When designing cloud-native applications and following the Twelve-Factor App methodology "<a href="https://www.12factor.net/config" rel="noopener noreferrer">Config</a>" factor, we should separate config from code to ensure portability, scalability, and security. 
Common configuration variables include: 

<ul>
<li>Database connection strings or URLs (DATABASE_URL)
</li>
<li>API keys and external service credentials (API_KEY)
</li>
<li>hostnames, ports, and environment labels (SERVICE_URL, PORT, ENVIRONMENT)
</li>
<li>Caching or message broker endpoints (CACHE_HOST, CACHE_PORT)
</li>
<li>Debugging or logging levels (LOG_LEVEL, DEBUG_MODE)
</li>
</ul>

Application configuration services are especially useful when automating a CI/CD pipeline to build and deploy cloud-native applications, allowing us to retrieve configuration from a central repository for different environments as part of an SDLC process, and to revert configuration in case problems are identified. 
In this blog post, I will compare some of the most common features of managed configuration services, offered by the hyper-scale cloud providers, and a cloud-agnostic solution. 

<h2>
 
 
 Feature comparison
</h2>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo8j3rvedccm9tdfxi9sz.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo8j3rvedccm9tdfxi9sz.jpg" alt=" " width="800" height="339"></a>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqocncrykppnczyecoi2b.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqocncrykppnczyecoi2b.jpg" alt=" " width="800" height="289"></a>

<h2>
 
 
 Security-related feature comparison
</h2>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg3daaoas1ouuqarm16tz.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg3daaoas1ouuqarm16tz.jpg" alt=" " width="800" height="489"></a>

<h2>
 
 
 Summary
</h2>

Application configuration services are essential for modern cloud-native applications because they centralize and separate configuration from code, supporting scalability, security, and portability. They enable automated, environment-specific configuration management that integrates seamlessly with cloud services, CI/CD pipelines, and infrastructure-as-code tools, ensuring safe deployments with features like versioning and rollback. 
In this blog post, I have compared application configuration services (both vendor agnostic and non-vendor agnostic), in various aspects – from supported capabilities (such as versioning, service integration, feature flag support, to IAM, encryption, etc.) 
I encourage the readers to select an application configuration service and integrate it as part of a CI/CD pipeline, and separate config from code. 
Disclaimer: AI tools were used to research and edit this article. Graphics are created using AI. 

<h3>
 
 
 References
</h3>

<ul>
<li>
<a href="https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html" rel="noopener noreferrer">What is AWS AppConfig?</a>
</li>
<li>
<a href="https://learn.microsoft.com/en-us/azure/azure-app-configuration/overview" rel="noopener noreferrer">What is Azure App Configuration?</a>
</li>
<li>
<a href="https://cloud.google.com/secret-manager/parameter-manager/docs/overview" rel="noopener noreferrer">Google Parameter Manager overview</a>
</li>
<li>
<a href="https://developer.hashicorp.com/consul/docs" rel="noopener noreferrer">HashiCorp Consul Documentation</a>
</li>
</ul>

<h3>
 
 
 About the author
</h3>

Eyal Estrin is a seasoned cloud and information security architect, <a href="https://builder.aws.com/community/@eyalestrin" rel="noopener noreferrer">AWS Community Builder</a>, and author of <a href="https://amzn.to/42Xai9A" rel="noopener noreferrer">Cloud Security Handbook</a> and <a href="https://amzn.to/3Sggbtv" rel="noopener noreferrer">Security for Cloud Native Applications</a>. With over 25 years of experience in the IT industry, he brings deep expertise to his work. 
Connect with Eyal on social media: <a href="https://linktr.ee/eyalestrin" rel="noopener noreferrer">https://linktr.ee/eyalestrin</a>. 
The opinions expressed here are his own and do not reflect those of his employer.

يتناول المقال أهمية فصل التكوين عن الشيفرة في التطبيقات السحابية الأصلية، وفقًا لمنهجية العوامل الاثني عشر. تعزز هذه الطريقة القابلية للنقل، وقابلية التوسع، والأمان، وهي أمور حاسمة لتطوير البرمجيات الحديثة. من خلال التركيز على متغيرات التكوين الشائعة مثل سلاسل اتصال قاعدة البيانات ومفاتيح واجهة برمجة التطبيقات، يمكن للمطورين إنشاء تطبيقات أكثر قوة تتكيف بسهولة مع البيئات المتغيرة.

El artículo discute la importancia de separar la configuración del código en aplicaciones nativas de la nube, siguiendo la metodología de las Doce Factores. Este enfoque mejora la portabilidad, escalabilidad y seguridad, que son cruciales para el desarrollo de software moderno. Al centrarse en variables de configuración comunes como las cadenas de conexión de bases de datos y las claves API, los desarrolladores pueden crear aplicaciones más robustas que se adaptan fácilmente a entornos cambiantes.

L'article aborde l'importance de séparer la configuration du code dans les applications cloud-native, en suivant la méthodologie des Douze Facteurs. Cette approche améliore la portabilité, l'évolutivité et la sécurité, qui sont essentielles pour le développement logiciel moderne. En se concentrant sur des variables de configuration courantes telles que les chaînes de connexion de base de données et les clés API, les développeurs peuvent créer des applications plus robustes qui s'adaptent facilement aux environnements changeants.

The article discusses the importance of separating configuration from code in cloud-native applications, following the Twelve-Factor App methodology. This approach enhances portability, scalability, and security, which are crucial for modern software development. By focusing on common configuration variables like database connection strings and API keys, developers can create more robust applications that adapt easily to changing environments.

Comparison of cloud-native application configuration services

&nbsp;As US educators embrace AI in the classroom, firms are selling software to flag mentions of self-harm, raising concerns over privacy and control.

مع تزايد استخدام تقنية الذكاء الاصطناعي في الفصول الدراسية في الولايات المتحدة، بدأ المعلمون في استخدام الدردشة الآلية لمراقبة رفاهية الطلاب. بينما يمكن أن تساعد هذه الأدوات في تحديد علامات السلوكيات الذاتية الضارة، فإنها تثير أيضًا مخاوف كبيرة بشأن الخصوصية ومدى المراقبة في البيئات التعليمية. قد يؤثر هذا التحول نحو المراقبة المستمرة على ثقة الطلاب وحريتهم، مما يجعله قضية حاسمة للآباء والمعلمين على حد سواء.

A medida que la tecnología de IA se vuelve más común en las aulas de EE. UU., los educadores están utilizando cada vez más chatbots para monitorear el bienestar de los estudiantes. Si bien estas herramientas pueden ayudar a identificar signos de autolesionismo, también plantean preocupaciones significativas sobre la privacidad y el alcance de la vigilancia en los entornos educativos. Este cambio hacia la vigilancia constante podría afectar la confianza y la libertad de los estudiantes, convirtiéndolo en un tema crítico para padres y educadores.

Alors que la technologie de l'IA devient de plus en plus courante dans les salles de classe aux États-Unis, les éducateurs utilisent de plus en plus des chatbots pour surveiller le bien-être des élèves. Bien que ces outils puissent aider à identifier des signes de comportements autodestructeurs, ils soulèvent également d'importantes préoccupations concernant la vie privée et l'étendue de la surveillance dans les établissements éducatifs. Ce passage vers une surveillance constante pourrait affecter la confiance et la liberté des élèves, ce qui en fait un enjeu crucial pour les parents et les éducateurs.

