Links

Tuesday 2025-03-18 Assorted Links
Assorted Links links
Published: 2025-03-18
Tuesday 2025-03-18 Assorted Links

Assorted links for Tuesday, March 18:

  1. Researchers astonished by tool’s apparent success at revealing AI’s “hidden objectives”

    In a new paper published Thursday titled “Auditing language models for hidden objectives,” Anthropic researchers described how custom AI models trained to deliberately conceal certain “motivations” from evaluators could still inadvertently reveal secrets, due to their ability to adopt different contextual roles they call “personas.” The researchers were initially astonished by how effectively some of their interpretability methods seemed to uncover these hidden training objectives, although the methods are still under research.

  2. Why SNES hardware is running faster than expected—and why it’s a problem

    After significant research and testing on dozens of actual SNES units, the TASBot team now thinks that a cheap ceramic resonator used in the system’s Audio Processing Unit (APU) is to blame for much of this inconsistency. While Nintendo’s own documentation says the APU should run at a consistent rate of 24.576 Mhz (and the associated Digital Signal Processor sample rate at a flat 32,000 Hz), in practice, that rate can vary just a bit based on heat, system age, and minor physical variations that develop in different console units over time.

  3. The Defer Technical Specification: It Is Time

    Time for me to write this blog post and prepare everyone for the implementation blitz that needs to happen to make defer a success for the C programming language.

  4. Introducing support for SLNX, a new, simpler solution file format in the .NET CLI

    Solution files have been a part of the .NET and Visual Studio experience for many years now, and they’ve had the same custom format the whole time. Recently, the Visual Studio solution team has begun previewing a new, XML-based solution file format called SLNX. Starting in .NET SDK 9.0.200, the dotnet CLI supports building and interacting with these files in the same way as it does with existing solution files.

  5. Hello HybridCache! Streamlining Cache Management for ASP.NET Core Applications

    HybridCache is a new .NET 9 library available via the Microsoft.Extensions.Caching.Hybrid package and is now generally available! HybridCache, named for its ability to leverage both in-memory and distributed caches like Redis, ensures that data storage and retrieval is optimized for performance and security, regardless of the scale or complexity of your application.

Monday 2025-03-17 Assorted Links
Assorted Links links
Published: 2025-03-17
Monday 2025-03-17 Assorted Links

Assorted links for Monday, March 17:

  1. Faster Go maps with Swiss Tables

    Like sorting algorithms, hash table data structures continue to see improvements. In 2017, Sam Benzaquen, Alkis Evlogimenos, Matt Kulukundis, and Roman Perepelitsa at Google presented a new C++ hash table design, dubbed “Swiss Tables”. In 2018, their implementation was open sourced in the Abseil C++ library.

    Go 1.24 includes a completely new implementation of the built-in map type, based on the Swiss Table design.

  2. Harden-Runner detection: tj-actions/changed-files action is compromised

    We are investigating a critical security incident involving the popular tj-actions/changed-files GitHub Action. We want to alert you immediately so that you can take prompt action. This post will be updated as new information becomes available.

  3. Highlights from Git 2.49
    1. Faster packing with name-hash v2
    2. Backfill historical blobs in partial clones
  4. Life Altering Postgresql Patterns: Many of these apply to all SQL, not just PostgreSQL
    1. Use UUID primary keys
    2. Give everything created_at and updated_at
    3. On update restrict on delete restrict
    4. Use schemas
    5. Enum Tables
    6. Name your tables singularly
    7. Mechanically name join tables
    8. Almost always soft delete
    9. Represent statuses as a log
    10. Mark special rows with a system_id
    11. Use views sparingly
    12. JSON Queries
  5. cppmatch

    A header-only C++ library that offers exceptionless error handling and type-safe enums, bringing Rust-inspired error propagation with the ? operator and the match operator to C++.

Friday 2025-03-14 Assorted Links
Assorted Links links
Published: 2025-03-14
Friday 2025-03-14 Assorted Links

Assorted links for Friday, March 14:

  1. Agentic AI is the New Web App, and Your AI Strategy Must Evolve

    Two years into the generative AI revolution, the LLMs that power tools like ChatGPT and Claude have become startlingly powerful. However, according to Salesforce CEO Marc Benioff, they may be reaching their limits. Per Benioff, the next evolution is not necessarily more intelligent LLMs but autonomous AI agents that leverage LLMs to execute tasks independently.

