DevOps’ish

Happy Easter! This week, I needed a term to describe the Easter Bunny as sneaky, and I came up with “Resurrection Rabbit.” Max thought it was funny in Elmer Fudd parlance, “Rascally Resurrection Rabbit.” One of the news items this week was the revelation that, thanks to a faulty build step, Anthropic leaked at least some of Claude Code’s source code. I was fortunate enough to obtain a copy to give it a cursory look. But others are already discussing what they are learning from the source code now that it’s out in the wild. I found the included pieces interesting, as well as an article about the .claude directory. The Islamic Revolutionary Guard Corps (IRGC) issued a threat to 18 US-based tech companies that they would be deemed military targets. One had already been attacked, as we’ve already seen with AWS. But, this threat also included a date and time: 1 April, 8 PM (Iran Standard Time). It appears the AWS region in Bahrain, me-south-1, was targeted again and AWS is scrambling to recover capacity. There’s some dispute over whether an Oracle facility was attacked in the UAE. I have many concerns about this war, one of which is whether these tech companies can continue to sustain the costs of being drawn into this conflict because of their work with the US government. The long-term effects of this conflict remain to be seen. ...

Supply chain security had a rough week. The TeamPCP campaign didn’t just hit Trivy once — it kept going, expanding to compromised Docker images for versions 0.69.4 through 0.69.6, then spreading to LiteLLM and Telnyx. There’s solid coverage across multiple sources in this edition; if you run Trivy in CI/CD, this week is required reading. No exceptions. On the AI governance side, the DOD’s attempt to block Anthropic from federal contracts hit a courtroom wall. A federal judge deemed it to look more like retaliation than policy. Anthropic, meanwhile, is pushing back against separate claims that it could remotely sabotage its own models during a national security event. The gap between what AI companies can actually do and what people think they can do remains impressively wide. Sashiko is worth your full attention. Google engineers built an agentic AI code-review system for the Linux kernel, found 53% of bugs that human reviewers missed, and then handed the project to the Linux Foundation. That’s the right governance move and a genuinely compelling result. More of that, please. ...

It was a big week. NVIDIA’s GTC conference dominated the headlines, with Jensen Huang making the case that your engineers should be spending nearly as much on AI tokens as they earn in salary. Whether that’s visionary or just a really good way to sell more GPUs, remains to be seen. Meanwhile, the U.S. government moved against chip smugglers, charging Super Micro employees with funneling Nvidia silicon to China, in what feels like the opening act of a much longer enforcement saga. Ingress NGINX is dead, y’all. No more patches, no more fixes. If you’re still running it in production, this is your official wake-up call. The Gateway API migration path is real now, and there’s solid coverage in this edition to help you get there. Kenneth Reitz’s essay on open source burnout is worth your full attention. It’s honest in a way that’s rare in this industry. Also, a good reminder that the people behind the tools we all depend on are, in fact, people. Read it, and maybe go thank a maintainer today. ...

I’m starting to get the feeling people need to reframe their thinking about AI and jobs. I know Amazon started to shrink the moment they had to start paying Nvidia and TSMC for chips for AI workloads. The AI frenzy has bled into every facet of tech at this point. The chip buying frenzy has also invaded every nook and cranny of tech company budgets. You’re either spending on tokens or chips. The larger tech employers are doing both. Just the past few weeks Amazon has had another round of layoffs, Block cut 40% of its staff, and others have laid off significant numbers of employees. Meanwhile, Anthropic says their impact on the job market isn’t as dramatic as it seems. Both cannot be true at the same time. Folks are truly missing the big story right in front of them: building AI tooling is causing layoffs to offset dramatic increases in CAPEX spending. The chips cost dramatically more to procure and operate. ...

A lot is going on in the world of tech today. I have to say, of all the boneheaded moves the US government has made in the past couple of weeks, turning away Anthropic, one of the most popular AI companies, because of two very simple asks is not smart. The government’s ask is too broad (anything legal; the definition of legal can change), and Anthropic’s ask is quite narrow (don’t use our AI to kill people unchecked or spy on US citizens domestically). The US already spies on everything we do as citizens indirectly (metadata can be as powerful as the actual data at a sufficient scale). I suspect this is the sticking point for the US government. Like it or not, the world is in a race to integrate and improve AI across all of society. Telling Anthropic that they can’t play in the government space is not going to accelerate anything; quite the opposite. Meanwhile, the rest of the world is using US AI company tooling to speed their delivery of new AI capabilities. Some would argue that China is winning right now, specifically with Qwen (which also had a weird week). ...