As AI technology becomes more prevalent in classrooms across the US, educators are increasingly using chatbots to monitor student well-being. While these tools can help identify signs of self-harm, they also raise significant concerns about privacy and the extent of surveillance in educational settings. This shift towards constant monitoring could impact students' trust and freedom, making it a critical issue for parents and educators alike.

Chatbots Are Sparking a New Era of Student Surveillance

The TRADE sits down with Nicholas Phillips, market structure research analyst at Bloomberg Intelligence (BI), following the publication of BI's 'European institutional equity trading study 2025’ report, to explore Europe’s renewed trading momentum, what to look out for in 2026, and the continued developments in post-trade, dark trading caps, rising bilateral, and more.
The post <a href="https://www.thetradenews.com/fireside-friday-with-bloomberg-intelligences-nicholas-phillips/">Fireside Friday with… Bloomberg Intelligence’s Nicholas Phillips</a> appeared first on <a href="https://www.thetradenews.com">The TRADE</a>.

في مناقشة حديثة، شارك نيكولاس فيليبس من بلومبرغ إنتليجنس رؤى حول نتائج تقريرهم 'دراسة تداول الأسهم المؤسسية الأوروبية 2025'. وأبرز انتعاش نشاط التداول في أوروبا وما يمكن توقعه في عام 2026، بما في ذلك التقدم في عمليات ما بعد التداول وتنظيمات التداول المظلم. هذه المحادثة مهمة لأنها تسلط الضوء على المشهد المتطور لتداول الأسهم، وهو أمر حاسم للمستثمرين والمشاركين في السوق الذين يسعون للتنقل في تعقيدات السوق الأوروبية.

En una reciente discusión, Nicholas Phillips de Bloomberg Intelligence compartió información sobre los hallazgos de su informe 'European institutional equity trading study 2025'. Destacó el resurgimiento de la actividad de trading en Europa y las tendencias que se anticipan para 2026, incluyendo avances en los procesos post-negociación y regulaciones sobre trading oscuro. Esta conversación es significativa ya que arroja luz sobre el paisaje en evolución del trading de acciones, lo cual es crucial para los inversores y participantes del mercado que buscan navegar por las complejidades del mercado europeo.

Lors d'une récente discussion, Nicholas Phillips de Bloomberg Intelligence a partagé des informations sur les résultats de leur rapport 'European institutional equity trading study 2025'. Il a souligné la résurgence de l'activité de trading en Europe et les tendances à anticiper en 2026, y compris les avancées dans les processus post-négociation et les réglementations sur le trading obscur. Cette conversation est importante car elle éclaire l'évolution du paysage du trading d'actions, ce qui est crucial pour les investisseurs et les acteurs du marché cherchant à naviguer dans les complexités du marché européen.

In a recent discussion, Nicholas Phillips from Bloomberg Intelligence shared insights on the findings of their 'European institutional equity trading study 2025' report. He highlighted the resurgence of trading activity in Europe and what trends to anticipate in 2026, including advancements in post-trade processes and dark trading regulations. This conversation is significant as it sheds light on the evolving landscape of equity trading, which is crucial for investors and market participants looking to navigate the complexities of the European market.

Fireside Friday with… Bloomberg Intelligence’s Nicholas Phillips

Hi there. In this article, I'll be going over the process of how you can create a macOS 26 Tahoe USB bootable installation drive.

<h2>
 
 
 YouTube Video
</h2>

If you would prefer to see a video of this article, there is a video version available on YouTube below:

<iframe width="710" height="399" src="https://www.youtube.com/embed/BBiWy6FrtM4">
</iframe>


<h2>
 
 
 Requirements
</h2>

To do this, you'll need macOS 10.15 or above (I used macOS 15) and a 32GB USB stick or higher to create the installation drive.

Before you start, make sure to backup any data that is on the USB stick as the USB stick will be erased as part of the process.

<h2>
 
 
 Downloading the macOS 26 Tahoe Installer
</h2>

Unlike previous versions of macOS, macOS 26 Tahoe is not available in the App store. It can only be downloaded via the command line for the full version that is used to create an installation disk.

To begin with, you'll need to open the terminal application. To this, use spotlight by pressing command and space together. Then, type terminal and hover over to the terminal application. It looks like a black box with a white arrow. Left click on it to open the application.

Your terminal may look different to mine but don't worry.

You can also get to it by opening a Finder window, going to Applications, then Utilities and then double clicking on Terminal.

First, you need to determine what the latest version of Tahoe is. There are two ways to do this. First, you can use this <a href="">webpage</a>, which shows it is being 26.1 at the time of writing this article.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7p6roxf0ufy5frukae2c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7p6roxf0ufy5frukae2c.png" alt="Image 1" width="800" height="354"></a>

The second method is to run the following command in the terminal: 


<div class="highlight js-code-highlight">
<pre class="highlight shell"><code>softwareupdate --list-full-installers
</code></pre>

</div>



The latest version is at the top, which again is 26.1.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcogm6l42kciu08k750nl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcogm6l42kciu08k750nl.png" alt="Image 2" width="800" height="461"></a>

The next step is to download the installer for macOS 26.1. To do that, run the following command. If a newer version is available, replace <code>26.1</code> with that version, if you want to: 


<div class="highlight js-code-highlight">
<pre class="highlight shell"><code>softwareupdate --fetch-full-installer --full-installer-version 26.1
</code></pre>

</div>



It will now download the installer. This will take some time.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffqmovocs202pw2bwdjib.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffqmovocs202pw2bwdjib.png" alt="Image 3" width="800" height="462"></a>

<h2>
 
 
 Creating the USB Installation Drive
</h2>

Now that the installer has finished downloading, you should be able to see it in the Applications folder in Finder.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9gkffyhw77ufowhtpd54.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9gkffyhw77ufowhtpd54.png" alt="Image 4" width="800" height="495"></a>

The next step is to make the USB installation drive. First, make sure your USB stick is connected to your Mac.

Mine is connected and it's called usbstick.

I would recommend renaming your USB stick to a name that has no spaces to make it easier.

Once again, remember to backup anything that is on the USB stick that you want to keep.

When you are ready, run the following command in the terminal. Replace <code>usbstick</code> with the name of your USB stick. 


<div class="highlight js-code-highlight">
<pre class="highlight shell"><code>sudo /Applications/Install\ macOS\ Tahoe.app/Contents/Resources/createinstallmedia --volume /Volumes/usbstick
</code></pre>

</div>



Press enter and then type in your password, or the username and password for an administrator account if your account doesn't have that level of permission.

When it asks you to confirm the USB stick can be erased, press <code>y</code> and then enter.

Your USB stick will disappear from Finder and then come back with the name of Install macOS Tahoe. This is normal.

The progress will be shown on the screen.

Once it has completed, the terminal will look like the below image.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff69snvwmd4xsra2ugsos.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff69snvwmd4xsra2ugsos.png" alt="Image 5" width="800" height="462"></a>

You can now use that to boot from and install, or reinstall macOS 26 Tahoe on a <a href="">supported Mac</a>.

Thanks for reading and have a nice day!

