← 返回

🔥大家都在喷什么(2026-03-27)

最后更新 2026/04/05 08:20:03 大家都在喷RSS技术博客issue radar

大家都在喷什么(2026-03-27)

数据源:68 个 RSS 源,共扫描 1051 条内容,筛出 273 条近 48h 内容。

一、今天值得看的宝藏技术博客

1. The forge is our new home (Fedora Community Blog)

  • 来源:LWN.net
  • 相关兴趣:software-engineering, open-source, ai4se, ai-ml
  • 链接:https://lwn.net/Articles/1064809/
  • 摘要:Tomáš Hrčka 宣布基于 Forgejo 的 Fedora Forge 已正式成为完全可用的协作开发平台,Fedora 社区即将全面迁移。这意味着自研的 Pagure 平台将被淘汰:pagure.io 虽多年服务于社区,但现在必须让位于这个更强大的新工具。最终迁移计划在 Flock to Fedora 2026 大会上完成,团队应提前迁移以保证平稳过渡。

2. TeamPCP Isn’t Done: Threat Actor Behind Trivy and KICS Compromises Now Hits LiteLLM’s 95 Million Monthly Downloads on PyPI | Blog | Endor Labs

  • 来源:Endor Labs Blog
  • 相关兴趣:supply-chain-security, ai4se, devops-infra
  • 链接:https://www.endorlabs.com/learn/teampcp-isnt-done
  • 摘要:两个被植入后门的 litellm 版本(1.82.7 和 1.82.8)包含了完整的凭证窃取器、Kubernetes 横向移动工具包以及持久化后门。

3. The Pulse: is GitHub still best for AI-native development?

  • 来源:Gergely Orosz (Pragmatic Engineer)
  • 相关兴趣:open-source, supply-chain-security, ai4se
  • 链接:https://newsletter.pragmaticengineer.com/p/the-pulse-is-github-still-best-for
  • 摘要:GitHub 的可用性问题已持续数月,引发对其状态和重点方向的质疑。此外,微软承诺 Windows 不会变成 “Microslop”,还有针对 LLM 的大规模供应链攻击等议题。

4. SolarWinds took a nation-state. The next attack just needs an LLM and $5. | Blog | Endor Labs

5. Article: Architectural Governance at AI Speed

6. datasette-llm 0.1a1

  • 来源:Simon Willison
  • 相关兴趣:software-engineering, supply-chain-security, ai4se
  • 链接:https://simonwillison.net/2026/Mar/25/datasette-llm/#atom-everything
  • 摘要:datasette-llm 0.1a1 发布,这是一个基础 LLM 集成插件,供其他插件依赖。新增 register_llm_purposes() 钩子,可在单一配置中指定不同用途的模型(例如数据丰富化用 GPT-5.4-nano,SQL 查询辅助用 Sonnet 4.6)。

7. Setting up a Tor Relay at National Taiwan Normal University (Tor Blog)

  • 来源:LWN.net
  • 相关兴趣:software-engineering, supply-chain-security, ai4se
  • 链接:https://lwn.net/Articles/1064671/
  • 摘要:Tor Blog 记录了台湾师范大学学生部署 Tor Relay 的非技术挑战。台湾不缺乏匿名网络的技术文档和理念支持,真正稀缺的是实际走通机构流程的一手经验。在学术网络高度集中、出站连接严格管控的环境中,分布式匿名网络部署面临独特障碍。

8. AWS Load Balancer Controller Reaches GA with Kubernetes Gateway API Support

10. AsgardBench: A benchmark for visually grounded interactive planning

11. Quantization from the ground up

  • 来源:Simon Willison
  • 相关兴趣:ai4se, ai-ml
  • 链接:https://simonwillison.net/2026/Mar/26/quantization-from-the-ground-up/#atom-everything
  • 摘要:Sam Rose 发布了关于 LLM 量化的深度交互式长文(他称这是”我做过最好的帖子”),包含浮点数二进制表示的最佳可视化解释。文章首次揭示量化中的 outlier values(异常值)概念—那些超出正常小值分布的稀有浮点值,它们对量化过程至关重要。