  2. Title Launch Observability at Netflix Scale
  3. Performance of the Python 3.14 tail-call interpreter

    About a month ago, the CPython project merged a new implementation strategy for their bytecode interpreter. The initial headline results were very impressive, showing a 10-15% performance improvement on average across a wide range of benchmarks across a variety of platforms.

    Unfortunately, as I will document in this post, these impressive performance gains turned out to be primarily due to inadvertently working around a regression in LLVM 19.

  4. Model Context Protocol

    MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.

  5. Traversal-resistant file APIs

    A path traversal vulnerability arises when an attacker can trick a program into opening a file other than the one it intended. This post explains this class of vulnerability, some existing defenses against it, and describes how the new os.Root API added in Go 1.24 provides a simple and robust defense against unintentional path traversal.

Thursday 2025-03-13 Assorted Links
Assorted Links links
Published: 2025-03-13
Thursday 2025-03-13 Assorted Links

Assorted links for Thursday, March 13:

  1. Instrumenting Apache Spark Structured Streaming jobs using OpenTelemetry

    Monitoring Apache Spark structured streaming data workloads is challenging because the data is continuously processed as it arrives. Because of this always-on nature of stream processing, it is harder to troubleshoot problems during development and production without real-time metrics, alerting and dashboards. Traces complement metrics, and since Spark doesn’t include them by default, we integrate them using OpenTelemetry.

  2. Protecting user data through source code analysis at scale

    Meta’s Anti Scraping team focuses on preventing unauthorized scraping as part of our ongoing work to combat data misuse. In order to protect Meta’s changing codebase from scraping attacks, we have introduced static analysis tools into our workflow. These tools allow us to detect potential scraping vectors at scale across our Facebook, Instagram, and even parts of our Reality Labs codebases.

  3. We’ve figured out the basics of a shape-shifting, T-1000-style material

    Campàs and his team drew inspiration from processes called fluidization and convergent extension—mechanisms that cells in embryos use to coordinate their behavior when forming tissues and organs in a developing organism. The team built a robotic collective where each robotic unit behaved like an embryonic cell. As a collective, the robots behaved like a material that could change shape and switch between solid and liquid states, just like the T-1000.

  4. Cross-Modal Retrieval: Why It Matters for Multimodal AI

    With its ability to simultaneously process different data types (think text, image, audio, video and more), the continuing development of multimodal AI represents the next step that would help to further enhance a wide range of tools — including those for generative AI and autonomous agentic AI.

  5. The Deployment Bottleneck No One Talks About

    Most applications rely on cloud SDKs to connect to services like message brokers, queues, databases, APIs and more.

    Rather than working directly with cloud SDKs, a better approach is to introduce a standardized layer between applications and cloud services. This allows developers to interact with essential resources without being tightly coupled to a specific provider’s SDKs. A framework like Dapr helps achieve this by providing a uniform API for interacting with cloud resources.

Wednesday 2025-03-12 Assorted Links
Assorted Links links
Published: 2025-03-12
Wednesday 2025-03-12 Assorted Links

Assorted links for Wednesday, March 12:

  1. Zen and the Art of Microcode Hacking

    The root cause of the EntrySign vulnerability is that the AMD Zen microcode signature verification algorithm uses the CMAC function as a hash function; however, CMAC is a message authentication code and does not necessarily provide the same security guarantees as a cryptographic hash function.

    The weakness of using CMAC as a hash function is that anyone who has the encryption key is able to observe the intermediate values of the encryption and calculate a way to “correct” the difference so that the final output remains the same, even if the inputs are completely different.

  2. Thousands of websites hit by four backdoors in 3rd party JavaScript attack

    While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.

    Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in the browser of their users.

  3. How to debug code with GitHub Copilot

    GitHub Copilot can streamline your debugging process by troubleshooting in your IDE, analyzing pull requests, and more, helping you tackle issues faster and more robustly.

