The Pragmatic Engineer

Today's free issue is the first-of-its kind of survey on GenZ software engineers... from GenZ devs themselves! Including how they see their "older" colleagues. Read the full issue for interesting (and sometimes amusing) observations. It might change how you think about the youngest folks to enter the software engineering workforce: https://lnkd.in/eD2aZeM8

How do AI software engineering agents work? No better place to start than "at the source:" the state-of-the-art open source AI coding agent: SWE-bench has quietly become the industry standard AI coding agent benchmark. The team behind SWE-bench built SWE-agent (at release, state-of-the-art open source AI agent) and with Ofir Press (a member of the team building SWE-bench and SWE-agent), we dive deep on how it works: Read the deepdive here: https://lnkd.in/e3Ha39Rz

Oxide is a very ambitious startup: they are building their own "cloud computer" hardware, complete with their software stack. The team shared how they built two separate servers from scratch (and why) which powers their "cloud computer." Today's issue is a deepdive, with input from CTO Bryan Cantrill and other Oxide team members. It's also a peek behind the scenes on what it takes to build a fully custom server, in a way that very few companies have ever done before (and you cannot buy those servers from Big Tech companies like Meta or Google!) Read it here: https://lnkd.in/eYv35SF6

How did Cloudflare not notice an additional 12M requests/second hitting their services? Cloudflare engineering director Benjamin Yule shared this interesting non-event (in the photo below). I have so many questions as 12.5 million requests per second is a huge load! A few thousand requests per second is usually considered high, and handling a load in the millions surely requires thousands of servers (if not more!) to be spun up to handle it. How much load a single server can handle depends on how long a request takes to handle, how much memory a request uses, and then calculating whether a request is limited in CPU or memory. Whichever resource (CPU capacity or memory) runs out first determines a server’s maximum load. You can push things pretty far with clever workarounds; it’s how the WhatsApp team served 2 million requests per second on a server with 24 cores and 100GB RAM, back in 2012! (Details here: https://lnkd.in/e6nUbzRN) In this case, Cloudflare soaked up the load by using Cloudflare Workers, a serverless application platform, which spun up 40,000 CPU cores (an average of 320 requests/second per CPU core.) The tweet (https://lnkd.in/eGxiCSD4) says the Cloudflare Workers team didn’t even notice the increase, which suggests they could be handling 50-100x more load on the service! If we assume a 100x load, that could mean operating 4 million CPU cores or more simultaneously, just for Workers. By comparison, we previously covered travel booking service Agoda operating a total of 300,000 physical cores and 600,000 virtual ones (we covered more on Agoda's private cloud: https://lnkd.in/ehD8m-22) It’s likely Cloudflare is operating more than 10x this number. Realistically, they probably have far far more than 10x! --- This was one out of several topic covered in this week's The Pulse. Subscribers can read the full issue here: https://lnkd.in/eUtSTVz4

Bluesky is a Twitter-alternative. It launched two years ago, and has already grown to an impressive 5.5 million registered users: with only ~10 developers building it. But how was it built? With Elin Nilsson we spent the last couple of weeks talking with Paul Frazee and Daniel Holmgren (two founding engineers at the startup) to get a sense of how this platform went from zero to where it is today. A few interesting notes: - The core of the protocol and app were built by 2-3 engineers over 9 months - Bluesky moved from AWS to on-prem for cost-saving and performance reasons - The team migrated from PostgreSQL to... SQLLite! For maintainability and performance reasons. And they are very happy with this move. Read the details in today's free deepdive: https://lnkd.in/ezqHQvND

Five myths about security engineering that software engineers should probably know: 1. Security is only the responsibility of security engineers. False! 2. Security through obscurity is sufficient. False! 3. More security measures makes software more secure. Not always! 4. Once secure, always secure. False! 5. Penetration testing by itself ensures security. False! For a deepdive into security engineering, see today’s issue by security engineer Nielet D'Mello. Read it here: https://lnkd.in/dJXvWsDN

It is now day 5 of an Italian bank’s systems being down, hard, following a system upgrade over the weekend. It’s hard to resist asking the question: Could the underlying reason be: “Spaghetti code”? On a more serious note, we cover more details and analysis in today’s bonus The Pulse issue. Read it here: https://lnkd.in/ey_raKG5

What is the latest generation of software engineers - GenZ - like at the workplace? Here are some observations: We go into this underexplored topic, with help input from more than 60 "older" tech professionals. Read the findings here: https://lnkd.in/ejSZwQr2

Being a founding engineer at an early-stage startup is a vastly different, broader role than many people think. What are approaches to succeed in this role, and things to watch out for? "Serial" founding engineer Apurva Chitnis shares lessons and advice: Read it here: https://lnkd.in/d-K4H4gA

We could see major changes to common software engineering practices, partially thanks to the end of 0% interest rates (amongst others). Changes like: Read what these changes could be, and why: https://lnkd.in/e6QDFXuq