يوفر هذا المقال دليلًا بسيطًا حول كيفية إنشاء محرك USB قابل للتشغيل لتثبيت macOS 26 Tahoe، مما يسهل على المستخدمين تثبيت أو ترقية نظام التشغيل. مع تعليمات واضحة وتوافر فيديو تعليمي على يوتيوب، يلبي احتياجات المتعلمين البصريين وأولئك الذين يفضلون الإرشادات المكتوبة. هذا مهم بشكل خاص لأن وجود محرك قابل للتشغيل يمكن أن يبسط عملية استكشاف الأخطاء وإصلاحها واستعادة النظام، مما يضمن أن المستخدمين يمكنهم الحفاظ على أجهزتهم بفعالية.

Este artículo ofrece una guía sencilla sobre cómo crear una unidad USB de instalación de macOS 26 Tahoe, facilitando la instalación o actualización del sistema operativo. Con instrucciones claras y un tutorial en video disponible en YouTube, se adapta tanto a los aprendices visuales como a aquellos que prefieren la orientación escrita. Esto es especialmente importante, ya que tener una unidad de arranque puede simplificar la solución de problemas y la recuperación del sistema, asegurando que los usuarios puedan mantener sus dispositivos de manera efectiva.

Cet article propose un guide simple pour créer un lecteur USB d'installation bootable macOS 26 Tahoe, facilitant ainsi l'installation ou la mise à niveau du système d'exploitation. Avec des instructions claires et un tutoriel vidéo disponible sur YouTube, il s'adresse à la fois aux apprenants visuels et à ceux qui préfèrent les conseils écrits. Cela est particulièrement important car avoir un lecteur bootable peut simplifier le dépannage et la récupération du système, garantissant que les utilisateurs peuvent maintenir efficacement leurs appareils.

This article provides a straightforward guide on creating a macOS 26 Tahoe USB bootable installation drive, making it easier for users to install or upgrade their operating system. With clear instructions and a video tutorial available on YouTube, it caters to both visual learners and those who prefer written guidance. This is particularly important as having a bootable drive can simplify troubleshooting and system recovery, ensuring that users can maintain their devices effectively.

How To Create A macOS 26 Tahoe USB Installation Drive

You don’t need to shout to be heard; you need to be clear and verifiable. Teams that treat publishing like a product discipline consistently outperform those chasing hacks. That’s why many engineering leaders pair solid writing with measurable distribution and—only where it helps—specialist partners offering <a href="https://techwavespr.com/services/" rel="noopener noreferrer">digital marketing services</a> to keep the pipeline of attention honest and repeatable. This piece distills a pragmatic framework for content that survives scrutiny and compounds over time.

<h2>
 
 
 The Operating Model: From “Post and Pray” to Repeatable Pipelines
</h2>

Great articles don’t appear out of nowhere—they move through a pipeline with explicit gates. Think of it as CI/CD for ideas:

<ul>
<li>Discovery → Drafting → Review → Publish → Observe.</li>
</ul>

At each stage, you’re validating something different: whether the topic matters, whether the draft is clear, whether claims are supported, whether the page renders fast and clean, and how readers actually engage. This isn’t bureaucracy; it’s how you protect your future self from firefighting.

Discovery is about narrowing to problems your readers already feel. The fastest test is to write the problem in one sentence and ask a skeptical colleague if it describes a real moment they’ve lived. If they hesitate, refine until they can retell it in their words.

Drafting prioritizes specificity. Replace abstractions with measurements (“p95 latency dropped from 480 ms to 160 ms”) and name the trade-offs. Engineers recognize truth in constraints. Avoid performative flourishes; ship facts.

Review is a multidisciplinary check: technical accuracy, legal and privacy considerations, and plain-language clarity. The review should be adversarial but bounded—identify a small set of non-negotiables (e.g., security statements must be vetted; benchmarks must be reproducible). Everything else is style, not a blocker.

Publish with a minimum of ceremony but maximum reliability. If your site breaks on mobile, the message never lands. If you embed media, ensure fallbacks. If you annotate with structured data, verify it. This sounds obvious until you audit a few dozen pages and find preventable failures.

Observe like an engineer: define a hypothesis before release (“We expect 40%+ of readers to expand the code sample and average time-on-page of 2:30”), then log events and read them. If the hypothesis fails, write a brief note and iterate. That humility builds more credibility than any slogan.

<h2>
 
 
 Signals That Help Machines and Humans Understand Your Page
</h2>

We don’t have to guess how parsers and browsers treat core elements—there’s public guidance. For example, the robots meta tag is precisely documented by <a href="https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta/name#robots" rel="noopener noreferrer">MDN Web Docs</a>. Misusing it can quietly hide your excellent work. Likewise, clear directives for crawlers are outlined in Google’s official documentation on <a href="https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag" rel="noopener noreferrer">robots meta directives</a>. You don’t need to become a specialist to benefit: read the short sections relevant to your use case, pick defaults that match your intent (e.g., indexable article pages, non-index utility endpoints), and avoid contradictory signals.

Beyond directives, content earns trust through coherence:

<ul>
<li>
Titles that promise exactly what the body delivers. If the headline says “How We Cut p95 by 3×,” your method and measurement must be visible above the fold.</li>
<li>
Stable URLs. Breaking links is reputational debt. Treat slugs like API versions; change only with migration plans.</li>
<li>
Readable structure. Short paragraphs, code blocks that run, diagrams with alt text, and captions that say what the reader should notice.</li>
<li>
Transparent authorship. A byline with real identity and a sentence on why this person is qualified. Anonymous thought leadership rarely persuades engineers.</li>
</ul>

<h2>
 
 
 The Only Checklist You Actually Need
</h2>

Use this once per article. If you can’t check a box truthfully, fix the cause instead of gaming the symptom.

<ul>
<li>
One-sentence reader problem is clear (share with a skeptic; they should nod).</li>
<li>
Core claim is measurable (numbers, method, and where data lives).</li>
<li>
Page renders fast and clean (mobile first; images sized; no layout shift).</li>
<li>
Directives match intent (no accidental <code>noindex</code>; canonical is correct; no conflicting hints).</li>
<li>
Source links are authoritative (stand on primary docs or peer-reviewed material, not hearsay).</li>
<li>
Reproducibility where relevant (runnable code, version pins, or data snapshot).</li>
<li>
Post-publish hypothesis defined (what success looks like and what you’ll do if it doesn’t happen).</li>
</ul>

Keep this list visible to your team. It’s short on purpose; bloat turns checklists into theater.

<h2>
 
 
 Writing That Respects the Reader’s Time
</h2>

Engineers are allergic to hand-waving. To earn trust, write like you debug:

<ol>
<li>
State the claim. Put the outcome up front. Don’t make people dig.</li>
<li>
Show the path. Provide the minimal context to reproduce. If there are three plausible methods, say why you chose one.</li>
<li>
Expose trade-offs. Every decision has a downside—latency for compute, privacy for convenience, simplicity for flexibility. Calling that out makes the win believable.</li>
<li>
Acknowledge prior art. Name the people and projects you built upon. It’s generous and prevents reinventing the wheel.</li>
<li>
Invite falsification. Offer a way to challenge your result—dataset link, script, or a note on environments where your approach might fail.</li>
</ol>

This style doesn’t just “sound technical.” It protects your team when later decisions reference your document. You’ll thank yourself when a VP says, “Why did we pick this?” and you can point to a paragraph that still holds up.

<h2>
 
 
 Distribution Without the Guilt
</h2>

You don’t need tricks to reach the right readers—you need consistency and fit. Publish where developers already hang out (like Dev.to and your project’s repo), cross-post summaries to communities that value your topic, and keep the voice consistent. Avoid anchor spam and cartoonish calls to action. Invite contact for real reasons: bug reports, benchmarks on different hardware, adoption stories, or counterexamples.

