programming

I asked 100 devs why they aren't shipping faster: The author gathered insights from 100 software engineers from major companies such as Google, Amazon, Meta, and Stripe, among others. The central question posed to these engineers was, "What’s stopping you from shipping faster?" The responses, almost immediate and sharply focused, revealed a common frustration with build, compile, and deployment times. However, the issues span broader than just delays in mechanical processes.

Minimizing on-call burnout through alerts observability: Cloudflare explores the subject of alert observability, highlighting its role in significantly diminishing on-call burnout by enhancing the efficiency and effectiveness of alert systems. The article details how Cloudflare employs observability tools to obtain insights into their alerting framework, which includes multiple Prometheus instances throughout their global infrastructure, all managed by Alertmanager.

Welcome to the Microsoft for Go Developers Blog!: Microsoft has officially launched the "Microsoft for Go Developers Blog," a dedicated platform aimed at keeping Go developers informed about Microsoft's initiatives with the Go programming language, particularly in relation to deploying Go workloads on Azure and Go programming within the Microsoft ecosystem.

web

Formal Methods: Just Good Engineering Practice?: The keynote delivered at TLA+ conf 2024 highlights that using formal methods can improve not only the reliability but also the performance of software by enabling developers to explore and verify optimizations early in the design phase. This approach supports building systems that are not only correct in function but also optimized for performance without compromising safety or efficiency.

How web bloat impacts users with slow devices: Dan Luu highlights the significant impact of web bloat on users with slow devices, providing a detailed analysis through comparisons across different types of websites on various devices. The primary issue addressed is the disparity between CPU performance and internet bandwidth growth, emphasizing that while the latter has seen substantial increases, CPU performance hasn't kept pace, particularly affecting users with lower-end devices.

Demystifying Screen Readers: Accessible Forms & Best Practices: Demonstration of navigating a web form using VoiceOver, showing practical applications of the discussed principles. This comprehensive guide not only educates web developers on making accessible forms but also provides tools and techniques to enhance usability for all users.

cyber security

Attempted Audio Deepfake Call Targets LastPass Employee: LastPass recently reported an attempted security breach involving an audio deepfake impersonating the company's CEO. The incident involved a series of calls, texts, and at least one voicemail using deepfake audio technology to mimic the CEO's voice, aiming to trick an employee into potentially compromising behavior.

Vulnerabilities for AI and ML Applications are Skyrocketing: The number of zero-day vulnerabilities related to artificial intelligence (AI) and machine learning (ML) applications has seen a dramatic increase, with reports indicating that the figure has tripled since November 2023. According to Protect AI’s huntr community, which consists of over 15,000 maintainers and security researchers, 48 significant vulnerabilities were identified in April 2024 alone.

Critical PuTTY Vulnerability: CVE-2024-31497 pertains to a vulnerability in PuTTY versions 0.68 through 0.80 before the release of version 0.81. The issue involves biased ECDSA nonce generation, which could potentially allow an attacker to recover a user's NIST P-521 private key. This vulnerability could have serious implications as it may enable unauthorized access to secure sessions and the interception of sensitive data.

artificial intelligence

Introducing Meta Llama 3: The most capable openly available LLM to date: Meta has introduced Llama 3, a highly capable large language model (LLM) designed to handle complex tasks across various domains. Llama 3 integrates improvements in model architecture, data training, and instruction fine-tuning to deliver unparalleled performance in AI applications.

PuTTY SSH client flaw allows recovery of cryptographic private keys: The CVE-2024-31497 pertains to a vulnerability in PuTTY versions 0.68 through 0.80 before the release of version 0.81. The issue involves biased ECDSA nonce generation, which could potentially allow an attacker to recover a user's NIST P-521 private key. This vulnerability could have serious implications as it may enable unauthorized access to secure sessions and the interception of sensitive data.

Open-source LLM startup Mistral AI reportedly seeking new funding at $5B valuation: Mistral AI, an open-source large language model (LLM) startup based in Paris, is reportedly engaging with investors to secure new funding at a valuation of $5 billion. The company's recent activities have included several successful funding rounds, collectively raising over $500 million, showcasing rapid growth and increased valuation from $2 billion in December to the proposed $5 billion.

BOOK OF THE WEEK

The Engineering Executive's Primer: As an engineering manager, you almost always have someone in your company to turn to for advice: a peer on another team, your manager, or even the head of engineering. But who do you turn to if you're the head of engineering? Engineering executives have a challenging learning curve, and many folks excitedly start their first executive role only to leave frustrated within the first 18 months.

Share Weekly Engineering Newsletter