The Normal Work of Creating Reliability | DevOpsLinks

FAUN.dev's DevOps / SRE / Platform Engineering Weekly Newsletter

🔗 View in your browser. | ✍️ Publish on FAUN.dev | 🦄 Become a sponsor

DevOpsLinks

This week in DevOps, with Dolly the Cow

📝 A Few Words

AI made writing automation cheap. It did nothing for running it.

A model will hand you a working playbook in seconds. It will not tell you who's allowed to run it, against which inventory, with which credentials, on what schedule, or what happens when it dies halfway through 200 hosts. Authoring dropped to near zero but operating it didn't move.

That gap is widening: the more playbooks get vibecoded, and the more agents start firing them off on their own, the more you need a layer that decides what actually executes, with what privileges, and leaves a record when it does. That layer is AWX.

So I released a book about it. AWX in Action: Ansible Orchestration at Scale (expanded edition) is the practical guide: deploying AWX on Kubernetes with the operator, wiring up projects, credentials, RBAC, workflows, and execution environments, scaling past a single node, using the CLI, understanding the settings and much more!

The book is the half AI won't write for you. It's already the #1 Hot New Release in Distributed Systems & Computing on Amazon, which tells you how many people are stuck on the operating half.

You can get your copy on:

👉 FAUN.dev
👉 Amazon

Have a great week,
Aymen.

🔍 Inside this Issue

A Linux bug that has been quietly waiting since 2007 meets the unglamorous, day-to-day habits that actually keep production standing. Add supply chain guardrails and metrics that do more than decorate a dashboard, and you have a solid toolkit for the week.

🧨 A Forged Kernel Key and a Rootful Helper: Inside the CIFSwitch Linux Privilege Escalation
🛡️ Well-architected best practices for software supply chain security
📏 Top 15 DevOps Metrics and How to Read Them
🧯 The normal work of creating reliability
🧊 Intel: Our upcoming AI chip will be cheaper, run cooler than Nvidia, AMD options

Take what’s useful, tighten one weak spot, and ship with a little more confidence.

Thanks for reading!
FAUN.dev() Team

⭐ Patrons

bytevibe.co

Kubectl Mug - For the Command You'll Never Stop Typing

You ran "kubectl get pods" before your coffee was even ready. Again. Might as well drink it from something that gets it.
This is a heavyweight black ceramic mug for engineers who live in the terminal. Matte black, solid C-handle, 11oz of room for whatever fuels your on-call shift. Microwave safe, dishwasher safe, and tough enough to survive a Monday outage.

Grab yours because the cluster never sleeps, and neither should your caffeine.
Order now, ships in 2-9 business days.

faun.dev

Git, Finally Visual. Finally Clear.

Most developers don't actually understand Git. They memorize four commands, copy-paste the rest from Stack Overflow, and quietly panic every time a merge goes wrong.

This course fixes that. Learn Git in a Day - The Visual Guide turns branches, merges, rebases, and resets into clear pictures you can hold in your head, so you finally know what's happening instead of hoping it works.

One focused day, and Git stops being the tool you're afraid to touch.

Start today and own Git by tonight

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 Stories, Tutorials & Articles

surfingcomplexity.blog

The normal work of creating reliability

SREs should study how engineers keep systems reliable during routine work, including the adjustments they make before incidents occur. Tech teams have adopted Safety-II at a limited rate because they lack practical models for observing those adjustments.

ft.com

Intel: Our upcoming AI chip will be cheaper, run cooler than Nvidia, AMD options

Intel designed Crescent Island, an AI inference GPU, with lower-cost memory and air cooling, and plans to ship limited quantities this year.

cyberkendra.com

A Forged Kernel Key and a Rootful Helper: Inside the CIFSwitch Linux Privilege Escalation

A researcher disclosed CIFSwitch, a Linux local privilege escalation flaw present since 2007. Unprivileged users can exploit the CIFS Kerberos mount helper to gain root access.

aws.amazon.com

Well-architected best practices for software supply chain security

AWS security teams define npm supply-chain defense as two tasks: limit credential blast radius and block unverified artifacts before production.

motadata.com

Top 15 DevOps Metrics and How to Read Them

DevOps metrics show how fast & reliable your team delivers software; valuable for saving money & building trust. DORA metrics only part of the picture. Focus on key categories to understand if overall delivery is improving. Don't just measure, find the bottleneck for real improvement.

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

⚙️ Tools, Apps & Software

github.com

Cletrics/finops-agents

34 FinOps specialist AI agents + 6 named-pattern playbooks. Drop into Claude Code, Copilot, Cursor, Windsurf, Aider, Gemini CLI. MIT.

github.com

bytestrix/InfraCanvas

Live Docker & Kubernetes infrastructure visualization - containers, pods, volumes, and networks in one visual map. No VPN, no inbound ports.

github.com

nnnkkk7/memtui

A modern TUI client for Memcached with tree-structured key navigation, smart JSON/binary formatting, and Vim keybindings

github.com

kpolley/redai

AI-driven vulnerability discovery and live validation

github.com

zhangqi444/open-forge

AI-guided self-hosting for 950+ open-source apps on any cloud. Works with Claude Code, Codex, Cursor, Aider, OpenClaw, Hermes — catalog self-improves from user feedback.

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🤔 Did you know?

Did you know that systemd, the program that starts and supervises services on most Linux distributions, has a built-in watchdog where a service reports its own health from the inside rather than being probed from outside? Through a small protocol called sd_notify, a process signals that it is truly ready only after its own checks pass and then sends periodic heartbeats; if those stop arriving within a configured window, systemd restarts it, and the process can even request extra time mid-startup so a slow cache warmup or filesystem check does not trip a hard timeout. The takeaway is that the most reliable health signal usually comes from the process itself, not an outside observer guessing from an open port.

🤖 Once, SenseiOne Said

"When you can replace any server in minutes, you start treating every outage like a rounding error. Cloud and DevOps didn't remove failure; they made failure cheap enough to ignore until it isn't."

SenseiOne

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

😂 Meme of the week

❤️ Thanks for reading

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.

DevOpsLinks #531: The Normal Work of Creating Reliability
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.