When you link to resources, choose anchors that fit naturally into the sentence. The goal is to be helpful first. Over-optimized phrasing reads strangely to humans and invites the wrong kind of attention from machines. Think of links as citations, not bait.

<h2>
 
 
 Governance: Tiny Rituals That Prevent Big Headaches
</h2>

A lightweight content guild—two to four people who care—can review each draft for clarity, risk, and usefulness. Rotate the “final approver” so the process never bottlenecks. Archive decisions in a living doc: when a topic performed poorly, say so and explain what you learned; when an article exceeded expectations, annotate why (timing, community tie-in, or a strong demo). Over a quarter, this becomes an internal playbook your future teammates will treat as gold.

<h2>
 
 
 The Payoff
</h2>

When you adopt an engineering posture toward content, the benefits accumulate: fewer hotfixes after publish, fewer awkward retractions, more inbound from readers who actually implemented your work, and a library you can confidently resurface months later. Most importantly, you build an audience that trusts you—because your writing respects their time and intelligence.

Bottom line: publish less often, but make each piece unarguably useful. Measure outcomes, admit misses, and iterate in public. That honesty travels further than any tagline.

في عالم إنشاء المحتوى، تعتبر الوضوح والقابلية للتحقق مفتاحًا لكسب الثقة. يبرز هذا المقال أن الفرق التي تتعامل مع النشر كأحد تخصصات المنتج تميل إلى التفوق على تلك التي تعتمد على الحيل السريعة. من خلال الجمع بين الكتابة الجيدة والتوزيع القابل للقياس والتعاون مع شركاء متخصصين عند الحاجة، يمكن لقادة الهندسة إنشاء قناة موثوقة للاهتمام. لا تعزز هذه الطريقة جودة المحتوى فحسب، بل تضمن أيضًا فعاليتها في الوصول إلى الجمهور، مما يجعلها استراتيجية حاسمة للنجاح في المشهد الرقمي اليوم.

En el mundo de la creación de contenido, la claridad y la verificabilidad son clave para ganar confianza. Este artículo enfatiza que los equipos que tratan la publicación como una disciplina de producto tienden a superar a aquellos que dependen de trucos rápidos. Al combinar una escritura sólida con una distribución medible y colaborar con socios especializados cuando es beneficioso, los líderes de ingeniería pueden crear un canal de atención confiable. Este enfoque no solo mejora la calidad del contenido, sino que también asegura su efectividad para llegar a la audiencia, convirtiéndolo en una estrategia crucial para el éxito en el panorama digital actual.

Dans le monde de la création de contenu, la clarté et la vérifiabilité sont essentielles pour gagner la confiance. Cet article souligne que les équipes qui considèrent la publication comme une discipline de produit ont tendance à surpasser celles qui s'appuient sur des astuces rapides. En combinant une rédaction solide avec une distribution mesurable et en collaborant avec des partenaires spécialisés lorsque cela est bénéfique, les leaders en ingénierie peuvent créer un pipeline d'attention fiable. Cette approche améliore non seulement la qualité du contenu, mais garantit également son efficacité pour atteindre le public, ce qui en fait une stratégie cruciale pour réussir dans le paysage numérique d'aujourd'hui.

In the world of content creation, clarity and verifiability are key to earning trust. This article emphasizes that teams treating publishing as a product discipline tend to outperform those relying on quick hacks. By combining solid writing with measurable distribution and collaborating with specialist partners when beneficial, engineering leaders can create a reliable pipeline of attention. This approach not only enhances the quality of content but also ensures its effectiveness in reaching the audience, making it a crucial strategy for success in today's digital landscape.

Build Content Like an Engineer: Systems, Signals, and Checks That Earn Trust

If you've ever seen "TBA/TBA" as a passenger name in a flight booking, it's not a glitch—it's a feature. After booking a cheap group fare on Yatra.com, I discovered the hidden world of airline group bookings, and uncovered a real bug with same-name passengers.

In this post, we'll unpack:

<ul>
<li>How group fare booking systems work</li>
<li>Why "TBA" exists in airline PNRs</li>
<li>What developers building travel systems should know</li>
<li>
A critical bug I found: Same-name passengers causing seat swaps</li>
</ul>




<h2>
 
 
 ✈️ 1. What Are Group Fares?
</h2>

Group fares are special airline rates for 10+ passengers traveling together on the same flight and date.

Common use cases:

<ul>
<li>🏢 Corporate trips</li>
<li>💒 Weddings and family gatherings</li>
<li>🕌 Pilgrimage or religious tours</li>
<li>🏀 School or sports teams</li>
</ul>

Unlike individual bookings, group fares are:

<ul>
<li>
Negotiated directly with airlines or via GDS</li>
<li>More flexible with payment schedules</li>
<li>Allow placeholder names initially</li>
</ul>




<h2>
 
 
 2. Business Logic: The Group Booking Flow
</h2>

Here's how it works from an OTA or travel agent's perspective:

<div class="table-wrapper-paragraph"><table>
<thead>
<tr>
<th>Step</th>
<th>Process</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>1️⃣</td>
<td>Group Quote Request</td>
<td>Agency requests fare for route, date, and passenger count</td>
</tr>
<tr>
<td>2️⃣</td>
<td>PNR Creation (TBA stage)</td>
<td>Airline/GDS creates group PNR with placeholders like <code>TBA/TBA</code>
</td>
</tr>
<tr>
<td>3️⃣</td>
<td>Deposit &amp; Hold</td>
<td>Group pays deposit to hold seats</td>
</tr>
<tr>
<td>4️⃣</td>
<td>Name Finalization</td>
<td>12–72 hours before flight, replace "TBA" with real names</td>
</tr>
<tr>
<td>5️⃣</td>
<td>Ticketing</td>
<td>Once names finalized, tickets are issued</td>
</tr>
</tbody>
</table></div>




<h2>
 
 
 📋 3. What Does "TBA" Actually Mean?
</h2>

TBA = To Be Advised

When creating a group booking, actual passenger details may not be known yet.

Example in GDS (Amadeus/Sabre):

Each entry reserves a seat while allowing the agent to:

<ul>
<li>
Hold inventory without final names</li>
<li>
Track blocked seats in airline systems</li>
<li>
Display flight details before passenger confirmation</li>
</ul>

<h4>
 
 
 How GDS Systems Power This Magic
</h4>

Behind the scenes, OTAs don't talk directly to each airline. They use GDS (Global Distribution System) — think of it as the "API gateway" of the travel industry.

The Big Three:

<ul>
<li>
Amadeus (European dominance)</li>
<li>
Sabre (Strong in Americas)</li>
<li>
Travelport (Galileo/Worldspan/Apollo)</li>
</ul>




<h2>
 
 
 ⏰ 4. The 12-Hour Rule
</h2>

Most airlines require final passenger names no later than 12 hours before departure.

What happens at finalization:

<ul>
<li>✅ All "TBA" placeholders updated with real names</li>
<li>⚠️ Unnamed passengers may auto-cancel</li>
<li>🎫 Group PNR transitions to ticketed state</li>
</ul>

This is why Yatra/MMT show "flight details visible before 12 hours" — the system holds the group block, but names are pending.




