Explore the latest engineering posts and summaries

Search by topic, company, or concept and scan results quickly.

Posts indexed693

Last indexedJun 13, 2026

GitHub EngineeringMay 15, 2026

Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program

Why it matters: GitHub is raising the bar for bug bounty submissions to combat low-quality AI noise. This matters to engineers as it clarifies the shared responsibility model for platform security and sets a standard for validating AI-assisted security research and vulnerability reporting.

GitHub is raising the quality bar for bug bounty submissions to combat a surge in low-impact reports and AI-generated noise.
Valid submissions must now include a working Proof of Concept (PoC) demonstrating concrete security impact rather than theoretical scenarios.
Researchers are required to manually validate all findings, including those generated by AI or automated scanners, before submission.
The program emphasizes a shared responsibility model where users are accountable for trusting repositories, code, and AI-processed content.
Reports must be concise, featuring a short summary, clear reproduction steps, and a specific impact statement to speed up triage.

#security #culture

Read original

GitHub EngineeringMay 14, 2026

GitHub availability report: April 2026

Why it matters: This report highlights the complexity of maintaining high availability in distributed systems. It provides lessons on the risks of automated infrastructure changes, the importance of correctly scoped rate limiting, and the need for robust DNS management and failover strategies.

GitHub experienced 10 incidents in April 2026, including a major code search outage caused by an aggressive infrastructure upgrade and coordination failure.
A bug in rate-limiting logic caused significant delays for GitHub Copilot, incorrectly applying global limits instead of per-installation scopes.
GitHub Pages suffered an 11% error rate after an automated DNS management tool erroneously deleted a backend storage host record.
Audit log services were briefly unavailable due to a failed credential rotation, highlighting the need for more resilient rotation processes.
Codespaces connectivity issues were traced to failures in VS Code editor integration, while SSH connections remained unaffected.
Remediation efforts focus on implementing availability-zone-tolerant routing, better traffic isolation, and enhanced deployment safeguards.

#sre #dist

Read original

Salesforce EngineeringMay 14, 2026

Creating a Multi-Tenant AI Agent Platform Handling 7K+ Sessions Without Cross-Team Interference

Why it matters: This article provides a blueprint for scaling AI infrastructure by moving from a monolith to a multi-tenant platform. It demonstrates how to maintain low latency and engineering velocity while managing complex state and resource isolation for hundreds of developers.

Salesforce transitioned from a monolithic AI planner to 'Bring Your Own Planner' (BYOP) to eliminate cross-team interference and deployment bottlenecks.
The multi-tenant platform supports over 7,000 active sessions and 15,000 daily requests with a minimal platform overhead of 5ms per request.
BYOP provides standardized infrastructure for session management, Redis-backed state persistence, and tool invocation, enabling team autonomy.
The architecture prevents 'noisy neighbor' effects by isolating compute resources and allowing independent horizontal scaling for different reasoning engines.
The system supports diverse use cases, from read-heavy enterprise search synthesis to write-heavy state machines for data configuration.

#dist #mlp #sre

Read original

GitHub EngineeringMay 14, 2026

From latency to instant: Modernizing GitHub Issues navigation performance

Why it matters: Performance is critical for maintaining developer flow. By leveraging IndexedDB and Service Workers, GitHub shows how to achieve 'instant' perceived latency in complex web apps, providing a blueprint for modernizing legacy architectures without a full rewrite.

GitHub shifted focus from backend optimizations to improving perceived latency by rendering pages instantly from local data while revalidating in the background.
Implemented a client-side caching layer using IndexedDB to store issue data, enabling sub-200ms 'instant' navigation experiences.
Utilized Service Workers to ensure cached data remains accessible even during hard navigations and full browser refreshes.
Introduced a preheating strategy that populates the cache based on user intent, significantly increasing cache hit rates without redundant network requests.
Adopted Highest Priority Content (HPC) as a primary metric, categorizing performance into Instant (<200ms), Fast (<1000ms), and Slow buckets.
Addressed the performance gap across three navigation types: hard navigations, Rails Turbo transitions, and React soft navigations.

#frontend #sre

Read original

Cloudflare BlogMay 14, 2026

Our billing pipeline was suddenly slow. The culprit was a hidden bottleneck in ClickHouse

Why it matters: This case study demonstrates that even logically sound architectural changes can trigger hidden internal bottlenecks at scale. It highlights the importance of profiling query planning and shows how massive part counts in ClickHouse can lead to unexpected lock contention.

Cloudflare migrated a 2PiB+ ClickHouse table to a (namespace, day) partitioning scheme to enable granular per-tenant data retention.
Despite queries filtering by namespace, performance degraded linearly as the total number of data parts in the cluster increased.
Investigation using ClickHouse trace_log and flame graphs revealed that the bottleneck was in the query planning phase, not execution.
The root cause was identified as lock contention during partition pruning, where a global lock was held while iterating over all parts.
Cloudflare engineers developed and contributed patches to ClickHouse to optimize the planning phase and reduce lock duration.
The fix allowed the billing pipeline to meet its deadlines while supporting a new automated storage management system using max-min fairness.

