CatOps

24 April 2026 10:25

A new issue of the CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-04-24

#newsletter #digest

CatOps

21 April 2026 12:07

After painful and not particularly successful adoption path of IPv6, a draft proposal for IPv8 is here. However, it has some critical flaws not on the technical, but on the operational and policy level. In short, in its current form, it would make the Internet more prone to be controlled by a centralized entity.

Here’s the draft itself I haven't read it yet, but now I sure will.

#networking

CatOps

16 April 2026 19:17

This article may upset some people, but this is a very good retrospective on measuring developer productivity, and what the new AI era may mean for this.

The Developer Productivity Trap is a rather long article, but it totally worth the time! Especially, if you work on the “development experience” side of things or is responsible for engineering metrics. It’s especially valuable read, if you’re on the journey of implementing AI assistants in your company.

#devex #culture

CatOps

13 April 2026 15:21

​​For today’s Donations Monday, I’d like to ask you to help with another smaller scale fundraiser for radio-electronic equipment for the 25th Brigade.

Monobank jar:

https://send.monobank.ua/jar/5cXWfFMLHR

The fundraiser is ~41% complete for now.

#donations #Ukraine

CatOps

08 April 2026 12:04

​​The Comforting Lie Of SHA Pinning is an article inspired by those supply chain attacks that happened lately.

It shows some quirks of how GitHub works with SHAs, which are quite unexpected. The gist and the main excerpt:

From the platform’s perspective, a fork is a separate repository with a shared object graph/history. When the runner resolves the reference, it ultimately looks up the commit in the Git object database; if that object exists and is reachable, it can be used regardless of which fork introduced it. A commit object is globally identifiable. If the SHA exists anywhere reachable, that is apparently sufficient.

CatOps

06 April 2026 12:50

​​From time to time, I share a standing jar for FPV drones for a guy from my wife’s hometown.

Today, I’d like to share a fundraiser for rehabilitation of his brother-in-arms, who lost his leg near Kostiantynivka. Now he needs to undergo a series of surgeries. Here’s a Monobank jar to help him financially:

https://send.monobank.ua/jar/5AmpbpVRxm

Card number:
4874 1000 2602 4938

#donations #Ukraine

CatOps

02 April 2026 14:19

Linux - The Good Stuff is a book bundle by No Starch Press that really has good stuff! Including the book I recommend to everyone starting with Linux - "How Linux Works" by Brian Ward and "The Linux Programming Interface" by Michael Kerrisk for those who want to know how Linux works, but on the API level.

There are some other interesting books as well. Yet, this bundle is not cheap: you have to pay at least €56 unlike the usual €20-25 to unlock it.

#books #linux

CatOps

26 March 2026 11:35

"From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out."

Official statement.

You can opt out in Copilot's "Privacy" settings, or migrate to Codeberg :D

#github #ai

CatOps

24 March 2026 09:22

You may already know that Trivy - a popular security scanner - was compromised last Friday.

- Here is a report by Wiz about this breach.
- Here is another article that goes beyond the GitHub Actions exploit.

If you run Trivy in any form, including locally, double-check what and when you ran.

Check if you had in your CI logs lines like below. Especially, if you’re not using curl in your CI normally.

Terminate orphan process: pid (xxxx) (curl)

~
Stop using Trivy. This isn’t the first time Aqua Security’s infrastructure has been compromised, and the `aqua-bot` account that enabled this attack was reportedly left exposed from a previous incident earlier in March that was never fully contained. That’s not a one-off failure; it’s an organizational pattern. A security scanning tool that can’t secure its own supply chain is a liability, not an asset. Remove `trivy-action` from your workflows and the Trivy CLI from your toolchains.

CatOps

22 March 2026 16:14

A new issue of the CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-03-22

Should have come out on Friday, but alas.

#newsletter #digest

CatOps

17 March 2026 17:07

I guess many of you are familiar with the concept of OKRs - Objective-Key-Results. OKRs have been around for quite some time. So, of course, there is a book about it.

Here is a short summary of this book by someone on the internet, alongside with their rating and recommendation for whom this book may be interesting.