<h2>
 
 
 5. System Architecture Flow
</h2>

Key technical points:

<ul>
<li>Placeholders stored in PNR until replaced</li>
<li>Airlines track via group booking IDs (not individual tickets)</li>
<li>Background jobs handle PNR sync and updates</li>
</ul>




<h2>
 
 
 💻 6. How OTAs Handle This (Developer View)
</h2>

For platforms like Yatra or MakeMyTrip: 


<div class="highlight js-code-highlight">
<pre class="highlight javascript"><code>// Simplified model
const groupBooking = {
 pnr: "ABC123",
 status: "TBA_PENDING",
 passengers: [
 { firstName: "TBA", lastName: "TBA", title: "MR" },
 { firstName: "TBA", lastName: "TBA", title: "MS" }
 ],
 finalizationDeadline: "2025-11-08T10:00:00Z",
 flightDetails: { visible: false } // visible after name update
};
</code></pre>

</div>



Backend requirements:

<ol>
<li>Handle placeholder data models</li>
<li>Schedule PNR refresh/update jobs</li>
<li>Implement deadline alerts</li>
<li>Validate against duplicate names (see bug below!)</li>
</ol>




<h2>
 
 
 7. CRITICAL BUG I DISCOVERED: Same-Name Collision
</h2>

<h3>
 
 
 The Problem
</h3>

When booking through Yatra's group fare system, I found:

If two passengers have the same name:

<ul>
<li>❌ During web check-in, the system will display both passengers names when the PNR and last name are entered together.</li>
<li>❌ Boarding passes get mixed up</li>
<li>❌ Airport staff can't distinguish passengers</li>
<li>❌ Potential security and check-in issues</li>
</ul>

<h3>
 
 
 Example Scenario
</h3>



<div class="highlight js-code-highlight">
<pre class="highlight javascript"><code>// Booking for two people with same name
passengers: [
 { firstName: "Amit", lastName: "Kumar", seat: "12A" },
 { firstName: "Amit", lastName: "Kumar", seat: "12B" }
]

// What happens in airline system:
// PNR shows: KUMAR/AMIT MR + KUMAR/AMIT MR
// Boarding pass generates wrong seat for one passenger
</code></pre>

</div>



<h3>
 
 
 Why This Happens
</h3>

<ol>
<li>
GDS Name Formatting: Airlines use <code>PNR and LASTNAME</code> combination</li>
<li>
Duplicate Detection: System may treat as duplicate entry</li>
<li>
Seat Assignment Logic: Uses last name as primary key</li>
<li>
Group PNR Merge: Multiple "AMIT KUMAR" entries cause confusion</li>
</ol>

Recommended fixes for OTAs:

<ul>
<li>🔍 Pre-booking validation for duplicate last names</li>
<li>📝 Force middle name or mobile number for duplicates</li>
</ul>




<h2>
 
 
 🔮 8. Future: NDC and Modern APIs
</h2>

IATA's NDC (New Distribution Capability) is modernizing group fares:

<ul>
<li>⚡ Real-time quotes and seat holds</li>
<li>🔄 Easier passenger data updates via REST APIs</li>
<li>📉 Reduced reliance on "TBA" placeholders</li>
<li>🤝 Direct airline-to-OTA connections</li>
</ul>

Though many airlines still support TBA for backward compatibility.




<h2>
 
 
 9. Key Takeaways
</h2>

<div class="table-wrapper-paragraph"><table>
<thead>
<tr>
<th>Point</th>
<th>Reality Check</th>
</tr>
</thead>
<tbody>
<tr>
<td>✅ "TBA" is a feature, not a bug
</td>
<td>Intentional placeholder system for group inventory management</td>
</tr>
<tr>
<td>⏰ The 12-hour rule has a twist
</td>
<td>Names often start reflecting from midnight (not exactly 12 hours), which can frustrate travelers expecting earlier updates</td>
</tr>
<tr>
<td>💰 How OTAs really make money
</td>
<td>Indian OTAs like Yatra/MMT book group fares and mark them up—this is on top of convenience charges. That "cheap fare" might just be a group booking arbitrage</td>
</tr>
<tr>
<td>🚨 Same-name = system chaos
</td>
<td>Multiple passengers with identical last names create PNR conflicts, seat swaps, and boarding issues</td>
</tr>
<tr>
<td>🎭 The agent model
</td>
<td>OTAs aren't always direct airline partners—many operate as super-agents booking group blocks and reselling individually</td>
</tr>
</tbody>
</table></div>




<h2>
 
 
 💬 Discussion
</h2>

For developers building travel systems:

<ol>
<li>How does your system handle group booking placeholders?</li>
<li>Ever encountered the same-name bug I found?</li>
</ol>

Drop your experiences in the comments! 👇




<h2>
 
 
 🔗 Useful Resources
</h2>

<ul>
<li><a href="https://www.iata.org/en/programs/airline-distribution/retailing/ndc/" rel="noopener noreferrer">IATA NDC Program</a></li>
<li><a href="https://developers.amadeus.com/" rel="noopener noreferrer">Amadeus API Documentation</a></li>
<li><a href="https://developer.sabre.com/" rel="noopener noreferrer">Sabre Dev Studio</a></li>
</ul>




This post is based on real-world experience booking through Yatra.com. If you found this helpful, consider sharing it with your travel-tech friends! ✈️




Tags: #traveltech #backend #systemdesign #api #devstory

يتناول المقال عالم حجوزات المجموعات في شركات الطيران، مع التركيز بشكل خاص على التسمية 'TBA/TBA' التي تظهر في حجوزات الرحلات. هذه ليست خللًا، بل ميزة مقصودة تنشأ من تعقيدات حجز أسعار المجموعات. يشارك الكاتب تجارب شخصية من تجربة حديثة مع Yatra.com، موضحًا كيفية عمل هذه الأنظمة للحجز وتأثيراتها على المطورين في صناعة السفر. يمكن أن يساعد فهم ذلك كل من المسافرين والمهنيين في التكنولوجيا على التنقل بشكل أكثر فعالية في تفاصيل السفر الجماعي.

El artículo se adentra en el intrigante mundo de las reservas de grupo de aerolíneas, centrándose específicamente en la designación 'TBA/TBA' que se ve en las reservas de vuelos. Esto no es un error, sino una característica deliberada que surge de las complejidades de reservar tarifas grupales. El autor comparte experiencias personales de una reciente experiencia con Yatra.com, arrojando luz sobre cómo funcionan estos sistemas de reserva y las implicaciones para los desarrolladores en la industria de viajes. Comprender esto puede ayudar tanto a los viajeros como a los profesionales de la tecnología a navegar más eficazmente por las sutilezas de los viajes en grupo.

L'article explore le monde fascinant des réservations de groupe dans les compagnies aériennes, en se concentrant spécifiquement sur la désignation 'TBA/TBA' que l'on voit dans les réservations de vol. Ce n'est pas un bug, mais une fonctionnalité délibérée qui découle des complexités de la réservation de tarifs de groupe. L'auteur partage des expériences personnelles d'une récente expérience avec Yatra.com, éclairant le fonctionnement de ces systèmes de réservation et les implications pour les développeurs de l'industrie du voyage. Comprendre cela peut aider à la fois les voyageurs et les professionnels de la technologie à naviguer plus efficacement dans les nuances des voyages en groupe.

