Curated topic

sre

Posts tagged with sre

Cloudflare BlogJun 12, 2026

Scaling Security Insights: how we achieved a 10x increase in global scanning capacity

Why it matters: This article demonstrates how to scale distributed systems by identifying bottlenecks in message processing, database I/O, and network latency. It provides practical patterns like lane-splitting and batching to handle 10x growth in high-throughput security scanning environments.

Increased scanning throughput 10x by implementing parallel processing in Go microservices to consume Kafka messages in batches via goroutines.
Eliminated head-of-line blocking by splitting consumer groups into 'fast lane' and 'slow lane' paths based on account asset volume.
Optimized database performance by replacing individual row inserts with a hybrid approach using UNNEST and COPY for bulk operations.
Reduced API timeouts and latency by relocating service instances to the same geographic region as the primary Postgres database.
Transitioned from opt-in to automatic scanning for millions of accounts while doubling the frequency of security checks.

#security #dist #sre

Read original

GitHub EngineeringJun 11, 2026

GitHub availability report: May 2026

Why it matters: This report highlights the challenges of scaling a massive monolith under AI-driven traffic growth. It provides a blueprint for reliability through infrastructure migration, service decomposition, and the implementation of automated circuit breakers to prevent cascading failures.

GitHub is migrating its monolith to Azure, now serving 40% of traffic and achieving 99% repository replication to improve elastic capacity.
The platform is decomposing its monolith into isolated domains like users and authentication to eliminate shared failure points and prevent cascading outages.
Stateless authentication tokens are being rolled out to remove per-request database lookups, significantly reducing pressure during traffic spikes.
Multiple May incidents were caused by database saturation during schema migrations and VM rate limits during GitHub Actions scale-up operations.
Remediation efforts include implementing automated circuit breakers for migrations and improving throttling logic for cloud resource allocation.

#sre #dist #data

Read original

GitHub EngineeringJun 11, 2026

Making secret scanning more trustworthy: Reducing false positives at scale

Why it matters: False positives in security tools cause alert fatigue and erode developer trust. By using LLMs to understand code context, GitHub reduces noise by over 75%, ensuring engineers spend time fixing real vulnerabilities rather than triaging non-sensitive strings.

GitHub integrated LLM-based contextual reasoning into its secret scanning pipeline to significantly reduce false positive alerts.
The system moves beyond simple pattern matching by analyzing how a potential secret is used, such as being passed to an API request or authentication header.
By focusing on 'better context' rather than 'more context,' the verification step analyzes high-signal information within a single file to maintain low latency.
The approach was developed in collaboration with Microsoft Security & AI, leveraging techniques from the Agentic Secret Finder system.
The implementation achieved a 75.76% reduction in customer-confirmed false positives, exceeding the initial target of 65%.
This hybrid model combines pattern-based detection for known formats with AI-powered verification for unstructured secrets like passwords.

#security #mlp #sre

Read original

PlanetScale Tech BlogJun 11, 2026

The only scalable delete in Postgres is DROP TABLE

Why it matters: Large DELETEs in Postgres often cause performance degradation and disk bloat due to MVCC. Understanding why DROP and TRUNCATE scale better helps engineers design more efficient data retention strategies and avoid common database maintenance pitfalls.

Postgres DELETE operations utilize MVCC, creating dead tuples that increase vacuum debt and replication overhead without immediately freeing disk space.
Unlike row-level deletion, DROP TABLE and TRUNCATE perform a metadata sweep and directly remove files from the operating system, scaling independently of data size.
Large-scale row cleanup is often more efficient by copying desired data to a temporary table, truncating the original, and re-inserting the kept rows.
For ongoing data retention, declarative partitioning is the recommended approach as it allows for dropping entire partitions rather than individual rows.
DELETE operations can degrade read performance because index scans must resolve tuple visibility, effectively adding work to every subsequent query.

#data #sre

Read original

Cloudflare BlogJun 10, 2026

Route public traffic to private applications with Cloudflare

Why it matters: This feature allows engineers to apply enterprise-grade security and performance tools to internal services without public exposure. It simplifies hybrid cloud networking by treating private IPs as standard origins, reducing operational overhead and the risk of misconfigured firewall rules.

Cloudflare launched Application Services for Private Origins, allowing public traffic to reach private IPs without exposing them to the public internet.
The service enables WAF, bot management, rate limiting, and Workers to protect internal APIs, AI backends, and MCP servers.
It integrates with existing Cloudflare WAN and Mesh connectivity, removing the requirement for running connector software like cloudflared on every origin.
Engineers can toggle private network routing for A/AAAA records, supporting RFC 1918, CGNAT, and Unique Local IPv6 address ranges.
The unified routing model simplifies infrastructure by eliminating the need for parallel stacks like public-facing load balancers or complex VPNs.
This architecture treats security as a property of traffic rather than a result of network location, bridging the gap between public and private infrastructure.