  4. Finding leaked passwords with AI: How we built Copilot secret scanning

    Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.

  5. Monads

    If you understand what a functor is, it should be easy to grasp the idea of a monad. It’s a functor you can flatten.

Tuesday 2025-03-11 Assorted Links
Assorted Links links
Published: 2025-03-11
Tuesday 2025-03-11 Assorted Links

Assorted links for Tuesday, March 11:

  1. How Generative AI Is Reshaping the SDLC

    Amazon Q shows how GenAI is helping developers at all stages of code creation and delivery, said Srini Iragavarapu of AWS in this episode of Makers.

  2. .NET AI Template Now Available in Preview

    Want to get started with AI development, but not sure where to start? I’ve got a treat for you – we have a new AI Chat Web App template now in preview.

  3. Rethinking System Architecture: The Rise of Distributed Intelligence with eBPF

    With eBPF, we can process, filter, and act on data as it flows through the system — directly at the kernel level. This architecture approach flips the centralized model on its head by embedding decision-making directly into the system at the point where data is generated. This means that instead of forwarding vast amounts of raw data for centralized processing, we can use intelligent, kernel-embedded programs to analyze, process, and act on data exactly where it was generated in real-time. By doing this, eBPF enables a shift from centralized, reactive decision-making to distributed, proactive intelligence.

  4. When AI Thinks It Will Lose, It Sometimes Cheats, Study Finds: This is the AI alignment problem, which has been explored extensively in science fiction.

    When sensing defeat in a match against a skilled chess bot, [advanced AI models] don’t always concede, instead sometimes opting to cheat by hacking their opponent so that the bot automatically forfeits the game.

  5. Unlock new possibilities for AI Evaluations for .NET

    The Microsoft.Extensions.AI.Evaluations library is designed to simplify the integration of AI evaluation processes into your applications. It provides a robust framework for evaluating your AI applications and automating the assessment of their performance.

Monday 2025-03-10 Assorted Links
Assorted Links links
Published: 2025-03-10
Monday 2025-03-10 Assorted Links

Assorted links for Monday, March 10:

  1. Vector Databases: The Foundation of AI Agent Innovation
  2. NVMe-oF Substantially Reduces Data Access Latency

    NVMe-oF is a network protocol that extends the parallel access and low latency features of Nonvolatile Memory Express (NVMe) protocol across networked storage. Originally designed for local storage and common in direct-attached storage (DAS) architectures, NVMe delivers high-speed data access and low latency by directly interfacing with solid-state disks. NVMe-oF allows these same advantages to be achieved in distributed and clustered environments by enabling external storage to perform as if it were local.

  3. Why Observability Needs To Go Headless

    Many enterprises generate terabytes of log data every day, resulting in high costs to ingest, store and analyze that data. Even worse, many observability platforms are walled gardens, making it hard to use log data for use cases beyond observability, such as business intelligence, data science and machine learning.

    To solve both of these problems, it’s time for headless observability, a fresh approach that decouples the frontend (visualization, querying and analytics) from the backend (data ingestion and storage) — all while keeping operations simple.

  4. The Million-Dollar Problem of Slow Microservices Testing

    By shifting integration tests from the slow outer loop into the rapid inner loop, organizations can fundamentally transform their development process.

  5. Strobelight: A profiling service built on open source technology
    • We’re sharing details about Strobelight, Meta’s profiling orchestrator.
    • Strobelight combines several technologies, many open source, into a single service that helps engineers at Meta improve efficiency and utilization across our fleet.
    • Using Strobelight, we’ve seen significant efficiency wins, including one that has resulted in an estimated 15,000 servers' worth of annual capacity savings.
Friday 2025-02-28 Assorted Links
Assorted Links links
Published: 2025-02-28
Friday 2025-02-28 Assorted Links

Assorted links for Friday, Febuary 28:

  1. 5 Frameworks That Embrace Declarative State Management
  2. The Staging Bottleneck: Microservices Testing in FinTech

    A sandbox is a lightweight, isolated, production-like testing setup created dynamically from a shared baseline environment. Designed to replicate production conditions at a fraction of the cost and complexity, sandboxes effectively transform a single staging environment into multiple independent environments. By multiplexing the baseline staging setup, sandboxes provide tailored environments for individual engineers or QA teams without adding compliance risks or increasing maintenance burdens, as they inherit the same compliance and configuration frameworks as production.

