On Wednesday, web infrastructure provider Cloudflare announced a new feature called “AI
Labyrinth” that aims to combat unauthorized AI data scraping by serving fake AI-generated
content to bots. The tool will attempt to thwart AI companies that crawl websites without
permission to collect training data for large language models that power AI assistants like
ChatGPT.
All of a sudden, without any ostensible cause, Google Docs was flooded with errors. How it
took me 2 days and a coworker to solve the hardest bug I ever debugged.
Edera Protect is a suite of offerings bridging the gap between modern cloud native computing
and virtualization-based security techniques. To power this platform, we’ve built our own
container runtime designed to operate as a microservice, allowing it to run containers in a
fully programmatic way—similar to how the Kubernetes Container Runtime Interface (CRI) enables
container management through microservices.
I would like to announce a new high-performance PNG codec, which is much faster than other
available codecs written in C, C++, and other programming languages.
Today, on Pi Day (S3’s 19th birthday), I’m sharing a post from Andy Warfield, VP and
Distinguished Engineer of S3. Andy takes us through S3’s evolution from simple object
store to sophisticated data platform, illustrating how customer feedback has shaped every
aspect of the service. It’s a fascinating look at how we maintain simplicity even as
systems scale to handle hundreds of trillions of objects.
Earlier this month, we announced the general availability of custom instructions in
Visual Studio Code. Custom instructions are how you give Copilot specific context about
your team’s workflow, your particular style preferences, libraries the model may not
know about, etc.
In this post we’ll dive into what custom instructions are, how you can use them today to
drastically improve your results with GitHub Copilot, and even a brand new preview
feature called “prompt files” that you can try today.
In a post on X on Wednesday, OpenAI CEO Sam Altman said that OpenAI will add support for
Anthropic’s Model Context Protocol, or MCP, across its products, including the desktop app
for ChatGPT. MCP is an open source standard that helps AI models produce better, more relevant
responses to certain queries.
Microsoft’s six security agents will be available in preview next month, and are designed to
do things like triage and process phishing and data loss alerts, prioritize critical
incidents, and monitor for vulnerabilities.
In a new paper published Thursday titled “Auditing language models for hidden objectives,”
Anthropic researchers described how custom AI models trained to deliberately conceal certain
“motivations” from evaluators could still inadvertently reveal secrets, due to their ability
to adopt different contextual roles they call “personas.” The researchers were initially
astonished by how effectively some of their interpretability methods seemed to uncover these
hidden training objectives, although the methods are still under research.
After significant research and testing on dozens of actual SNES units, the TASBot team now
thinks that a cheap ceramic resonator used in the system’s Audio Processing Unit (APU) is to
blame for much of this inconsistency. While Nintendo’s own documentation says the APU should
run at a consistent rate of 24.576 Mhz (and the associated Digital Signal Processor sample
rate at a flat 32,000 Hz), in practice, that rate can vary just a bit based on heat, system
age, and minor physical variations that develop in different console units over time.
Time for me to write this blog post and prepare everyone for the implementation blitz that
needs to happen to make defer a success for the C programming language.
Solution files have been a part of the .NET and Visual Studio experience for many years now,
and they’ve had the same custom format the whole time. Recently, the Visual Studio solution
team has begun previewing a new, XML-based solution file format called SLNX. Starting in .NET
SDK 9.0.200, the dotnet CLI supports building and interacting with these files in the same
way as it does with existing solution files.
HybridCache is a new .NET 9 library available via the Microsoft.Extensions.Caching.Hybrid
package and is now generally available! HybridCache, named for its ability to leverage both
in-memory and distributed caches like Redis, ensures that data storage and retrieval is
optimized for performance and security, regardless of the scale or complexity of your
application.
Like sorting algorithms, hash table data structures continue to see improvements. In
2017, Sam Benzaquen, Alkis Evlogimenos, Matt Kulukundis, and Roman Perepelitsa at Google
presented a new C++ hash table design, dubbed “Swiss Tables”. In 2018, their
implementation was open sourced in the Abseil C++ library.
Go 1.24 includes a completely new implementation of the built-in map type, based on the Swiss Table design.
We are investigating a critical security incident involving the popular tj-actions/changed-files
GitHub Action. We want to alert you immediately so that you can take prompt action. This post
will be updated as new information becomes available.
A header-only C++ library that offers exceptionless error handling and type-safe enums, bringing
Rust-inspired error propagation with the ? operator and the match operator to C++.
Two years into the generative AI revolution, the LLMs that power tools like ChatGPT and Claude
have become startlingly powerful. However, according to Salesforce CEO Marc Benioff, they may be
reaching their limits. Per Benioff, the next evolution is not necessarily more intelligent LLMs
but autonomous AI agents that leverage LLMs to execute tasks independently.
About a month ago, the CPython project merged a new implementation strategy for their bytecode interpreter. The
initial headline results were very impressive, showing a 10-15% performance improvement on average across a wide
range of benchmarks across a variety of platforms.
Unfortunately, as I will document in this post, these impressive performance gains turned out to be primarily
due to inadvertently working around a regression in LLVM 19.
MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C
port for AI applications. Just as USB-C provides a standardized way to connect your devices to various
peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources
and tools.