Now, you can easily generate a book summary using AI these days. The summary itself is not the reason I want to share it with you. I think, writing such summaries is a great way of conceptualizing books for yourself in the first place. I keep telling myself, I should do this as well. Unfortunately, I am lazy :\

#books #okr #management

CatOps

13 March 2026 10:49

A colleague of mine wrote an article on navarromoralesdev/making-cloudflare-tunnels-work-with-mobile-apps-using-mtls-6613eeb813f4">using Cloudflare Tunnels to securely connect to your self-hosted things. It specifically covers quirks of connecting mobile apps, since not all of them can handle auth redirects correctly.

This is a nice read if you have a home lab or anything self-hosted. However, you can also use Cloudflare Tunnels for your business cases, like exposing your staging backend to test mobile devices, etc.

#security #cloudflare

CatOps

10 March 2026 14:47

4 ways to use Argo CD and Terraform together is an article on how to pass data between Terraform (or OpenTofu) and ArgoCD (or any other GitOps tool for that matter). For example, if you're creating a new infrastructure component and need to pass its endpoints to an app.


They pointed out quite explicitly, that you shouldn't just pass raw secrets around. However, they didn't mention any secret storage for whatever reason. For example, you can use vault_generic_secret resource to store credentials in Vault and then something like the External Secrets Operator to fetch them from there. I am not saying, you should, but you can.

P.S. This article was shared in our chat. Come join us! The chat is in Ukrainian, and it's usually fun!

#terraform #argocd #cd #kubernetes

CatOps

06 March 2026 16:51

You know that I keep the most juicy articles for Friday, right?

AI Isn't Replacing SREs. It's Deskilling Them.

Here's the article. I leave you with that.


#sre #culture

CatOps

03 March 2026 19:43

An article from Alex Ewerlöf on how the Staff Engineer Archetypes can backfire.

Honestly, it’s not the best of his articles, but it’s a good illustration that you cannot “lock yourself” just on a single aspect of your work. Especially, once you’ve gotten high enough to levels such as a Staff Engineer.

#culture #career

CatOps

22 April 2026 18:33

The Laws Of Architectural Work is a short article with two important insights about architectural decisions:

- They always come with trade-offs.
- Context matters.

This reminded me of a university professor from back in a day. He used to say: “There is no good solution, there is only an optimal solution for our case”. This phrase pretty much summarizes the whole premise of this article.

In any case, I think it’s an important reminder, taking into account that we can “outsource” more and more coding work, so what we left with is basically architectural work, being it software, infrastructure, networks, or something else.

P.S. This article was written in 2020, so take it into account, when you encounter words “recent” there. I’m digging through my archive of saved articles.

#architecture

CatOps

18 April 2026 12:12

Do you trust your colleagues?

An article Stop Using Pull Requests from the same author as the previous article in the channel, argues that they may be not ideal.

The core argument is that pull requests were originally created for low trust open source environment, in which contributors may have never seen each other, and often do not know each other at all. Development teams in the corporate world operate on another set of assumptions.

It's interesting that this article also builds up on the ideas of Thierry de Pauw. IIRC, I already posted his talk "Non blocking Pull Requests" on the channel, but in any case, I can do it again.

The main premise of the article is that you need to adopt T*D practices: test-driven development, trunk-based development, and another made-up T*D practice that basically means pair-programming.

From my experience I can say, that eliminating pull requests is probably not something you can do in a short run, but measuring the waiting time before PRs are merged is a good practice. Another good practice is to team-up on tasks or projects. So, basically pair-programming, but several people can still work on different tasks within a project, share context on this project, and thus be able to review each other's work almost immediately without much context switching.

T*D practices are also nice. Honestly, I have an impression that the majority of people are using the trunk-based merge model and continuous deployment these days. Also, it's interesting how AI can facilitate test-driven development: spec (by human) => test (by a machine) => tests review (by humans) => coding (by a machine).

#culture #programming

CatOps

14 April 2026 13:11

Yet another article on the topic of technical debt.

It uses Martin Fowler's "Technical Debt Quadrant" to reason about the technical debt and provides some advices on how to address it.

P.S. There is some self-promotion in the end, but it's subtle. So, I would say that this article is still a nice entry point into the topic.

#culture

CatOps

10 April 2026 13:35

As you may know, LocalStack deprecates their community version starting from the 23rd of March.

