CatOps

​​The Comforting Lie Of SHA Pinningis an article inspired by those supply chain attacks that happened lately.It shows some quirks of how GitHub works with SHAs, which are quite unexpected. The gist and the main excerpt:From the platform’s perspective, a fork is a separate repository with a shared object graph/history. When the runner resolves the reference, it ultimately looks up the commit in the...

Terragrunthas released version 1.0. According to them, this is not about a lot of brand-new features, but a commitment to backwards compatibility within the 1.x branch.The press-release also has an overview of some features that Terragrunt has.#terraform#terragrut#opentofu

​​From time to time, I share a standing jar for FPV drones for a guy from my wife’s hometown.Today, I’d like to share a fundraiser for rehabilitation of his brother-in-arms, who lost his leg near Kostiantynivka. Now he needs to undergo a series of surgeries. Here’s a Monobank jar to help him financially:https://send.monobank.ua/jar/5AmpbpVRxmCard number:4874 1000 2602 4938#donations#Ukraine

A new issue of CatOps Digest is here!https://newsletter.catops.dev/p/catops-digest-2026-04-04#digest#newsletter

Linux - The Good Stuffis a book bundle by No Starch Press that really has good stuff! Including the book I recommend to everyone starting with Linux - "How Linux Works" by Brian Ward and "The Linux Programming Interface" by Michael Kerrisk for those who want to know how Linux works, but on the API level.There are some other interesting books as well. Yet, this bundle is not cheap: you have to pay ...

I wish, I could say: "Good morning", but instead I say:-axios Compromised on npm - Malicious Versions Drop Remote Access Trojan. Axios is an incredibly popular HTTP client for NodeJS, so if you use that, there's a high chance, you're affected.-Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561#security

"From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out."Official statement.You can opt out in Copilot's "Privacy" settings, or migrate to Codeberg :D#github#ai

Kubernetes' SIG Networkreleased a Ingress2Gateway toolversion 1.0.This is a tool which aim is to help you to migrate your deprecated Nginx Ingress configuration to the new Gateway API. They do not advertise this tool as a one-click migration solution, but rather as a helper to recreate your manifests.P.S. Cannot wait to see, how this tool would translate all the custom spaghetti server snippets fo...

You may already know that Trivy - a popular security scanner - was compromised last Friday.- Here is areport by Wizabout this breach.- Here isanother articlethat goes beyond the GitHub Actions exploit.If you run Trivy in any form, including locally, double-check what and when you ran.Check if you had in your CI logs lines like below. Especially, if you’re not usingcurlin your CI normally.Terminate...

For today's Donations Monday, I'd like to share with you a Monobank jar from a friend of mine, who had his birthday last weekend.https://send.monobank.ua/jar/AYR2HGkbxgJar card number:4874100025989107He currently serves in Armed Forces of Ukraine, and has aTelegram channel about books(in Ukrainian) that he still updates, albeit not as often as before for obvious reasons. You can subscribe there as...

A new issue of the CatOps Digest is here!https://newsletter.catops.dev/p/catops-digest-2026-03-22Should have come out on Friday, but alas.#newsletter#digest

A former colleague of minewrote an articleon how to write better tests with AI.I recall, there were debates, what should a human write: tests or the implementation. Now, there are debates on whether a human should open their IDE at all.This article is front-end focused, but it has some actionable and more or less universal advice on how to make AI do tests better. At the end of the day, AI is just...

I guess many of you are familiar with the concept of OKRs - Objective-Key-Results. OKRs have been around for quite some time. So, of course, there is a book about it.Here is ashort summaryof this book by someone on the internet, alongside with their rating and recommendation for whom this book may be interesting.Now, you can easily generate a book summary using AI these days. The summary itself is...

​​For today’s Donations Monday, I’d like to remind you about theUA Respondersfoundation that raises money for the rehabilitation of Ukrainian veterans.#donations#Ukraine

A colleague of mine wrote an article onusing Cloudflare Tunnels to securely connect to your self-hosted things. It specifically covers quirks of connecting mobile apps, since not all of them can handle auth redirects correctly.This is a nice read if you have a home lab or anything self-hosted. However, you can also use Cloudflare Tunnels for your business cases, like exposing your staging backend ...

So, Amazonpushed back on the Financial Times reportabout AI causing outages. This is not news.However, they now require a senior engineer's approval on the AI generated code pushed by non-senior engineers, apparently. It's not clear, who should review AI code generated by seniors, though.-Financial Times(paywalled).-Opinion on Xitter.-Discussion on Hacker News.This is an interesting twist on the w...

4 ways to use Argo CD and Terraform togetheris an article on how to pass data between Terraform (or OpenTofu) and ArgoCD (or any other GitOps tool for that matter). For example, if you're creating a new infrastructure component and need to pass its endpoints to an app.They pointed out quite explicitly, that you shouldn't just pass raw secrets around. However, they didn't mention any secret storage...

These days all the talks are about AI.My (hypothetical) SRECon26 keynoteis an article from Charity Majors with her advice on how SREs should approach AI.BTW, I’ve heard good things about SRECon. I don’t know if the upcoming SRECon Americas is the same as SRECon in Dublin in October, but maybe I should check that one out!#sre#ai

You know that I keep the most juicy articles for Friday, right?AI Isn't Replacing SREs. It's Deskilling Them.Here's the article. I leave you with that.#sre#culture

A story from OpenAI onhow they scale Postgres.While this is an interesting read, and you can definitely borrow some ideas from there; I got an impression that OpenAI is moving towards Azure’s CosmosDB from Postgres.If a new feature requires additional tables, they must be in alternative sharded systems such as Azure CosmosDB rather than PostgreSQL.—-While we’re happy with how far PostgreSQL has ta...