#security #sre #dist

Read original

Salesforce EngineeringJun 9, 2026

How to Build Reliable AI Agents: 5 Engineering Patterns from a Production System

Why it matters: Transitioning AI agents from demos to production requires a shift from prompt engineering to system engineering. This article highlights how to handle non-deterministic tasks in critical infrastructure, ensuring agents can safely automate complex cloud optimization worth millions.

AI agents often fail in production because they struggle with non-deterministic environments and scattered sources of truth in infrastructure.
Relying on increasingly complex prompts creates unmaintainable 'software written in English' without improving underlying reliability.
Multi-agent architectures do not automatically solve consistency issues if the model is tasked with problems that require deterministic logic.
Reliability is achieved by engineering the systems around the model rather than focusing solely on model capability or prompt refinement.
The lack of a single source of truth in complex deployment stacks (Terraform, Helm, etc.) prevents agents from reasoning effectively without external guardrails.

#mlp #finops #sre

Read original

Airbnb EngineeringJun 4, 2026

Sitar-agent: Building a reliable dynamic configuration sidecar at scale

Why it matters: Dynamic configuration is critical for feature flags and runtime tuning. Airbnb's sidecar approach ensures high availability and low latency across a massive, multi-language microservice architecture, decoupling config delivery from service deployments and backend availability.

Airbnb developed Sitar-agent, a Kubernetes sidecar that delivers dynamic configurations to thousands of service instances without requiring redeployments.
The agent utilizes a two-stage bootstrap process: preloading compressed snapshots from AWS S3 for speed and syncing deltas from the Sitar Service for freshness.
A sidecar architecture was chosen over a library-based approach to support a multi-language fleet (Java, Go, Python, etc.) and ensure resource isolation.
To prevent thundering herd problems at scale, the agent implements a periodic polling loop with jitter for configuration updates.
Configurations are stored on a shared local volume, allowing the application container to read updates via a client library with an in-memory cache.
The system was recently rewritten from Ruby to Java to align with Airbnb's mainstream stack and improve operational observability.

#sre #dist

Read original

Salesforce EngineeringJun 4, 2026

How Engineering 360 Unified Operations at Scale and Reached 80% Adoption

Why it matters: Scaling engineering organizations often suffer from fragmented operational data. This unified platform approach demonstrates how to build a single source of truth for engineering health, improving decision-making efficiency and metric consistency across thousands of engineers.

Salesforce unified fragmented data from 40+ tools into Engineering 360, a platform tracking 150 standardized metrics with 80% manager adoption.
The system utilizes Data 360 for ingestion and identity resolution to map disparate engineer identities across Git, Workday, and internal systems.
Metric standardization was enforced through a strict framework requiring clear definitions, actionability, and alignment with organizational goals.
Reliability is maintained by treating the platform as a live service with automated monitoring and rapid remediation for data pipeline failures.
Performance bottlenecks were resolved by shifting data transformations upstream and using pre-aggregation to reduce query latency in the visualization layer.

#data #culture #sre

Read original

Engineering at MetaJun 3, 2026

Lights Out, Systems On: Validating Instant Power Loss Readiness

Why it matters: Zero-notice power failures pose a massive risk to availability. Meta's approach shows how to handle regional outages by combining hardware persistence with automated dependency management, ensuring complex distributed systems can bootstrap autonomously from scratch.

Meta introduced 'Instantaneous PowerLoss Storm' to validate data center readiness for zero-notice power failures at a regional scale.
The strategy utilizes defense-in-depth, combining hardware-level batteries and Power Loss Siren (PLS) with software-level signaling.
A primary challenge is regional bootstrapping, where millions of services must restart and discover each other autonomously after a total outage.
To prevent circular dependencies ('ouroboros') in the control plane, Meta uses Belljar tests in CI/CD and the Twrko recovery kit for jumpstarting.
Testing at a regional scale revealed unique vulnerabilities in replica placement and autonomous recovery that single-fault domain tests missed.

#sre #dist

Read original

Spotify EngineeringJun 3, 2026

Coding Is No Longer the Constraint: Scaling Developer Experience to Teams and Agents at Spotify

Why it matters: As AI agents become integral to software development, platform engineering must shift from manual coding efficiency to building systems that support hybrid human-AI collaboration, ensuring scalability in complex environments.

Spotify's chief architect argues that writing code is no longer the primary bottleneck in software development.
The focus is shifting toward scaling Developer Experience (DevEx) to support both human teams and AI agents.
Optimizing internal platforms is essential for enabling AI agents like Claude to operate effectively within the codebase.
The strategy involves reducing friction across the entire software lifecycle rather than just individual productivity.
Treating AI agents as first-class citizens requires a rethink of how developer tools and infrastructure are designed.

#culture #mlp #sre

Read original

Page 1 of 27

Prev1 2 3...27 Next