Show HN: 在 Google Cloud 上捕获 API 密钥的异常使用
如果你读过 Cloud Blog 的文章《保护 Gemini 和 Google API 密钥》,并想了解如何落实密钥卫生建议,那这个 codelab 就是为你准备的。通过查看脚本,发现异常 API 密钥;学习如何自动化应对意外的使用激增,并封禁(可能)已被泄露的密钥。
如果你读过 Cloud Blog 的文章《保护 Gemini 和 Google API 密钥》,并想了解如何落实密钥卫生建议,那这个 codelab 就是为你准备的。通过查看脚本,发现异常 API 密钥;学习如何自动化应对意外的使用激增,并封禁(可能)已被泄露的密钥。
Roman Storm warns that the legal theory in his case could set a precedent making open-source developers liable for how others use their code, potentially criminalizing the mere publication of privacy, messaging, or crypto tools. He notes that developer Michael Lewellen cannot publish lawful code due to prosecution fears, and argues this chilling effect extends beyond any single case.
A new paper by Thomas Bloom, Will Sawin, Carl Schildkraut and Dmitrii Zhelezov disproves a well-known conjecture in additive combinatorics. The result shows there exist arbitrarily large finite sets A of real numbers where max(|A+A|,|AA|) ≤ |A|^{2-c}. The solution was achieved by humans using methods related to an earlier AI solution to the unit distance conjecture.
The Cyber Resilience Act introduces an open-source steward role but fails to provide funding for ongoing maintenance, leaving critical security work unfunded despite new regulatory obligations.
The article reflects on the author's experiences at UN Open Source Week 2026, literally interpreting the themes of roads and bridges as metaphors for digital infrastructure and open source collaboration at the United Nations.
The article discusses Scrutineer, a tool designed to scan open source projects for vulnerabilities without overwhelming maintainers with excessive notifications or false positives.