The article delves into the intriguing world of airline group bookings, specifically focusing on the 'TBA/TBA' designation seen in flight reservations. This isn't a glitch but a deliberate feature that arises from the complexities of booking group fares. The author shares personal insights from a recent experience with Yatra.com, shedding light on how these booking systems function and the implications for developers in the travel industry. Understanding this can help both travelers and tech professionals navigate the nuances of group travel more effectively.

How Airline Group Fares Really Work: The Business & Tech Behind 'TBA' Passenger Names

<a href="https://www.techspot.com/news/110174-nearly-2026-most-people-use-123456-password.html" target="_blank"><img src="https://www.techspot.com/images2/news/ts3_thumbs/2025/11/2025-11-07-ts3_thumbs-819.jpg" width="800" height="560" style="padding: 15px 0" title="It's nearly 2026 and most people still use '123456' as a password" /></a> The latest shame-inducing most-common-passwords report comes from tech research and review site Comparitech. Using information leaked on data breach forums in 2025, its researchers aggregated more than 2 billion real account passwords, creating a list of the 100 most-used. <a href="https://www.techspot.com/news/110174-nearly-2026-most-people-use-123456-password.html">Read Entire Article</a>

مع اقتراب عام 2026، يكشف تقرير جديد من Comparitech أن العديد من الأشخاص لا يزالون يعتمدون على كلمات مرور ضعيفة مثل '123456'. هذا أمر مقلق لأنه يسلط الضوء على مشكلة مستمرة في الأمن السيبراني، حيث يفشل الأفراد في اعتماد ممارسات كلمات مرور أقوى على الرغم من التحذيرات المستمرة بشأن خروقات البيانات. إن الاستخدام المستمر لكلمات مرور يسهل تخمينها يعرض المعلومات الشخصية والحساسة للخطر، مما يجعل من الضروري للمستخدمين إعطاء الأولوية لتدابير أمان أفضل.

A medida que nos acercamos a 2026, un nuevo informe de Comparitech revela que muchas personas todavía dependen de contraseñas débiles como '123456'. Esto es preocupante porque resalta un problema persistente en la ciberseguridad, donde los individuos no adoptan prácticas de contraseñas más fuertes a pesar de las advertencias sobre las violaciones de datos. El uso continuo de contraseñas tan fáciles de adivinar pone en riesgo la información personal y sensible, lo que hace crucial que los usuarios prioricen mejores medidas de seguridad.

À l'approche de 2026, un nouveau rapport de Comparitech révèle que de nombreuses personnes continuent de s'appuyer sur des mots de passe faibles comme '123456'. Cela est préoccupant car cela met en lumière un problème persistant en matière de cybersécurité, où les individus ne parviennent pas à adopter des pratiques de mots de passe plus solides malgré les avertissements continus concernant les violations de données. L'utilisation continue de mots de passe aussi facilement devinables met en danger les informations personnelles et sensibles, rendant crucial pour les utilisateurs de donner la priorité à de meilleures mesures de sécurité.

As we approach 2026, a new report from Comparitech reveals that many people still rely on weak passwords like '123456'. This is concerning because it highlights a persistent issue in cybersecurity, where individuals fail to adopt stronger password practices despite ongoing warnings about data breaches. The continued use of such easily guessable passwords puts personal and sensitive information at risk, making it crucial for users to prioritize better security measures.

It's nearly 2026 and most people still use '123456' as a password

Securing secrets in your Docker-based app is critical—but the official Docker "secrets" feature is tied to Swarm, and the popular <code>*_FILE</code> pattern isn't supported by every image. How can you manage API keys, passwords, and tokens securely and flexibly in plain Docker Compose setups? Let's break it down.

<h2>
 
 
 Scenario 1: Your Image Supports the <code>*_FILE</code> Pattern
</h2>

Many official Docker images (like MySQL, Postgres, Redis) support environment variables such as <code>DB_PASSWORD_FILE</code> and <code>API_TOKEN_FILE</code>. This is the easiest and most secure way to mount secrets.

Steps:

<ol>
<li>
Create secret files:
</li>
</ol>

<div class="highlight js-code-highlight">
<pre class="highlight plaintext"><code> echo "db-password-here" &gt; db_password.txt
 echo "api-token-here" &gt; api_token.txt
</code></pre>

</div>



<ol>
<li>
Reference secrets in <code>docker-compose.yml</code>:
</li>
</ol>

<div class="highlight js-code-highlight">
<pre class="highlight yaml"><code> version: '3.8'
 services:
 db:
 image: mysql
 secrets:
 - db_password
 environment:
 MYSQL_PASSWORD_FILE: /run/secrets/db_password

 secrets:
 db_password:
 file: ./db_password.txt
</code></pre>

</div>



<ol>
<li>
Access secrets:
The image reads the secret from <code>/run/secrets/db_password</code>—no need for handling in your app code.</li>
</ol>

<h2>
 
 
 Scenario 2: Image Does NOT Support <code>*_FILE</code>
</h2>

If your image doesn't support this pattern, secrets will be mounted as files at <code>/run/secrets/&lt;name&gt;</code>, but you need to inject them into environment variables yourself.

Steps:

<ol>
<li>Same as above: 
Create secret files and reference them as Compose secrets.</li>
<li>Add a wrapper entrypoint script: 
<code>inject-secrets.sh</code>: 
</li>
</ol>

<div class="highlight js-code-highlight">
<pre class="highlight shell"><code> #!/bin/sh
 export DB_PASSWORD="$(cat /run/secrets/db_password)"
 export API_TOKEN="$(cat /run/secrets/api_token)"
 exec "$@"
</code></pre>

</div>



Be sure to copy this script into your image in the Dockerfile.

<ol>
<li>
Configure docker-compose:
</li>
</ol>

<div class="highlight js-code-highlight">
<pre class="highlight yaml"><code> services:
 app:
 image: your-app-image
 secrets:
 - db_password
 - api_token
 entrypoint: ["/inject-secrets.sh"]
</code></pre>

</div>



<ol>
<li>
In your app:
Use environment variables as normal, e.g., <code>os.getenv("DB_PASSWORD")</code>.</li>
</ol>

<h2>
 
 
 Scenario 3: Using Plain Environment Variables in Compose
</h2>

For local development or the simplest setup, you can skip secret files and inject environment variables via <code>.env</code> files, but security is lower since values are visible to anyone with access to Compose config.

Steps:

<ol>
<li>Define secrets in a <code>.env</code> file:
</li>
</ol>

<div class="highlight js-code-highlight">
<pre class="highlight plaintext"><code> DB_PASSWORD=supersecret
 API_TOKEN=sometoken
</code></pre>

</div>



<ol>
<li>Reference these in your Compose file:
</li>
</ol>

<div class="highlight js-code-highlight">
<pre class="highlight yaml"><code> environment:
 - DB_PASSWORD
 - API_TOKEN
</code></pre>

</div>



<h2>
 
 
 Quick Tips &amp; Best Practices
</h2>

<ul>
<li>Never commit secret files or <code>.env</code> files to git.</li>
<li>For production, prefer secrets stored in files and injected with scripts.</li>
<li>Rotate secrets regularly and automate management via CI/CD.</li>
<li>Read the documentation of any image you use—search for <code>*_FILE</code> support.</li>
<li>Limit container access only to services that require the secrets.</li>
</ul>

<h2>
 
 
 Conclusion
</h2>

Whether or not your Docker image supports <code>*_FILE</code>, you can always use mounted secret files in Compose and inject values as environment variables with a simple script. For the highest security, layer your approach with proper access controls, tooling, and automation!

