Curated topic

sre

Posts tagged with sre

Netflix Tech BlogJun 3, 2026

Dynamic Repartitioning for Time Series Workloads

Why it matters: Managing wide partitions is a classic Cassandra scaling challenge. Netflix's automated re-partitioning and dynamic bucketing provide a blueprint for maintaining low-latency performance in massive time-series datasets without manual intervention or over-provisioning.

Netflix utilizes Apache Cassandra 4.x for its TimeSeries Abstraction layer to manage petabytes of temporal data with millisecond latency.
Wide partitions in Cassandra caused significant performance degradation, including high tail latency, GC pauses, and CPU spikes.
The system employs a hierarchical partitioning strategy using time slices, time buckets, and event buckets to break up large datasets.
A background monitoring worker was implemented to analyze partition histograms and automatically tune configurations for future time slices.
Dynamic Event Bucketing (DEB) was developed to handle data outliers by splitting event buckets once they reach a specific size threshold.
These automated re-partitioning techniques significantly improved P99/P999 read latencies and overall cluster stability.

#data #sre #dist

Read original

Cloudflare BlogJun 1, 2026

How we reduced core unit boot time from hours to minutes

Why it matters: Inefficient boot sequences can paralyze large-scale infrastructure maintenance. This case study highlights how low-level firmware quirks impact fleet-wide automation and demonstrates the importance of explicit configuration over default discovery in bare-metal environments.

Cloudflare's Gen12 core servers experienced boot delays of up to four hours following a firmware update due to inefficient network boot interface probing.
The root cause was a linear search through multiple network boot protocols (IPv4 HTTPS, iPXE, IPv6), with each failed attempt incurring a five-minute timeout.
Because firmware upgrades require multiple sequential reboots, these 20-minute per-boot penalties compounded into hours of idle time across a 2,000-unit fleet.
Engineers optimized the process by explicitly declaring the correct boot interface early in the pre-boot PXE stage, bypassing the automated search.
The solution involved implementing state validation to handle configuration resets post-upgrade and managing vendor-specific NIC string formats.
This optimization restored boot times to minutes, significantly reducing maintenance windows and accelerating the deployment of new capacity.

#sre #dist

Read original

Netflix Tech BlogMay 29, 2026

From Silos to Service Topology: Why Netflix Built a Real-Time Service Map

Why it matters: In complex microservice architectures, understanding runtime dependencies is crucial for rapid incident response. Netflix's service map provides real-time visibility into service relationships, helping engineers identify root causes and assess blast radius during critical outages.

Netflix developed a real-time Service Topology map to visualize dependencies across thousands of microservices.
The system integrates three data sources: eBPF flow logs for network connectivity, IPC metrics for application context, and distributed traces for request flows.
Engineers use the map to quickly identify blast radius, upstream/downstream dependencies, and root causes during incidents.
The platform provides sub-second query performance to support high-pressure troubleshooting scenarios at 3am.
Beyond visualization, the tool offers programmatic API access for automated resilience frameworks and incident response automation.
The solution bridges the gap between fragmented signals like logs and metrics by providing a unified, steady-state view of the architecture.

#sre #dist

Read original

Dropbox Tech BlogMay 28, 2026

Beyond code generation: rethinking engineering productivity in the age of AI agents

Why it matters: AI tools accelerate coding but can overwhelm CI/CD and review pipelines. This shift from writing code to orchestrating agents requires new platforms and metrics to ensure that increased output actually translates into customer value without breaking engineering systems.

Dropbox is transitioning from AI copilots to autonomous agents that can edit files, run tests, and iterate on failures independently.
Increased code generation speed has shifted engineering bottlenecks downstream to code reviews, CI systems, and release coordination.
Nova, an internal platform, allows engineers to execute scoped tasks via agents and now accounts for approximately 8% of all pull requests.
AI agents are being prioritized for high-toil engineering work such as migrations, flaky test remediation, and dependency updates.
Productivity measurement is evolving from simple output metrics like PR count to holistic signals like review burden and customer impact.
The engineering role is shifting toward intent definition, architectural oversight, and final quality validation rather than manual implementation.

#mlp #culture #sre

Read original

Slack EngineeringMay 28, 2026

Slack AI: The Path to Multi-Cloud

Why it matters: This article provides a blueprint for scaling enterprise LLM infrastructure. It details the transition from manual GPU management to managed services, highlighting how to balance security, cost-efficiency, and reliability through strategic multi-cloud orchestration and capacity forecasting.

Slack transitioned from AWS SageMaker to Amazon Bedrock to reduce operational overhead and address GPU scarcity.
The architecture uses an escrow VPC strategy to maintain a zero-knowledge environment, ensuring data privacy and model security.
Infrastructure evolved from managing raw GPU instances to utilizing Model Units for deterministic throughput and easier scaling.
Slack optimized costs by using Provisioned Throughput for interactive features and On Demand capacity for bursty, scheduled tasks.
A zero-incident migration was achieved through extensive load testing, shadow requests, and gradual feature flag rollouts.
The shift enabled faster adoption of new LLM models, reducing the feature lag previously experienced with custom serving solutions.

