​​From time to time, I share a standing jar for FPV drones for a guy from my wife’s hometown.

Today, I’d like to share a fundraiser for rehabilitation of his brother-in-arms, who lost his leg near Kostiantynivka. Now he needs to undergo a series of surgeries. Here’s a Monobank jar to help him financially:

https://send.monobank.ua/jar/5AmpbpVRxm

Card number:
4874 1000 2602 4938

#donations #Ukraine

Читать полностью…

Linux - The Good Stuff is a book bundle by No Starch Press that really has good stuff! Including the book I recommend to everyone starting with Linux - "How Linux Works" by Brian Ward and "The Linux Programming Interface" by Michael Kerrisk for those who want to know how Linux works, but on the API level.

There are some other interesting books as well. Yet, this bundle is not cheap: you have to pay at least €56 unlike the usual €20-25 to unlock it.

#books #linux

Читать полностью…

"From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out."

Official statement.

You can opt out in Copilot's "Privacy" settings, or migrate to Codeberg :D

#github #ai

Читать полностью…

You may already know that Trivy - a popular security scanner - was compromised last Friday.

- Here is a report by Wiz about this breach.
- Here is another article that goes beyond the GitHub Actions exploit.

If you run Trivy in any form, including locally, double-check what and when you ran.

Check if you had in your CI logs lines like below. Especially, if you’re not using curl in your CI normally.

Terminate orphan process: pid (xxxx) (curl)

Check if you have this file on your local machine or a non-GHA executor: ~/.config/systemd/user/sysmon.py.

You may need to rotate a lot of credentials as a fallout of this breach.

Also, as harsh as it sounds, this line from one of the articles above makes sense:

~
Stop using Trivy. This isn’t the first time Aqua Security’s infrastructure has been compromised, and the `aqua-bot` account that enabled this attack was reportedly left exposed from a previous incident earlier in March that was never fully contained. That’s not a one-off failure; it’s an organizational pattern. A security scanning tool that can’t secure its own supply chain is a liability, not an asset. Remove `trivy-action` from your workflows and the Trivy CLI from your toolchains.

#security

Читать полностью…

A new issue of the CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-03-22

Should have come out on Friday, but alas.

#newsletter #digest

Читать полностью…

I guess many of you are familiar with the concept of OKRs - Objective-Key-Results. OKRs have been around for quite some time. So, of course, there is a book about it.

Here is a short summary of this book by someone on the internet, alongside with their rating and recommendation for whom this book may be interesting.

Now, you can easily generate a book summary using AI these days. The summary itself is not the reason I want to share it with you. I think, writing such summaries is a great way of conceptualizing books for yourself in the first place. I keep telling myself, I should do this as well. Unfortunately, I am lazy :\

#books #okr #management

Читать полностью…

A colleague of mine wrote an article on navarromoralesdev/making-cloudflare-tunnels-work-with-mobile-apps-using-mtls-6613eeb813f4">using Cloudflare Tunnels to securely connect to your self-hosted things. It specifically covers quirks of connecting mobile apps, since not all of them can handle auth redirects correctly.

This is a nice read if you have a home lab or anything self-hosted. However, you can also use Cloudflare Tunnels for your business cases, like exposing your staging backend to test mobile devices, etc.

#security #cloudflare

Читать полностью…

4 ways to use Argo CD and Terraform together is an article on how to pass data between Terraform (or OpenTofu) and ArgoCD (or any other GitOps tool for that matter). For example, if you're creating a new infrastructure component and need to pass its endpoints to an app.


They pointed out quite explicitly, that you shouldn't just pass raw secrets around. However, they didn't mention any secret storage for whatever reason. For example, you can use vault_generic_secret resource to store credentials in Vault and then something like the External Secrets Operator to fetch them from there. I am not saying, you should, but you can.

P.S. This article was shared in our chat. Come join us! The chat is in Ukrainian, and it's usually fun!

#terraform #argocd #cd #kubernetes

Читать полностью…

You know that I keep the most juicy articles for Friday, right?

AI Isn't Replacing SREs. It's Deskilling Them.

Here's the article. I leave you with that.


#sre #culture

Читать полностью…

An article from Alex Ewerlöf on how the Staff Engineer Archetypes can backfire.

Honestly, it’s not the best of his articles, but it’s a good illustration that you cannot “lock yourself” just on a single aspect of your work. Especially, once you’ve gotten high enough to levels such as a Staff Engineer.

