Explore the latest engineering posts and summaries

Search by topic, company, or concept and scan results quickly.

Posts indexed584

Last indexedApr 30, 2026

PlanetScale Tech BlogMar 31, 2026

Why it matters: Resource exhaustion often leads to total outages. Implementing graceful degradation at the database level ensures core services remain functional during traffic spikes, preventing a complete system failure by shedding non-critical load dynamically.

PlanetScale's Traffic Control introduces resource budgets to protect high-priority database queries during load spikes.
Engineers can categorize traffic into tiers like Critical, Important, and Best-effort to define degradation strategies.
The sqlcommenter standard enables tagging SQL statements with metadata for granular traffic identification.
Budgets support limits on server share, concurrency, and query duration to prevent resource starvation.
A warn mode allows for safe testing and tuning of limits against real-world traffic patterns before enforcement.
Dynamic budget adjustments enable live load shedding of non-essential features during viral events or DDoS attacks.

#data #sre

Read original

Engineering at MetaMar 30, 2026

AI for American-Produced Cement and Concrete

Why it matters: This demonstrates how Bayesian Optimization solves complex material science problems in physical infrastructure. By open-sourcing BOxCrete, Meta enables engineers to optimize for sustainability and domestic supply chains when building critical data center infrastructure.

Meta released BOxCrete, an open-source Bayesian Optimization model designed to optimize concrete mix formulations for strength, cost, and sustainability.
The model addresses the challenge of 'reshoring' by helping suppliers rapidly validate mixes using U.S.-produced cement, which has different chemical properties than imports.
Meta is open-sourcing the foundational datasets used to develop these mixes to accelerate AI adoption across the construction and material science industries.
The AI-driven approach replaces traditional, slow lab-based trial-and-error with a data-driven workflow for faster material validation.
Real-world applications include Meta's DeKalb Data Center, where AI-optimized mixes met structural requirements while reducing the overall carbon footprint.

#mlp #data

Read original

GitHub EngineeringMar 30, 2026

GitHub for Beginners: Getting started with GitHub security

Why it matters: Security is a shared responsibility; even small projects inherit risks from third-party dependencies. GitHub's integrated tools automate vulnerability detection and remediation, allowing developers to secure their supply chain without significant manual overhead.

GitHub Advanced Security (GHAS) provides a suite of tools including Dependabot, secret scanning, and CodeQL to automate vulnerability detection.
Secret scanning identifies leaked credentials in commits, prompting developers to revoke compromised keys and secure their infrastructure.
Dependabot monitors third-party libraries for known vulnerabilities and automatically generates pull requests for security updates.
Code scanning with CodeQL analyzes source code to find risky patterns and potential exploits during the development lifecycle.
These features are available by default for public repositories and can be enabled via the repository settings under the Security tab.

#security

Read original

Cloudflare BlogMar 30, 2026

Cloudflare Client-Side Security: smarter detection, now open to everyone

Why it matters: Client-side attacks like skimming are hard to detect because they don't break site functionality. Cloudflare's use of GNNs and LLMs to analyze script intent at scale allows engineers to secure front-end dependencies and meet PCI DSS v4 compliance without manual overhead or performance lag.

Cloudflare has expanded access to Client-Side Security Advanced for self-serve customers and made domain-based threat intelligence free for all users.
The system uses browser reporting and Content Security Policy (CSP) to monitor scripts with zero latency impact on web applications.
Detection logic utilizes Graph Neural Networks (GNN) to analyze Abstract Syntax Trees (AST), identifying malicious intent rather than relying on static signatures.
A new LLM-based triage layer has been integrated to reduce false positives by distinguishing between malicious code and benign but obfuscated scripts like ad-tech bundles.
The platform automates code change monitoring and proactive blocking, assisting organizations in meeting PCI DSS v4 compliance requirements.

#security #frontend #mlp

Read original

PlanetScale Tech BlogMar 30, 2026

High memory usage in Postgres is good, actually

Why it matters: Engineers often misinterpret high memory as a failure state. Distinguishing between beneficial caching and dangerous RSS pressure prevents unnecessary hardware scaling and helps teams correctly diagnose performance bottlenecks and OOM risks in database clusters.

High memory usage in Postgres is often desirable as the system uses RAM to cache data, significantly reducing slow disk I/O operations.
Postgres relies on two caching layers: the internal shared_buffers pool and the standard Linux OS page cache for frequently accessed data.
Memory is divided into reclaimable cache (active/inactive) and Resident Set Size (RSS), which is non-reclaimable process memory.
High RSS, rather than total memory usage, is the primary indicator of memory pressure and potential Out of Memory (OOM) risks.
RSS growth is driven by per-connection overhead, catalog bloat, and memory-intensive operations like sorts and hashes defined by work_mem.
Connection pooling with tools like PgBouncer is the most effective way to reduce RSS by limiting the number of active backend processes.

#data #sre

Read original

Cloudflare BlogMar 27, 2026

How we use Abstract Syntax Trees (ASTs) to turn Workflows code into visual diagrams

Why it matters: Visualizing code-based workflows is difficult due to dynamic logic like loops and parallel promises. Using ASTs to generate diagrams provides critical observability into complex durable executions, helping engineers debug and verify logic whether written by humans or AI agents.

