AI 资讯
AWS Ships Claude Apps Gateway as Self-Hosted Control Plane for Claude Code and Claude Desktop
AWS and Anthropic have released the Claude apps gateway for AWS, a self-hosted control plane that centralizes identity, policy, telemetry, routing, and spend caps for Claude Code and Claude Desktop. The gateway runs as a single stateless container and routes inference to Amazon Bedrock or Claude Platform on AWS. By Steef-Jan Wiggers
开发者
Google Cloud Workbench Notebooks Extension Connects VS Code to Google Cloud's Jupyter Notebooks
The Google Cloud Workbench Notebooks extension for VS Code is a new tool that enables developers to connect their local IDE directly to managed Jupyter notebook environments on Google Cloud. By Sergio De Simone
AI 资讯
Linkerd 2.20 Delivers Smarter Traffic Management and Dramatic Efficiency Gains
The Linkerd community has announced the release of Linkerd 2.20, introducing a series of performance, observability, and traffic management enhancements that further strengthen the CNCF-graduated service mesh's position as a lightweight alternative for Kubernetes networking. By Craig Risi
开发者
Google's Genkit Ships Agents API with Detached Turns and Human-in-the-Loop for TypeScript and Go
Google released the Genkit Agents API in preview for TypeScript and Go. The open-source framework packages message history, tool loops, streaming, and state persistence behind a single chat() interface. Detached turns let agents work after clients disconnect. Interruptible tools provide human-in-the-loop control with anti-forgery validation on resume. By Steef-Jan Wiggers
AI 资讯
Diagnosing Cloudflare Blocks Before Changing Your Scraper
A scraper fails, someone swaps the User-Agent, someone else adds a proxy, then the job starts passing locally but fails again in CI. That usually happens because Cloudflare did not block “scraping” as one thing. It evaluated several signals, and each failure needs a different fix. This is about authorized automation: your own sites, customer-approved workflows, testing, monitoring, data access you are allowed to perform. If you do not have permission to automate against a site, changing fingerprints or rotating IPs does not make it okay. Start with the failure you actually see Cloudflare failures often get collapsed into “403”, but the page body matters. Common cases: Error 1020 : usually an access denied page from a Cloudflare rule or bot score decision. The HTTP status may still be 403, so inspect the HTML. 403 without a 1020 page : often IP reputation, firewall rules, geo restrictions, or an auth problem. 429 : rate limit exhaustion. Slowing down can help here, but it will not fix a fingerprint problem. Endless Just a moment... page : your client did not complete the browser-side challenge. CAPTCHA or Turnstile loop : Cloudflare still considers the session borderline after earlier checks. Add classification before you add workarounds. Even a basic classifier saves time: import time import requests CLOUDFLARE_MARKERS = { " 1020 " : " cloudflare_access_denied " , " Just a moment " : " cloudflare_js_challenge " , " cf-turnstile " : " cloudflare_turnstile " , " cf-error-code " : " cloudflare_error_page " , } def classify_response ( resp : requests . Response ) -> str : body = resp . text [: 5000 ] if resp . status_code == 429 : return " rate_limited " for marker , label in CLOUDFLARE_MARKERS . items (): if marker in body : return label if resp . status_code == 403 : return " forbidden_unknown " return " ok " if resp . ok else f " http_ { resp . status_code } " def get_with_backoff ( url : str , max_attempts = 4 ): for attempt in range ( max_attempts ): resp = request
AI 资讯
Four Eras of Cloud Security. Same Verb.