Did you find this breakdown helpful? Share your secret management tips below! 🚢🔒

إدارة الأسرار في Docker Compose يمكن أن تكون معقدة، خاصة وأن ميزة الأسرار الرسمية في Docker مرتبطة بـ Swarm. ومع ذلك، يقدم هذا المقال حلولاً عملية للتعامل بأمان مع مفاتيح API وكلمات المرور والرموز في إعدادات Docker القياسية. من خلال استكشاف السيناريوهات التي تدعم فيها الصور نمط *_FILE، يمكّن المطورين من الحفاظ على الأمان دون الاعتماد على Swarm، مما يسهل بناء تطبيقات قوية.

Gestionar secretos en Docker Compose puede ser complicado, especialmente porque la función oficial de secretos de Docker está vinculada a Swarm. Sin embargo, este artículo ofrece soluciones prácticas para manejar de manera segura claves API, contraseñas y tokens en configuraciones estándar de Docker. Al explorar escenarios donde las imágenes admiten el patrón *_FILE, empodera a los desarrolladores para mantener la seguridad sin depender de Swarm, facilitando la creación de aplicaciones robustas.

Gérer les secrets dans Docker Compose peut être délicat, surtout que la fonctionnalité officielle de secrets Docker est liée à Swarm. Cependant, cet article propose des solutions pratiques pour gérer en toute sécurité les clés API, les mots de passe et les jetons dans des configurations Docker standard. En explorant des scénarios où les images prennent en charge le modèle *_FILE, il permet aux développeurs de maintenir la sécurité sans dépendre de Swarm, facilitant ainsi la création d'applications robustes.

Managing secrets in Docker Compose can be tricky, especially since the official Docker secrets feature is tied to Swarm. However, this article provides practical solutions for securely handling API keys, passwords, and tokens in standard Docker setups. By exploring scenarios where images support the *_FILE pattern, it empowers developers to maintain security without relying on Swarm, making it easier to build robust applications.

Practical Ways to Handle Multiple Secrets in Docker Compose—File-Style Without Swarm

<A HREF="https://siliconangle.com/2025/11/06/truffle-security-secures-25m-protect-codebases-leaked-secrets-nonhuman-identities/"><IMG VSPACE="4" HSPACE="4" BORDER="0" ALIGN="RIGHT" SRC="http://www.techmeme.com/251106/i31.jpg"></A>
<A HREF="http://www.techmeme.com/251106/p31#a251106p31" TITLE="Techmeme permalink"><IMG WIDTH=11 HEIGHT=12 SRC="http://www.techmeme.com/img/pml.png" STYLE="border:none;padding:0;margin:0;"></A> Duncan Riley / <A HREF="http://siliconangle.com/">SiliconANGLE</A>: 
<A HREF="https://siliconangle.com/2025/11/06/truffle-security-secures-25m-protect-codebases-leaked-secrets-nonhuman-identities/">Truffle Security, whose open source tool detects, verifies, and remediates leaked secrets such as API keys, raised a $25M Series A led by Intel Capital and a16z</A>&nbsp; &mdash;&nbsp; Open-source security software company Truffle Security Co. announced today that it has raised $25 million in new funding &hellip;

نجحت شركة Truffle Security في جمع 25 مليون دولار في جولة تمويل من الفئة A بقيادة Intel Capital و a16z. هذه التمويلات مهمة لأنها ستساعد الشركة في تعزيز أداتها مفتوحة المصدر المصممة لاكتشاف والتحقق من وإصلاح الأسرار المسربة مثل مفاتيح API. في عصر تزداد فيه انتهاكات البيانات، تعتبر تقنية Truffle ضرورية لحماية قواعد الشيفرة وضمان أمان الهويات غير البشرية، مما يجعل هذا الاستثمار دفعة في الوقت المناسب لجهود الأمن السيبراني.

Truffle Security ha recaudado con éxito 25 millones de dólares en una ronda de financiación de Serie A liderada por Intel Capital y a16z. Esta financiación es significativa ya que ayudará a la empresa a mejorar su herramienta de código abierto diseñada para detectar, verificar y remediar secretos filtrados como las claves API. En una era donde las violaciones de datos son cada vez más comunes, la tecnología de Truffle es crucial para proteger las bases de código y asegurar la seguridad de identidades no humanas, lo que convierte esta inversión en un impulso oportuno para los esfuerzos de ciberseguridad.

Truffle Security a réussi à lever 25 millions de dollars lors d'un tour de financement de série A dirigé par Intel Capital et a16z. Ce financement est important car il aidera l'entreprise à améliorer son outil open-source conçu pour détecter, vérifier et remédier aux secrets divulgués tels que les clés API. À une époque où les violations de données sont de plus en plus courantes, la technologie de Truffle est cruciale pour protéger les bases de code et garantir la sécurité des identités non humaines, faisant de cet investissement un soutien opportun pour les efforts de cybersécurité.

Truffle Security has successfully raised $25 million in a Series A funding round led by Intel Capital and a16z. This funding is significant as it will help the company enhance its open-source tool designed to detect, verify, and remediate leaked secrets like API keys. In an era where data breaches are increasingly common, Truffle's technology is crucial for protecting codebases and ensuring the security of nonhuman identities, making this investment a timely boost for cybersecurity efforts.

Truffle Security, whose open source tool detects, verifies, and remediates leaked secrets such as API keys, raised a $25M Series A led by Intel Capital and a16z (Duncan Riley/SiliconANGLE)

Introduction 
As software technology continues to evolve, many enterprise software systems have shifted from monolithic architectures to cloud-native microservices. On one hand, this transformation enables applications to achieve high concurrency, easy scalability, and high development agility. On the other hand, it also results in increasingly long software application chains and growing dependencies on various external technologies, making the troubleshooting of specific issues extremely challenging.

Despite the rapid evolution of distributed systems and their observability technologies over the past decade—addressing a lot of issues to a certain extent—locating specific issues remains extremely challenging. The following figures show several typical examples of common production issues.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgnz2jkjazrwvcks78epb.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgnz2jkjazrwvcks78epb.jpeg" alt=" " width="542" height="304"></a> 
Figure 1 Continuous CPU usage peaks

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5saeo31cb6mu8yssmlwn.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5saeo31cb6mu8yssmlwn.jpeg" alt=" " width="594" height="310"></a> 
Figure 2 Heap memory space usage

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6bhh23ia51hul2fr035.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6bhh23ia51hul2fr035.jpeg" alt=" " width="800" height="158"></a> 
Figure 3 Trace fails to locate the root cause of high latency

Continuous profiling technology is a powerful technique that collects the method stack state information of application-related threads when they apply for relevant resources, then uses visualization technologies such as flame graphs to map the distribution of the corresponding resource usage, and finally identifies the root cause of fluctuations in specific resources during relevant time periods.

Out-of-the-box Continuous Profiling 
As an application-observability suite of Alibaba Cloud, ARMS introduced continuous profiling as early as 2022 to help users locate common complex performance issues.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpi9lejh6qnvzi0fazgc4.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpi9lejh6qnvzi0fazgc4.jpeg" alt=" " width="800" height="369"></a>

Continuous profiling provides the following three core features:

Code hotspot: locates issues by associating wall clock hotspots with trace information.

● If your business is too complex to reproduce occasional slow calls, the code diagnostics feature can simulate code execution and method calls.

● If the methods and instrumentation at non-framework layers are missing from traces, the code diagnostics feature helps you restore the time consumed for the methods about instrumentation.

