InfoQ - Development - News

Inside Google’s System for Coordinated A/B Testing Across Its Global Service Fleet

Leela Kumili — Wed, 03 Jun 2026 14:54:00 GMT

Google has shared details of its fleet wide large scale A/B experimentation system designed to standardize experiment assignment, exposure logging, and configuration propagation across distributed services. The approach enables consistent measurement across products, reduces experiment conflicts, and improves reliability of data driven decision making at scale.

By Leela Kumili

Node.js Moves to One Major Release Per Year, Starting with Node 27

Daniel Curtis — Wed, 03 Jun 2026 06:40:00 GMT

Node.js will change its release schedule starting with version 27 in October 2026, moving from two major releases per year to one. All releases will become Long-Term Support (LTS), removing the distinction between odd and even versions. An Alpha channel for early testing will also be introduced. This decision addresses maintenance challenges and aims to align with user needs.

By Daniel Curtis

Google Workspace CLI: Unified Command-Line Tool Built for Humans and AI Agents

Daniel Curtis — Tue, 02 Jun 2026 06:33:00 GMT

Google has released a new CLI for Google Workspace, offering a unified interface for various services like Drive, Gmail, and Calendar. Built in Rust, the tool dynamically adjusts to API changes and features over 100 bundled skills. It requires Node.js and a Google Cloud project for setup. Initial community feedback is mixed, highlighting both its dynamic capabilities and setup challenges.

By Daniel Curtis

Java News Roundup: OpenJDK JEPs, Hazelcast, Quarkus, Hibernate, Koog, JHipster, Introducing Endive

Michael Redlich — Mon, 01 Jun 2026 21:30:00 GMT

This week's Java roundup for May 25th, 2026, features news highlighting: lifecycle changes with two of the JEPs that were targeted for JDK 27; the GA release of Koog 1.0; point releases of Hazelcast, Quarkus, Hibernate and JHipster; the eighth milestone release of Spring AI 2.0; and introducing Endive, a JVM-native WebAssembly (Wasm) runtime.

By Michael Redlich

Shopify Reports 15X Faster Graphql Execution with Breadth First Engine

Leela Kumili — Mon, 01 Jun 2026 14:25:00 GMT

Shopify introduced GraphQL Cardinal, a new execution engine replacing depth-first traversal with breadth-first execution. The redesign improves large-scale GraphQL performance with up to 15x faster field execution, 6x lower GC overhead, and +4s P50 latency gains. It focuses on execution-layer efficiency and batched resolver processing for high-cardinality commerce queries.

By Leela Kumili

BadHost Vulnerability Exposes AI Agents, Evaluators, and LLM Gateways

Sergio De Simone — Mon, 01 Jun 2026 14:00:00 GMT

BadHost is a high-severity authentication bypass vulnerability in the widely used Python web framework Starlette, with 325 million weekly downloads. The flaw allows attackers to use malformed HTTP Host headers to bypass path-based access controls and access sensitive AI agent infrastructure, among other systems.

By Sergio De Simone

A Trailing Slash Bypassed AWS API Gateway Authorization

Steef-Jan Wiggers — Mon, 01 Jun 2026 09:55:00 GMT

A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy route matching and its authorization layer. The same vulnerability class appeared in gRPC-Go via CVE-2026-33186.

By Steef-Jan Wiggers

DuckDB Quack: Client/Server Protocol over HTTP for Multi-User Analytics

Renato Losio — Sun, 31 May 2026 11:17:00 GMT

DuckDB has recently announced Quack, a new remote protocol over HTTP that lets multiple DuckDB instances connect to and work with the same database over a network. The protocol introduces client-server capabilities to a database that was previously mostly local and embedded.

By Renato Losio

Arm Open-Sources Metis, an AI Security Framework Outperforming Traditional SAST Tools

Sergio De Simone — Sat, 30 May 2026 19:00:00 GMT

Arm has open-sourced Metis, an agentic AI security framework designed to autonomously uncover complex software vulnerabilities. Unlike traditional pattern-based tools, Metis applies semantic reasoning to analyze cross-component dependencies and provides clear, natural language explanations for its findings.

By Sergio De Simone

Google Cloud Suspends Railway's Production Account, Causing Eight-Hour Platform-Wide Outage

Steef-Jan Wiggers — Sat, 30 May 2026 10:03:00 GMT

Google Cloud's automated systems suspended Railway's production account without notice, triggering an eight-hour platform-wide outage affecting 3 million users. The cascade took down workloads across all providers including AWS and bare metal because Railway's control plane was hosted on GCP. Railway is demoting GCP to backup-only status.

By Steef-Jan Wiggers

GitHub Slashes Agent Workflow Token Spend up to 62% with Daily Audits and MCP Pruning

Mark Silvester — Fri, 29 May 2026 08:30:00 GMT

GitHub reports cutting token costs in agentic CI workflows by up to 62% by pruning unused MCP tools, swapping some MCP calls for gh CLI, and running daily “auditor” and “optimizer” agents. A token-usage.jsonl artefact and an Effective Tokens metric help track spend across models and spot regressions.

By Mark Silvester

Microsoft Announces Azure Linux 4.0, Its First General-Purpose Server Linux Distribution

Steef-Jan Wiggers — Thu, 28 May 2026 09:49:00 GMT

Microsoft announced Azure Linux 4.0 and Azure Container Linux at Open Source Summit. Azure Linux 4.0 is a Fedora-based general-purpose server distribution for Azure VMs, the first time Microsoft has offered a supported Linux beyond container hosting. Azure Container Linux is an immutable container-optimized host built on Flatcar.

By Steef-Jan Wiggers

Cloudflare Adds Support for Claude Managed Agents

Renato Losio — Thu, 28 May 2026 06:23:00 GMT

Cloudflare recently added support for Claude Managed Agents, allowing developers to run and manage Claude agents within Cloudflare. Developers can connect agents to private systems, choose their runtime environment, and monitor agent activity using Cloudflare services.

By Renato Losio

How LinkedIn Identified a Kernel Lock Contention Issue Causing Recurring System Freezes

Sergio De Simone — Wed, 27 May 2026 18:00:00 GMT

When LinkedIn engineers encountered short-lived, recurring outages where the database powering their user feed became unavailable and then recovered without leaving helpful traces, they had to devise a novel approach to uncover the root cause using off-CPU profiling with eBPF.

By Sergio De Simone

Azure Logic Apps Adds Sandboxed Code Interpreters to Agent Workflows

Steef-Jan Wiggers — Wed, 27 May 2026 09:45:00 GMT

Microsoft added sandboxed code interpreters to Azure Logic Apps, enabling agents within integration workflows to generate and execute Python, JavaScript, C#, and PowerShell in Hyper-V isolated sessions. Architects get full control over model selection per workflow. The capability positions Logic Apps as an agent platform for integration alongside Foundry and Copilot Studio.

By Steef-Jan Wiggers