✓ Human-authored analysis; AI used for formatting and proofreading. Scott Piper published a twenty-year retrospective on cloud security research in March 2026. It's the most useful structural history of the field I've seen — four eras, each with defining milestones, each with the tools and research that shaped cloud security. If you work in cloud security, read it first. What follows is a question about what the history reveals when you examine one detail it doesn't discuss. The four eras Piper divides two decades into four eras: 2006–2016, Foundational. Cloud providers built the security primitives — IAM (2011), CloudTrail (2013), Organizations and SCPs (2016). Before these existed, there was no mechanism for least privilege, no audit trail, and no organizational boundary. Security research in this era was part-time work from people with broader careers. 2016–2021, CSPM. Cloud security became a full-time job. CIS Benchmarks standardized what to check. Open-source tools proliferated — Prowler, CloudMapper, Pacu, Cloud Custodian, ScoutSuite. Cloud security during this time largely meant deploying a CSPM. 2021–2025, CNAPP. Point solutions gave way to platforms. Vendors integrated CSPM with container scanning, vulnerability management, and workload protection into a single product category. Research teams at vendors began finding cross-tenant vulnerabilities in the cloud providers themselves. 2025–present, AI. AI accelerates both attack and defense. Exploits that required deep language expertise are generated in minutes. A CTF challenge was solved by an AI within minutes of release. The industry is speed-running the cloud eras. This is a well-evidenced narrative. Every era is defined by a change in what tools could do and who was building them. The verb that didn't change Look at what each era's defining tools do. The direct action each tool performs on its direct object. In the CSPM era, the defining tools match API responses against rule databases. Prowler, ScoutSuit
AI 资讯
Privatise your Data Streams with Bring Your Own Cloud (BYOC)
TL;DR Traditional SaaS streaming requires exporting sensitive data to a vendor cloud, creating security risks and egress costs. BYOC reverses this model by running the data plane inside the customer’s cloud while the vendor manages the control plane. This keeps data within the enterprise perimeter while still providing a managed platform. Condense builds on this model with AI-driven automation, unified monitoring, and marketplace deployment, enabling private, compliant, and cost-efficient real-time data streaming. The enterprise data landscape is currently defined by a conflict between real-time AI data streaming utility and the strict requirements of data sovereignty . For years, the standard SaaS model forced a compromise. To access premium analytics, companies had to export sensitive telemetry to a vendor cloud. This created massive cloud egress costs and introduced significant security vulnerabilities. Bring Your Own Cloud (BYOC) for data streaming platforms has emerged as the professional solution to this dilemma. It allows a business to keep data within its own perimeter while benefiting from a fully managed, high-performance ecosystem. The BYOC Architecture: Privacy by Design An experienced analyst views BYOC as a clean separation of concerns. The architecture splits the environment into two distinct layers to ensure raw data never leaves the authorized environment. SaaS Control Plane: This is the management layer hosted by the provider. It handles the brain of the operation. It manages orchestration, user access, and pipeline configuration without ever seeing the actual data packets. Private Data Plane: This is the muscle. The managed Kafka clusters , Kubernetes (K8s) nodes, and storage engines like ClickHouse live inside the customer Virtual Private Cloud (VPC) . By keeping the data plane inside the customer perimeter, telemetry collection remains private. This architecture is the most direct path to satisfying internal security audits and global regulatory
AI 资讯
Hyperscalers Are Building the Digital World Like It’s 2015 — And It Shows
I didn’t set out to diagnose hyperscalers. I wasn’t doing a grand industry analysis. I wasn’t mapping global architecture. I wasn’t trying to understand cloud strategy. I was just trying to use a popular software provider — and everything kept breaking. Every time something failed, I followed the thread. And every thread led to the same architectural gap. Eventually I realised I hadn’t been analysing hyperscalers at all. I’d accidentally mapped the substrate failure across the entire industry. Once you see the pattern, you can’t unsee it. Across Microsoft, AWS, Google, and Meta, the same structural drift appears: meaning drift identity drift trust drift state drift execution drift provenance drift agentic drift Different companies. Different stacks. Different histories. Same substrate gap. And it’s not just me. The world is waking up to these problems too. Vendor lock in isn’t just a technical nuisance anymore — it’s becoming a public conversation. People are asking why their money keeps disappearing into the same handful of providers. Organisations are asking why their systems collapse the moment they try to leave. Governments are asking why critical infrastructure depends on architectures they cannot inspect, cannot govern, and cannot reproduce. What started as a personal frustration with a popular software provider turns out to be the same structural issue everyone else is now discovering. And sovereignty is entering the conversation — not as a political slogan, but as an architectural question. When national systems depend on fragmented substrates owned by a tiny cluster of vendors, sovereignty becomes a structural issue. The question isn’t “who controls the cloud?” It’s “who controls the substrate the cloud is built on?” Follow the thread far enough and you reach a scenario nobody wants to think about: what happens in a moment of global stress when a hyperscaler’s fragmented substrate becomes a single point of failure? Not a political crisis — a structural one.