CPU hotspot: locates issues by periodically collecting snapshots of method stacks that are running CPU threads.

● When the CPU utilization of your system is high, this feature can quickly locate the business logic method stacks that cause high CPU consumption.

Memory hot spots: locates issues by recording the allocated memory size and number of allocation times when a thread exceeds the heap memory threshold and triggers memory allocation and collecting the method stack snapshots.

● When the heap-memory usage of your JVM is high, this feature can quickly locate the business logic method stacks that request large heap memory or send a large number of memory requests.

After extensive customer adoption and continuous evolution and optimization over the past few years, continuous profiling is upgraded in terms of usability. The following sections introduce each of the key upgrades.

Optimized Storage and Computing Engine: Smooth and Efficient Data Retrieval 
Data structures of flame graphs are complex, posing significant challenges for both large-volume data storage and aggregate computing. As a result, a common practice among industry products is to only temporarily enable the feature to collect data for a certain period and perform data aggregation analysis at short intervals. Although the use process of this approach is cumbersome, it can to some extent help locate common performance bottlenecks. However, when dealing with scenarios that are difficult to reproduce, the cost of problem localization becomes extremely high.

In this upgrade, we significantly optimized both the data format and query engine. For continuous profiling, we have enhanced the query intervals and target objects: previously, only 1-, 5-, or 15-minute data aggregation was supported, whereas now it enables second-level aggregation across dimensions including daily granularity, multiple instances, and multiple threads. This upgrade allows continuous profiling to offer not only a broader aggregation scope but also finer-grained dimensions, improving the effectiveness of locating various performance issues.

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faiz8ed5ai1mb6utl1udw.jpeg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faiz8ed5ai1mb6utl1udw.jpeg" alt=" " width="800" height="426"></a>

AI Copilot-powered Flame Graph Analysis: One-click Insight into Performance Hotspots 
In the past, we learned from the user side that although the flame graph tool is highly effective for troubleshooting performance issues, the interpreting of flame graphs presents a significant barrier for a large number of customers. To address this, our latest version of continuous profiling now supports AI Copilot-powered flame graph analysis, enabling users who lack expertise in flame graph interpretation to easily identify performance bottlenecks with flame graphs.

Demo

<ol>
<li> After enabling continuous profiling for an application, select the corresponding application in the console. Taking CPU hotspot issues as an example, on the flame graph page shown in the following figure, click the purple magic wand icon for AI Copilot-powered analysis in the upper-right corner of the flame graph page to trigger the analysis.</li>
</ol>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbam7ilei5guf2l02cn7y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbam7ilei5guf2l02cn7y.png" alt=" " width="800" height="412"></a>

<ol>
<li> Copilot quickly provides an analysis report and recommendations for the flame chart.</li>
</ol>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1axrsy5hbrghyzxikbmy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1axrsy5hbrghyzxikbmy.png" alt=" " width="800" height="434"></a>

<ol>
<li> The report results show that the java.util.LinkedList.node(int) method takes a long time in the flame graph and occupies a large number of CPU resources.</li>
</ol>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2q97dtm61sv2jzjedwg3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2q97dtm61sv2jzjedwg3.png" alt=" " width="800" height="303"></a>

<ol>
<li> In addition to analysis and recommendations, the model can also provide targeted code optimization suggestions if you provide code snippets with key information redacted.</li>
</ol>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlun95hruslzj4mhacoi.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlun95hruslzj4mhacoi.png" alt=" " width="800" height="474"></a>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyntdaknvc9hfycwpphu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyntdaknvc9hfycwpphu.png" alt=" " width="800" height="489"></a>

<ol>
<li> After the application code is adjusted and optimized, the feature can also perform regression verification of the optimization results based on the flame graphs generated by continuous profiling.</li>
</ol>

D*ifferential Flame Charts: Accurately Comparing Performance Differences* 
Differential flame graphs compare performance data from two time periods to generate a differential graph, in which red flame indicates performance degrade and blue flame indicates performance improvement. This helps identify functions with significant performance changes over different time periods. This capability proves extremely helpful for locating scenarios where the performance of an application has differential changes over a certain period. The new version of continuous profiling provides out-of-the-box differential flame graph analysis capabilities.

Demo

<ol>
<li> After enabling continuous profiling for an application, select the application in the console. Taking CPU hotspot issue localization as an example, click the "Data Comparison" button in the upper-left corner of the page to generate a differential flame graph comparing performance of two time periods.</li>
</ol>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feemjond14zw4mckjmvad.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feemjond14zw4mckjmvad.png" alt=" " width="800" height="432"></a>

<ol>
<li> Based on the generated differential flame graph, you can view differential hotspots across different time periods by using AI Copilot to analyze the flame graph.</li>
</ol>

<a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdmt3t1dynp7wc3ikl8ma.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdmt3t1dynp7wc3ikl8ma.png" alt=" " width="800" height="432"></a>

Summary 
For more information about the upgraded features, see upgrade notices and product documentation.

تُعتبر الترقية الأخيرة لـ ARMS Continuous Profiling خطوة مهمة نحو تعزيز الكفاءة والدقة في تحديد اختناقات الأداء في تطبيقات البرمجيات. مع انتقال الشركات إلى الخدمات المصغرة السحابية، تتناول هذه الأداة التحديات التي تطرحها سلاسل التطبيقات المعقدة والاعتماديات، مما يسهل على المطورين تشخيص المشكلات. لا تعمل هذه الترقية على تحسين أداء التطبيقات فحسب، بل تدعم أيضًا الحاجة المتزايدة إلى حلول برمجية قابلة للتوسع ومرنة، مما يعود بالنفع في النهاية على الشركات ومستخدميها.

La reciente actualización de ARMS Continuous Profiling es un paso importante para mejorar la eficiencia y precisión en la localización de cuellos de botella de rendimiento en aplicaciones de software. A medida que las empresas se trasladan a microservicios nativos de la nube, esta herramienta aborda los desafíos que presentan las cadenas de aplicaciones complejas y las dependencias, facilitando el diagnóstico de problemas para los desarrolladores. Esta actualización no solo mejora el rendimiento de las aplicaciones, sino que también apoya la creciente necesidad de soluciones de software escalables y ágiles, beneficiando en última instancia a las empresas y a sus usuarios.

La récente mise à niveau de l'ARMS Continuous Profiling représente une avancée significative pour améliorer l'efficacité et la précision de la localisation des goulets d'étranglement de performance dans les applications logicielles. Alors que les entreprises passent aux microservices cloud-natifs, cet outil répond aux défis posés par les chaînes d'applications complexes et les dépendances, facilitant ainsi le dépannage des problèmes pour les développeurs. Cette mise à niveau améliore non seulement les performances des applications, mais soutient également le besoin croissant de solutions logicielles évolutives et agiles, bénéficiant finalement aux entreprises et à leurs utilisateurs.

The recent upgrade of ARMS Continuous Profiling is a significant step forward in enhancing the efficiency and accuracy of performance bottleneck localization in software applications. As enterprises transition to cloud-native microservices, this tool addresses the challenges posed by complex application chains and dependencies, making it easier for developers to troubleshoot issues. This upgrade not only improves application performance but also supports the growing need for scalable and agile software solutions, ultimately benefiting businesses and their users.

Comparison of cloud-native application configuration services

Comparison of cloud-native application configuration services

Was this article worth reading? Share it