#culture #career

Читать полностью…

​​For today’s Donations Monday, I’d like to ask you to donate the downing of russian UAVs.

This is a fundraiser by Come Back Alive and they support different payment methods!

#donations #Ukraine

Читать полностью…

Why etcd breaks at scale in Kubernetes is a great article that describes, what etcd is, how it works in nutshell, what are its limitations; and, most importantly, why does it all matter to Kubernetes.

I had an etcd cluster becoming read-only due to the backend quota. The fact that this happened on the 1st of January added insult to injury.

P.S. LearnKube is a great resource for all the Kubernetes related topics. I highly recommend reading their other articles as well, if you want to get more familiar with the technology!

#kubernetes #etcd

Читать полностью…

For today's donations Monday, I'd like to share once again the standing Monobank jar for FPV equipment.

This jar is for the unit in which a guy from my wife's hometown serves.

https://send.monobank.ua/jar/4WLw91UqFe

#donations #Monday

Читать полностью…

Collaboration sucks is a nice Friday evening read about the ways we work together.

I think, this article has interesting thoughts, but as usual, you need to use your own judgement to understand the environment you’re in.

For example:

You’re the driver” is a key value for us at PostHog. We aim to hire people who are great at their jobs and get out of their way. No deadlines, minimal coordination, and no managers telling you what to do.
In return, we ask for extraordinarily high ownership and the ability to get a lot done by _yourself._ Marketers ship code, salespeople answer technical questions without backup, and product engineers work across the stack

This works great until end up with the codebase that has a unique flavor of the same wheels at every corner. Sure, there are ways of dealing with that, but you have to have those constraints beforehand.

However, the idea of limiting your collaboration and inviting only the relevant people into the decision making process, makes total sense. If your company growths, at some point it will grow beyond the point a single person can understand every aspect of your system. When it happens, sharing proposals to everyone wouldn’t, indeed, improve your collaboration and the team spirit; it would just generate noise. And when there is too much noise, it’s easy to lose important signals.

#culture

Читать полностью…

​​Support a friend of mine on the Frontline!

Last year, she chose the tough path: Combat Medic.
Now, she needs our help to secure critical medical supplies that can't wait for paperwork.

No donation is too small. Let’s help her save lives!

- Mono Jar: https://send.monobank.ua/jar/75jQXw6aYq
- Mono: 💳: 4874100025644306
- Privat: 💳: 5168745027810065

#donations #Ukraine

Читать полностью…

A new issue of CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-04-04

#digest #newsletter

Читать полностью…

I wish, I could say: "Good morning", but instead I say:

- axios Compromised on npm - Malicious Versions Drop Remote Access Trojan. Axios is an incredibly popular HTTP client for NodeJS, so if you use that, there's a high chance, you're affected.
- Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561

#security

Читать полностью…

Kubernetes' SIG Network released a Ingress2Gateway tool version 1.0.

This is a tool which aim is to help you to migrate your deprecated Nginx Ingress configuration to the new Gateway API. They do not advertise this tool as a one-click migration solution, but rather as a helper to recreate your manifests.

P.S. Cannot wait to see, how this tool would translate all the custom spaghetti server snippets for Nginx 😈

#kubernetes #networking

Читать полностью…

For today's Donations Monday, I'd like to share with you a Monobank jar from a friend of mine, who had his birthday last weekend.

https://send.monobank.ua/jar/AYR2HGkbxg

Jar card number:

4874100025989107

He currently serves in Armed Forces of Ukraine, and has a Telegram channel about books (in Ukrainian) that he still updates, albeit not as often as before for obvious reasons. You can subscribe there as well!

#donations #Monday

Читать полностью…

A former colleague of mine wrote an article on how to write better tests with AI.

I recall, there were debates, what should a human write: tests or the implementation. Now, there are debates on whether a human should open their IDE at all.

This article is front-end focused, but it has some actionable and more or less universal advice on how to make AI do tests better. At the end of the day, AI is just another tool and the whole trick is in how good do you apply it.

#ai #programming

Читать полностью…

​​For today’s Donations Monday, I’d like to remind you about the UA Responders foundation that raises money for the rehabilitation of Ukrainian veterans.

#donations #Ukraine

Читать полностью…

So, Amazon pushed back on the Financial Times report about AI causing outages. This is not news.