So, here are a few alternatives you may consider:

- MiniStack - a free alternative written in Python.
- Floci - another free alternative written in Java.
- Kumo - a lightweight AWS simulator written in Go.

I haven't tried any of them yet. I guess, I'll need to, since I'm using LocalStack to test my open sourced Terraform module.

#aws #localstack

CatOps

07 April 2026 10:40

Terragrunt has released version 1.0. According to them, this is not about a lot of brand-new features, but a commitment to backwards compatibility within the 1.x branch.

The press-release also has an overview of some features that Terragrunt has.

#terraform #terragrut #opentofu

CatOps

04 April 2026 16:15

A new issue of CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-04-04

#digest #newsletter

CatOps

31 March 2026 10:13

I wish, I could say: "Good morning", but instead I say:

- axios Compromised on npm - Malicious Versions Drop Remote Access Trojan. Axios is an incredibly popular HTTP client for NodeJS, so if you use that, there's a high chance, you're affected.
- Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561

#security

CatOps

25 March 2026 13:20

Kubernetes' SIG Network released a Ingress2Gateway tool version 1.0.

This is a tool which aim is to help you to migrate your deprecated Nginx Ingress configuration to the new Gateway API. They do not advertise this tool as a one-click migration solution, but rather as a helper to recreate your manifests.

P.S. Cannot wait to see, how this tool would translate all the custom spaghetti server snippets for Nginx 😈

#kubernetes #networking

CatOps

23 March 2026 13:50

For today's Donations Monday, I'd like to share with you a Monobank jar from a friend of mine, who had his birthday last weekend.

https://send.monobank.ua/jar/AYR2HGkbxg

Jar card number:

4874100025989107

He currently serves in Armed Forces of Ukraine, and has a Telegram channel about books (in Ukrainian) that he still updates, albeit not as often as before for obvious reasons. You can subscribe there as well!

#donations #Monday

CatOps

18 March 2026 15:44

A former colleague of mine wrote an article on how to write better tests with AI.

I recall, there were debates, what should a human write: tests or the implementation. Now, there are debates on whether a human should open their IDE at all.

This article is front-end focused, but it has some actionable and more or less universal advice on how to make AI do tests better. At the end of the day, AI is just another tool and the whole trick is in how good do you apply it.

#ai #programming

CatOps

16 March 2026 12:30

​​For today’s Donations Monday, I’d like to remind you about the UA Responders foundation that raises money for the rehabilitation of Ukrainian veterans.

#donations #Ukraine

CatOps

11 March 2026 13:33

So, Amazon pushed back on the Financial Times report about AI causing outages. This is not news.

However, they now require a senior engineer's approval on the AI generated code pushed by non-senior engineers, apparently. It's not clear, who should review AI code generated by seniors, though.

- Financial Times (paywalled).
- Opinion on Xitter.
- Discussion on Hacker News.

This is an interesting twist on the whole AI adoption, and it would be very interesting to see where it would go from here. At least, at Amazon.

P.S. As a bonus, here's a book bundle about LLMs and some related stuff, so you could review AI-generated code more efficiently!

#ai #aws #culture

CatOps

07 March 2026 10:37

These days all the talks are about AI.

My (hypothetical) SRECon26 keynote is an article from Charity Majors with her advice on how SREs should approach AI.

BTW, I’ve heard good things about SRECon. I don’t know if the upcoming SRECon Americas is the same as SRECon in Dublin in October, but maybe I should check that one out!

#sre #ai

CatOps

05 March 2026 12:59

A story from OpenAI on how they scale Postgres.

While this is an interesting read, and you can definitely borrow some ideas from there; I got an impression that OpenAI is moving towards Azure’s CosmosDB from Postgres.

If a new feature requires additional tables, they must be in alternative sharded systems such as Azure CosmosDB rather than PostgreSQL.

While we’re happy with how far PostgreSQL has taken us, we continue to push its limits to ensure we have sufficient runway for future growth. We’ve already migrated the shardable write-heavy workloads to our sharded systems like CosmosDB. The remaining write-heavy workloads are more challenging to shard—we’re actively migrating those as well to further offload writes from the PostgreSQL primary.

CatOps

03 March 2026 10:59

Two bundles for you today:

- Python courses
- Cloud Practice Exams (mostly AI-related, tho)

#bundle