AI 资讯
Article: Removing a Hidden Round Trip from a Multi-Region AWS API
When a series of regional outages forced a rethink of a multi-region AWS API, the team discovered that an obstacle to global failover was hiding in plain sight: a pre-flight discovery call baked into every client session years earlier as the only available option. This article describes what it took to remove it, and what the rollout actually cost. By Suresh Gururajan
AI 资讯
Architecting Kubernetes Deployments with Python
Python is an excellent language for automating cloud infrastructure, but the official Kubernetes Python client leaves developers with an important architectural decision: Where should Kubernetes manifests live? Should they be constructed directly with Python objects? Embedded as multiline strings? Or stored as external files and rendered at runtime? Each approach works, but they have very different implications for readability, maintainability, and long-term operational cost. The key is recognizing that deployment logic and platform configuration evolve on different lifecycles. Your deployment code, the part that authenticates to Kubernetes, renders templates, and applies resources, may remain unchanged for months. Your manifests, however, often change weekly as applications evolve, resource limits are tuned, cloud-provider annotations are added, or networking requirements change. When those two concerns are tightly coupled, even a configuration, only change forces you to modify, test, and redeploy the delivery or application code itself. Over time, this increases maintenance costs, slows platform changes, and makes configuration drift and production mistakes more likely. This is a familiar software engineering principle: separate concerns that evolve independently. The same thinking that keeps application configuration separate from executable code also applies to Kubernetes manifests. Treating manifests as first-class configuration artifacts allows them to evolve independently from the Python code that delivers them. In this article we'll compare three ways of deploying Kubernetes resources with the official kubernetes-python-client , ranging from tightly coupled implementations to a design that cleanly separates deployment logic from platform configuration. The Landscape at a Glance The comparison below assumes a common application deployment scenario, where the desired state is largely known ahead of time. Controllers and Operators have fundamentally different r
AI 资讯
DORA Metrics Measure Delivery Health. What Measures Security Posture Health?
✓ Human-authored analysis; AI used for formatting and proofreading. Delivery teams have DORA. Four metrics — deployment frequency, lead time for changes, mean time to restore, change failure rate that predict whether a team is shipping well. Thoughtworks recently added a fifth: rework rate, measuring how much of the pipeline is consumed by fixing work previously considered complete. These metrics changed how delivery organizations operate. Because they're leading indicators. They tell you the trajectory before the outcome arrives. A team with increasing lead times is heading for trouble. A team with rising rework rate is accumulating debt. You see it in the metrics before you see it in the incidents. Security teams have no equivalent. What security teams measure today Finding counts. "We found 247 misconfigurations this quarter." More scanning produces more findings. A team that scans more frequently or adds a new tool sees the number go up which looks worse even if posture is improving. Finding counts measure scanning effort, not security health. Compliance percentages. "We're 94% compliant with CIS Benchmarks." This measures the last audit, not the current trajectory. A team at 94% today might be at 87% next week if three Terraform changes introduced misconfigurations. The percentage is a snapshot, not a trend. It rewards breadth of coverage over depth. 94% across 200 checks sounds better than 100% across 50 checks, even if the 50 are the ones that matter. Incident counts. "We had two security incidents this quarter." This is a trailing indicator. It measures failures that already happened. A team with zero incidents might have excellent posture or might have excellent luck. You can't tell. By the time the count goes up, the damage is done. None of these answer the question delivery teams answer with DORA: are we getting better, and how fast? The mapping The five DORA metrics adapt directly to security posture. The definitions are concrete and measurable from eval
AI 资讯