13. The 5 Principles of Snyk’s Developer Experience

  • 来源:Snyk Blog
  • 相关兴趣:software-engineering, supply-chain-security
  • 链接:https://snyk.io/blog/5-principles-of-snyk-developer-experience/
  • 摘要:Snyk 介绍其开发者体验的五大原则:无缝工作流、可操作修复、以及 AI 驱动的安全机制,帮助开发者在不影响生产力的前提下更快交付安全代码。

14. Updates to GitHub Copilot interaction data usage policy

15. Protecting people from harmful manipulation

  • 来源:Google DeepMind Blog
  • 相关兴趣:open-source, ai-ml
  • 链接:https://deepmind.google/blog/protecting-people-from-harmful-manipulation/
  • 摘要:Google DeepMind 发布关于 AI 有害操纵的研究:随着对话能力提升,AI 可能被用于负面欺骗性地改变人类思想与行为。研究创建了首个经验验证的工具包,用于测量现实场景中的 AI 操纵风险。

16. Has anyone dealt with prompt injection attacks through document ingestion?

17. [bytedance/deer-flow] ‘ErrorObservation’ from shell session server when concurrent exec_command calls share the same session

  • 来源:GitHub Trending Issues
  • 相关兴趣:software-engineering, open-source, ai4se
  • 链接:https://github.com/bytedance/deer-flow/issues/1433
  • 摘要:Bytedance 的 deer-flow 项目曝出并发问题:当多个 exec_command 请求同时共享同一 AIO 沙箱容器的 shell session 时,会触发 ErrorObservation,暴露并发控制和状态管理的脆弱性。

18. [twentyhq/twenty] Improve demo workspace skill

  • 来源:GitHub Trending Issues
  • 相关兴趣:software-engineering, open-source, ai4se
  • 链接:https://github.com/twentyhq/twenty/issues/19023
  • 摘要:twentyhq 的 twenty 项目:AI 聊天创建的自定义视图字段有时不会显示,存在显示 bug;从视图获取记录时可能出错。

19. [bytedance/deer-flow] [runtime] MemoryMiddleware skips memory write in LangGraph runs.wait because runtime.context does not contain thread_id

  • 来源:GitHub Trending Issues
  • 相关兴趣:software-engineering, open-source, ai4se
  • 链接:https://github.com/bytedance/deer-flow/issues/1425
  • 摘要:deer-flow 的 MemoryMiddleware 在 LangGraph 的 runs.wait 中跳过内存写入,因为 runtime.context 不包含 thread_id,导致记忆更新丢失。

20. [bytedance/deer-flow] [runtime] Fix: ConsoleNotFoundError with Next.js 16.1.7 Turbopack and @langchain/langgraph-sdk

  • 来源:GitHub Trending Issues
  • 相关兴趣:software-engineering, open-source, ai4se
  • 链接:https://github.com/bytedance/deer-flow/issues/1423
  • 摘要:Next.js 16.1.7 的 Turbopack 与 @langchain/langgraph-sdk 组合出现 ConsoleNotFoundError,导致无法正常聊天。

二、今天大家都在喷什么

1. 360 billion tokens, 3 million customers, 6 engineers

  • 来源:Vercel Blog
  • 吐槽热度分:22
  • 链接:https://vercel.com/blog/360-billion-tokens-3-million-customers-6-engineers
  • 摘要:4 min read Copy URL Copied to clipboard! Mar 18, 2026 Link to heading Impact at a glance Durable ships new production agents to customers in a single day AI features and agents serve ~1.1B tokens per day (360B per year) 10x leverage for every engineer, product manager, and designer 3-4x lower infra cost compared to self hosting Durable began with a simple goal: make owning a business easier than having a job. 60% of U.S. adults say they want to be their own boss , but only about 4% actually do it . Durable’s bet is that the blocker isn’t ambition. It’s friction. “Small businesses are death by

