techlist.io
KR EN
datadog

PHP 8: Observability baked right in | Datadog (opens in new tab)

Distributed tracing in event-driven architectures requires a strategic choice between parent-child relationships and span links to accurately represent system behavior. While parent-child relationships imply direct causality and shared context, span links allow for more flexible modeling of decoupled or batched operations. Selecting the appropriate method is essential for maintaining readable visualizations and effectively debugging complex asynchronous flows. ### Parent-Child Relationships for Direct Causality * Standard parent-child relationships are best suited for scenarios where the consumer's action is a direct, logical continuation of the producer's intent. * This approach maintains a single Trace ID across the asynchronous boundary, allowing observability tools to render the entire process as a single, hierarchical tree. * It is most effective when the producer's success is conceptually tied to the consumer's execution, even if the actual communication is non-blocking. * The primary benefit is the ability to see the total end-to-end latency of a specific transaction within a single view. ### Modeling Decoupled Work with Span Links * Span links connect distinct traces that have a causal relationship but should be treated as independent units of work. * They are ideal for "fire-and-forget" patterns where the producer broadcasts an event and has no further interest in or dependency on the downstream processing. * Links prevent "trace bloat" in high-volume systems by breaking what would be an overwhelmingly large trace into smaller, more manageable segments. * In OpenTelemetry, a span can link to multiple other spans, which is particularly useful for modeling batch processing where one consumer handles events from multiple different producers. ### Decision Criteria: Transactionality and Cardinality * **Transactionality:** If the consumer must complete for the business process to be considered "done," a parent-child relationship is usually preferred. * **Temporal Distance:** If there is a significant delay—such as hours or days—between an event being produced and processed, span links are more appropriate to avoid keeping trace contexts active indefinitely. * **Fan-out Scenarios:** When a single event triggers dozens of independent downstream actions, using span links prevents the parent trace from becoming cluttered and unreadable. * **Context Propagation:** Parent-child relationships require the full injection and extraction of trace headers, whereas links only require the consumer to reference the producer's SpanID and TraceID as metadata. For most event-driven systems, the best practice is to use parent-child relationships for immediate, tightly coupled background tasks and reserve span links for independent side effects, fan-out patterns, and batch processing. This hybrid approach ensures that trace visualizations remain clean while still providing the necessary telemetry to navigate between related asynchronous operations.

event-driven-architecturetracingasynchronous-systemsspan-links+1
datadog

.NET Continuous Profiler: Exception and lock contention | Datadog (opens in new tab)

Continuous Profiling has evolved beyond aggregate flame graphs to include time-based visualizations that reveal ephemeral performance issues often missed by traditional tools. By utilizing a timeline view, developers can pinpoint transient latency spikes, thread contention, and resource starvation that are typically averaged out in standard profiling reports. This granular visibility allows for precise debugging of production environments without the high overhead usually associated with deep instrumentation. ### Limitations of Aggregate Profiling * Traditional profiles, such as flame graphs, aggregate data over a specific window, which can mask short-lived performance "micro-stutters." * Temporal context is often lost in aggregation, making it difficult to correlate a specific performance dip with an external event or a sudden burst in traffic. * Issues like brief lock contention or "stop-the-world" garbage collection events often disappear into the background noise of overall CPU usage when viewed in a non-temporal format. ### Granular Visibility via Timeline Views * The timeline view provides a horizontal, Gantt-chart style visualization of thread activity, allowing engineers to see exactly what every thread was doing at a specific millisecond. * Thread states are categorized into CPU time, blocked time, and waiting time, enabling developers to distinguish between intensive computation and idle periods. * The interface allows users to zoom in on specific time intervals to analyze the execution of methods across multiple threads simultaneously, providing a "system-wide" view of execution. ### Detecting Thread Contention and Bottlenecks * Lock contention is easily identified when multiple threads transition to a "Blocked" state at the same timestamp, indicating they are fighting for the same resource. * The timeline view assists in identifying the "monitor owner"—the specific thread holding a lock—which helps determine why other threads are stalled. * Engineers can use these views to detect inefficient thread pool configurations, such as thread starvation or excessive context switching caused by over-provisioning. ### Correlation with Traces and Metrics * Modern continuous profilers integrate timeline data with distributed tracing, allowing for "span-to-profile" navigation. * When a specific request is flagged as slow in a trace, developers can jump directly to the timeline view to see the exact code execution and thread state during that specific request's lifecycle. * This integration bridges the gap between high-level application performance monitoring and low-level code execution, providing a cohesive path from symptom to root cause. To effectively manage high-scale distributed systems, engineering teams should shift from reactive, on-demand profiling to continuous, timeline-based monitoring. Implementing a profiler that offers thread-level temporal granularity ensures that intermittent production issues are captured as they happen, significantly reducing the mean time to resolution for complex performance bugs.

