workflow, inspect it inside steps, and you get cooperative cancellation that survives durable suspension and replay. This matters because cancellation in long-running workflows has historically required custom infrastructure—timeout flags passed through context, manual cleanup hooks, bespoke race logic. That's not interesting code to write or maintain. With AbortController support, you get timeout steps, request racing, and parallel work cancellation with patterns your team already knows. Two important caveats: this requires workflow@beta , and cancellation is cooperative. The runtime won't forcibly terminate a step—your step code needs to inspect the signal and respond. If you have steps with opaque third-party calls that don't accept signals, you're still writing wrapper logic. Verdict: Ship. If you're on Workflow SDK 5 and running long-horizon workflows with timeout or race requirements, upgrade and wire this in now. The pattern is standard, the boilerplate reduction is real, and there's no meaningful downside if your steps are already structured around explicit control flow. Anthropic adds dreaming, outcomes to Managed Agents Two distinct additions here. Outcomes let you define explicit success criteria enforced by a separate grader agent—replacing manual prompt

2026-06-19 原文 →
AI 资讯

Setup Dev Environment cho Laptop Workstation Kiến Trúc

Nếu bạn vừa nhận một chiếc laptop từ danh sách ReviewLaptop để vừa học kiến trúc vừa làm dev, việc tối ưu hóa máy là cực kỳ quan trọng. Các phần mềm như Revit hay AutoCAD vốn đã ngốn tài nguyên rất lớn, vì vậy bạn cần một môi trường lập trình 'nhẹ' và ổn định. Tối ưu hóa WSL2 và Docker cho máy Workstation Với các dòng máy như Dell Precision hay Lenovo LOQ, việc chạy WSL2 với cấu hình mặc định có thể chiếm dụng quá nhiều RAM, làm ảnh hưởng đến các ứng dụng kiến trúc đang mở. Bạn nên giới hạn tài nguyên cho WSL2 bằng file .wslconfig . Truy cập vào đường dẫn %USERPROFILE%_\.wslconfig (hoặc tạo mới) và cấu hình như sau: [wsl2] # Giới hạn RAM để dành cho Revit/AutoCAD memory = 8GB # Giới hạn số lượng nhân CPU processors = 4 # Tự động giải phóng bộ nhớ khi không sử dụng autoMemoryReclaim = true # Thiết lập swap nếu cần swap = 4GB Nếu bạn có GPU rời (như trên dòng Lenovo LOQ hay Alienware), hãy đảm bảo đã cài đặt NVIDIA Container Toolkit để thực hiện Docker GPU passthrough . Điều này giúp bạn chạy các container xử lý AI hoặc render mà không làm treo hệ điều hành chính. Quản lý nhiệt độ và giới hạn phần cứng Một giới hạn thực tế quan trọng khi dùng laptop workstation là VRAM ceiling . Các dòng máy tầm trung thường có VRAM hạn chế, nếu bạn chạy Docker image nặng hoặc render cùng lúc, máy sẽ bị giật lag do tràn bộ nhớ đồ họa. Lời khuyên về Thermal Mode: Khi Code/Làm việc nhẹ: Hãy để ở chế độ Balanced hoặc Quiet . Việc này giúp giảm tiếng ồn của quạt (fan noise) và kéo dài tuổi thọ linh kiện. Khi Build Project/Render: Chuyển sang chế độ Performance hoặc Turbo . Lúc này, ưu tiên là đẩy hết nhiệt lượng ra ngoài để duy trì xung nhịp CPU cao nhất có thể. Việc cân bằng giữa sức mạnh phần cứng cho đồ án kiến trúc và sự ổn định cho môi trường dev sẽ giúp bạn làm việc hiệu quả hơn rất nhiều.

2026-06-18 原文 →
AI 资讯

Real-time IP capacity in Google Cloud subnets

When managing Shared VPCs, most teams allocate dedicated IP subnets for each service project to keep firewall rules simple, but this isolation often leads to poor IP utilization — it is not uncommon to see subnet IP utilization hovering in the low teens. On the other hand, using large shared subnets requires coordinating workload deployments to ensure there is enough internal IP address space for everyone. To optimize these shared networks, you need real-time visibility. The WITH_UTILIZATION query parameter on the Method: subnetworks.list | Compute Engine API solves this by returning the exact count of allocated and free IP addresses for each subnet IP range. This capability is designed for query-time decisions. For example, if you need to deploy a GCE workload requiring 100 instances, you can search for a subnet with enough capacity. This query-time data comes directly from Google Cloud's internal IP allocator and includes both primary and secondary CIDR ranges. Automating the search with gcloud and jq To automate capacity checks before you deploy, you can script this check. The script below uses gcloud compute networks subnets list | Google Cloud SDK to grab the utilization data as JSON, and then uses jq to parse, filter, and sort the subnets based on your required capacity: #!/bin/bash # --- Configuration (Replace with your details) --- PROJECT = "<YOUR_PROJECT_ID>" NETWORK_NAME = "<YOUR_VPC_NETWORK_NAME>" REGION = "<YOUR_REGION>" REQUIRED_IP_CAPACITY = 100 echo "Searching $NETWORK_NAME in $REGION for subnets with >= $REQUIRED_IP_CAPACITY free IPs..." echo "------------------------------------------------------------------------" # Fetch subnets with utilization data, output as JSON, and pipe to jq gcloud compute networks subnets list \ --project = " $PROJECT " \ --network = " $NETWORK_NAME " \ --regions = " $REGION " \ --view = WITH_UTILIZATION \ --format = json | \ jq -r --argjson min_ips " $REQUIRED_IP_CAPACITY " ' [ .[] | { name: .name, cidr: .ipCidrRange, #

2026-06-17 原文 →
AI 资讯

The Hidden Linux Routing Issue That Broke My Deployment

The deployment should have taken a few minutes. The application was running, DNS was configured correctly, and the domain was already pointing to the server's public IP. Caddy was configured as a reverse proxy and was listening on ports 80 and 443. Every item on my deployment checklist appeared healthy. Yet every Let's Encrypt validation attempt kept failing. The error looked simple enough: authorization failed timeout during connect likely firewall problem At first, I believed it. I checked DNS resolution, verified firewall rules, confirmed that Caddy was listening on the expected ports, and made sure the application itself was reachable. Every check came back clean. That was the first clue that the problem might not be where the logs were pointing. The Obvious Things The first assumption was DNS. I verified that the domain resolved to the correct public IP. dig +short my-domain.com Everything looked correct. Next came the firewall. sudo ufw status Ports 80 and 443 were open. There were no unexpected deny rules, and nothing suggested inbound traffic was being blocked. Then I checked whether Caddy was actually listening. sudo ss -tulpn | grep -E ':80|:443' Again, everything looked normal. The application itself was healthy too. curl http://localhost:3001 returned a valid response. At this point I had checked most of the things engineers typically check when certificate validation fails. DNS looked good, the firewall looked good, the reverse proxy was healthy, and the application was running. Yet the validation errors continued. The Part That Sent Me In The Wrong Direction The error messages kept mentioning connectivity problems and possible firewall issues. That wording influenced my thinking more than it should have. I spent time investigating firewall rules, reverse proxy configuration, TLS settings, and domain configuration. Every new hypothesis felt reasonable, but none of them explained why local tests consistently succeeded while external validation continued

2026-06-17 原文 →