2. Meet the 2026 Vercel AI Accelerator Cohort

  • 来源:Vercel Blog
  • 吐槽热度分:17
  • 链接:https://vercel.com/blog/2026-vercel-ai-accelerator-cohort
  • 摘要:5 min read Copy URL Copied to clipboard! Mar 16, 2026 The Vercel AI Accelerator is back, and this year we selected 39 early-stage teams from across the US, Europe, Asia, and Latin America to build with us for six weeks. The next generation of AI startups is building on our self-driving infrastructure , and the accelerator is how we work directly with the earliest-stage founders among them. This year’s cohort spans every industry, at varying points in their journey, but they share a clear point of view on what needs to exist right now and the urgency to ship it. Teams in the program get access

3. Self hosted my own deep research agent with MiroThinker 1.7 (open source, runs locally) as a replacement for perplexity and chatgpt deep research

  • 来源:Reddit SelfHosted
  • 吐槽热度分:16
  • 链接:https://www.reddit.com/r/selfhosted/comments/1s48bxv/self_hosted_my_own_deep_research_agent_with/
  • 摘要:Go to selfhosted r/selfhosted • Comfortable-Elk-1501 Self hosted my own deep research agent with MiroThinker 1.7 (open source, runs locally) as a replacement for perplexity and chatgpt deep research I’ve been running my own AI research agent locally for the past couple of weeks and wanted to share the setup since I think a lot of folks here would find it useful. What is it MiroThinker 1.7 is an open source research agent that can browse the web, run code, and do multi step reasoning to answer complex questions. Think of it as a self hosted alternative to Perplexity, ChatGPT Deep Research, or C

4. SERHANT.’s playbook for rapid AI iteration

  • 来源:Vercel Blog
  • 吐槽热度分:15
  • 链接:https://vercel.com/blog/serhants-playbook-for-rapid-ai-iteration
  • 摘要:5 min read Copy URL Copied to clipboard! Mar 23, 2026 Link to heading Impact at a glance Started with Next.js on Vercel, which made it easier to expand to a React Native iOS app without rebuilding their backend Engineers focus on AI design and iteration instead of platform plumbing Orchestrates OpenAI, Claude, and Gemini by task to optimize cost vs output Scaled from an internal pilot to 800-900+ real estate agents without replatforming When Jeremy Bunting joined SERHANT. as VP of Engineering in February 2024, S.MPLE was already showing promise. 200 real estate agents were piloting the AI prod

5. Chat SDK brings agents to your users

  • 来源:Vercel Blog
  • 吐槽热度分:15
  • 链接:https://vercel.com/blog/chat-sdk-brings-agents-to-your-users
  • 摘要:9 min watch Copy URL Copied to clipboard! Mar 19, 2026 In early January, we gave the entire company a challenge: figure out how to multiply your output. People created agents. Mostly chat bots, but dedicated ones, purpose-built for real workflow augmentation: the agents were doing things automatically that would otherwise be tedious and time consuming. Initially people built individual interfaces for their agents, and AI SDK made that easy with out-of-the box model integrations and AI Elements to simplify UI design. Then we hit a constraint. People wanted to interact with the agents in Slack,

6. Try our new dimensional analysis Claude plugin

  • 来源:Trail of Bits Blog
  • 吐槽热度分:14
  • 链接:https://blog.trailofbits.com/2026/03/25/try-our-new-dimensional-analysis-claude-plugin/
  • 摘要:Page content We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post . Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with dimensional types, then flags mismatches mechanically. In testing against real audit findings, it achieved 93% recall versus 50% for baseline prompts. You can download and use our new dimensional-analysis plugin by running these commands:

