ContentPosts from @rlo1977..
Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

How AI can help your DevSecOps pipeline

AI is sliding into DevSecOps and turning security into less of a slog. Tools likeDarktrace PREVENT,CrowdStrike Falcon, andMicrosoft Security Copilotaren't just watching—they're flagging weird behavior, proposing fixes, and unclogging patch pipelines inside CI/CD. The shift:DevSecOps is on its way to..

How AI can help your DevSecOps pipeline
Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

How Shopify Handles 30TB of Data Every Minute with a Monolithic Architecture

Shopify handles billions of Black Friday requests on amodular monolith, built with Ruby on Rails and kept in check byPackwerk. Domain boundaries are enforced. Chaos averted. Inside, it blendsHexagonal Architecture, isolatedPods, and real-time Kafka pipes. The system scales without fracturing into mi..

How Shopify Handles 30TB of Data Every Minute with a Monolithic Architecture
Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

How I Block All 26 Million Of Your Curl Requests

A developer built a razor-sharp TLS fingerprinting and blocking tool—all in kernel space—witheBPFandXDP. It hooks into incoming packets, scrapes TLS Client Hello messages, and cranks out simplified JA4-style hashes from their cipher suite lists. The fun part? It's running under tight stack limits, s..

How I Block All 26 Million Of Your Curl Requests
Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

Migrating to Hetzner - We saved 76% on our cloud bills

DigitalSociety ditched AWS and DigitalOcean. Swapped the comfort of cloud for full control onHetzner, built onTalos Linux. PostgreSQL? Now running onCloudNativePG. Traffic flows throughIngress NGINXwithExternalDNShandling the names. The payoff: monthly costs dropped from $449.50 to under $100. ARM v..

Migrating to Hetzner - We saved 76% on our cloud bills
Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

Discussion of the Benefits and Drawbacks of the Git Pre-Commit Hook

Pre-commit hooks catch secrets and fix formatting before bad stuff hits your repo. But if they’re clunky or slow, devs bail. Tools likePre-Commit,Husky, anddevenvare trying to fix that.devenvstands out—hooks are baked right into your Nix env, no extra glue scripts...

Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded

Report URI closed the door on Redis CVE-2025-49844 fast. They rolled out ACL-based command blocks and jumped to Redis8.2.2, now running on a freshRedis Sentinel-based HA setup. To prove the fix stuck, they ran command counter checks and layered in enforced blocking rules—then pushed it all out fleet..

CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded
Link
@devopslinks shared a link, 2 days, 12 hours ago
FAUN.dev

Hosting Remote MCP Server on Azure Container Apps (ACA) using Streamable HTTP transport mechanism

A fresh setup shows how to runModel Context Protocol (MCP) servers over HTTPinsideAzure Container Apps—stateless, serverless, and ready for real-time jobs like live forex conversion. It pipes in a live API fallback, adds caching, and speaksJSON-RPC 2.0overPOST. You can spin it up withBicep templates..

Hosting Remote MCP Server on Azure Container Apps (ACA) using Streamable HTTP transport mechanism
Link
@kaptain shared a link, 2 days, 12 hours ago
FAUN.dev

Spotlight on Policy Working Group

The Kubernetes Policy Working Group got busy turning good intentions into real specs. They rolled out thePolicy Reports API, dropped best-practice docs worth reading, and helped steerValidatingAdmissionPolicyandMutatingAdmissionPolicytoward GA. Their work pulled inSIG Auth,SIG Security, and anyone e..

Link
@kaptain shared a link, 2 days, 12 hours ago
FAUN.dev

A fully functional Kubernetes cluster with 1 million active nodes.

Pushing Kubernetes to 1M nodes isn’t just hardware—it's architectural judo. Networking flips to exclusive IPv6.Less chatter, more breathing room. etcd hits a wall.Write throughput stalls at scale, so they swap it out. Entermem_etcd, a Rust-built replacement pushing over 1M buffered writes per second..

A fully functional Kubernetes cluster with 1 million active nodes.
Link
@kaptain shared a link, 2 days, 12 hours ago
FAUN.dev

Debug Builds with Visual Studio Code

Docker droppedBuildx debuggingfor VS Code. Set breakpoints in your Dockerfiles. Peek into image layers. Even jump into an interactive shell mid-build. It runs on theDebug Adapter Protocol, so editors likeNeovimandJetBrains IDEscan join the party too...

Debug Builds with Visual Studio Code