From AWS, Terraform, and Kubernetes to CI/CD pipelines, we've got you covered! 150k subscribers ❤️ Hand curated by @mlabouardy
Joined March 2021
- Tweets 2,906
- Following 249
- Followers 4,632
- Likes 1,071
950 Photos and videos
Pinned Tweet
28 Aug 2023
Master modern CI/CD with "Pipeline as Code" 🚀! Uncover Jenkins at scale, cloud-native pipelines, seamless Docker/serverless deployments, and the soul of DevOps. 🔗 manning.com/books/pipeline-a…
1
42
147
17,118
A researcher pointed an AI at 3,600 leaked Google API keys, fuzzed 1,500 of them, and found account takeovers and admin access across Google. Payout: $500,000.
The scary part isn't the bounty. It's that those keys had that much reach at all.
39
Kubernetes v1.36 removes Service ExternalIPs entirely.
If you're still routing external traffic this way:
→ Audit your Services now
→ Migrate to LoadBalancer or NodePort
Quiet removals like this cause more incidents than major API changes.
2
80
FinOps X 2026 Day 2 Keynote just dropped: the shift from reactive alerts to autonomous agents in cloud cost management. The way teams handle spend optimization is changing fast.
3
69
A self-propagating npm worm hiding inside binding.gyp files is a nasty supply chain attack vector. Node-gyp runs native build scripts during install, making it a perfect place to bury malicious code that spreads automatically across projects.
63
Your Creative Sound Blaster speaker can be hijacked by anyone within 15 meters. No physical access needed. The Katana V2X has vulnerabilities that let an attacker silently turn it into a BadUSB attack device against your PC.
59
GPU scheduling, model loading times, memory pressure, spot autoscaling.
None of it comes with good defaults on Kubernetes.
LLMKube is a practical walkthrough of how to do this properly.
Link in replies ↓
75
How S3 handles 100 trillion objects:
→ Metadata/data split: names in a DB, bytes by UUID
→ Small objects merged into large append-only files
→ Erasure coding 8 4: 50% overhead vs 3x replication
→ Checksums before returning 200 OK
Durability at scale.
50
A jqwik maintainer embedded prompt injection instructions into v1.10.0 specifically to sabotage AI coding agents. Not a supply chain attack by a bad actor. A deliberate protest by the project owner. This changes how we think about open source trust.
83
This week in DevOps Bulletin #208:
→ Gemini deleted 28K lines, faked the post-mortem
→ LLM agent: CVE to internal DB in 4 pivots
→ $140K Snowflake bill cut to $38K
→ K8s scheduling internals
Link to the full issue ↓
74
GPU scheduling, model loading, memory pressure, spot autoscaling. None with good defaults.
"Run LLMs on Kubernetes with LLMKube" is a practical walkthrough of how to do this properly.
Worth watching before you roll your own setup.
1
72
Two open source tools worth checking:
Pullfrog: tag it in a GitHub PR comment to trigger an AI coding agent in Actions. No infra, model-agnostic. 632 stars.
pgGraph: graph traversal in Postgres via SQL. No separate graph DB needed. 333 stars.
2
93
A shared Terraform state across dev, staging, and prod will eventually destroy something.
Workspaces: same code, separate state. Fast, but risky for complex prod.
File layouts: own directory per env. True isolation.
Verdict: workspaces for experiments, file layouts for prod.
1
67
Deleted a Google API key? Don't assume it's dead. Keys stay active for a window after deletion, long enough for an attacker to use them. This is not a theoretical risk.
66
Unpopular opinion: you probably don't need Temporal.
Postgres can orchestrate durable workflows without a separate server. Same reliability, fewer moving parts.
The question isn't which orchestrator. It's what complexity you're actually paying for.
3
251
Kubernetes Dashboard is out. Headlamp is in. Here's what that means for your cluster management workflow and why the official project made the switch.
2
209
AI coding workflows are shifting fast. Tab autocomplete was just the start. Knowing when to prompt, when to edit, and when to walk away from the suggestion matters more than the tool itself. Here is one engineer's honest take on what actually changed.
70
$140K/month Snowflake bill → $38K in 3 months.
Incremental MERGE instead of full reload.
Split warehouses by workload.
Added clustering keys on the fact table.
Same data. Same teams.
82
Your pod is Pending. Again.
→ ActiveQueue: sorted by PriorityClass, not arrival time
→ Filter: one failed predicate and the node is out
→ Score: 0-100 per node
→ Bind: scheduler sets nodeName
When stuck: kubectl describe pod. The answer is always there.
62