How I Built ProjectHub: An Embeddable AI Recruiter Assistant That Runs on Free Tiers
I built a chat widget for my portfolio. One script tag, drop it on a page, and recruiters can ask questions about my projects, my AWS internship, what I actually know, and what kind of roles I'm looking for. I named the assistant Scout. <script src= "https://bradleymatera.github.io/ProjectHub/ProjectHub.js" ></script> That's the whole pitch from the outside. What it took to get there is a lot messier than one script tag suggests. The current version has a vanilla JS frontend, a Node backend on a Google Cloud e2-micro VM, a knowledge base pulled from GitHub, a network of free LLM providers, a response cache, per-tab memory, safety checks, a self-improvement loop, and an analytics dashboard. It also has six test suites and more documentation than I expected. The one rule I kept coming back to: it had to stay useful without me paying for AI traffic. Why I built this in the first place My portfolio is scattered. Projects live on GitHub, demos live on various subdomains, blog posts are on the site, certifications are listed somewhere, and my actual AWS internship experience is explained in a few different places. A motivated recruiter could piece it all together, but most recruiters are not motivated. They are busy. I realized I was asking them to do homework. That seemed backwards. So I thought, what if they could just ask? Scout is supposed to answer straight questions like "What is Bradley's strongest project?" or "Does he actually have production AWS experience?" or "What does he want to be paid?" It doesn't pretend to be me, doesn't inflate my title, and doesn't try to sell me as a senior engineer when I'm not one. It just answers from verified stuff. The architecture Three layers. Site loads one script. The script hits the backend. The backend either answers from the knowledge base or falls through to free LLM providers. flowchart TD A[Website or portfolio] -->|loads one script| B[ProjectHub widget on GitHub Pages] B -->|POST /api/chat| C[Node.js API on a GCP e2-mi
AI 资讯
Open Knowledge Format: Google quiere estandarizar cómo le damos contexto a la IA (y varios dicen que reinventó la wiki)
El 12 de junio de 2026, Google Cloud publicó el Open Knowledge Format (OKF) , una especificación abierta que intenta resolver un problema que suena aburrido pero es carísimo: cómo darle a un agente de IA el contexto que necesita para no inventar. La propuesta es tan simple que da un poco de desconfianza —una carpeta de archivos Markdown con un encabezado YAML— y esa simpleza es, al mismo tiempo, su mayor virtud y el blanco de todas las críticas. Vale la pena entender qué anuncian, porque detrás del formato aparentemente trivial hay una apuesta bastante ambiciosa sobre cómo van a compartir conocimiento las empresas en la era de los agentes. El problema: el conocimiento vive en silos En casi cualquier organización, lo que un modelo necesita saber está desparramado y encerrado en formatos incompatibles: catálogos de metadatos con APIs propietarias, wikis internas, comentarios de código, docstrings, celdas de notebooks y —el clásico— la cabeza de dos o tres ingenieros senior. Cuando un agente tiene que responder algo tan concreto como "¿cómo calculo los usuarios activos semanales a partir del stream de eventos?" , tiene que ensamblar la respuesta juntando pedacitos de superficies que no se hablan entre sí. El resultado: cada equipo que arma un agente resuelve el mismo rompecabezas desde cero, y el conocimiento queda preso del sistema que lo generó. No hay portabilidad. La propuesta: un formato, no una plataforma La respuesta de Google no es "otro servicio de conocimiento en la nube" —y ese es el punto que más recalcan—. Es un formato . OKF v0.1 representa el conocimiento como: Solo Markdown : legible en cualquier editor, renderizable en GitHub, indexable por cualquier buscador. Solo archivos : se transporta como un tarball, se hospeda en cualquier repo git, se monta en cualquier filesystem. Solo frontmatter YAML : campos consultables como type , title , description , resource , tags y timestamp . Cada "concepto" (una tabla, un dataset, una métrica, un runbook) es un arc
AI 资讯
Why Your EWS Impersonation Suddenly Stopped Working (And It's Probably Not Throttling)
