与「base」相关的搜索结果

Three China-based companies were sanctioned by the U.S. for allegedly sharing satellite imagery of U.S. military sites with Iran during the war, according to the Treasury and State Department. @margbrennan explains what this could mean for U.S.-China relations while Presidents Trump and Xi meet.

40个真正有用的GitHub仓库 1. public-apis — 免费API合集 2. build-your-own-x — 边做边学 3. developer-roadmap — 学任何技术 4. free-programming-books — 免费书籍 5. system-design-primer — 掌握系统设计 6. coding-interview-university — 自学计算机 7. the-art-of-command-line — 精通终端 8. project-based-learning — 项目式学习 9. you-dont-know-js — 深入学JavaScript 10. the-book-of-secret-knowledge — 黑客资源 11. tech-interview-handbook — 面试通关 12. awesome-selfhosted — 自建应用 13. javascript-algorithms — 可视化算法 14. 30-seconds-of-code — 实用代码片段 15. gitignore — 各语言模板 16. ollama — 本地运行AI模型 17. langchain — 快速构建AI应用 18. n8n — AI自动化工作流 19. openclaw — 本地AI助手 20. dify — 可视化创建AI代理 21. langflow — 拖拽式AI管道 22. mem0 — AI代理记忆层 23. browser-use — AI控制浏览器 24. ruflo — Claude代理编排 25. crewai — 多代理AI团队 26. hermes-agent — 开源AI代理 27. markitdown — 文件转Markdown 28. maigret — 3000+网站OSINT 29. open-webui — 自建ChatGPT界面 30. aider — 终端AI编程助手 31. agency-agents — 完整AI代理机构 32. tradingagents — 交易多代理框架 33. browserbase-skills — Claude网页SDK 34. autogen — 微软多代理框架 35. metagpt — AI代理软件公司 36. lobe-hub — 可视化多代理平台 37. huggingface-transformers — 现代AI基础 38. cocoindex — 长文本代理引擎 39. freeCodeCamp — 免费编程学习 40. stable-diffusion-webui — 本地AI画图 大多数开发者一个都没保存。聪明人保存了全部40个。

🚨 node-ipc is compromised again. Three new malicious versions just dropped: 9.1.6, 9.2.3, and 12.0.1. Socket’s AI scanner flagged them as malware within three minutes of publication. The attack vector: a dormant maintainer account (atiertant) was likely taken over via an expired email domain. The attacker registered the lapsed domain, triggered an npm password reset, and gained publish rights to a package with millions of historical downloads. The payload is a credential stealer embedded in the CommonJS entrypoint (node-ipc.cjs). It activates on require(“node-ipc”), not through a postinstall script. Here’s what it does: •Fingerprints the host (OS, arch, hostname, uname) •Harvests 113-127 credential file patterns depending on platform (AWS, GCP, Azure, SSH keys, Kubernetes configs, npm tokens, .env files, shell histories, macOS Keychain databases, and more) •Dumps the entire process.env, capturing every CI secret and cloud credential in memory •Builds a gzip archive in a temp directory •Exfiltrates everything over DNS TXT queries to bt[.]node[.]js, using a bootstrap resolver at sh[.]azurestaticprovider[.]net:443 (a deliberate lookalike of Microsoft’s Azure Static Web Apps domain) The DNS exfiltration is chunked. A 500 KB archive generates roughly 29,400 TXT queries. The body is XOR-encrypted with a SHA-256 keystream, base64-encoded, alphabet-substituted, and split into 31-character chunks before hex-encoding into DNS labels. Header, data, and footer queries use xh, xd, and xf prefixes respectively. The malware forks a detached child process (env var __ntw=1) so credential theft runs silently in the background. It also exposes a __ntRun export, meaning any downstream code that calls require(“node-ipc”).__ntRun() can trigger a second collection/exfiltration cycle. ESM-only consumers using the import path are not affected by the reviewed package metadata. CommonJS consumers are. This is the same package involved in the 2022 protestware incident. It has a history. If you use node-ipc: •Do not install 9.1.6, 9.2.3, or 12.0.1 •Audit your lockfiles for these versions •If you loaded the CommonJS entrypoint, treat all environment variables, SSH keys, cloud credentials, npm tokens, and local secrets as compromised. Rotate immediately. •Hunt for DNS TXT queries to bt[.]node[.]js and sh[.]azurestaticprovider[.]net in your network logs •Check for temp files matching /nt-/.tar.gz Credit to Ian Ahl (@TekDefense) for first publicly identifying the expired-domain account takeover vector. Developing story. Full technical breakdown and IOCs on the Socket blog:

Interesting position paper on agentic AI as a foreseeable pathway to AGI. (bookmark it) There has been strong debate on whether a larger single model get us there or a multi-agent system. The authors argue that agentic AI systems, not bigger foundation models on their own, are the most foreseeable route to AGI. Formalizes what "agentic" actually contributes beyond the base model: memory, reasoning, tool use, self-improvement, alignment. Each is a separable axis with its own bottlenecks (long-horizon coherence, credit assignment, safety auditing). They argues that none of those bottlenecks get solved by another order of magnitude on pretraining compute. Paper: Learn to build effective AI agents in our academy:

