InfoQ

Presentation: Theme Systems at Scale: How To Build Highly Customizable Software

Guilherme Carreiro — Mon, 01 Jun 2026 11:30:00 GMT

Shopify Staff Engineer Guilherme Carreiro discusses building and scaling highly customizable platforms. Using Shopify’s Liquid theme system as a case study, he explains how to balance extreme design flexibility with low-latency performance under massive traffic. He shares insights on implementing secure domain-specific languages, native code extensions, and resilient developer tooling.

By Guilherme Carreiro

Article: The AI Productivity Paradox in Test Automation: Moving Beyond Structural Validation to Perception and Intent

Amanul Chowdhury, Vinay Gummadavelli — Mon, 01 Jun 2026 11:00:00 GMT

The AI productivity paradox states that AI scales whatever abstraction it is built on. If that abstraction is structurally brittle, it scales structural brittleness. This article shows how, to build a future of reliable, AI-driven test automation, we must stop scaling DOM-centric abstractions and build a new testing paradigm grounded in perception and intent.

By Amanul Chowdhury, Vinay Gummadavelli

Podcast: Requirements Analysis for Architects: A Conversation with Sonya Natanzon

Sonya Natanzon — Mon, 01 Jun 2026 11:00:00 GMT

Michael Stiefel spoke to Sonya Natanzon, about the intersection of technical and social aspects of software architecture. Understanding the business and how a company operates is more important than the specific technologies used. Effective requirements analysis requires focusing on problems to be solved that describe good and bad outcomes, rather than statements of need or solution statements.

By Sonya Natanzon

A Trailing Slash Bypassed AWS API Gateway Authorization

Steef-Jan Wiggers — Mon, 01 Jun 2026 09:55:00 GMT

A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy route matching and its authorization layer. The same vulnerability class appeared in gRPC-Go via CVE-2026-33186.

By Steef-Jan Wiggers

DuckDB Quack: Client/Server Protocol over HTTP for Multi-User Analytics

Renato Losio — Sun, 31 May 2026 11:17:00 GMT

DuckDB has recently announced Quack, a new remote protocol over HTTP that lets multiple DuckDB instances connect to and work with the same database over a network. The protocol introduces client-server capabilities to a database that was previously mostly local and embedded.

By Renato Losio

Arm Open-Sources Metis, an AI Security Framework Outperforming Traditional SAST Tools

Sergio De Simone — Sat, 30 May 2026 19:00:00 GMT

Arm has open-sourced Metis, an agentic AI security framework designed to autonomously uncover complex software vulnerabilities. Unlike traditional pattern-based tools, Metis applies semantic reasoning to analyze cross-component dependencies and provides clear, natural language explanations for its findings.

By Sergio De Simone

Google Cloud Suspends Railway's Production Account, Causing Eight-Hour Platform-Wide Outage

Steef-Jan Wiggers — Sat, 30 May 2026 10:03:00 GMT

Google Cloud's automated systems suspended Railway's production account without notice, triggering an eight-hour platform-wide outage affecting 3 million users. The cascade took down workloads across all providers including AWS and bare metal because Railway's control plane was hosted on GCP. Railway is demoting GCP to backup-only status.

By Steef-Jan Wiggers

How Meta Rebuilt Data Ingestion for Petabyte-Scale Reliability

Renato Losio — Sat, 30 May 2026 06:01:00 GMT

The engineering team at Meta recently outlined how the company migrated a data ingestion platform that transfers several petabytes of MySQL social graph data daily to improve reliability and operational efficiency. The team used techniques like reverse shadowing and continuous checksum monitoring to ensure zero downtime during the transition.

By Renato Losio

AI-Assisted Migration Tool Helps Teams Move from ingress-nginx to Higress in Minutes

Craig Risi — Fri, 29 May 2026 12:00:00 GMT

The Cloud Native Computing Foundation has highlighted a new AI-assisted migration approach that enabled engineers to migrate 60 ingress-nginx resources to Higress in roughly 30 minutes, demonstrating how artificial intelligence is increasingly being applied to modernize Kubernetes networking and gateway infrastructure.

By Craig Risi

Presentation: Building Evals for AI Adoption: From Principles to Practice

Mallika Rao — Fri, 29 May 2026 12:00:00 GMT

Mallika Rao discusses the hidden risk of evaluation debt in production AI systems, drawing on her experience at Twitter, Walmart, and Netflix. She explains why traditional metrics fail modern architectures, breaks down a five-layer evaluation stack spanning infrastructure and UX, and shares a diagnostic maturity model to help engineering leaders eliminate silent semantic failures.

By Mallika Rao

GitHub Slashes Agent Workflow Token Spend up to 62% with Daily Audits and MCP Pruning

Mark Silvester — Fri, 29 May 2026 08:30:00 GMT

GitHub reports cutting token costs in agentic CI workflows by up to 62% by pruning unused MCP tools, swapping some MCP calls for gh CLI, and running daily “auditor” and “optimizer” agents. A token-usage.jsonl artefact and an Effective Tokens metric help track spend across models and spot regressions.

By Mark Silvester

Presentation: From Founding Engineer to CTO to CEO – At the Same Startup

Trisha Ballakur — Thu, 28 May 2026 12:33:00 GMT

Trisha Ballakur discusses her journey from a backend software engineer to CTO and CEO, using her startup Pointz as a case study. She explains how to implement bottom-up customer discovery to find product-market fit, effectively delegate to global contractors to reduce build times, customize open-source repos like Valhalla, and apply engineering test-case models to business development.

By Trisha Ballakur

Accountability is the Goal for AI, with EU Regulations Supporting Transparency

Ben Linders — Thu, 28 May 2026 11:08:00 GMT

AI bias mirrors human bias; both stem from our language and lived experiences. Ethics and AI are inseparable, but AI changes affordances, making harmful actions easier to carry out. The EU regulations apply to AI, since digital products are products. The ultimate goal is accountability: companies must ensure transparency, and laws should favor using the simplest AI that gets the job done.

By Ben Linders

Microsoft Announces Azure Linux 4.0, Its First General-Purpose Server Linux Distribution

Steef-Jan Wiggers — Thu, 28 May 2026 09:49:00 GMT

Microsoft announced Azure Linux 4.0 and Azure Container Linux at Open Source Summit. Azure Linux 4.0 is a Fedora-based general-purpose server distribution for Azure VMs, the first time Microsoft has offered a supported Linux beyond container hosting. Azure Container Linux is an immutable container-optimized host built on Flatcar.

By Steef-Jan Wiggers

Article: Stragglers, Not Failures: How Adaptive Hedged Requests Reduce p99 Latency by 74 Percent

Prathamesh Bhope — Thu, 28 May 2026 09:00:00 GMT

In fan-out microservice architectures, slow-but-completing requests accumulate across services and drive p99 latency far higher than per-service metrics suggest. This article presents an adaptive hedging mechanism that uses DDSketch for real-time quantile estimation, windowed rotation to handle distribution drift, and a token-bucket budget to prevent load amplification.

By Prathamesh Bhope