A path traversal vulnerability arises when an attacker can trick a program into opening a file other than
the one it intended. This post explains this class of vulnerability, some existing defenses against it, and
describes how the new os.Root API added in Go 1.24 provides a simple and robust defense against unintentional
path traversal.
Monitoring Apache Spark structured streaming data workloads is challenging because the data
is continuously processed as it arrives. Because of this always-on nature of stream processing,
it is harder to troubleshoot problems during development and production without real-time
metrics, alerting and dashboards. Traces complement metrics, and since Spark doesn’t include
them by default, we integrate them using OpenTelemetry.
Meta’s Anti Scraping team focuses on preventing unauthorized scraping as part of our ongoing
work to combat data misuse. In order to protect Meta’s changing codebase from scraping attacks,
we have introduced static analysis tools into our workflow. These tools allow us to detect
potential scraping vectors at scale across our Facebook, Instagram, and even parts of our Reality
Labs codebases.
Campàs and his team drew inspiration from processes called fluidization and convergent extension—mechanisms
that cells in embryos use to coordinate their behavior when forming tissues and organs in a developing
organism. The team built a robotic collective where each robotic unit behaved like an embryonic cell. As a
collective, the robots behaved like a material that could change shape and switch between solid and liquid
states, just like the T-1000.
With its ability to simultaneously process different data types (think text, image, audio, video and more),
the continuing development of multimodal AI represents the next step that would help to further enhance a
wide range of tools — including those for generative AI and autonomous agentic AI.
Most applications rely on cloud SDKs to connect to services like message brokers, queues, databases, APIs
and more.
Rather than working directly with cloud SDKs, a better approach is to introduce a standardized layer between
applications and cloud services. This allows developers to interact with essential resources without being
tightly coupled to a specific provider’s SDKs. A framework like Dapr helps achieve this by providing a uniform
API for interacting with cloud resources.
The root cause of the EntrySign vulnerability is that the AMD Zen microcode signature verification algorithm uses
the CMAC function as a hash function; however, CMAC is a message authentication code and does not necessarily provide
the same security guarantees as a cryptographic hash function.
The weakness of using CMAC as a hash function is that anyone who has the encryption key is able to observe the
intermediate values of the encryption and calculate a way to “correct” the difference so that the final output
remains the same, even if the inputs are completely different.
While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript
file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.
Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and
removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing
websites that don’t monitor 3rd party dependencies in the browser of their users.
GitHub Copilot can streamline your debugging process by troubleshooting in your IDE, analyzing pull requests,
and more, helping you tackle issues faster and more robustly.
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find
passwords better because it understands context. This blog post will explore the technical challenges we faced
with building the feature and the novel and creative ways we solved them.
Want to get started with AI development, but not sure where to start? I’ve got a treat for you –
we have a new AI Chat Web App template now in preview.
With eBPF, we can process, filter, and act on data as it flows through the system — directly at the
kernel level. This architecture approach flips the centralized model on its head by embedding
decision-making directly into the system at the point where data is generated. This means that instead
of forwarding vast amounts of raw data for centralized processing, we can use intelligent,
kernel-embedded programs to analyze, process, and act on data exactly where it was generated in
real-time. By doing this, eBPF enables a shift from centralized, reactive decision-making to
distributed, proactive intelligence.
When sensing defeat in a match against a skilled chess bot, [advanced AI models] don’t always concede,
instead sometimes opting to cheat by hacking their opponent so that the bot automatically forfeits the game.
The Microsoft.Extensions.AI.Evaluations library is designed to simplify the integration of AI evaluation
processes into your applications. It provides a robust framework for evaluating your AI applications and
automating the assessment of their performance.
NVMe-oF is a network protocol that extends the parallel access and low latency features of Nonvolatile Memory Express (NVMe) protocol
across networked storage. Originally designed for local storage and common in direct-attached storage (DAS) architectures, NVMe
delivers high-speed data access and low latency by directly interfacing with solid-state disks. NVMe-oF allows these same advantages
to be achieved in distributed and clustered environments by enabling external storage to perform as if it were local.
Many enterprises generate terabytes of log data every day, resulting in high costs to ingest, store and analyze that data. Even
worse, many observability platforms are walled gardens, making it hard to use log data for use cases beyond observability, such
as business intelligence, data science and machine learning.
To solve both of these problems, it’s time for headless observability, a fresh approach that decouples the frontend (visualization,
querying and analytics) from the backend (data ingestion and storage) — all while keeping operations simple.
We’re sharing details about Strobelight, Meta’s profiling orchestrator.
Strobelight combines several technologies, many open source, into a single service that helps engineers at Meta improve
efficiency and utilization across our fleet.
Using Strobelight, we’ve seen significant efficiency wins, including one that has resulted in an estimated 15,000 servers'
worth of annual capacity savings.
A sandbox is a lightweight, isolated, production-like testing setup created dynamically from a shared baseline
environment. Designed to replicate production conditions at a fraction of the cost and complexity, sandboxes
effectively transform a single staging environment into multiple independent environments. By multiplexing the
baseline staging setup, sandboxes provide tailored environments for individual engineers or QA teams without
adding compliance risks or increasing maintenance burdens, as they inherit the same compliance and configuration
frameworks as production.