Curated topic

sre

Posts tagged with sre

PlanetScale Tech BlogMar 24, 2026

Enhanced tagging in Postgres Query Insights

Why it matters: This update allows engineers to attribute database load to specific application contexts like users or background jobs. By balancing granular visibility with cardinality management, it provides actionable performance data without overwhelming telemetry infrastructure.

Postgres Query Insights now includes tag metadata in aggregated summaries, moving beyond individual notable query logs.
Tags are implemented using specially formatted SQL comments, allowing application-level context like controllers or jobs to be tracked.
The system emits separate aggregate messages for unique tag combinations to enable precise performance attribution for metrics like total execution time.
To prevent telemetry volume explosions, a cardinality reduction strategy collapses high-cardinality tags into a wildcard value when limits are exceeded.
Cardinality monitoring is applied per query pattern, ensuring that one high-cardinality tag doesn't degrade visibility for the rest of the database.

#data #sre

Read original

PlanetScale Tech BlogMar 23, 2026

Behind the scenes: How Database Traffic Control works

Why it matters: This feature prevents database brownouts by proactively blocking expensive queries before they consume resources. It uses historical execution data and planner costs to predict impact, ensuring high-priority traffic remains stable during unexpected load spikes.

Database Traffic Control is a Postgres extension feature that mitigates overload by intercepting and blocking expensive SQL queries before they execute.
The system utilizes Postgres hooks, specifically ExecutorRun, to evaluate queries against configured budgets for concurrency and resource consumption.
It employs a leaky-bucket rate limiter to manage capacity, ensuring that cumulative query costs do not exceed defined thresholds.
Cost prediction is achieved by multiplying the Postgres planner's estimated cost by a dynamic coefficient derived from exponential moving averages of historical CPU time.
Unlike statement timeouts or cgroups, this proactive approach saves server resources by preventing the execution of low-priority or high-cost queries entirely.

#sre #data

Read original

GitHub EngineeringMar 23, 2026

GitHub expands application security coverage with AI‑powered detections

Why it matters: This bridges security gaps in infrastructure-as-code and scripts that traditional static analysis misses. By integrating AI-driven detections and automated fixes into the PR workflow, engineers can resolve vulnerabilities faster and maintain high security standards without leaving their tools.

GitHub is introducing AI-powered security detections to complement CodeQL's deep semantic static analysis.
The new system expands security coverage to ecosystems like Shell/Bash, Dockerfiles, Terraform (HCL), and PHP.
Detections are integrated directly into the pull request workflow, surfacing risks like SQL injection and insecure crypto early.
Copilot Autofix provides review-ready remediation suggestions, reducing average resolution time from 1.29 hours to 0.66 hours.
Internal testing across 170,000 findings resulted in over 80% positive developer feedback.
The hybrid detection model is part of GitHub's agentic platform, aiming to evolve toward deeper AI-augmented analysis.

#security #mlp #sre

Read original

Cloudflare BlogMar 23, 2026

Launching Cloudflare’s Gen 13 servers: trading cache for cores for 2x edge compute performance

Why it matters: This shift demonstrates how software architecture must evolve to match hardware trends. By rewriting core layers in Rust, Cloudflare decoupled performance from cache locality, enabling the use of high-density CPUs to double edge throughput and improve power efficiency.

Cloudflare's Gen 13 servers adopt AMD EPYC 5th Gen (Turin) processors, doubling core counts to 192 per socket.
The new hardware trades per-core L3 cache (2MB vs 12MB in Gen 12) for massive throughput and 32% better power efficiency.
Legacy NGINX/LuaJIT software (FL1) faced 50% latency regressions on the new chips due to increased DRAM fetch cycles.
The transition to FL2, a Rust-based rewrite of the request handling layer, successfully decoupled performance from cache locality.
FL2 allows Gen 13 to achieve 2x edge compute performance gains while maintaining strict latency SLAs.
Engineers utilized AMD Platform Quality of Service (PQOS) to optimize shared resource allocation across Core Complex Dies (CCDs).

#sre #dist #finops

Read original

PlanetScale Tech BlogMar 23, 2026

Introducing Database Traffic Control

Why it matters: Postgres lacks native granular traffic management. This tool prevents database outages caused by runaway queries by allowing real-time resource budgeting and throttling, ensuring stability for critical workloads without requiring immediate code changes.

PlanetScale introduced Database Traffic Control to manage Postgres query traffic and prevent server degradation during spikes.
Engineers can define resource budgets based on query fingerprints, application names, database users, or custom SQL comment tags.
Resource limits can be applied to CPU usage, burst limits, backend process concurrency, and per-query execution timing.
The system supports a 'warn' mode for observation and an 'enforce' mode to actively block queries exceeding defined limits.
Integration with PlanetScale Insights allows for rapid identification of problematic queries and immediate budget application.
Use cases include prioritizing high-value user traffic over background jobs and isolating human traffic from AI agent workloads.

