DevOps’ish

Stop push-and-pray: run CI that actually debugs itself Edit YAML, commit, push, wait, squint at logs, guess, repeat. There’s a better loop. Watts at Depot walks through how Depot CI kills the cycle, migrate your GitHub Actions workflows in one command, run against uncommitted changes, SSH into failing jobs, and stop guessing. Get Started with Depot CI. Sponsored by Depot Cloud Native Days Romania Two days of cloud native talks, hands-on workshops, and strong community momentum - 18–19 May at the Radisson Blu, Bucharest. Join developers, platform engineers, DevOps practitioners, engineering leaders, and cloud enthusiasts for the 3rd edition of Romania’s community-driven Cloud Native Days, bringing practical Kubernetes use cases and modern cloud native systems to the stage. DevOpsDays Raleigh DevOpsDays Raleigh is one of the region’s premier community-driven tech conferences, bringing together engineers, DevOps leaders, and IT professionals for two days of real-world insights, practitioner-led talks, and interactive open spaces. And this year is special as it’s the 10th anniversary! This conference is focused on DevOps, cloud, automation, and modern software delivery. It offers a unique mix of learning, networking, and collaboration with peers tackling similar challenges across industries. Join me in Raleigh April 30th & May 1st! ...

Happy Easter! This week, I needed a term to describe the Easter Bunny as sneaky, and I came up with “Resurrection Rabbit.” Max thought it was funny in Elmer Fudd parlance, “Rascally Resurrection Rabbit.” One of the news items this week was the revelation that, thanks to a faulty build step, Anthropic leaked at least some of Claude Code’s source code. I was fortunate enough to obtain a copy to give it a cursory look. But others are already discussing what they are learning from the source code now that it’s out in the wild. I found the included pieces interesting, as well as an article about the .claude directory. The Islamic Revolutionary Guard Corps (IRGC) issued a threat to 18 US-based tech companies that they would be deemed military targets. One had already been attacked, as we’ve already seen with AWS. But, this threat also included a date and time: 1 April, 8 PM (Iran Standard Time). It appears the AWS region in Bahrain, me-south-1, was targeted again and AWS is scrambling to recover capacity. There’s some dispute over whether an Oracle facility was attacked in the UAE. I have many concerns about this war, one of which is whether these tech companies can continue to sustain the costs of being drawn into this conflict because of their work with the US government. The long-term effects of this conflict remain to be seen. ...

Supply chain security had a rough week. The TeamPCP campaign didn’t just hit Trivy once — it kept going, expanding to compromised Docker images for versions 0.69.4 through 0.69.6, then spreading to LiteLLM and Telnyx. There’s solid coverage across multiple sources in this edition; if you run Trivy in CI/CD, this week is required reading. No exceptions. On the AI governance side, the DOD’s attempt to block Anthropic from federal contracts hit a courtroom wall. A federal judge deemed it to look more like retaliation than policy. Anthropic, meanwhile, is pushing back against separate claims that it could remotely sabotage its own models during a national security event. The gap between what AI companies can actually do and what people think they can do remains impressively wide. Sashiko is worth your full attention. Google engineers built an agentic AI code-review system for the Linux kernel, found 53% of bugs that human reviewers missed, and then handed the project to the Linux Foundation. That’s the right governance move and a genuinely compelling result. More of that, please. ...

It was a big week. NVIDIA’s GTC conference dominated the headlines, with Jensen Huang making the case that your engineers should be spending nearly as much on AI tokens as they earn in salary. Whether that’s visionary or just a really good way to sell more GPUs, remains to be seen. Meanwhile, the U.S. government moved against chip smugglers, charging Super Micro employees with funneling Nvidia silicon to China, in what feels like the opening act of a much longer enforcement saga. Ingress NGINX is dead, y’all. No more patches, no more fixes. If you’re still running it in production, this is your official wake-up call. The Gateway API migration path is real now, and there’s solid coverage in this edition to help you get there. Kenneth Reitz’s essay on open source burnout is worth your full attention. It’s honest in a way that’s rare in this industry. Also, a good reminder that the people behind the tools we all depend on are, in fact, people. Read it, and maybe go thank a maintainer today. ...

I’m starting to get the feeling people need to reframe their thinking about AI and jobs. I know Amazon started to shrink the moment they had to start paying Nvidia and TSMC for chips for AI workloads. The AI frenzy has bled into every facet of tech at this point. The chip buying frenzy has also invaded every nook and cranny of tech company budgets. You’re either spending on tokens or chips. The larger tech employers are doing both. Just the past few weeks Amazon has had another round of layoffs, Block cut 40% of its staff, and others have laid off significant numbers of employees. Meanwhile, Anthropic says their impact on the job market isn’t as dramatic as it seems. Both cannot be true at the same time. Folks are truly missing the big story right in front of them: building AI tooling is causing layoffs to offset dramatic increases in CAPEX spending. The chips cost dramatically more to procure and operate. ...