Two months ago I picked up a ticket that looked routine: a job that reads mailbox data from Microsoft 365 through EWS, running fine for over a year, started failing on a subset of mailboxes in one tenant. Same app registration, same code path, same service account. The error in the logs pointed at throttling, so that's where the admin had already spent three days looking. Wrong direction. The actual cause had nothing to do with throttling budgets. This mix-up happens constantly right now, and it's worth understanding why, because the fix for one problem does nothing for the other, and chasing the wrong one wastes days. TL;DR: if your EWS failures don't scale with request volume, stop tuning throttling and go check your Application Access Policy scope groups instead. What EWS throttling actually looks like Exchange Online throttles EWS the same way it always has: budget-based. Every account gets a policy (the default is EwsDefaultThrottlingPolicy , but plenty of tenants layer custom ones on top) that tracks a slowly-refilling budget rather than a simple call count. When you overspend it, you get back a 503 or 429 with an X-MS-Diagnostics header telling you which budget got exhausted, usually the connection count or the concurrent-request limit. The tell for real throttling is consistency. It scales with load, correlates with concurrency and batch size, and clears up within minutes once you back off. If you graph failure rate against request volume, you'll see a clean relationship. If you double your batch size, failures increase. If you throttle yourself proactively (respecting Retry-After , staying under EWSFindCountLimit for FindItem calls), it mostly goes away. That correlation is the whole diagnostic test. If your failures don't scale with volume, you're not looking at a throttling problem, no matter what the error message on the surface says. What actually changed Over the past year or so, Microsoft tightened enforcement in two places that both produce errors ea
AI 资讯
Cloudflare Introduces Temporary Accounts for Autonomous Worker Deployment
Cloudflare has recently introduced temporary accounts that let AI agents deploy Cloudflare Workers immediately, without first creating or authenticating with a permanent account. If left unclaimed, the accounts and their deployments expire automatically after 60 minutes. By Renato Losio
开发者
Article: Trade-Offs in Multi-Region Architectures: Latency vs. Cost
Adding cloud regions changes latency and cost in ways simple math can't capture. This article presents a framework from multiple launches: decompose your latency budget before committing to infrastructure, choose deployment patterns by consistency and traffic profile, and optimize before expanding. A phased approach cut latency 35% through routing alone, before a new region brought it under 60ms. By Uttara Asthana
AI 资讯
How I Built an AI Decision Copilot to Help India Prepare for the 2026 El Niño Crisis
Building an explainable AI platform that helps district administrators allocate resources and farmers make better crop decisions using Gemini, Vertex AI, BigQuery, and Google Cloud. Climate disasters are not just weather events. They are decision problems. When forecasts predict a strong El Niño, governments do not simply need more data. They need answers to questions like: Which districts will be affected first? Where should limited water resources be sent? Which crops are likely to fail? What should farmers sow instead? Why is the AI recommending this action? Existing dashboards provide plenty of charts. Very few provide decisions. That became the motivation behind El Niño 2026 Decision Copilot , an AI-powered decision intelligence platform built during the Google Cloud Gen AI Academy APAC Hackathon . The Problem India depends heavily on the monsoon. A severe El Niño can lead to: Rainfall deficits Reservoir depletion Groundwater stress Crop failures Rising food prices Rural employment challenges The information already exists across dozens of government portals, weather services, satellite datasets, and agricultural reports. The challenge is that it is scattered. District collectors do not have time to manually combine: Weather forecasts NDVI satellite imagery Reservoir levels Mandi prices Contingency plans Drought indicators Farmers face an even bigger challenge. Most need a simple answer: Given my district, should I plant the usual crop this season? The Goal Instead of building another dashboard, I wanted to build an AI system that reasons over multiple data sources and produces explainable recommendations. The platform serves two audiences through the same intelligence engine. District Administrators They receive: District risk scores Interactive risk maps Reservoir outlook Crop stress indicators Resource allocation recommendations AI-generated explanations Instead of simply showing that a district has high risk, the system explains why . Farmers Farmers intera
AI 资讯