continuous-profilercode-inefficienciesruntime-diagnosisperformance-analysis+1
gitlab

GitLab Bug Bounty Program policy updates (opens in new tab)

GitLab has updated its HackerOne Bug Bounty program policies to improve transparency and streamline the reporting process for security researchers. These changes emphasize a shift toward local testing environments and provide much-needed clarity on the scope of emerging threats like AI prompt injection and denial-of-service attacks. By refining these guidelines, GitLab aims to protect its production infrastructure while ensuring researchers have clear, objective criteria for submitting high-impact vulnerabilities. ### Enhanced Testing Guidance * GitLab now strongly recommends using the GitLab Development Kit (GDK) for local testing, allowing researchers to experiment with cutting-edge features without risking production stability. * Researchers investigating potential Denial-of-Service (DoS) impacts are advised to use self-managed GitLab instances that meet or exceed standard installation requirements. * Any testing performed on GitLab.com production architecture must utilize test accounts created specifically with the `@wearehackerone.com` email alias. ### Refined Vulnerability Scope * Denial-of-Service (DoS) is generally classified as out of scope, though exceptions exist for application-layer vulnerabilities—such as ReDoS or logic bombs—that cause persistent service disruption via unauthenticated endpoints. * Standalone prompt injection is no longer eligible for bounties unless it serves as a primary vector to achieve security breaches beyond the initial AI boundary. * The policy clarifies the distinction between metadata enumeration and privacy breaches, noting that general information gathering remains out of scope while exposure of confidential data is strictly in scope. ### Transition and Grace Period * To support researchers with ongoing investigations, GitLab is honoring a seven-day grace period for DoS reports submitted before January 22, 2026 (9:00 p.m. PT). * Reports submitted during this window will be evaluated under the previous policy to ensure fairness and maintain trust within the researcher community. Security researchers should immediately update their testing workflows by downloading the GitLab Development Kit and reviewing the updated CVSS calculator on the HackerOne program page to ensure their findings align with the new severity standards.

gitlabdevsecopshackeronelocal-testing+3
gitlab

Claude Opus 4.6 now available in GitLab Duo Agent Platform (opens in new tab)

GitLab has integrated Anthropic’s Claude Opus 4.6 into its Duo Agent Platform, providing developers with a high-intelligence frontier model designed for complex agentic workflows. By combining a 1-million-token context window with native access to DevSecOps data, the update enables more autonomous task execution and deeper reasoning within the software development lifecycle. This integration allows teams to delegate multi-step tasks to AI agents that can now process entire codebases and project histories in a single interaction. ## Advanced Agentic Capabilities and Reasoning * Claude Opus 4.6 features enhanced "agentic" behavior, meaning it can proactively take actions and drive tasks forward with minimal human intervention. * The model supports multi-agent orchestration, allowing it to spin up subagents and coordinate parallel workstreams to solve complex, multi-step problems. * Adaptive thinking capabilities allow the model to calibrate its reasoning depth based on the query, using extended thinking for difficult tasks while maintaining speed for simpler ones. * Deep reasoning via test-time compute helps the model navigate challenging development bottlenecks and architectural decisions. ## Full-Context DevSecOps Integration * The model boasts a 1-million-token context window—a fivefold increase over Opus 4.5—enabling the processing of massive codebases and extensive documentation. * Integration with the GitLab Duo Agent Platform provides the model with direct access to repositories, merge requests, pipelines, and security findings. * Enterprise-grade security features, including human-in-the-loop controls and group-based access, ensure that agentic actions remain transparent and governed. * Native integration ensures developers can utilize these frontier capabilities without leaving their established GitLab workflows. ## Availability and Resource Consumption * Opus 4.6 is currently available for GitLab.com users via the Duo Agent Platform and Agentic Chat, though it is not supported for GitLab Duo Classic features. * Support for the model within various Integrated Development Environments (IDEs) is expected to be released in the near future. * Usage is managed via GitLab credits, with multipliers determined by the size of the prompt. * Prompts containing 200k tokens or fewer are charged at 1.2 requests per credit, while larger prompts exceeding 200k tokens are charged at 0.7 requests per credit. Organizations aiming to automate complex development workstreams should migrate their specialized agents to Claude Opus 4.6 to take advantage of its superior orchestration and context handling. By leveraging the model's ability to coordinate parallel subagents, teams can significantly reduce the manual effort required for codebase-wide refactors and security remediation.

database-designgitlabdevsecopsai-ml+3
discord

Wicked Saints Turns Players into IRL Superheroes with the Help of e.l.f. Beauty and Discord (opens in new tab)