An early beta of Grok Build, an agentic CLI for coding, building apps, and automating workflows is now available for SuperGrok Heavy subscribers. Through this early beta, we will improve the model and product based on your feedback. Try it at

$WARD 一周涨 10 倍 核心是被 @BasedAI_co 收购 原 Warden 团队将把重心全面转向 Halo ， 一个专为 AI 设计的 P2P 计算市场。 1/ BasedAI 是什么来头？ 这是两位顶级创始人联手打造的新项目： ▌CEO @TeanaTaylor： $VVV Venice 联合创始人，前币安高管 ▌COO @JoshGoodbody：Warden 联合创始人 目标是打造真正商业落地的开源 AI 基础设施。 2/ 产品布局 从产品侧看，BasedAI 主要分为三层： ▌Hirebase｜应用层 提供可直接在 Google、HubSpot、Stripe 等工具中执行任务的 AI 员工。 目前封闭内测中。 ▌BasedAPIs｜接口层 为开发者提供企业级的开源模型调用能力。 ▌Warden App｜编排层 负责多代理协作，以及复杂任务的调度与执行。 3/ 结语 种种迹象看，BasedAI 未来可能会发币。 划重点。

ASX-listed @DynamicMet_DYM has cleared the early approvals hurdle at its WA Meentheena fluorspar project after baseline surveys found no material environmental constraints to low-impact exploration. $DYM @westaustralian

We spent 6 months on one problem: agents losing context in long sessions. Ended up building and open-sourcing an agent memory system. A few things we learned: 🪄compressing stale context mid-session cut token usage by 61% 🪄giving agents a structured task map (mermaid-based) made them way less likely to lose track in 30+ step workflows 🪄persona coherence jumped from 48% to 76% once we added dedicated persona memory repo 👉 Agent memory is genuinely hard and we don't have all the answers. Happy to dig into architecture, benchmarks, tradeoffs, whatever. AMA👇 @TencentDBAbxo2 team is here to talk about it.

这两天其实挺枯的，今天起床看了下群，今天必须狠狠夸一下 @CryptoDinduz 和 @rtk17025 与@iruletrenches。 牛call，真的服了。 今天喊的 $WARD 和 $AORA，至少都是 2x 起步，准得有点离谱了。 简单聊聊为啥能拉这么猛👇 $WARD 核心逻辑就是：AI × Crypto 基础设施的顶级叙事。 创始人是前 Binance 大佬，AI + 区块链双背景直接拉满，项目已经融了 5000 万刀，现在 MCAP 还只有几百万，安全边际非常夸张。 Warden Halo 本质上就是“AI 版 BitTorrent”，搞的是 P2P 分布式推理计算，专门解决链上 Agent 自主交易时“计算如何验证”的核心痛点。 再加上和 Venice AI 深度合作，基本面 + 叙事 + 资金三重共振，直接从 4M 干到 7.9M+，量能也是一路爆。 这种票一旦市场开始理解逻辑，空间真的很大。 $AORA Base 链 Aerodrome 生态的强势标。 流动性激励玩得非常猛，再叠加 real-world commerce settlement 这个叙事，短时间直接从 5.9M 冲到 14.5M+，中间单次最高拉了 5000%+。 最关键的是筹码结构特别干净。 持仓基本都是老钱，平均 holding 17-22 个月，没有那种到处乱砸的大户，一旦情绪点燃，量能上来以后就属于“启动了根本停不下来”的类型。 如果有我漏了的内容，欢迎大家补充。 另外我这边准备清 15 个位置出来。 欢迎真正有早期挖 Alpha 能力、愿意一起交流分享的兄弟进来一起玩。 要求就两条： 自己能挖 Alpha 愿意积极交流（纯潜水不行） 连续潜水 3 天自动踢。 想进的直接评论区回复： 「你擅长什么 + 最近在玩什么」 我看到就拉你进群。 一起冲下一个大单～ （DYOR，希望大家都有仓位管理能力）

现在是淡季，eth价格涨幅也被土豆吊打，不过有意思的是，其实现在以太坊的日均网络交易量已经远高于2021年牛市巅峰时的网络活动。 活跃地址、新地址创建、智能合约调用等指标也同步创出新高。这不是刷量或 spam，而是真实用户增长 + L2 生态带动的结果（Pectra、Fusaka 等升级降低费用、提升容量后，网络更活跃）。 注意：这些主要是以太坊L1主网数据。如果算上 Arbitrum、Base、Optimism、Lighter等 L2，总交易量和用户活动还要高不少——以太坊生态的“实际使用”其实被严重低估。 以太坊不会一直被忽视和埋没。它是基础设施 + 安全 + 流动性之王。