7. Build knowledge agents without embeddings

  • 来源:Vercel Blog
  • 吐槽热度分:12
  • 链接:https://vercel.com/blog/build-knowledge-agents-without-embeddings
  • 摘要:5 min read Copy URL Copied to clipboard! Mar 19, 2026 Deploy an agent with Vercel Sandbox, Chat SDK, and AI SDK Most knowledge agents start the same way. You pick a vector database, then build a chunking pipeline. You choose an embedding model, then tune retrieval parameters. Weeks later, your agent answers a question incorrectly, and you have no idea which chunk it retrieved or why that chunk scored highest. We kept seeing this pattern internally and for teams building agents on Vercel. The embedding stack works for semantic similarity, but it falls short when you need a specific value from s

8. Legacy .NET app security issues, need advice fast

  • 来源:Reddit DevOps
  • 吐槽热度分:11
  • 链接:https://www.reddit.com/r/devops/comments/1s3izp4/legacy_net_app_security_issues_need_advice_fast/
  • 摘要:Go to devops r/devops • No-Card-2312 Legacy .NET app security issues, need advice fast Hi all, I’m working on an old .NET system (MVC, Web API, some Angular, running on IIS). It recently went through a penetration test because the company wants to improve security. We found some serious problems like: some admin endpoints don’t require authorization. same JWT key used in staging and production. relying on IP filtering instead of proper authentication. I have about one week to fix the most important issues, and the codebase is a bit messy so I’m trying to be careful. This is part of preparation

9. Security updates for Thursday

  • 来源:LWN.net
  • 吐槽热度分:10
  • 链接:https://lwn.net/Articles/1064761/
  • 摘要:Security updates have been issued by Debian (awstats, firefox-esr, and nss), Fedora (chromium, dotnet10.0, dotnet8.0, dotnet9.0, freerdp, and wireshark), Mageia (graphicsmagick and xen), Oracle (mysql:8.4 and nginx), Red Hat (podman), Slackware (bind and tigervnc), SUSE (azure-storage-azcopy, firefox-esr, giflib, glances-common, govulncheck-vulndb, grafana, kernel, libpng16, libsoup, mumble, net-snmp, perl-Crypt-URandom, pgvector-devel, pnpm, postgresql17, Prometheus, protobuf, python-cbor2, python-Jinja2, python-simpleeval, python311-dynaconf, python311-pydicom, python313-PyMuPDF, salt, snpgu

10. Cloudflare Workers AI Issues

  • 来源:Cloudflare Status
  • 吐槽热度分:10
  • 链接:https://www.cloudflarestatus.com/incidents/y4rkttqnw0n7
  • 摘要:Mar 26 , 04:26 UTC Resolved - This incident has been resolved. Mar 26 , 04:16 UTC Monitoring - A fix has been implemented and we are monitoring the results. Mar 26 , 03:03 UTC Investigating - Cloudflare has identified an issue whereby customers might experience errors from inference requests to @cf/openai/gpt-oss-120b model using Workers AI. We are working to mitigate this problem. More updates to follow shortly.

11. Announcing Rust 1.94.1

  • 来源:Rust Blog
  • 吐槽热度分:10
  • 链接:https://blog.rust-lang.org/2026/03/26/1.94.1-release/
  • 摘要:The Rust team has published a new point release of Rust, 1.94.1. Rust is a programming language that is empowering everyone to build reliable and efficient software. If you have a previous version of Rust installed via rustup, getting Rust 1.94.1 is as easy as: rustup update stable If you don’t have it already, you can get rustup from the appropriate page on our website. What’s in 1.94.1 Rust 1.94.1 resolves three regressions that were introduced in the 1.94.0 release. Fix std::thread::spawn on wasm32-wasip1-threads Remove new methods added to std::os::windows::fs::OpenOptionsExt The new metho