Cloudflare Workflows now automatically generates visual diagrams for every deployment to improve observability of complex logic.
Unlike declarative workflow engines using YAML or JSON, Cloudflare uses Abstract Syntax Trees (ASTs) to statically derive graphs from dynamic JavaScript/TypeScript code.
The visualizer tracks Promise and await relationships to accurately represent parallel execution versus sequential blocking steps.
Diagrams are generated at deploy time by fetching bundled scripts and traversing an intermediate graph of WorkflowEntrypoints.
The underlying architecture uses a Durable Object engine to manage execution and dynamic dispatch to trigger user workers.
The system handles minified code from various bundlers like esbuild and rspack to extract step relationships and flow control.

#dist #sre

Read original

Salesforce EngineeringMar 26, 2026

Grounding Enterprise AI with Live Web Retrieval and Verifiable Citations

Why it matters: Enterprise AI requires real-time context and verifiability. This architecture solves hallucination problems by grounding LLMs in live web data with a citation engine, making AI outputs reliable for critical business decisions and ensuring transparency through traceable source metadata.

Salesforce expanded Prompt Builder to include live web retrieval, allowing AI to access real-time external data beyond the LLM's training cutoff.
The architecture integrates external search providers into the prompt resolution pipeline, combining CRM data with live web context.
A dedicated citation service was implemented to map AI-generated snippets to original source metadata, enabling verifiable responses.
The system handles engineering challenges like external provider latency, timeouts, and content safety filtering to ensure enterprise-grade reliability.
Clickable citations are inserted into responses, allowing users to trace claims back to source material and reducing the risk of hallucinations.
The design prioritizes usability, allowing non-technical users to add web retrieval to prompt templates without complex coding.

#mlp #data #security

Read original

GitHub EngineeringMar 26, 2026

What’s coming to our GitHub Actions 2026 security roadmap

Why it matters: CI/CD pipelines are prime targets for supply chain attacks. GitHub's roadmap moves to secure-by-design infrastructure, providing engineers with deterministic dependencies, granular policy controls, and real-time observability to protect sensitive code and credentials.

Introducing workflow-level dependency locking to ensure deterministic, auditable CI/CD runs with cryptographic commit SHA verification.
Transitioning to immutable releases for the Actions ecosystem to prevent malicious code propagation via mutable tags and branches.
Implementing policy-driven execution via GitHub rulesets to centrally manage workflow triggers and allowed event types.
Enhancing credential security with scoped, least-privileged tokens to limit the blast radius of compromised CI environments.
Deploying real-time observability through an optional agent on runners to detect suspicious processes and unauthorized network activity.
Enforcing network boundaries to restrict egress traffic, preventing data exfiltration from CI/CD runners during execution.

#security #sre

Read original

GitHub EngineeringMar 26, 2026

A year of open source vulnerability trends: CVEs, advisories, and malware

Why it matters: This report highlights that while historical vulnerability backlogs are shrinking, new security threats and malware in open source ecosystems are increasing. Engineers must remain vigilant as the volume of new advisories rises, particularly in popular ecosystems like Maven, Go, and npm.

GitHub reviewed 4,101 advisories in 2025, the lowest total since 2021, primarily due to the exhaustion of historical vulnerability backlogs.
Newly reported vulnerabilities actually increased by 19% year-over-year, showing that the rate of new security threats is still rising.
The GitHub Advisory Database now tracks over 24,000 reviewed advisories and has seen a significant surge in malware-related entries.
Maven, Composer, and Go were the most active ecosystems for security advisories in 2025, with Go seeing a 6% increase due to targeted audits.
Malware advisories have reached over 20,000 cumulative entries, highlighting a shift in the threat landscape toward malicious package injections.

#security #data

Read original

Cloudflare BlogMar 26, 2026

A one-line Kubernetes fix that saved 600 hours a year

Why it matters: Default Kubernetes volume management can cause massive downtime for stateful apps with many small files. Understanding fsGroupChangePolicy is crucial for SREs to prevent recursive ownership checks from blocking pod startups and wasting hundreds of engineering hours.

Atlantis restarts were taking 30 minutes due to a large number of files on the Persistent Volume (PV) causing inode exhaustion and slow mounts.
Kubernetes defaults to recursively changing ownership (chgrp -R) of all files in a volume if fsGroup is specified in the securityContext.
For volumes with millions of files, this recursive check becomes a significant bottleneck, leading to context deadline exceeded errors in kubelet.
The issue was diagnosed by analyzing kubelet systemd logs rather than standard pod events, which failed to show the underlying volume mounting delay.
The fix involved setting fsGroupChangePolicy to OnRootMismatch, which only triggers ownership changes if the root directory's permissions don't match.
This one-line configuration change reduced restart times from 30 minutes to under 2 minutes, saving approximately 600 hours of engineering time annually.

#sre #security

Read original

Page 12 of 59

Prev 1...10 11 12 13 14...59 Next