DevOps'ish 301: Super Micro Arrests, FT PO'd AWS, Show Me the Tokens, and more

It was a big week. NVIDIA’s GTC conference dominated the headlines, with Jensen Huang making the case that your engineers should be spending nearly as much on AI tokens as they earn in salary. Whether that’s visionary or just a really good way to sell more GPUs, remains to be seen. Meanwhile, the U.S. government moved against chip smugglers, charging Super Micro employees with funneling Nvidia silicon to China, in what feels like the opening act of a much longer enforcement saga.

Ingress NGINX is dead, y’all. No more patches, no more fixes. If you’re still running it in production, this is your official wake-up call. The Gateway API migration path is real now, and there’s solid coverage in this edition to help you get there.

Kenneth Reitz’s essay on open source burnout is worth your full attention. It’s honest in a way that’s rare in this industry. Also, a good reminder that the people behind the tools we all depend on are, in fact, people. Read it, and maybe go thank a maintainer today.

If you’re at KubeCon in Amsterdam this week, stay safe and have fun.

QEMU microvm vs. Cloud Hypervisor: Choosing Your VMM
Building a CI platform? Choosing between QEMU and Cloud Hypervisor means weighing legacy flexibility against a modern, Rust-based design. Depot’s engineers break down the differences in API support, GPU passthrough, and hotplugging to help you make the right call. SPONSORED

Events

Cloud Native Days Romania
Two days of cloud native talks, hands-on workshops, and strong community momentum - 18–19 May at the Radisson Blu, Bucharest. Join developers, platform engineers, DevOps practitioners, engineering leaders, and cloud enthusiasts for the 3rd edition of Romania’s community-driven Cloud Native Days, bringing practical Kubernetes use cases and modern cloud native systems to the stage.

Running Agents on Kubernetes with Agent Sandbox - Agent Sandbox, a new Kubernetes project under SIG Apps, introduces a declarative API for running isolated, stateful AI agents with strong execution boundaries, lifecycle management, and stable networking identities.

Securing Production Debugging in Kubernetes - Recommendations for securing Kubernetes debugging workflows using RBAC least privilege, short-lived identity-bound credentials, and SSH-style secure shell gateways that enforce temporary access with full audit logging.

The Invisible Rewrite: Modernizing the Kubernetes Image Promoter - The kpromo tool underwent a nine-phase rewrite that cut 20% of the codebase, fixed rate limiter performance bugs, and rebuilt the architecture as a clean pipeline engine — all without disrupting production.

Stairway to GitOps: Scaling Flux at Morgan Stanley - Morgan Stanley shares their five-year journey deploying GitOps with Flux across 500+ clusters, covering security hardening, performance tuning, and observability at enterprise scale.

Super Micro shares tank 33% after employees charged with smuggling Nvidia chips to China - Federal prosecutors charged Super Micro employees with illegally exporting top-tier Nvidia AI chips to China as the U.S. government intensifies its crackdown on semiconductor export control violations.

OpenAI preps for IPO by end of year, tells employees ChatGPT must be ‘productivity tool’ - OpenAI hired former DocuSign CFO Cynthia Gaylor to lead investor relations as it gears up for a potential 2026 IPO, with internal messaging refocusing employees on ChatGPT’s commercial productivity value.

AI Tokens and Productivity - Business leaders are reassessing AI’s productivity-boosting promise as Jensen Huang’s GTC proposal to compensate engineers with token budgets worth half their salary reframes compute access as a form of human capital.

The Great AI Silicon Shortage - Critical bottlenecks in TSMC’s N3 wafer capacity and HBM memory are constraining the AI infrastructure buildout despite massive hyperscaler capital investment, and the shortage isn’t easing anytime soon.

Addressing GitHub’s recent availability issues - GitHub’s CTO acknowledges recent outages driven by rapid growth and architectural limitations, outlining near-term fixes and a longer-term migration to Azure infrastructure.

2 Ways to Correct the Financial Times at AWS (So Far) - Amazon published two defensive blog posts in three weeks to dispute FT reporting on AI-related production incidents, raising questions about whether protecting AI’s reputation matters more than accountability.

Open Source Gave Me Everything Until I Had Nothing Left to Give - Kenneth Reitz reflects on how years of maintaining the Requests library provided identity and recognition but came at the cost of undiagnosed bipolar disorder and a burnout that nearly destroyed him.

NGINX: What Happened and Where Should Companies Turn Next - Ingress NGINX, deployed in half of all cloud native environments, is officially retired as of March 2026 with no further security patches, leaving teams to evaluate Gateway API and other successors.

My custom agent used 87% fewer tokens when I gave it Skills for its MCP tools - Comparing six agent configurations for a Google Cloud billing analysis task, giving an MCP-equipped agent pre-defined skills slashed token consumption by 87% compared to MCPs alone.

How Can Governments Pay Open Source Maintainers? - Practical barriers prevent governments from paying open source maintainers at scale, and the author lays out concrete strategies for project creators to make themselves easier to fund by large organizations.

How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection - A technical breakdown of how modern kernel-level anti-cheat systems use Windows privilege rings, memory scanning, and behavioral analysis in an ongoing arms race with cheat developers.

Bypassing deep packet inspection with socat and HTTPS tunnels - A practical walkthrough for tunneling SSH traffic inside HTTPS connections using socat to evade firewall restrictions and set up an unrestricted SOCKS proxy.

NVIDIA/NemoClaw - Apache-2.0 - Run OpenClaw more securely inside NVIDIA OpenShell with managed inference.

NVIDIA/OpenShell - Apache-2.0 - Safe, private runtime for autonomous AI agents.

langgenius/dify - Apache-2.0 with additional conditions - Production-ready platform for agentic workflow development.

mattrobinsonsre/terrapod - GPL-3.0 - Open-source Terraform Enterprise replacement.

zerobootdev/zeroboot - Apache-2.0 - Sub-millisecond VM sandboxes for AI agents via copy-on-write forking.

open-webui/open-terminal - MIT - A computer you can curl.

cartography-cncf/cartography - Apache-2.0 - Python tool that consolidates infrastructure assets and their relationships in an intuitive graph view powered by Neo4j.

jlandersen/k8s-unix-system - Jurassic Park Unix System style Kubernetes resource viewer.

robida/human.json - AGPL-3.0 - A lightweight protocol for humans to assert authorship of their website content and vouch for the humanity of others via a web-of-trust JSON system.