Last week, the world was fawning over Clawdbot Moltbot OpenClaw. This week was an episode of Deadliest Catch where the boats all filled their hulls at the first stop. What they caught were a bunch of backdoors, API keys, and only King Triton 🧜‍♂️ knows what else will emerge from the murky depths. Another piece of software had an even crazier week. Notepad++ shared they were the target of nation-state hackers, “The incident began in June 2025. Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain the highly selective targeting observed during the campaign.” Multiple CVEs in Ingress NGINX were disclosed. You are going to have to touch those sooner rather than later. Reminder: Ingress NGINX retirement is next month (and there won’t be security updates). Editor’s Note: Huge thanks to Tremolo Security for sponsoring! Also, we’ll be on vacation next week, so there won’t be a newsletter the week of February 16th. Short Lived Tokens With Vault Without The Static ServiceAccount Learn how Tremolo Security’s OpenUnison enables issuing short-lived Vault tokens without static Kubernetes ServiceAccounts, delivering identity-driven, ephemeral credentials with reduced blast radius. This post walks through using OpenUnison and OIDC with Vault to simplify rotation and strengthen workload security in modern Kubernetes environments. SPONSORED ...

Next month (March 2026), a widely used Kubernetes ingress controller is going to reach end of life: Ingress NGINX. This is one of those things that if you don’t replace it in time, you’re not going to know if you’re compromised until it’s too late. There will be no security notices, updates of any kind, or any kind of continued maintenance. The time to start changing your ingress controllers or migrating to Gateway API, if you haven’t already, is NOW. Run this as cluster admin to identify all your instances of Ingress NGINX: kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx My job hunt continued this week (and I managed to catch whatever sickness was afflicting Julie and Max). If you haven’t heard, I’m looking for a new role. Reach out if you need someone to elevate your technical storytelling. SCALE 23x and DevOpsDay LA Four days of practical, technical learning across open source infrastructure — the stuff you’re running in production right now. DevOps’ish readers can get 40% off with discount code CHRIS See you March 5-8, 2026 in Pasadena! ...

I was chatting with a friend last week, who made me realize that open source skills are a lot like Linux skills these days. Everyone in tech has heard something about Linux. Many of us have had the word Linux in our job titles, or could have. Linux powers most of the internet. Disney+, Netflix, Google, Amazon, Verizon, Meta, NASA, CERN, and many, many other organizations, big and small, for-profit and not-for-profit, use Linux to run their workloads. Linux expertise is now a big part of an organization’s knowledge base. Many of these organizations also run Kubernetes at scale. Which means Kubernetes is going to become like Linux, a skill most folks have. Open source skills, much like Linux skills, have become far more widespread. This is a part of the reason our friends in Open Source Program Offices are struggling to either keep their jobs or find new places that want their expertise (myself included). My job hunt is going okay. The outpouring of support is greatly appreciated. Thank y’all so much! But, if you’re looking for a technical storyteller to up-level customers using your product or service, look no further (especially if you’re in the cloud native space), as I’m looking for a new role. ...

After a bit of a hiatus, DevOps’ish is back! I’m restarting the newsletter to get back into speaking, networking, and keeping myself visible in the industry. The timing? Well, I got laid off last Friday (see my LinkedIn post and amplify it if you don’t mind). Back on the job market = the perfect time to restart. What’s different? One word: simplicity. Everything lives on Buttondown now—no more dual posting to a website and a newsletter/email platform. I’ll write in Markdown while keeping the format free-flowing and less structured. The content? Same approach: I’ll share what I’m reading, with social media interaction guiding what makes the cut. One big change is that I now have better metric aggregation, which greatly streamlines things. On AI: Yes, I’m using it for tasks here and there (for example, Claude helped me make this intro shorter). But here’s the deal—I’m not copy/pasting AI output to y’all (chances are you deal with that too much already). As a friend reminded me this week, DevOps’ish has my voice, and that’s what made it popular in the first place. That’s not changing. ...

It’s been a while. I am happy to say that DevOps’ish will be returning to an inbox near you. I’m reaching out because you were an active subscriber to DevOps’ish prior to going into hiatus. If you want to receive the new editions of the DevOps’ish newsletter, no action is required on your part. If you no longer wish to receive emails from DevOps’ish click the unsubscribe button below and you won’t hear from me again. Thank you! Chris Short Subscribe to DevOps'ish Cloud Native, DevOps, Open Source, AI, tech industry news, culture, and the 'ish between. A newsletter by Chris Short. ...