However, they now require a senior engineer's approval on the AI generated code pushed by non-senior engineers, apparently. It's not clear, who should review AI code generated by seniors, though.

- Financial Times (paywalled).
- Opinion on Xitter.
- Discussion on Hacker News.

This is an interesting twist on the whole AI adoption, and it would be very interesting to see where it would go from here. At least, at Amazon.

P.S. As a bonus, here's a book bundle about LLMs and some related stuff, so you could review AI-generated code more efficiently!

#ai #aws #culture

Читать полностью…

These days all the talks are about AI.

My (hypothetical) SRECon26 keynote is an article from Charity Majors with her advice on how SREs should approach AI.

BTW, I’ve heard good things about SRECon. I don’t know if the upcoming SRECon Americas is the same as SRECon in Dublin in October, but maybe I should check that one out!

#sre #ai

Читать полностью…

A story from OpenAI on how they scale Postgres.

While this is an interesting read, and you can definitely borrow some ideas from there; I got an impression that OpenAI is moving towards Azure’s CosmosDB from Postgres.

If a new feature requires additional tables, they must be in alternative sharded systems such as Azure CosmosDB rather than PostgreSQL.

—-

While we’re happy with how far PostgreSQL has taken us, we continue to push its limits to ensure we have sufficient runway for future growth. We’ve already migrated the shardable write-heavy workloads to our sharded systems like CosmosDB. The remaining write-heavy workloads are more challenging to shard—we’re actively migrating those as well to further offload writes from the PostgreSQL primary.

Cosmos DB, from my understanding, is a document-oriented DB from Microsoft, similar to MongoDB.

#databases

Читать полностью…

Two bundles for you today:

- Python courses
- Cloud Practice Exams (mostly AI-related, tho)

#bundle

Читать полностью…

A new issue of the digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-02-27

#newsletter #digest

Читать полностью…

An article from OpenAI on how they created a complete project without any human-written code.

This is, of course, kind of marketing material for OpenAI, but it also has interesting points:

 code throughput increased, our bottleneck became human QA capacity.

 management is one of the biggest challenges in making agents effective at large and complex tasks. One of the earliest lessons we learned was simple: give Codex a map, not a 1,000-page instruction manual.

 the agent’s point of view, anything it can’t access in-context while running effectively doesn’t exist. Knowledge that lives in Google Docs, chat threads, or people’s heads are not accessible to the system. Repository-local, versioned artifacts (e.g., code, markdown, schemas, executable plans) are all it can see.

And the most important point, in my opinion:

 kind of architecture you usually postpone until you have hundreds of engineers. With coding agents, it’s an early prerequisite: the constraints are what allows speed without decay or architectural drift.
...
In a human-first workflow, these rules might feel pedantic or constraining. With agents, they become multipliers: once encoded, they apply everywhere at once.

In any case, it's an interesting read. Obviously, it's all related to a completely green field project. So, your mileage for decade-old monoliths may vary.

P.S. Also, according to the diagrams in this article, OpenAI uses VictoriaMetrics, which is also cool :)

#ai #programming

Читать полностью…

Apparently, AWS had at least two recent outages due to AI. It was originally reported by Financial Times, but their article is behind a paywall. If you’re subscribed, you can read it here.

Me seeing these news surprisingly coincided with me seeing this post on Reddit: Vibe coders passing responsibility on code reviewers.

And this is kinda true, scary, and reassuring at the same time.

True because it’s indeed very easy these days to generate a lot of code in almost any language.

Scary, because the meme about 5000+ lines PRs with LGTM stands true. While AI code reviewers can quite effectively catch typos and style issues, that humans kinda suck in catching; overly complex logic is usually Ok for them. Thus, we will face more outages in the nearest future, in my opinion.

Reassuring, because it means that those of you who “keep the lights on” are not going anywhere because of AI. In fact, quite the opposite.

#ai

Читать полностью…

​​For those of you, who're into MySQL.

There's an open letter to Oracle to establish a foundation to take care of MySQL.

https://letter.3306-db.org/

You can subscribe to make your voice heard. I would say, it's an important thing to do, because, you know, community matters. Also, it doesn't require much work from your side at this point.

More information is available via that link above.

#databases #mysql

Читать полностью…

From CatOps with love: a new issue of our newsletter is here!

https://newsletter.catops.dev/p/catops-digest-2026-02-14

#digest #newsletter

Читать полностью…