DevOps’ish

The Claude Fable launch turned into a complete debacle this week and is a cautionary tale of the times we’re in. It’s also one of the most botched product releases we’ve witnessed in quite some time. On Tuesday, June 9th, Claude Fable 5 and Mythos 5 were released to every paying customer for a limited time, before it was slated to move to API billing on June 22nd. Anthropic implemented several safeguards (classifiers) to route sensitive topics such as cybersecurity, chemistry, and biology queries to older models. There were additional checks in place that hindered AI researchers and safety folks from doing their work by invisibly doing the same thing. Anthropic walked back the invisible safety checks, saying, “We made the wrong trade-off and we apologize for not getting the balance right.” On Thursday, Microsoft restricted employees from using the latest Claude models due to a 30-day retention policy that Anthropic implemented as yet another safety feature. I have no doubt numerous other organizations would do the same. ...

Most teams quarantine flaky tests. We fix them. A flake fails, someone hits retry, it passes, you merge. The bug doesn’t go away. Mendral runs in your CI, reproduces the flake in a sandbox, finds the actual race or timing bug, and opens the fix PR. No quarantines, no skip annotations, no ignore list growing month over month. SPONSORED Eliminating Kubernetes Image Signature Replication - The Kubernetes project tore out a resource-intensive signature replication pipeline and replaced it with a simple routing approach that points all signature requests to a single canonical region. Less infra, same trust chain. From Kubernetes Dashboard to Headlamp: Understanding the Transition - The Kubernetes Dashboard is archived. Headlamp is the successor, and this post maps familiar workflows to the new tool while walking through multi-cluster visibility, application-centric views, and the plugin extension model. Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware - Attackers compromised the CI/CD pipeline behind the @redhat-cloud-services npm namespace and poisoned over 30 packages with malware that runs automatically on npm install. It hoovers up GitHub tokens, cloud credentials, Kubernetes tokens, SSH keys, and more – then disguises its exfil traffic as calls to api.anthropic.com to blend into org logs. If you run anything from that scope, audit your environments now. ...

Make smarter application decisions with Azure Copilot Migration Agent (Sponsor) Stop guessing what to modernize. This playbook from Microsoft’s Azure Copilot Migration Agent team gives you strategies to decide what to re-platform, refactor, and what to leave as is. Try it yourself — download a copy today. Reconciling the Past: Correcting Records for Unfixed Kubernetes CVEs - The Kubernetes Security Response Committee will correct CVE records on June 1, 2026 for three long-standing unfixed vulnerabilities that represent architectural design trade-offs rather than code bugs, with remediation approaches provided for cluster admins. Nvidia to spend $150 billion a year in Taiwan, ’epicentre’ of AI revolution, says CEO - Jensen Huang announced Nvidia will commit roughly $150 billion annually to Taiwan operations and break ground on a new 4,000-person Taipei headquarters called Constellation, up from just $10-15 billion a year five years ago. Tech CEOs are apparently suffering from AI psychosis - Box CEO Aaron Levie argues that tech executives have become dangerously disconnected from practical AI implementation realities, leading them to overestimate productivity gains and justify mass layoffs on automation assumptions that don’t hold up. ...

GitHub Confirms Internal Breach via Poisoned VS Code Extension - Official statement from GitHub confirming TeamPCP’s breach of approximately 3,800 internal repositories via the backdoored Nx Console VS Code extension; the malicious version was pulled in 18 minutes, credentials rotated, and no customer data appears to have been affected. NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability - A critical heap buffer overflow in NGINX dating back to 2008 can be exploited via the rewrite and set directives to achieve remote code execution – yes, 18 years. Fragnesia Made Public As Latest Linux Local Privilege Escalation Vulnerability - Hot on the heels of Dirty Frag, Fragnesia is now public as a similar LPE in Linux’s ESP/XFRM code with a logic bug allowing arbitrary byte writes into the kernel page cache – proof-of-concept code already out there. AI Just Found Another Linux Zero-Day and Security Researchers Are Freaking Out - CVE-2026-46333, a privilege escalation flaw in the Linux kernel’s ptrace subsystem, is stoking greater concern about AI tools compressing the timeline from discovery to exploitation. ...

The Linux kernel vulnerabilities are coming in hot and heavy. I don’t think I’ve ever updated a kernel due to security issues this frequently before. I fear CopyFail, Dirty Frag, and Fragnesia are the tip of a much bigger iceberg below the surface. There will be more, and they could come very quickly as more flaws in the kernel’s page cache logic are discovered, as more and more eyeballs focus on this exploit vector. As always, build safety into your systems and processes to make upgrades and reboots as painless as possible. Stay safe out there. How to migrate your paging tool without breaking your team Most teams treat a paging tool migration as a like-for-like swap. Mistake. Paging is ~10% of incident management. The other 90% (triage, comms, postmortems) is where teams actually break. SPONSORED Fleet-Scale Kubernetes: An Operating Model for Homogeneous Clusters with Decoupled Capacity - The case for managing fleets of many small, homogeneous Kubernetes clusters with decoupled capacity provisioning through a standardized autoscaler contract, rather than trying to scale individual clusters or unify across specialized cluster types. ...