Curated topic

dist

Posts tagged with dist

Cloudflare BlogMar 2, 2026

Modernizing with agile SASE: a Cloudflare One blog takeover

Why it matters: Agile SASE moves security from rigid hardware silos to a programmable, single-pass global network. For engineers, this reduces technical debt, eliminates performance bottlenecks caused by service-chaining, and enables custom security logic via native developer platforms like Cloudflare Workers.

Cloudflare One introduces agile SASE, a composable platform designed to replace fragmented legacy hardware and VPNs with a unified connectivity cloud.
The platform utilizes a single-pass architecture across 300+ cities, eliminating service-chaining bottlenecks by running all security checks on every server simultaneously.
Integration with Cloudflare Workers allows developers to write custom code for real-time security event interception, moving beyond static allow/block rules.
Modernization focuses on five key areas: remote access, AI-powered email protection, DNS filtering, safe AI governance, and simplified branch networking.
Upcoming technical deep-dives will cover identity evolution, AI-driven threat detection, and the engineering behind the autonomous edge for performance-centric security.

#security #dist #sre

Read original

Cloudflare BlogMar 2, 2026

The truly programmable SASE platform

Why it matters: Cloudflare's programmable SASE allows engineers to build context-aware security policies using code. By executing logic at the edge, teams can integrate external data into access decisions in real-time, reducing latency and complexity compared to traditional webhook-based automation.

Cloudflare defines true programmability as the ability to intercept security events, enrich them with external context, and act in real-time.
The platform integrates SASE (Cloudflare One) with the Developer Platform (Workers), allowing security logic to run on the same global edge network.
Engineers can move beyond static 'allow/block' rules by using Workers to inject dynamic headers or query external risk APIs inline.
Managed actions provide templates for common IT and compliance workflows, while custom actions allow for bespoke logic via serverless functions.
This architecture eliminates the latency overhead typically associated with routing traffic to separate cloud environments for policy enforcement.
Real-world use cases include automated device session revocation and context-aware access based on external training or certification databases.

#security #dist #sre

Read original

Cloudflare BlogFeb 27, 2026

ASPA: making Internet routing more secure

Why it matters: BGP route leaks cause major outages and security risks. ASPA extends RPKI to verify the entire routing path, not just the destination. For network engineers, this standard is a critical step toward a more secure and predictable Internet by cryptographically preventing unauthorized traffic detours.

ASPA (Autonomous System Provider Authorization) is a new cryptographic standard designed to prevent BGP route leaks by validating the entire network path.
While RPKI and ROAs verify the destination of traffic, ASPA verifies the sequence of Autonomous Systems (AS_PATH) it traverses.
ASPA allows network operators to publish a list of authorized upstream providers within the existing RPKI infrastructure.
Validation follows valley-free routing principles, ensuring traffic moves up to providers and down to customers without unauthorized lateral or downward-then-upward shifts.
Cloudflare Radar has introduced a monitoring tool to track ASPA adoption trends across Regional Internet Registries and individual Autonomous Systems.

#security #dist

Read original

Cloudflare BlogFeb 27, 2026

Bringing more transparency to post-quantum usage, encrypted messaging, and routing security

Why it matters: As quantum computing threats loom, transitioning to post-quantum cryptography and securing BGP routing are critical for long-term data integrity. These tools provide the transparency needed to audit infrastructure readiness and verify the security of encrypted communication channels.

Cloudflare Radar now monitors post-quantum (PQ) encryption support for origin-facing connections, complementing existing client-side tracking.
A new public tool allows users to verify if specific hostnames support PQ-secure hybrid key exchange algorithms like X25519MLKEM768.
The Key Transparency dashboard provides real-time verification status of logs for encrypted messaging services, ensuring public key integrity.
Routing security insights now include data on ASPA (Autonomous System Provider Authorization) deployment to mitigate BGP route leaks.
Origin-side PQ support has seen a 10x increase over the past year, driven by default enablement in libraries like OpenSSL 3.5.0 and Go 1.24.

#security #data #dist

Read original

Cloudflare BlogFeb 27, 2026

We deserve a better streams API for JavaScript

Why it matters: Modern web apps rely on streaming data, yet the current Web Streams API is plagued by performance bottlenecks and a complex locking model. Understanding these flaws is crucial for engineers building high-performance runtimes or handling large-scale data processing in JavaScript.

The WHATWG Streams Standard was designed before async iteration (ES2018), leading to an API that relies on complex reader/writer acquisition instead of idiomatic language primitives.
Web streams use a restrictive locking model where forgetting to call releaseLock() can permanently break a stream, creating significant debugging hurdles.
The current API requires excessive boilerplate for common operations, such as manually managing reader locks and the { value, done } protocol.
Retrofitting async iteration onto Web streams hides but does not solve underlying complexity, and it fails to support advanced features like BYOB (Bring Your Own Buffer) reads.
Benchmarks show that alternative stream implementations leveraging modern JS features can be 2x to 120x faster than the current standard across various runtimes.
The author advocates for a new streaming standard that aligns with modern JavaScript development patterns to improve both performance and developer experience.

