Explore the latest engineering posts and summaries

Search by topic, company, or concept and scan results quickly.

Posts indexed693

Last indexedJun 13, 2026

Cloudflare BlogJun 10, 2026

Route public traffic to private applications with Cloudflare

Why it matters: This feature allows engineers to apply enterprise-grade security and performance tools to internal services without public exposure. It simplifies hybrid cloud networking by treating private IPs as standard origins, reducing operational overhead and the risk of misconfigured firewall rules.

Cloudflare launched Application Services for Private Origins, allowing public traffic to reach private IPs without exposing them to the public internet.
The service enables WAF, bot management, rate limiting, and Workers to protect internal APIs, AI backends, and MCP servers.
It integrates with existing Cloudflare WAN and Mesh connectivity, removing the requirement for running connector software like cloudflared on every origin.
Engineers can toggle private network routing for A/AAAA records, supporting RFC 1918, CGNAT, and Unique Local IPv6 address ranges.
The unified routing model simplifies infrastructure by eliminating the need for parallel stacks like public-facing load balancers or complex VPNs.
This architecture treats security as a property of traffic rather than a result of network location, bridging the gap between public and private infrastructure.

#security #sre #dist

Read original

Airbnb EngineeringJun 9, 2026

Scaling beyond one: How Airbnb evolved its data architecture for a multi-product world

Why it matters: This article provides a blueprint for scaling data architecture during rapid product expansion. It demonstrates how to balance consistency and flexibility through a principled framework, preventing technical debt and data silos while supporting diverse business requirements.

Airbnb evolved its offline data architecture to support a multi-product ecosystem including Homes, Experiences, and Services.
The team implemented a framework to choose between separate data models for unique product attributes and monolithic models for shared attributes.
Three foundational principles were established: no hybrid models, strict identifier naming conventions, and clear namespace organization.
Product-specific domains like Listings and Search adopted separate models to capture distinct logic and unique metadata.
Core domains such as Payments, Guest, and Host utilized monolithic models to maximize code reuse and maintain global consistency.
The strategy successfully balanced the need for product-level flexibility with the requirement for robust, unified financial and user reporting.

#data #dist

Read original

Salesforce EngineeringJun 9, 2026

How to Build Reliable AI Agents: 5 Engineering Patterns from a Production System

Why it matters: Transitioning AI agents from demos to production requires a shift from prompt engineering to system engineering. This article highlights how to handle non-deterministic tasks in critical infrastructure, ensuring agents can safely automate complex cloud optimization worth millions.

AI agents often fail in production because they struggle with non-deterministic environments and scattered sources of truth in infrastructure.
Relying on increasingly complex prompts creates unmaintainable 'software written in English' without improving underlying reliability.
Multi-agent architectures do not automatically solve consistency issues if the model is tasked with problems that require deterministic logic.
Reliability is achieved by engineering the systems around the model rather than focusing solely on model capability or prompt refinement.
The lack of a single source of truth in complex deployment stacks (Terraform, Helm, etc.) prevents agents from reasoning effectively without external guardrails.

#mlp #finops #sre

Read original

GitHub EngineeringJun 9, 2026

From one-off prompts to workflows: How to use custom agents in GitHub Copilot CLI

Why it matters: Custom agents reduce friction by embedding team-specific context and standards directly into the CLI. This allows engineers to automate repetitive tasks with consistent, reviewable, and version-controlled AI workflows, ensuring high-quality outputs across the entire development lifecycle.

GitHub Copilot CLI now supports custom agents defined via Markdown files stored in the .github/agents directory.
Agent profiles use YAML frontmatter to specify roles, expertise, accessible tools, and safety guardrails for consistent execution.
Custom agents enable teams to encode specific standards, such as accessibility or security, into reusable and version-controlled workflows.
These agents provide uniform behavior across different environments, including the terminal, IDE, and GitHub pull requests.
Developers can invoke specialized agents using the /agent slash command within the Copilot CLI to perform complex, context-aware tasks.
The system allows for the automation of repetitive patterns, like log translation or code formatting, without manual prompt engineering.

#mlp #culture

Read original

Cloudflare BlogJun 9, 2026

Defend against frontier cyber models: Cloudflare's architecture as customer zero

Why it matters: AI models now automate exploit generation at scale, making the speed of patching insufficient. Engineers must shift toward resilient architectures that prioritize behavioral scoring and Zero Trust containment over reactive signature-based defenses.

Frontier models like Mythos accelerate vulnerability discovery and exploit chain construction, allowing attackers to move faster than traditional patching cycles.
Cloudflare utilizes its own infrastructure as 'customer zero,' applying its security stack to its own code and employees before external release.
Defense is shifting from static signatures to ML-based scoring, using WAF Attack Score to identify and block mutated, AI-generated payloads in real-time.
Zero Trust principles, including mTLS and microsegmentation, are critical for containing the blast radius when a vulnerability is inevitably exploited.
Visibility across 20% of global web traffic allows Cloudforce One to convert network-wide insights into automated threat intelligence and rapid WAF rule deployment.
The architecture around a vulnerability is more important than the speed of the patch, as AI can bypass signature-based detections through rapid adaptation.