Wicked Saints Studios has launched *World Reborn*, a pioneering interactive story game designed to translate digital achievements into tangible real-world social impact. Built by a team of peacebuilders and behavioral scientists, the platform leverages positive psychology to reveal players' character strengths through narrative gameplay and "Training Mods." The launch marks a new paradigm for brand-led missions where Gen Z players can improve their personal wellbeing while contributing to global social causes. **Behavioral Technology and Skill-Building** * The game is described as "Duolingo for saving humanity," using bite-sized interactive narratives to improve player wellbeing and relationships. * The platform employs behavioral technology to identify a player's natural "character strengths," encouraging them to apply these traits to day-to-day reality. * Mastery within the game is specifically designed to bridge the gap between digital entertainment and real-life skills, such as resilience and emotional regulation. * The project emerged from Niantic’s BDI incubator, utilizing the expertise of former senior engineers from *Pokémon GO*. **Brand-Led Social Impact Missions** * The platform features "Training Mods," which are real-world quests hosted by corporate and non-profit partners to tackle specific social issues. * Exclusive launch partner e.l.f. Beauty has developed quests focused on building confidence in young girls and supporting Elite Women Athletes, featuring insights from WNBA star Aerial Powers. * Discord serves as the exclusive communications partner, hosting Training Mods centered on teen mental health, authenticity, and the use of gaming for stress reduction. * The Starlight Children’s Foundation provides a mission where players send words of encouragement to hospitalized children, using the story of a transplant survivor to foster empathy and connection. **Connecting with Gen Z Through Authenticity** * The platform targets the 13–24 demographic, noting that 87% of Gen Z play games at least once a week. * By moving beyond traditional advertising, brands can connect with Gen Z through the social spaces and authentic interactions they already prioritize. * The game leverages the social infrastructure of Discord to help players form communities around their unique strengths and gameplay experiences. **The Multi-Disciplinary Development Team** * Wicked Saints is a Black female-led studio backed by major industry players including Riot Games and Reid Hoffman. * The leadership team combines an Emmy-award winning storyteller and international peacebuilder with a behavioral science researcher. * Creative talent for the project includes veterans from major franchises and productions such as *Spider-Man: Into the Spider-Verse*, *Love Death + Robots*, and *Marvel*. For organizations looking to engage younger demographics, *World Reborn* offers a scalable model for integrating corporate social responsibility directly into the gaming experience. The app is currently available on the Apple App Store for an initial eight-week limited run.

gamificationmobile-gamingsocial-gamingbehavioral-technology+3
discord

Discord Announces First Mobile Ad Format, Broadening Advertising Opportunities (opens in new tab)

Discord is set to expand its rewarded advertising ecosystem to mobile devices with the pilot launch of Video Quests on Mobile in June 2025. This strategic evolution aims to connect advertisers with Discord’s 200 million monthly active users across platforms, leveraging a full-screen, opt-in format designed specifically for brand awareness. By transitioning these advertising tools to mobile, Discord provides a performance-driven channel for partners to engage a highly active community through high-quality video content and incentivized rewards. ### Mobile Integration and the 2025 Pilot * The initial pilot program for Video Quests on Mobile is scheduled to begin in June 2025. * The format utilizes a full-screen, premium user interface tailored for mobile consumption while maintaining Discord’s commitment to opt-in, non-intrusive advertising. * This expansion marks Discord’s first mobile-specific ad offering, targeting a cross-platform audience that spans PC, mobile, and native console integrations. ### Evolution of the Quests Framework * Discord currently offers two primary rewarded formats: Video Quests for awareness (trailers and announcements) and Play Quests for engagement (requiring users to play or stream a game). * The platform has shifted from a gaming-exclusive focus to a broader Media and Entertainment strategy, catering to diverse brand partners including streaming services and movie studios. * Play Quests generate authentic connections by rewarding players with exclusive in-game items for meeting specific gameplay or streaming milestones. ### Proven Campaign Performance and Metrics * **miHoYo (Genshin Impact):** Utilizing high-value in-game rewards through Play Quests, the developer saw an 80% increase in playtime during the campaign week. * **Max (Dune: Prophecy):** The first-ever Video Quest featured a long-form trailer (2:38) that achieved a significantly high completion rate of 85%. * **Nexon Games (The First Descendant):** A Video Quest campaign generated over 1 million completions, with 10% of that engagement occurring organically through peer-to-peer sharing. ### Strategic Outlook for Advertisers Brands and developers looking to capitalize on this expansion should consider participating in the June pilot to secure early access to the mobile player community. This format is particularly recommended for titles launching new updates, downloadable content (DLC), or major media premieres where high-impact video awareness is a primary objective.

cross-platformad-techvideo-streamingdigital-marketing+3