Salesforce Education Cloud: A Modern Alternative to EDA
Executive Summary The Salesforce Education Data Architecture (EDA) has served educational institutions well for over a decade as a free, community-supported managed package. However, with the 2023 launch of the reimagined Education Cloud—built natively on the Salesforce core platform—institutions now face a strategic choice about their CRM foundation . While EDA remains supported and continues to function effectively, Education Cloud represents a fundamental architectural shift that offers significant advantages in simplicity, scalability, and access to innovation . This paper examines why Education Cloud is demonstrably easier to implement and maintain compared to its predecessor, addressing the key differences in architecture, data model, and ongoing operations. 1. The Architectural Advantage: Built-In vs. Bolted-On 1.1 EDA: A Managed Package on Top of Salesforce EDA is a managed package installed on top of the Salesforce core platform . As a managed package, it creates additional layers of complexity: Installation and Updates: EDA requires separate package installations and updates that can lag behind Salesforce's native release cycle Namespace Conflicts: The managed package introduces its own namespace, potentially creating compatibility issues with other tools Translation Limitations: EDA's localization has documented issues, including a known problem where the Preferred Phone functionality fails when users switch to languages other than English Record Type Validation Bugs: Deactivating an account record type can block contact creation—a validation error that requires manual workarounds 1.2 Education Cloud: Native to the Core Platform Education Cloud represents a fundamentally different approach. Rather than being a package installed on Salesforce, Education Cloud is built directly on the Salesforce core platform . Key Advantages: No Package to Install: Education Cloud runs natively on the Salesforce core platform, eliminating the need for separate managed pack
AI 资讯
I Migrated 26 AI Models to Google Cloud Agent Platform (And Cut Costs 90%)66
Google AI recently became the official AI Model and Platform Partner of DEV Community. As someone building an AI routing platform, I paid attention. Google's Gemini Enterprise Agent Platform (formerly Vertex AI) promises enterprise-grade AI agent orchestration — and with the DEV partnership, there's never been a better time to explore it. In this article, I'll share how I integrated Google Cloud's Agent Platform with my existing AI router (built on Neon PostgreSQL), what I learned about Gemini's enterprise capabilities, and why the Google AI + Neon + Algolia trifecta is the ideal stack for AI-first applications in 2026. Why Google Cloud's Agent Platform? The Gemini Enterprise Agent Platform is Google's answer to the question: "How do I orchestrate multiple AI agents in production?" It provides: Pre-built agent templates for common workflows (customer support, code review, data analysis) Grounding with Google Search — your agents can cite real, current sources Context caching — reduce costs by reusing conversation context across turns Multimodal understanding — Gemini processes text, images, audio, and video in one call Enterprise security — VPC controls, data residency, IAM integration For QuantumFlow AI (my AI routing platform), the Agent Platform solved a critical problem: how to orchestrate 26 different AI models without building a custom orchestration layer from scratch. The Architecture: Google Cloud + Neon + Next.js Here's the stack I built: User Request → Google Cloud Agent Platform (Gemini orchestration) → QuantumFlow Router (selects optimal model) → Local models (Ollama — free, sovereign) → Cloud models (GPT-4o, Claude, DeepSeek, Gemini) → Neon PostgreSQL (logs, analytics, cost tracking) → Algolia (search across all AI responses) Why Neon (DEV's Database Partner)? Neon is dev.to's official database partner, and for good reason. It's serverless PostgreSQL with: Database branching — create a full database copy in seconds (like git for data) Bottomless storage
AI 资讯
AlloyDB Ships Proxy Models That Replace LLM Calls with Local Inference Inside the Database
Google shipped AlloyDB AI functions GA with a proxy model architecture that trains a lightweight local model from LLM outputs, then runs queries at database speed without external calls. Smart batching delivers 2,400x throughput improvement. The proxy model reaches 100,000 rows per second in preview, but benchmark numbers apply only to ai.if in internal testing. By Steef-Jan Wiggers