Explore the latest engineering posts and summaries

Search by topic, company, or concept and scan results quickly.

Posts indexed693

Last indexedJun 13, 2026

Pinterest EngineeringMay 1, 2026

Optimizing ML Workload Network Efficiency (Part I): Feature Trimmer

Why it matters: This approach addresses the common bottleneck where network I/O limits ML serving efficiency. By implementing feature trimming based on model signatures, engineers can maximize GPU utilization and significantly reduce infrastructure costs by moving away from network-optimized instances.

Pinterest's root-leaf architecture separates CPU-heavy feature fetching from GPU-heavy model inference, but created a network bandwidth bottleneck.
Network usage, rather than compute, dictated scaling needs, preventing full GPU utilization and requiring expensive network-optimized AWS instances.
Implementing lz4 compression provided a 20% bandwidth reduction but increased CPU usage and latency.
The Feature Trimmer system implements a Send What You Use strategy, filtering features at the root level before transmission to leaf nodes.
By extracting required features from model signatures, the system ensures only necessary data is sent for each specific model version.
This optimization reduces network pressure, allowing for fleet downscaling and a transition to cheaper, standard compute instances.

#mlp #dist #finops

Read original

Engineering at MetaMay 1, 2026

How Meta Is Strengthening End-to-End Encrypted Backups

Why it matters: This infrastructure ensures that even Meta cannot access user backups. By implementing OTA key distribution and public audit logs, Meta provides a scalable, transparent model for managing cryptographic hardware at scale while maintaining high security and user privacy.

Meta utilizes a geographically distributed fleet of Hardware Security Modules (HSMs) to manage end-to-end encrypted backup keys.
The system employs majority-consensus replication across multiple datacenters to ensure high availability and resilience.
Messenger now supports over-the-air (OTA) fleet key distribution, allowing new HSM deployments without requiring client app updates.
OTA fleet keys are delivered via validation bundles signed by Cloudflare and counter-signed by Meta to provide cryptographic proof of authenticity.
Meta has committed to publishing evidence of secure fleet deployments to allow independent verification of the system's integrity.

#security #dist

Read original

Spotify EngineeringMay 1, 2026

Building a Natural Language Interface to the Spotify Ads API with Claude Code Plugins

Why it matters: This approach demonstrates how engineers can rapidly build functional interfaces for complex APIs using LLMs and existing documentation, significantly reducing development overhead and improving accessibility for internal tools.

Spotify developed a natural language interface for their Ads API using Claude Code Plugins to simplify campaign management.
The implementation leverages existing OpenAPI specifications and Markdown documentation as the primary source of truth.
The system requires no compiled code, demonstrating a low-overhead approach to building functional AI-driven tools.
Engineers can interact with complex API endpoints through conversational commands instead of manual HTTP requests.
The project showcases how LLMs can bridge the gap between technical documentation and executable management interfaces.

#mlp #data

Read original

Cloudflare BlogMay 1, 2026

Introducing Dynamic Workflows: durable execution that follows the tenant

Why it matters: It enables platforms to run user-defined, durable logic without static deployments. By combining dynamic compute with durable execution, developers can build complex agentic systems and SaaS platforms where every tenant has unique, long-running business logic in isolated sandboxes.

Cloudflare introduced Dynamic Workflows to enable durable execution for multi-tenant applications where code is provided at runtime.
The system bridges the gap between Cloudflare Workflows' durable execution and Dynamic Workers' isolated, on-demand compute primitives.
A 'Worker Loader' pattern routes workflow lifecycle events to the correct tenant's isolated sandbox using a lightweight TypeScript library.
Supports standard Workflow features including step.do(), hibernation, retries, and long-running sleeps within dynamically loaded code.
Tenants can write idiomatic Workflows code without awareness of the underlying dispatch and routing logic handled by the platform.
This architecture allows SaaS platforms and AI agent frameworks to execute unique, user-defined logic without requiring static deployments.

#dist #mlp

Read original

Salesforce EngineeringApr 30, 2026

How AI-Driven Kubernetes Optimization Reclaimed Millions from 47% Idle Capacity

Why it matters: Manual cloud cost optimization fails at scale due to configuration drift and lack of trust. This hybrid AI/deterministic approach automates the last mile of FinOps, turning complex resource tuning into safe, reviewable code changes that significantly reduce infrastructure waste.

Salesforce addressed 47% idle Kubernetes capacity by automating resource allocation across 8,000+ services within their Hyperforce platform.
The system employs a hybrid architecture where LLMs handle repository discovery and configuration parsing, while deterministic algorithms perform the actual optimization.
An Integer Linear Programming (ILP) solver replaces probabilistic LLM reasoning for resource planning to ensure consistent and verifiable results.
The agent automates the 'last mile' of optimization by generating pull requests for Helm charts, moving from manual dashboards to a closed-loop developer workflow.
To maintain safety and trust, the agent only modifies CPU requests while leaving limits untouched, ensuring scaling headroom remains intact during rollouts.

