Akamai and Apiiro Expand Partnership on Application Security Posture Management (2 minute read)
Akamai Technologies and Apiiro expanded their partnership to deliver an integrated application security platform that unifies API security, ASPM, and runtime protection across the entire software development lifecycle. By combining Akamai's security intelligence with Apiiro's posture management, enterprises gain complete visibility, context-driven risk correlation, and prioritized remediation to modernize application security and reduce business risk.
|
Introducing the React Foundation: The New Home for React & React Native (3 minute read)
React and React Native are moving under a new React Foundation, hosted by the Linux Foundation, to ensure independent, community-driven governance. The foundation will manage React's infrastructure, conferences, and ecosystem support, while technical direction remains with maintainers and contributors through a separate structure. Meta is committing over $3 million and a five-year partnership to support the transition, continuing to use and invest in React across its products.
|
|
How we found a bug in Go's arm64 compiler (11 minute read)
Cloudflare discovered a race condition bug in Go's arm64 compiler that caused sporadic panics on arm64 machines due to stack corruption. The bug was triggered by asynchronous preemption between stack pointer adjustments during garbage collection, and has been fixed in go1.23.12, go1.24.6, and go1.25.0. The fix ensures that the stack pointer is always valid by building the offset in a temporary register and then adding that to RSP in a single, indivisible opcode.
|
Low-Rank Adaptation (LoRA) Explained (6 minute read)
A fine-tuning experiment was conducted where the Gemma 3 270M model was adapted using LoRA (Low-Rank Adaptation) into a compact assistant capable of reliably masking PII. This specialized model, which can be trained, packaged, and shared via Docker, underwent a four-step process involving supervised fine-tuning with a dataset formatted with the model's chat template. The base model plus a set of LoRA adapters can be merged back into the base weights to produce a standalone checkpoint that behaves like the original model, but now has PII masking expertise built in.
|
Examples are the best documentation (2 minute read)
Most developers just want clear examples when reading documentation, but official sources rarely include them. Formal docs often assume deep familiarity with a language, making it difficult for developers who switch between different ecosystems. Community-driven sites like clojuredocs.org show the value of example-based documentation that's practical and easy to learn from.
|
|
Meshery (GitHub Repo)
Meshery, a Cloud Native Computing Foundation project, is a self-service engineering platform that manages Kubernetes-based infrastructure and applications with features like visual GitOps and support for over 300 integrations. The platform offers tools for multi-tenancy, collaborative infrastructure management via Kanvas, performance characterization using the Cloud Native Performance specification, and extensive extensibility features for building internal developer platforms.
|
Magnolia (GitHub Repo)
Magnolia is a tool that provides interactive shell navigation and history based on fzf and sqlite.
|
|
Migrating From Cluster Autoscaler to Karpenter v0.32 (7 minute read)
Karpenter v0.32 replaces Cluster Autoscaler with a faster, more cost-efficient system using NodePool and EC2NodeClass, enabling rapid scaling and intelligent use of spot instances. The migration guide outlines installation, configuration, workload transition, and best practices to ensure smooth adoption while reducing AWS costs.
|
ksmbd - Exploiting CVE-2025-37947 (7 minute read)
CVE-2025-37947 in ksmbd allows out-of-bounds writes due to a flaw in ksmbd_vfs_stream_write() method. By exploiting this vulnerability on Ubuntu 22.04.5 LTS, local attackers can achieve privilege escalation by corrupting adjacent kernel pages. However, remote exploitation would require an information leak to bypass KASLR and reliable heap grooming.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
|
Track your referrals here.
|
|
Want to advertise in TLDR? 📰
If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼
Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Kunal Desai & Martin Hauskrecht
|
|
|
|