#data #sre #dist

Read original

PlanetScale Tech BlogMay 14, 2026

Egress problems and where to find them

Why it matters: Optimizing database egress is a rare double win that simultaneously improves application latency and reduces cloud infrastructure costs. By refining query patterns and networking, engineers can prevent scaling bottlenecks and unexpected billing spikes.

Minimize egress by selecting specific columns instead of using SELECT * to reduce payload size.
Implement cursor pagination for consistent performance and bounded data transfer as datasets grow.
Use database-native JSON functions to filter large objects before they leave the database.
Explicitly define columns in ORM RETURNING clauses to avoid fetching unnecessary data during writes.
Leverage caching and CDNs to prevent redundant database requests for frequently accessed content.
Utilize private networking like AWS PrivateLink to keep traffic off the public internet and lower costs.

#data #finops #sre

Read original

Airbnb EngineeringMay 13, 2026

Viaduct 1.0 and the future of Airbnb’s data mesh

Why it matters: Viaduct offers a middle ground between monolithic GraphQL and complex Federation by allowing teams to contribute to a shared schema via modules. This reduces operational overhead while maintaining developer autonomy, making it easier to scale data access across large organizations.

Airbnb released Viaduct 1.0, transitioning its internal GraphQL-based data mesh into a community-driven project with a stable public API.
Viaduct enables decentralized development of a central schema by using a multi-tenant runtime where teams contribute modules rather than managing independent servers.
The system abstracts data access and updates from service entry points, providing a unified interface for diverse data sources across the organization.
Unlike GraphQL Federation which distributes development via separate servers, Viaduct distributes development through modules within a shared runtime.
Viaduct can complement federated architectures by acting as a subgraph, reducing the operational overhead of managing hundreds of individual subgraph servers.
The 1.0 release introduces strict API stability measures, including Kotlin binary compatibility validation and automated releases to Maven Central.

#dist #data #sre

Read original

GitHub EngineeringMay 13, 2026

Dungeons & Desktops: 10 roguelikes that never die (because their communities won’t let them)

Why it matters: Roguelikes exemplify extreme software longevity and community-led maintenance. For engineers, they provide unique case studies in managing legacy codebases, navigating complex relicensing, and fostering open-source ecosystems that survive for decades through collaborative iteration.

Roguelikes represent some of the longest-running open-source projects, with NetHack evolving through networked collaboration since 1987.
The genre demonstrates the power of community-driven development, where projects like Angband underwent massive relicensing efforts to remain open.
Forking is a core mechanic of the ecosystem; Pixel Dungeon's completion led to dozens of community-maintained variants and forks.
Modern development is sustained through rapid iteration events like the 7-Day Roguelike (7DRL) challenge and annual community conferences.
These games serve as case studies for long-term software maintenance, balancing legacy code with modern features and community-contributed mechanics.

#culture #mobile

Read original

Engineering at MetaMay 13, 2026

Reel Friends: Building Social Discovery that Scales to Billions

Why it matters: This article highlights the hidden complexity of scaling social features. It demonstrates how machine learning and platform-specific user behavior analysis are critical for delivering personalized experiences to billions, proving that simple UI often masks deep engineering challenges.

Explores the engineering behind 'Friend Bubbles,' a social discovery feature for Facebook Reels.
Discusses the iterative evolution of machine learning models used to rank and recommend social content.
Addresses the technical challenges of scaling social discovery features to billions of global users.
Highlights behavioral differences between iOS and Android users that influenced feature development.
Emphasizes that seemingly simple UI features often require significant backend and ML infrastructure.

#mlp #mobile #dist

Read original

Cloudflare BlogMay 13, 2026

Browser Run: now running on Cloudflare Containers, it’s faster and more scalable

Why it matters: This migration demonstrates how moving from eventually consistent stores to transactional databases and specialized container infrastructure can drastically improve performance and scalability for high-concurrency workloads like headless browsers and AI agents.

Browser Run migrated from shared Browser Isolation infrastructure to Cloudflare Containers, increasing usage limits to 60 browsers per minute and 120 concurrent instances.
Quick Action response times improved by over 50% due to better global distribution and reduced container image sizes.
Implemented regional pre-warmed container pools to minimize latency between Durable Objects and browser instances across the global network.
Transitioned state management from Workers KV to D1 to utilize SQL transactions, eliminating race conditions caused by KV's eventual consistency.
Integrated Cloudflare Queues to batch high-frequency heartbeat updates, preventing D1 concurrency bottlenecks during peak demand from AI agents.

#dist #sre #data

Read original

Page 7 of 70

Prev 1...5 6 7 8 9...70 Next