A first-person walkthrough of rewriting an embedded key-value store after a friend spotted that the lock-free ring buffer was writing to a slot before claiming ownership, with the rebuilt single-mutex version 76 lines smaller, more correct, and explicit about every tradeoff (fsync on every write, no.. read more  

Orca Security researchers identified four attack primitives in an AI coding-agent skills marketplace: install-count inflation without authentication, security scans at creation and popularity thresholds, same-name overrides without user alerts, and bulk updates without per-skill review or version pi.. read more  

The argument is that coding agents accelerate codebase decay by removing the natural speed limit on bad architectural decisions, compressing months of compounding mistakes into days. The defense is to invest ten times more in the planning phase, with concrete code snippets for the data models and ab.. read more  

A throwaway GitHub account compromised CNCF projectAntrea's Jenkins infrastructure on May 2 by opening a malicious PR and firing/test-*slash-commands that detonated the workflow against PR-fork code with credentials in scope. The same operator ran parallel campaigns against at least seven other proj.. read more  

Volume group snapshots reachedGAin Kubernetesv1.36, with the API promoted togroupsnapshot.storage.k8s.io/v1. The feature lets aVolumeGroupSnapshotobject take crash-consistent snapshots across multiple PVCs selected by label, removing the need to quiesce applications that span separate data and log v.. read more  

A vendor piece from Mirantis arguing that GPU multi-tenancy on Kubernetes is widely misrepresented, with most platforms shipping namespace-based isolation while production GPU clouds require hardware-enforced separation through MIG partitioning, cluster-per-tenant architecture, and DPU-based network.. read more  

Declarative validation graduated toGAin Kubernetesv1.36, replacing handwritten Go validation with+k8s:marker tags on field definitions... read more  

Alpha inv1.36, server-side sharded list and watch adds ashardSelectorfield toListOptionsso the API server uses an FNV-1a hash onmetadata.uidormetadata.namespaceto send each controller replica only its slice of the resource collection. This eliminates the cost of every replica deserializing the full .. read more  

Cloudflare engineers built an AI code review platform on OpenCode. They split GitLab integration, model providers, prompts, and policy into separate plugins. A coordinator assigns up to seven domain reviewers across security, performance, code quality, documentation, release checks, and AGENTS.md co.. read more  

Meta built an AI agent system internally called the AI Second Brain that now has over 63,000 installs and ~10,000 daily active users across engineering, PM, design, legal, finance, comms, and sales, growing from zero in roughly three months after a non-technical PM's adoption post. The architecture .. read more