#data #sre

Read original

Airbnb EngineeringMar 17, 2026

From vendors to vanguard: Airbnb’s hard-won lessons in observability ownership

Why it matters: Managing observability at scale requires balancing cost and utility. Airbnb's shift to an in-house, automated platform demonstrates how to regain control over data, standardize metrics across thousands of services, and reduce operational overhead through self-service migration tools.

Airbnb transitioned from vendor-managed observability to an in-house platform built on Prometheus to reduce costs and improve developer workflows.
The migration involved moving 300 million timeseries, 3,100 dashboards, and 300,000 alerts across 1,000 services.
The team shifted from a 'hardest-first' approach to starting with achievable targets to validate the platform and build momentum.
Rather than 1:1 query translation, they migrated the 'intent' of queries to standardize metrics and correct legacy inaccuracies.
A 'One-Click Migration' tool was developed to automate the conversion of dashboards and alerts, significantly reducing manual effort.
A centralized Migration Hub provided service owners with self-service tools and visibility into their migration status.

#sre #finops #dist

Read original

Salesforce EngineeringMar 16, 2026

Building AWS Bedrock Model Availability: Slashing AI Routing Discovery From Days to Minutes

Why it matters: Scaling AI globally requires automated infrastructure to manage model availability. This approach ensures high reliability and compliance with data residency laws while slashing operational overhead, allowing teams to adopt new LLMs rapidly without manual configuration risks.

Salesforce automated Amazon Bedrock model discovery across 30+ AWS accounts to support Agentforce's global expansion.
Regional AWS Lambda functions query AWS APIs to collect real-time endpoint availability, publishing data as CloudWatch metrics.
Discovery time for new model endpoints was reduced from several days of manual effort to just minutes.
Implemented a deterministic baseline fallback mechanism to verified regions to ensure service continuity during outages.
Integrated layered routing controls to balance capacity, latency, and strict data residency requirements across global jurisdictions.

#mlp #sre #dist

Read original

GitHub EngineeringMar 16, 2026

GitHub for Beginners: Getting started with GitHub Actions

Why it matters: GitHub Actions enables engineers to automate development workflows directly within their repositories. Understanding these fundamentals allows teams to implement CI/CD, improve code quality through automated testing, and reduce manual overhead for project management tasks.

GitHub Actions is a built-in CI/CD and automation platform that uses YAML files to automate repetitive tasks and deployment processes.
Workflows are triggered by specific GitHub events such as code pushes, pull requests, or issue creation.
A workflow consists of one or more jobs that execute on a runner, which can be a GitHub-hosted or self-hosted virtual machine.
Each job contains a series of steps, which are either shell commands or prebuilt actions from the GitHub Marketplace.
Workflow files are stored in the .github/workflows directory and require specific permissions to interact with repository resources.

#sre #culture

Read original

Cloudflare BlogMar 13, 2026

From legacy architecture to Cloudflare One

Why it matters: Migrating legacy infrastructure to Zero Trust is notoriously risky. This approach allows engineers to modernize security for old applications without rewriting code, reducing the attack surface via outbound-only tunnels while maintaining session persistence and operational stability.

Adopts a tiered, risk-aware methodology to move applications based on complexity rather than using a risky 'big bang' migration approach.
Utilizes Cloudflare Access to wrap legacy applications in a Zero Trust layer, enabling MFA and SSO without requiring any code changes.
Employs Cloudflare Tunnel to create outbound-only connections, effectively hiding internal services from the public internet by removing public IP addresses.
Conducts pre-migration audits to map backend dependencies and identity providers, ensuring service continuity during the transition.
Leverages Dynamic Path MTU Discovery (PMTUD) to maintain persistent sessions at the edge even when client IP addresses change.

#security #sre

Read original

Cloudflare BlogMar 13, 2026

From legacy architecture to Cloudflare One

Why it matters: Moving from legacy VPNs to Zero Trust is high-risk. This methodology de-risks the process by treating migration as application modernization, allowing engineers to secure legacy systems with MFA and identity-based access without downtime or code changes.

Cloudflare and CDW advocate for a tiered, risk-aware migration strategy to Zero Trust rather than high-risk 'big bang' VPN replacements.
Legacy applications are modernized by 'wrapping' them in Cloudflare Access, adding MFA and SSO capabilities without requiring code rewrites.
Cloudflare Tunnel establishes outbound-only connections, effectively hiding internal applications from the public internet and preventing lateral movement.
Comprehensive pre-migration audits map backend dependencies and identity providers to ensure service continuity during the transition.
Dynamic Path MTU Discovery (PMTUD) is utilized to maintain persistent sessions for legacy architectures even as client IP addresses change.

#security #sre

Read original

Page 10 of 27

Prev 1...8 9 10 11 12...27 Next