#finops #sre #mlp

Read original

GitHub EngineeringApr 30, 2026

GitHub Copilot CLI for Beginners: Interactive v. non-interactive mode

Why it matters: Integrating AI into the terminal streamlines workflows by reducing context switching. Understanding these modes allows engineers to choose between collaborative debugging and rapid, automated command generation, increasing overall command-line productivity.

GitHub Copilot CLI offers two primary modes: interactive for deep exploration and non-interactive for quick, single-command tasks.
Interactive mode provides a chat-like experience where users can iterate on prompts, analyze projects, and execute commands collaboratively.
Non-interactive mode, triggered by the -p flag, allows for one-off prompts like repository summarization without leaving the shell context.
Users can resume previous sessions with full context using the /resume command in interactive mode or copilot --resume from the terminal.
The CLI requires folder trust permissions to read and modify files, enabling it to perform actions like starting local servers.

#mlp #culture

Read original

Cloudflare BlogApr 30, 2026

Post-quantum encryption for Cloudflare IPsec is generally available

Why it matters: It allows engineers to secure WAN traffic against future quantum threats using existing Cisco and Fortinet hardware. By standardizing on hybrid ML-KEM, it provides a scalable, interoperable path to post-quantum security without requiring specialized, non-scalable QKD hardware.

Cloudflare has announced the general availability of post-quantum encryption for its IPsec WAN Network-as-a-Service.
The implementation utilizes a hybrid ML-KEM (FIPS 203) approach, combining classical Diffie-Hellman with post-quantum algorithms for the IKEv2 handshake.
Interoperability is confirmed with major hardware vendors, including Cisco 8000 Series routers and Fortinet FortiOS 7.6.6+.
This update protects against 'harvest-now-decrypt-later' attacks by securing data plane traffic with quantum-resistant session keys.
The software-based approach avoids the scalability and hardware limitations of Quantum Key Distribution (QKD) by running on standard processors.

#security #dist

Read original

Cloudflare BlogApr 30, 2026

Agents can now create Cloudflare accounts, buy domains, and deploy

Why it matters: This integration removes manual friction from infrastructure setup, allowing AI agents to handle end-to-end deployment. By standardizing service discovery, identity, and payments, it enables fully autonomous DevOps workflows while maintaining human-in-the-loop oversight.

Cloudflare and Stripe have co-designed a new protocol allowing AI agents to autonomously provision accounts, register domains, and deploy software.
The system utilizes Stripe as an identity provider to automatically create or link Cloudflare accounts without manual dashboard intervention.
Agents can discover infrastructure services via a REST API catalog, enabling them to select and configure necessary resources for a project.
Integrated payment tokenization allows agents to handle paid subscriptions and domain purchases on behalf of the user.
The workflow supports Cloudflare’s Code Mode MCP server and Agent Skills to enhance the agent's ability to interact with Cloudflare APIs.
Human-in-the-loop oversight is maintained for granting permissions and accepting terms of service, while eliminating manual API token management.

#sre #finops #mlp

Read original

PlanetScale Tech BlogApr 30, 2026

RLS sounds great until it isn't

Why it matters: While RLS simplifies initial security, it introduces significant performance overhead, operational complexity, and potential DoS vulnerabilities. Understanding these trade-offs is crucial for engineers deciding between database-level security and application-level authorization.

RLS shifts security logic from the application to the database, which can lead to synchronization issues and increased risk of data exposure during schema changes.
Using connection poolers like PgBouncer with RLS requires managing session-local variables to maintain user identity, increasing application complexity.
RLS acts as an implicit WHERE clause, meaning unauthorized queries still consume CPU cycles and can be leveraged for DoS attacks against the database.
Performance degrades because policies are evaluated per row; complex logic or functions in policies can significantly increase query latency.
Engineers can optimize RLS performance by wrapping policy functions in subqueries to trigger Postgres InitPlan caching, reducing redundant execution.

#data #security #sre

Read original

GitHub EngineeringApr 28, 2026

GitHub for Beginners: Getting started with Markdown

Why it matters: Effective documentation is critical for project maintainability and collaboration. Mastering Markdown allows engineers to create professional READMEs, clear bug reports, and structured pull requests, improving the overall developer experience and project discoverability.

Markdown is a lightweight markup language used across GitHub for READMEs, issues, pull requests, and documentation.
Basic syntax includes headers using pound signs (#), text emphasis with asterisks or underscores, and blockquotes using the greater-than symbol (>).
Lists can be created as unordered or ordered, and can be nested to create hierarchical structures within documents.
Links and images follow a specific bracket and parentheses syntax, allowing for rich media integration in project descriptions.
Advanced formatting includes task lists for tracking progress, tables for structured data, and code blocks for syntax highlighting.
GitHub-specific features allow for user mentions (@), referencing issues or PRs (#), and using emojis to enhance communication.

#culture

Read original

Page 11 of 70

Prev 1...9 10 11 12 13...70 Next