#mlp #sre #security

Read original

Cloudflare BlogMay 27, 2026

Iran's Internet is partially restored, Cloudflare Radar data shows

Why it matters: This analysis demonstrates how network observability tools detect state-level internet disruptions and identify the technical mechanisms, such as application filtering versus BGP routing changes, used to implement large-scale connectivity restrictions.

Cloudflare Radar data shows a partial restoration of Iran's internet starting May 26, 2026, following a nearly three-month total shutdown.
Traffic volume surged 15x compared to the previous week, though it remains at only 40% of pre-disruption levels.
DNS query spikes to Cloudflare's 1.1.1.1 resolver confirm increased user-initiated requests for web services.
Regional data indicates the recovery is highly localized, with over 91% of HTTP requests originating from Tehran.
Analysis of IP address space shows IPv6 announcements remain at zero, while IPv4 stability suggests the shutdown relied on application filtering or whitelisting.

#data #security #sre

Read original

Dropbox Tech BlogMay 21, 2026

Introducing Nova, our internal platform for coding agents

Why it matters: Nova shows how to scale AI agents in complex enterprise environments. By moving beyond simple chat to a platform that validates code changes within a real build system, engineers can automate high-toil tasks like CI debugging and migrations while maintaining high code quality.

Dropbox built Nova, an internal platform for running coding agents to automate repetitive engineering tasks like debugging CI failures and updating dependencies.
The platform provides isolated cloud environments with codebase snapshots, allowing agents to operate within Dropbox's specific monorepo and Bazel build system.
Nova supports both interactive developer sessions and asynchronous, automated workflows triggered by internal systems.
A key feature is the feedback loop where agents receive real-time validation results from build and test commands to iterate on code patches.
By centralizing agent execution, the platform ensures consistent context engineering and infrastructure integration across various use cases.

#mlp #sre

Read original

GitHub EngineeringMay 20, 2026

Investigating unauthorized access to GitHub-owned repositories

Why it matters: This incident highlights the supply chain risks associated with developer tools like IDE extensions. It demonstrates the importance of rapid incident response, secret rotation, and endpoint isolation in mitigating the impact of a compromised internal environment.

GitHub detected a compromise on an employee device caused by a poisoned third-party VS Code extension.
Approximately 3,800 internal repositories were exfiltrated during the security incident.
No evidence suggests that customer-owned enterprises, organizations, or repositories were compromised.
Immediate response included isolating the affected endpoint and removing the malicious extension version.
GitHub rotated critical secrets and high-impact credentials to mitigate further risk.
Ongoing efforts include log analysis, secret rotation validation, and infrastructure monitoring.

#security #sre

Read original

GitHub EngineeringMay 20, 2026

Investigation update: GitHub Enterprise Server signing key rotation

Why it matters: GitHub is rotating its GHES signing key following a cyber-attack to ensure the integrity of future updates. Engineers managing GHES instances must rotate GPG keys immediately to avoid update failures and maintain a secure, verified supply chain for their enterprise infrastructure.

GitHub is rotating the GitHub Enterprise Server (GHES) signing key following a detected cyber-attack.
The signing key is critical for validating the authenticity of GHES binaries during manual update processes.
Administrators must execute a provided GPG rotation script on all GHES nodes to maintain update compatibility.
The rotation process requires running the script as both the admin user and root to ensure all accounts are updated.
Failure to rotate keys will result in future upgrade failures with 'invalid package' verification errors.
GitHub Enterprise Cloud customers are unaffected and do not need to take any action.

#security #sre

Read original

Cloudflare BlogMay 19, 2026

Announcing Claude Managed Agents on Cloudflare

Why it matters: This integration decouples AI logic from execution, allowing engineers to run Claude agents securely on Cloudflare's infrastructure. It provides granular control over sandboxes, enhanced observability, and the ability to scale via V8 isolates while maintaining private service connectivity.

Cloudflare and Anthropic have integrated Claude Managed Agents with Cloudflare Sandboxes to decouple agent logic from execution infrastructure.
Developers can run the agent loop on Anthropic's platform while using Cloudflare to execute code, secure connections, and manage tool calls.
The integration supports two execution environments: full Linux microVMs for complex tasks and lightweight V8 isolates for high-scale, low-latency execution.
Enhanced security features include customizable proxies for credential injection, data exfiltration prevention, and private service connectivity.
Built-in observability provides detailed sandbox metrics, logs, session recordings for browser-based agents, and interactive SSH access.
A Workers-based control plane manages agent sessions, automatically persisting state across session sleeps and providing a built-in management UI.

#mlp #security #sre

Read original

Page 2 of 27

Prev 1 2 3 4...27 Next