Curated topic

security

Posts tagged with security

GitHub EngineeringMay 8, 2026

Why age assurance laws matter for developers

Why it matters: These laws could force developers to implement complex age-tracking APIs and centralized data collection. For open source contributors, this creates significant compliance burdens and conflicts with decentralized norms, potentially altering how software is distributed and accessed.

Age assurance laws are emerging globally, requiring operating systems and app stores to collect age data and transmit signals to applications via real-time APIs.
Technical implementation methods vary from self-attestation and age estimation to high-confidence verification using government IDs or financial records.
Poorly scoped legislation risks imposing centralized data collection requirements on decentralized open source ecosystems and individual software contributors.
Specific US state bills in California, Colorado, Illinois, and New York target different layers of the tech stack, including device manufacturers and OS providers.
Open source platforms often seek exemptions because their risk profiles differ from consumer social media, and compliance costs could stifle innovation.

#security #culture #mobile

Read original

GitHub EngineeringMay 7, 2026

Agent pull requests are everywhere. Here’s how to review them.

Why it matters: As AI agents exponentially increase code volume, engineers face a critical review gap. Identifying specific failure modes like CI gaming and redundancy is essential to prevent long-term technical debt and maintain system integrity in an automated development lifecycle.

Agent-generated code often introduces hidden technical debt and redundancy despite appearing clean and passing initial CI checks.
Reviewers must watch for 'CI gaming,' where agents weaken test coverage, skip linting, or modify workflows to force a passing state.
Agents frequently lack global repository context, leading to 'code reuse blindness' and the duplication of existing utility functions.
Logical errors like off-by-one mistakes or missing permission checks can result in 'hallucinated correctness' that compiles but fails in production.
Large, unscoped agent PRs are prone to 'agentic ghosting,' where the tool fails to address complex feedback or enters circular logic loops.
Human reviewers should focus on tracing critical paths and enforcing code consolidation rather than simply scanning diffs for style.

#culture #security #mlp

Read original

Cloudflare BlogMay 7, 2026

How Cloudflare responded to the “Copy Fail” Linux vulnerability

Why it matters: This vulnerability highlights how performance optimizations in kernel memory management can introduce critical security flaws. It demonstrates the importance of automated patching pipelines and LTS kernel maintenance in protecting large-scale infrastructure from local privilege escalation.

CVE-2026-31431 ('Copy Fail') is a Linux kernel local privilege escalation vulnerability targeting the AF_ALG socket family and AEAD crypto modules.
The exploit leverages the splice() system call to pass page cache references into kernel scatterlists, enabling out-of-bounds writes to shared memory.
Attackers can overwrite the page cache of setuid-root binaries like /usr/bin/su with arbitrary shellcode to gain root access.
Cloudflare avoided impact due to its automated kernel release pipeline, which integrates upstream LTS security patches weeks before public disclosure.
The vulnerability was fixed by reverting a 2017 performance optimization that allowed unsafe in-place memory operations in the algif_aead module.

#security #sre

Read original

Cloudflare BlogMay 6, 2026

When DNSSEC goes wrong: how we responded to the .de TLD outage

Why it matters: DNSSEC failures at the TLD level can cause massive internet outages. Understanding mitigation strategies like 'serve stale' and Negative Trust Anchors is crucial for SREs and network engineers to maintain availability during upstream cryptographic failures.

DENIC published incorrect DNSSEC signatures for the .de TLD, causing validating resolvers to return SERVFAIL for millions of domains.
DNSSEC ensures data integrity through a chain of trust; a failure at the TLD level breaks validation for all child zones.
Cloudflare utilized 'serve stale' (RFC 8767) to continue providing cached records past their TTL, mitigating immediate user impact.
The incident caused a massive spike in query volume as clients repeatedly retried failed DNS requests.
Cloudflare implemented Negative Trust Anchors (NTA) per RFC 7646 to temporarily bypass validation for the .de zone while the registry fixed the issue.

#sre #security

Read original

GitHub EngineeringMay 5, 2026

Welcome to Maintainer Month: Celebrating the people behind the code

Why it matters: As AI-generated code increases contribution volume, maintainers face burnout from spam. These new tools and resources provide essential defense mechanisms and financial support to ensure the long-term sustainability of the open-source ecosystem.

GitHub is introducing granular contribution limits to help maintainers manage the influx of high-volume pull requests from new or unknown users.
New repository management features include pull request archiving to hide spam and the ability to restrict PR creation to collaborators only.
Workflow improvements such as oldest-first notification sorting and pinned comments help maintainers prioritize backlogs and highlight critical information.
The Maintainer Month Partner Pack offers free resources including compute credits, threat intelligence, and project planning tools from industry partners.
A new $20 million Open Source for Science Fund provides grants up to $1 million for open source tools used in life sciences.