#security #mlp

Read original

Salesforce EngineeringJun 8, 2026

Scaling Zero Copy from 1 Trillion to 120 Trillion Rows with File Federation

Why it matters: Scaling distributed systems to 120 trillion rows requires moving beyond query federation. Adopting a file-based approach with Apache Iceberg eliminates bottlenecks between compute and storage, enabling high-performance AI at petabyte scale without data duplication.

Salesforce evolved its Zero Copy architecture to scale from 1 trillion to 120 trillion rows monthly to support massive AI workloads.
The team transitioned from Query Federation to File Federation to overcome throughput limitations and high compute costs of dual-compute models.
By standardizing on Apache Iceberg, the system enables a single-compute model to operate directly against shared storage across different platforms.
This architectural shift eliminates the need for data movement or duplication while maintaining governance and reducing network latency.
The new approach allows Data 360 and Agentforce to reason across distributed datasets at petabyte scale as if they were centralized.

#data #dist #mlp

Read original

GitHub EngineeringJun 8, 2026

GitHub for Beginners: Answers to some common questions

Why it matters: Understanding secure authentication is fundamental for any developer. SSH keys and PATs replace insecure password-based workflows for Git operations, while 2FA protects the account itself. Mastering these tools ensures code integrity and prevents unauthorized access to repositories.

SSH keys use public-key cryptography to authenticate Git operations, requiring a private key on your machine and a public key on GitHub.
The ssh-keygen command generates secure ED25519 key pairs, which should be managed locally using an ssh-agent to avoid repeated passphrase entry.
Personal Access Tokens (PATs) provide a secure alternative to passwords for command-line and API access, allowing for granular permission scopes.
Two-Factor Authentication (2FA) adds a critical security layer by requiring a second verification step via authenticator apps or security keys.
Properly configuring these authentication methods is essential for secure communication between local development environments and remote repositories.

#security #culture

Read original

Cloudflare BlogJun 8, 2026

Turning Cloudflare’s threat indicators into real-time WAF rules

Why it matters: This integration allows engineers to automate security responses using real-time global threat intelligence. By exposing live actor and industry data directly in the WAF, teams can proactively block sophisticated attacks with minimal latency and full Infrastructure as Code support.

Cloudflare now integrates live Threat Events data directly into its WAF engine for proactive, real-time mitigation.
New WAF fields allow filtering by threat actor names, targeted industries, and specific attack types like DDoS or cybercrime.
The always-on detection framework eliminates the log vs. block trade-off by enriching request metadata before action is taken.
Security rules can be managed via UI, API, or Terraform, supporting automated Infrastructure as Code workflows.
Future updates plan to extend matching capabilities beyond IP addresses to include JA3 fingerprints and domain-based indicators.

#security #dist #data

Read original

Cloudflare BlogJun 5, 2026

Your AI bill is out of control. Cloudflare can fix it now.

Why it matters: Uncontrolled AI spend is a major challenge for organizations. These tools provide the observability and governance needed to scale AI usage sustainably by offering granular cost attribution and automated guardrails to prevent unexpected bill shock.

Cloudflare AI Gateway now features dollar-based spend limits to prevent budget overages across multiple AI providers.
A new closed beta introduces identity-driven budgets, integrating with Cloudflare Access to attribute costs to specific users or teams.
Dynamic routing allows for automatic fallback to cheaper models once a primary budget threshold is reached, ensuring service continuity.
The gateway provides unified logging and real-time analytics for token counts and costs across OpenAI, Anthropic, Google, and others.
Administrators can define granular policies based on custom attributes, model types, or identity provider (IdP) groups.

#finops #mlp #security

Read original

Airbnb EngineeringJun 4, 2026

Sitar-agent: Building a reliable dynamic configuration sidecar at scale

Why it matters: Dynamic configuration is critical for feature flags and runtime tuning. Airbnb's sidecar approach ensures high availability and low latency across a massive, multi-language microservice architecture, decoupling config delivery from service deployments and backend availability.

Airbnb developed Sitar-agent, a Kubernetes sidecar that delivers dynamic configurations to thousands of service instances without requiring redeployments.
The agent utilizes a two-stage bootstrap process: preloading compressed snapshots from AWS S3 for speed and syncing deltas from the Sitar Service for freshness.
A sidecar architecture was chosen over a library-based approach to support a multi-language fleet (Java, Go, Python, etc.) and ensure resource isolation.
To prevent thundering herd problems at scale, the agent implements a periodic polling loop with jitter for configuration updates.
Configurations are stored on a shared local volume, allowing the application container to read updates via a client library with an in-memory cache.
The system was recently rewritten from Ruby to Java to align with Airbnb's mainstream stack and improve operational observability.

#sre #dist

Read original

Page 2 of 70

Prev 1 2 3 4...70 Next