#data #frontend #dist

Read original

PlanetScale Tech BlogFeb 27, 2026

Video Conferencing with Postgres

Why it matters: This experiment showcases the power of PostgreSQL's logical replication for real-time data streaming. It challenges the boundaries of traditional database use cases, proving that WAL-based change data capture can serve as a high-throughput alternative to dedicated message brokers.

Implements video conferencing by using PostgreSQL as a real-time message broker via logical replication.
Captures browser media as JPEG frames and PCM audio, inserting them into BYTEA columns in a standard Postgres table.
Uses a Node.js relay to consume the logical replication stream (WAL) and forward updates to clients via WebSockets.
Achieves 15fps at 640x360 resolution by leveraging the ordered nature of commit logs instead of polling with SELECT.
Evaluates and rejects LISTEN/NOTIFY due to its 8KB payload limit, which is insufficient for video frame sizes.
Maintains database performance by running a cleanup job every two seconds to prune frames older than five seconds.
Demonstrates that PostgreSQL can handle high-throughput binary data streams while ensuring durability and crash recovery.

#data #dist

Read original

Salesforce EngineeringFeb 26, 2026

Hyperforce Migration at Scale: How Deterministic Automation Replaced Manual Spreadsheets Across 95,000 Organizations

Why it matters: Automating large-scale infrastructure migrations is critical for reducing operational risk. MIPS demonstrates how to build a deterministic decision engine that maintains auditability and customer trust while scaling to handle tens of thousands of complex organization moves.

Salesforce developed the Migration Intake and Processing Service (MIPS) to automate the migration of 95,000 organizations to Hyperforce.
The platform replaced manual spreadsheets and email-based coordination with a deterministic decision engine for eligibility and capacity.
MIPS consolidates distributed sources of truth into a centralized layer using well-defined APIs and explicit data contracts.
The system achieves a 90%+ auto-approval rate while escalating complex exceptions for human review to maintain throughput.
Every migration decision is fully traceable and auditable, ensuring customer trust and data residency requirements are met.
The architecture utilizes continuous data quality checks to prevent misinterpretations of regional capacity or scheduling windows.

#sre #dist #data

Read original

Engineering at MetaFeb 24, 2026

RCCLX: Innovating GPU communications on AMD platforms

Why it matters: RCCLX optimizes GPU communication on AMD platforms, addressing bottlenecks in LLM inference and training. By reducing AllReduce latency and using FP8 quantization, it significantly improves performance for decoding and prefill stages on modern AMD hardware.

Meta open-sourced RCCLX, an enhanced version of the ROCm Communication Collective Library (RCCL) optimized for AMD GPU platforms.
Integrated with Torchcomms, RCCLX includes CTran features like AllToAllvDynamic to enable GPU-resident collectives.
Introduces Direct Data Access (DDA) algorithms that reduce AllReduce latency by 10-50% for LLM decoding and 10-30% for prefill on MI300X GPUs.
DDA flat and tree algorithms optimize small and medium message sizes by allowing ranks to load memory directly from other ranks.
Supports low-precision collectives using FP8 quantization to achieve up to 4:1 compression, significantly reducing communication overhead for large messages.
Leverages AMD Infinity Fabric for high-bandwidth peer-to-peer mesh communication while maintaining numerical stability through FP32 compute steps.

#dist #mlp

Read original

Cloudflare BlogFeb 24, 2026

How we rebuilt Next.js with AI in one week

Why it matters: vinext solves the 'deployment problem' for Next.js on non-Vercel platforms by replacing the bespoke Turbopack toolchain with Vite. This offers engineers faster builds, smaller bundles, and native compatibility with Cloudflare Workers without sacrificing the familiar Next.js developer experience.

Cloudflare introduced vinext, a Vite-based, drop-in replacement for Next.js developed in one week using AI models.
The framework reimplements Next.js APIs like RSC and Server Actions directly on Vite, bypassing fragile build-output adapters like OpenNext.
Benchmarks show production builds up to 4.4x faster and client bundle sizes reduced by 57% using the Rolldown bundler.
It features first-class support for Cloudflare Workers, including single-command deployment and built-in ISR via Cloudflare KV.
By using the Vite Environment API, vinext ensures the development server and production output run natively on target runtimes.

#frontend #dist

Read original

GitHub EngineeringFeb 24, 2026

Multi-agent workflows often fail. Here’s how to engineer ones that don’t.

Why it matters: As LLMs move from chat to autonomous workflows, reliability depends on rigorous engineering. Applying distributed systems principles like typed contracts and schema enforcement prevents the subtle, cascading failures common in complex multi-agent orchestrations.

Treat multi-agent workflows as distributed systems rather than chat interfaces to manage shared state and non-deterministic behavior.
Implement typed schemas for all inter-agent communication to turn vague debugging into clear contract violation failures.
Use action schemas to constrain agent outputs to a strict, predefined set of valid operations like 'assign' or 'close'.
Adopt the Model Context Protocol (MCP) to enforce input and output validation for tools before execution occurs.
Design for failure by validating every agent boundary, logging intermediate states, and building in retry mechanisms.
Constrain agent actions and interfaces before adding more agents to a workflow to reduce the failure surface.

#dist #mlp

Read original

Page 3 of 22

Prev 1 2 3 4 5...22 Next