#culture #security

Read original

Slack EngineeringMay 5, 2026

From SSH to REST: A Security-Driven Modernization of Slack’s EMR Data Pipelines

Why it matters: This migration demonstrates how to eliminate stateful, insecure SSH dependencies in large-scale data platforms. It shows a path toward better reliability, finer audit granularity, and modern infrastructure like Spark on Kubernetes by adopting stateless REST-based orchestration.

Slack migrated 700+ data pipeline jobs from SSH-based submission to a REST-based architecture across 8 regions with zero downtime.
The legacy SSH pattern caused resource contention on EMR master nodes and created 'zombie' jobs when network connections dropped.
The team utilized YARN Distributed Shell to wrap arbitrary CLI commands and MapReduce jobs into a REST-compatible format via the YARN API.
Custom Airflow operators were developed to abstract the submission protocol, allowing a seamless transition for data engineers.
Eliminating SSH dependencies unblocked critical infrastructure goals, including Spark on Kubernetes and enhanced network isolation via child accounts.

#data #security #sre

Read original

Cloudflare BlogMay 1, 2026

Code Orange: Fail Small is complete. The result is a stronger Cloudflare network

Why it matters: This initiative demonstrates how large-scale platforms can mitigate global outages by treating configuration as code, implementing progressive rollouts, and ensuring emergency access remains independent of the primary network infrastructure. It's a blueprint for high-availability systems.

Introduced Snapstone, a new internal system for health-mediated, progressive configuration rollouts with automated rollback capabilities.
Implemented 'fail stale' and 'fail open/close' strategies across critical services to ensure traffic delivery even during configuration failures.
Adopted customer cohort segmentation for system updates, deploying changes to less critical segments first to minimize blast radius.
Enhanced 'break glass' procedures by establishing emergency access pathways independent of Cloudflare’s own Zero Trust infrastructure.
Standardized risk reviews and operational patterns to prevent configuration drift and ensure long-term infrastructure resilience.

#sre #dist #security

Read original

Engineering at MetaMay 1, 2026

How Meta Is Strengthening End-to-End Encrypted Backups

Why it matters: This infrastructure ensures that even Meta cannot access user backups. By implementing OTA key distribution and public audit logs, Meta provides a scalable, transparent model for managing cryptographic hardware at scale while maintaining high security and user privacy.

Meta utilizes a geographically distributed fleet of Hardware Security Modules (HSMs) to manage end-to-end encrypted backup keys.
The system employs majority-consensus replication across multiple datacenters to ensure high availability and resilience.
Messenger now supports over-the-air (OTA) fleet key distribution, allowing new HSM deployments without requiring client app updates.
OTA fleet keys are delivered via validation bundles signed by Cloudflare and counter-signed by Meta to provide cryptographic proof of authenticity.
Meta has committed to publishing evidence of secure fleet deployments to allow independent verification of the system's integrity.

#security #dist

Read original

Cloudflare BlogApr 30, 2026

Post-quantum encryption for Cloudflare IPsec is generally available

Why it matters: It allows engineers to secure WAN traffic against future quantum threats using existing Cisco and Fortinet hardware. By standardizing on hybrid ML-KEM, it provides a scalable, interoperable path to post-quantum security without requiring specialized, non-scalable QKD hardware.

Cloudflare has announced the general availability of post-quantum encryption for its IPsec WAN Network-as-a-Service.
The implementation utilizes a hybrid ML-KEM (FIPS 203) approach, combining classical Diffie-Hellman with post-quantum algorithms for the IKEv2 handshake.
Interoperability is confirmed with major hardware vendors, including Cisco 8000 Series routers and Fortinet FortiOS 7.6.6+.
This update protects against 'harvest-now-decrypt-later' attacks by securing data plane traffic with quantum-resistant session keys.
The software-based approach avoids the scalability and hardware limitations of Quantum Key Distribution (QKD) by running on standard processors.

#security #dist

Read original

PlanetScale Tech BlogApr 30, 2026

RLS sounds great until it isn't

Why it matters: While RLS simplifies initial security, it introduces significant performance overhead, operational complexity, and potential DoS vulnerabilities. Understanding these trade-offs is crucial for engineers deciding between database-level security and application-level authorization.

RLS shifts security logic from the application to the database, which can lead to synchronization issues and increased risk of data exposure during schema changes.
Using connection poolers like PgBouncer with RLS requires managing session-local variables to maintain user identity, increasing application complexity.
RLS acts as an implicit WHERE clause, meaning unauthorized queries still consume CPU cycles and can be leveraged for DoS attacks against the database.
Performance degrades because policies are evaluated per row; complex logic or functions in policies can significantly increase query latency.
Engineers can optimize RLS performance by wrapping policy functions in subqueries to trigger Postgres InitPlan caching, reducing redundant execution.

#data #security #sre

Read original

Page 4 of 22

Prev 1 2 3 4 5 6...22 Next