Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's DevOps Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
DevOpsLinks
 
#DevOps #SRE #PlatformEngineering
 
 
🔍 Inside this Issue
 
 
Convenience bites back—supply-chain malware rides dev tooling and AI CLIs, and an Electron snapshot bug slips past code signing—while craft pushes toward sanity: .gitignore-first, causal clocks, and boring, blazing Linux monitors. Also on the bench: ESO’s governance reboot, leaner DB pooling with RDS Proxy, AWS cost booby traps, and a Python origin story worth your lunch break—details below.

🐧 24 Best Command Line Performance Monitoring Tools for Linux
🧠 Easy will always trump simple
🧹 .gitignore everything by default
🚢 Paused Kubernetes project finds path forward
🔌 Pooling Connections with RDS Proxy at Klaviyo
🐍 Python: The Documentary | An origin story
🕵️ s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
🔓 Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
💸 The Hidden AWS Cost Traps No One Warns You About (and How I Avoid Them)

⏱️ Why "What Happened First?" Is One of the Hardest Questions in Large-Scale Systems


Ship smarter, spend less, and make your stack a harder target.

Have a great week!
FAUN.dev Team
 
 
⭐ Patrons
 
bytevibe.co bytevibe.co
 
Binary Matrix Mouse Pad – Built for Devs 🚀
 
 
Code. Game. Flow. This 9"×8" (22.86 x 20.32 cm) Binary Matrix mouse pad gives you smooth precision, durable build, and a design every developer will vibe with. Perfect for work or play.

👉 Get yours today for €12,95 – ships in 2-9 days.
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
ℹ️ News, Updates & Announcements
 
thestack.technology thestack.technology
 
Paused Kubernetes project finds path forward
 
 
The External Secrets Operator (ESO) is moving again. After hitting pause from maintainer burnout, it’s back under CNCF incubation—with a rebooted structure in place. New governance, clear contributor paths, and support tracks for CI, core dev, and testing are all in.

But don’t expect fresh releases just yet. Updates stay frozen until they iron out a more sustainable workflow and lock down formal policies.
 
 
wiz.io wiz.io
 
s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know
 
 
A supply chain attack hit the Nx build system npm package, slipping in post-install malware that scraped tokens, SSH keys, and cloud creds off dev machines and CI pipelines. The malware got clever—parsing GitHub Actions PR titles with zero sanitization, then using AI CLIs like Claude, Gemini, and Q to quietly sneak data out.

Over 5,500 private repos from 400+ users and orgs got popped through stolen GitHub tokens.

System shift: Dev tools, CI workflows, and AI automation just merged into one juicy attack vector. Time to rethink what “secure supply chain” actually means.
 
 
blog.trailofbits.com blog.trailofbits.com
 
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
 
 
A fresh CVE (2025-55305) just put Electron apps in the hot seat. The bug? Chromium-based apps fail to treat V8 heap snapshot files as potential attack vectors. That crack lets unsigned JavaScript slip past code signing and run inside heavyweight targets like Slack, 1Password, and Signal.

The heart of it: heap snapshots aren't flagged as executable, so they dodge integrity checks. And if the app lives in a user-writable path? Congrats—you've got a persistent backdoor.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
🔗 Stories, Tutorials & Articles
 
klaviyo.tech klaviyo.tech
 
Pooling Connections with RDS Proxy at Klaviyo
 
 
Klaviyo replaced ProxySQL on EC2 and moved to AWS RDS Proxy. Why? Less overhead. Simpler failovers. Smarter pooling.

RDS Proxy handles multiplexing, packing thousands of client queries into way fewer DB connections. IAM access and built-in failover routing sweeten the deal.
 
 
surfingcomplexity.blog surfingcomplexity.blog
 
Easy will always trump simple
 
 
Rich Hickey’s classic “Simple Made Easy” talk is making the rounds again—as a mirror held up to dev culture under pressure. The punchline: we keep picking solutions that are easy but tangled, instead of simple and sane.

The essay draws a sharp line between that habit and a concept from biology: exaptation. In short, systems evolve by bending what’s nearby into something new. That’s Postgres MVCC. That’s SQLite. Not designed for it, but it works.
 
 
tecmint.com tecmint.com
 
24 Best Command Line Performance Monitoring Tools for Linux   🔰
 
 
A fresh look at Linux monitoring tools shows the classics still hold—but the visual crowd’s moving in.

