Archives

GitHub Confirms Internal Breach via Poisoned VS Code Extension - Official statement from GitHub confirming TeamPCP’s breach of approximately 3,800 internal repositories via the backdoored Nx Console VS Code extension; the malicious version was pulled in 18 minutes, credentials rotated, and no customer data appears to have been affected. NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability - A critical heap buffer overflow in NGINX dating back to 2008 can be exploited via the rewrite and set directives to achieve remote code execution – yes, 18 years. Fragnesia Made Public As Latest Linux Local Privilege Escalation Vulnerability - Hot on the heels of Dirty Frag, Fragnesia is now public as a similar LPE in Linux’s ESP/XFRM code with a logic bug allowing arbitrary byte writes into the kernel page cache – proof-of-concept code already out there. AI Just Found Another Linux Zero-Day and Security Researchers Are Freaking Out - CVE-2026-46333, a privilege escalation flaw in the Linux kernel’s ptrace subsystem, is stoking greater concern about AI tools compressing the timeline from discovery to exploitation. ...

The Linux kernel vulnerabilities are coming in hot and heavy. I don’t think I’ve ever updated a kernel due to security issues this frequently before. I fear CopyFail, Dirty Frag, and Fragnesia are the tip of a much bigger iceberg below the surface. There will be more, and they could come very quickly as more flaws in the kernel’s page cache logic are discovered, as more and more eyeballs focus on this exploit vector. As always, build safety into your systems and processes to make upgrades and reboots as painless as possible. Stay safe out there. How to migrate your paging tool without breaking your team Most teams treat a paging tool migration as a like-for-like swap. Mistake. Paging is ~10% of incident management. The other 90% (triage, comms, postmortems) is where teams actually break. SPONSORED Fleet-Scale Kubernetes: An Operating Model for Homogeneous Clusters with Decoupled Capacity - The case for managing fleets of many small, homogeneous Kubernetes clusters with decoupled capacity provisioning through a standardized autoscaler contract, rather than trying to scale individual clusters or unify across specialized cluster types. ...

Build Real-Time Voice Agents with 90ms Latency Voxtral TTS streams natively, handles arbitrarily long generations, and slots into any STT + LLM stack. Clone any voice in 9 languages from a 3-second sample—no fine-tuning required. Pair with Voxtral Transcribe for end-to-end speech-to-speech. Get started with Voxtral TTS! SPONSORED IaCConf 2026: AI, IaC, and platform engineering It’s 2026. Platform engineering is shifting. Your users aren’t just developers anymore. They’re AI agents. Plan for it. Join IaCConf 2026 to hear from the people building this shift on May 14th at 11 am ET. SPONSORED Cloud Native Days Romania Two days of cloud native talks, hands-on workshops, and strong community momentum - 18–19 May at the Radisson Blu, Bucharest. Join developers, platform engineers, DevOps practitioners, engineering leaders, and cloud enthusiasts for the 3rd edition of Romania’s community-driven Cloud Native Days, bringing practical Kubernetes use cases and modern cloud native systems to the stage. CNCF Project Antrea Compromised in Daring GitHub Attack - The Antrea open-source Kubernetes project was attacked via its Jenkins integration on May 2 by an unknown threat actor who opened a malicious pull request, claimed root on the Jenkins controller, and taunted maintainers. All thanks to the Trivy vulnerability. ...

I spoke at DevOpsDays Raleigh this past week. It’s always good to visit Raleigh; I consider it a second home (sorry I didn’t meet with more friends). The event was incredibly well done. The event staff and volunteers did a fantastic job on all facets of eventing. I took meetings in an old control room for the event space which was a true blast from the past. My notes doc included two interesting stats. Stat #1: 56% of women leave tech before the age of 35 - This is just sad especially when you consider women comprise a mere 28% of tech in general. This needs to change. It starts with using the privilege of the majority to help out the minority. Those of us in the majority have a duty to advocate for people not in the room. Stat #2: Google expects 50% of all new code to be written by AI as soon as next year. This accelerates in the following years too. That’s wild to think about. We’ll be managing agents and subagents soon enough it seems to do not just coding but things like my slides from my talk, Open Source Survival Guide: 10 rules to keep you sane in the open source world, this week. I used Claude to restyle the deck from when I gave the talk at All Things Open. Claude did a surprisingly good job at matching the color palette of <shortconsulting.io>. ...

Clone Any Voice, in 9 Languages, at 3x Industry Speed Voxtral TTS is Mistral’s text-to-speech model, 3x faster than industry standard, with voice cloning that goes beyond reading text aloud. It models personality: natural pauses, rhythm, intonation, and emotional range. Try Voxtral TTS now via API, Mistral Studio, or on Hugging Face under Apache 2.0. SPONSORED How is infrastructure keeping pace with AI in 2026? Managing IaC or leading platform engineering? IaCConf is the “can’t miss” event featuring 20 top IaC leaders across 13 sessions. Join 5,000+ practitioners to share what’s actually working and swap hard-won lessons. Register now! SPONSORED DevOpsDays Raleigh DevOpsDays Raleigh is one of the region’s premier community-driven tech conferences, bringing together engineers, DevOps leaders, and IT professionals for two days of real-world insights, practitioner-led talks, and interactive open spaces. And this year is special as it’s the 10th anniversary! This conference is focused on DevOps, cloud, automation, and modern software delivery. It offers a unique mix of learning, networking, and collaboration with peers tackling similar challenges across industries. Join me in Raleigh April 30th & May 1st! ...