12. Security updates for Wednesday

  • 来源:LWN.net
  • 吐槽热度分:10
  • 链接:https://lwn.net/Articles/1064634/
  • 摘要:Security updates have been issued by Debian (chromium), Fedora (chromium, containernetworking-plugins, musescore, and python-multipart), Mageia (perl-XML-Parser, roundcubemail, trilead-ssh2, vim, and webkit2), Oracle (389-ds:1.4, gimp:2.8, glibc, gnutls, kernel, libarchive, nginx:1.24, opencryptoki, python3, uek-kernel, vim, yggdrasil, and yggdrasil-worker-package-manager), Red Hat (delve, osbuild-composer, and skopeo), Slackware (mozilla), SUSE (dpkg, go1.26-openssl, gstreamer-plugins-ugly, kernel, libssh, ovmf, python-pyasn1, python-tornado6, python311, salt, sqlite3, and systemd), and Ubunt

13. Two startups at global scale without DevOps

  • 来源:Vercel Blog
  • 吐槽热度分:10
  • 链接:https://vercel.com/blog/two-startups-at-global-scale-without-devops
  • 摘要:36 min watch Copy URL Copied to clipboard! Mar 19, 2026 Leonardo.AI processes more than 4.5 million images every day across cities worldwide, and Relevance AI’s agents run autonomously across time zones, touching Salesforce, HubSpot, Slack, and dozens of other systems without pause. Neither company has a dedicated DevOps team. That’s not an oversight. It’s an operational model. The startup ecosystem in APAC is a clear example of why this model is taking hold. AI-native startups are surging across the region: over 1,000 are building in Australia alone, according to the State of Australian Start

14. How to allow “web-crawling” Docker containers in a strict outbound-whitelist DMZ?

  • 来源:Reddit SelfHosted
  • 吐槽热度分:9
  • 链接:https://www.reddit.com/r/selfhosted/comments/1s4d9ao/how_to_allow_webcrawling_docker_containers_in_a/
  • 摘要:Go to selfhosted r/selfhosted • AwarePerformance6812 How to allow “web-crawling” Docker containers in a strict outbound-whitelist DMZ? I currently have a Proxmox VM running docker services (Traefik, Crowdsec, Audiobookshelf, Jellyfin, Ollama, Vaultwarden, Diun, Dozzle, Gotify) in a DMZ locked down at my router’s firewall by only whitelisting outbound access to certain hosts/IP addresses (e.g., Debian, Github, Dockerhub, Linux Server, etc.). I’ve got other firewall rules beyond that (GeoIP blocking and no outbound connections to other subnets, but those aren’t relevant). I believe this adds a l

15. Unified reporting for all AI Gateway usage

  • 来源:Vercel Blog
  • 吐槽热度分:9
  • 链接:https://vercel.com/blog/unified-reporting-for-your-ai-spend
  • 摘要:3 min read Copy URL Copied to clipboard! Mar 25, 2026 If you’re shipping AI features, you already have usage data. The problem is that it’s split across providers, keys, and dashboards, so it’s hard to answer basic questions before the bill shows up. You’ve probably felt the drift into after-the-fact reconciliation. Provider consoles only show their own slice, so you end up exporting CSVs, rebuilding views in spreadsheets, and still missing the context that matters, like your tags, feature boundaries, and internal user IDs. When BYOK enters the picture, it gets worse because spend and usage sc

1. [ruvnet/RuView] Instability in sensing preview and cannot start training (single ESP32-S3-DevKitC-1)

2. [ruvnet/RuView] Known Issues & Setup Troubleshooting Guide

3. [bytedance/deer-flow] ‘ErrorObservation’ from shell session server when concurrent exec_command calls share the same session

  • 来源:GitHub Trending Issues
  • 链接:https://github.com/bytedance/deer-flow/issues/1433
  • 细节:comments=1; labels=(none)
  • 摘要:Bytedance 的 deer-flow 项目曝出并发问题:当多个 exec_command 请求同时共享同一 AIO 沙箱容器的 shell session 时,会触发 ErrorObservation,暴露并发控制和状态管理的脆弱性。

4. [Vaibhavs10/insanely-fast-whisper] Benchmark shows speed, but what about words error rate?