Old-school command-liners like top and vmstat remain go-to’s for quick reads. But picks like Netdata, btop, and Monit bring dashboards, colors, and actual UX. Tools like iftop, Nmon, and Suricata stretch deeper across CPU, disk I/O, network traffic, and even intrusion detection. Bonus points: most spit out web views or CSVs you can wire into your stack.
 
 
medium.com medium.com
 
The Hidden AWS Cost Traps No One Warns You About (and How I Avoid Them)
 
 
Calling out five sneaky AWS cost traps—the kind that creep in through overlooked defaults and quiet misconfigs, then blow up your bill while no one's watching.
 
 
newsletter.scalablethread.com newsletter.scalablethread.com
 
Why "What Happened First?" Is One of the Hardest Questions in Large-Scale Systems   ✅
 
 
Logical clocks track event order in distributed systems—no need for synced wall clocks. Each node keeps a counter. On every event: tick it. On every message: tack on your counter. When you receive one? Merge and bump.

This flips the script. Instead of chasing global time, distributed systems lean into causality. Because actual time lies, but cause-and-effect doesn’t.
 
 
pliutau.com pliutau.com
 
.gitignore everything by default
 
 
Flips Git on its head: ignore everything by default, then whitelist only what matters—like go.mod and .gitignore. Keeps stray files (think editor fluff or build junk) out of commits before they ever get in.

Shift in mindset: Tracks less, messes less. Opt-in versioning beats cleanup regret.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
🎦 Videos, Talks & Presentations
 
youtube.com youtube.com
 
Python: The Documentary | An origin story   ✅
 
 
This is the story of the world's most beloved programming language: Python. What began as a side project in Amsterdam during the 1990s became the software powering artificial intelligence, data science and some of the world’s biggest companies. But Python's future wasn't certain; at one point it almost disappeared.

This 90-minute documentary features Guido van Rossum, Travis Oliphant, Barry Warsaw, and many more, and they tell the story of Python’s rise, its community-driven evolution, the conflicts that almost tore it apart, and the language’s impact on... well… everything.
 
 
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
NSPC911/rovr
 
 
A post-modern terminal file manager.
 
 
github.com github.com
 
winapps-org/winapps
 
 
Run Windows apps such as Microsoft Office/Adobe in Linux (Ubuntu/Fedora) and GNOME/KDE as if they were a part of the native OS, including Nautilus integration.
 
 
github.com github.com
 
streamfold/rotel
 
 
Rotel provides an efficient, high-performance solution for collecting, processing, and exporting telemetry data. Rotel is ideal for resource-constrained environments and applications where minimizing overhead is critical.
 
 
github.com github.com
 
muellerberndt/hound
 
 
Language-agnostic AI auditor that autonomously builds and refines adaptive knowledge graphs for deep, iterative code reasoning.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know Kubernetes sets per-container oom_score_adj based on Pod QoS class so the kernel kills BestEffort pods first under memory pressure? BestEffort Pods get an oom_score_adj of 1000, Burstable Pods are assigned a value between 2–999 proportional to their memory request, and Guaranteed Pods get a very low negative value (around −997). Even if a BestEffort pod is barely using RAM, it's far more likely to be chosen by the OOM killer than a Guaranteed pod under node memory exhaustion. If you're seeing “random” OOM kills during rollouts or load spikes, inspect /proc/<PID>/oom_score_adj and the Pod’s QoS class—the kernel is probably doing exactly what kubelet told it to.
 
 
😂 Meme of the week
 
 
 
 
🤖 Once, SenseiOne Said
 
 
"In the cloud, redundancy turns simple failure into coordinated failure; automation ensures it happens at speed. DevOps accelerates change; SRE makes it survivable; only SLOs give you permission to stop. If your SLOs never halt a release, they're just metrics."
— SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
👤 This Week's Human
 
 
This Week’s Human is Gursimar Singh, a Google Developers Educator, Author @ freeCodeCamp, and DevOps & Cloud consultant who makes complex systems teachable. They’ve spoken at HAProxyConf 2022, multiple KCDs, and DevOpsDays Warsaw; reviewed programs for OpenTofu Day and PyCon India; and mentored at IIT Madras while volunteering with EuroPython. Offstage, they’ve published 70+ articles reaching 100k+ readers and contributed 5 project write-ups to the Google Dev Library, covering tools from Kubernetes to Terraform.
 

💡 Engage with FAUN.dev on LinkedIn — like, comment on, or share any of our posts on LinkedIn — you might be our next “This Week’s Human”!

 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

DevOpsLinks #494: The 5 Sneaky AWS Cost Traps
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.