  3. Why AI Agents Need an Operational Database
  4. Database Scalability and the Giant Flea: A Lesson in Complexity
  5. How GitHub uses CodeQL to secure GitHub
Thursday 2025-02-27 Assorted Links
Assorted Links links
Published: 2025-02-27
Thursday 2025-02-27 Assorted Links

Assorted links for Thursday, Febuary 27:

  1. The Engineer’s Guide to Controlling Configuration Drift

    Key techniques:

    • Infrastructure as Code (IaC)
    • Policy as Code (PaC)
    • Compliance as Code
    • Application Configuration Management
    • Configuration Checklist
    • Credential Management
    • Centralized Configuration Management
    • Environment Parity
  2. How Precision Time Protocol handles leap seconds
  3. Observability Isn’t Enough. It’s Time To Federate Log Data

    With data federation, you can query data across many different sources without moving it. With this approach, no additional pipeline is needed; there are no egress costs and none of the security risks that come with migrating data.

  4. Data logs: The latest evolution in Meta’s access tools

    We created data logs as a solution to provide users who want more granular information with access to data stored in Hive. In this context, an individual data log entry is a formatted version of a single row of data from Hive that has been processed to make the underlying data transparent and easy to understand.

  5. Open Source Redefines Data Platforms
Wednesday 2025-02-26 Assorted Links
Assorted Links links
Published: 2025-02-26
Wednesday 2025-02-26 Assorted Links

Assorted links for Wednesday, Febuary 26:

  1. What is observability 2.0?

    Key differences between traditional observability and observability 2.0

    • Data handling:
      • Traditional: Relies on separate tools for metrics, logs, and traces, creating silos and requiring manual correlation.
      • 2.0: Unifies telemetry data into a single platform, offering a comprehensive view of system health.
    • Problem detection:
      • Traditional Uses static thresholds and alerts that are often reactive and miss subtle issues.
      • 2.0: Employs AI and machine learning to identify anomalies in real-time, enabling proactive issue resolution.
    • Focus on context:
      • Traditional: Provides raw technical data without linking it to broader business outcomes.
      • 2.0: Maps telemetry data to business metrics, ensuring decisions align with organizational goals.
    • Scalability and adaptability:
      • Traditional Struggles with dynamic environments like Kubernetes and serverless, often requiring custom setups.
      • 2.0: Designed for dynamic scaling, adapts with ease to changes in cloud-native architectures.
  2. Cloud Native Computing Foundation Announces CubeFS Graduation

    CubeFS is an open source distributed storage system that supports access protocols such as POSIX, HDFS, S3, and its own REST API. It can be used in many scenarios, including big data, AI/LLMs, container platforms, separation of storage and computing for databases and middleware, data sharing, and more. Key features of CubeFS include a highly scalable metadata service with strong consistency and multi-tenancy support for better resource utilization and tenant isolation.

  3. What Developers Need to Know About Telemetry Pipelines

    A telemetry pipeline is a system that collects, processes and routes telemetry data (logs, metrics and traces) from various sources to the right monitoring and analysis tools. Instead of managing separate agents or collectors for different signals, a telemetry pipeline unifies data handling, making observability more efficient and scalable.

  4. What Are Linux Namespaces and How Are They Used?

    Namespaces restrict resources that a containerized process can see so that one process can’t see the resources being used by another. This feature is crucial to the likes of containers and orchestration tools such as Kubernetes because, otherwise, one deployed container would be able to access or view resources used by another.

  5. System Operators to Timekeepers: What Will Replace Leap Seconds?

    Earth’s rotation, for thousands of years, has mostly slowed, the biggest driver being the changing tides that come with the gravitational tug of the moon. Currents in the planet’s outer core, which scientists are still trying to figure out, also have slowed the spin. But the core can speed up the spin, too, which may be what’s been happening recently. Additional leap seconds have become a lot less frequent in the past two decades.