5. [agentscope-ai/agentscope] [Bug]:reactagent不加toolkit时乱回答

6. [mvanhorn/last30days-skill] Windows subprocess timeout cleanup still breaks in last30days.py and bird_x.py

7. [mvanhorn/last30days-skill] Bug: _assess_data_freshness() excludes YouTube from freshness calculation

8. [ruvnet/RuView] ModuleNotFoundError: No module named ‘wifi_densepose’

9. [bytedance/deer-flow] [runtime] Fix: ConsoleNotFoundError with Next.js 16.1.7 Turbopack and @langchain/langgraph-sdk

  • 来源:GitHub Trending Issues
  • 链接:https://github.com/bytedance/deer-flow/issues/1423
  • 细节:comments=0; labels=(none)
  • 摘要:bytedance / deer-flow Public Notifications You must be signed in to change notification settings Fork 5.8k Star 48.3k [runtime] Fix: ConsoleNotFoundError with Next.js 16.1.7 Turbopack and @langchain/langgraph-sdk #1423 New issue Copy link New issue Copy link Open Open [runtime] Fix: ConsoleNotFoundError with Next.js 16.1.7 Turbopack and @langchain/langgraph-sdk #1423 Copy link Description Hypertension42 opened on Mar 26, 2026 Issue body actions Problem summary ConsoleNotFoundError with Next.js 16.1.7 Turbopack and @langchain/langgraph-sdk Expected behavior chatting with me normally. Actual beh

10. [twentyhq/twenty] Data Model custom object names are lost when switching UI language - renaming only works in English

四、严重产品事故 / issue 雷达

1. Cloudflare Workers AI Issues

2. Network Error Logging Issues

3. Container Logs issues

4. What We Can Learn About GitHub Actions Security from the Trivy Breach | Blog | Endor Labs

5. Access for Infrastructure RDP intermittent connectivity issues

6. Elevated errors on Claude Opus 4.6

7. Increase in 502 errors

8. Incorrect IP source information in spectrum HTTP/HTTPS apps

9. Elevated Dashboard Errors

10. [$] Collaboration for battling security incidents

  • 来源:LWN.net
  • 链接:https://lwn.net/Articles/1063459/
  • 摘要:SunSecCon 2026 主题讨论安全事件响应中的协作重要性,对比攻击者协作模式,分享了协作带来收益与缺失导致失败的案例会议于 3月初与 SCALE 23x 在帕萨迪纳联合举办。

五、我对今天的判断

今天值得重点关注的是 AI 时代的软件供应链安全。TeamPCP 对 LiteLLM 的投毒攻击(1.82.7/1.82.8)直接窃取云端凭证、K8s 密钥,说明 LLM 依赖已成为攻击者的新目标。类似地,Trivy 的供应链事件源于 GitHub Actions 工作流配置失误,而 Sourcegraph 推出的 Deep Search 正在提供规模化检测能力。

与此同时,AI 软件工程(SE4AI)基础设施本身也暴露出稳定性问题:GitHub 连续数月的可用性下滑、Cloudflare Workers AI 对 @cf/openai/gpt-oss-120b 的推理错误、以及 Anthropic Claude Opus 4.6 的异常错误率,都在考验 AI 原生开发的心智负担。工具链层也不平静:bytedance/deer-flow 的并发 exec_command 缺陷、Next.js 16.1.7 与 @langchain/langgraph-sdk 的 ConsoleNotFoundError、以及 twentyhq/twenty 的视图字段显示 bug,都提醒我们 AI 辅助开发仍未完全成熟。

值得欣慰的是,社区正在积极回应:Fedora 从 Pagure 迁移到 Forgejo 体现开源平台的自我革新;Trail of Bits 的 dimensional-analysis 插件在安全审计中达到 93% 召回率;Simon Willison 的量化长文帮助开发者理解模型压缩本质。继续紧盯 GitHub Copilot 数据政策、deep research 代理架构以及开源量化工具链,应是下一阶段的重点。

本报告由 RSS 自动汇总。