Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's DevOps / SRE / Platform Engineering Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
 
DevOpsLinks
 
This week in DevOps, with Dolly the Cow
 
 
📝 A Few Words
 
 
Most DevOps teams added more tools in 2026 than they shipped features. Nobody wants to say it out loud.

But your "modern stack" is just technical debt with better branding.

Here's what I keep seeing across teams:

  • Multiple monitoring tools, zero actionable alerts
  • Multiple CI/CD pipelines, none fully owned by anyone
  • An internal developer platform that's really just a wiki with links

And the pattern is always the same: new tools are adopted to fix a gap. Nobody decommissions the old one and 6 months later, you're paying for both and trusting neither.

I review hundreds of DevOps tools every year for FAUN•dev. You're subscribed to our newsletters and you started probably to notice which tools keep showing up in real stacks - and which ones disappear after the hype cycle. A few tools always make it through the filter. Not because they're trendy, but because they solve a real problem without creating three new ones.

The pattern is always the same: the fastest teams don't have the most tools. They have the fewest, and they can explain why each one is there.

The 2026 shift isn't about adding AI agents to your workflow. It's about having a workflow clean enough for AI to actually help.

If your platform team spends more time maintaining tools than building golden paths, you don't have a platform => you have a graveyard!

Share this issue with your team if they needs to hear this :)

Have a great week - and if you're about to install a new tool on Monday, at least uninstall one first!
Aymen
 
 
🔍 Inside this Issue
 
 
Speed and security are having a moment, and they are colliding in all the right uncomfortable places: scan faster, ship less, and stop trusting defaults you never chose. Toss in a Linux distro making hard calls, a database stunt that is somehow practical, and the kind of crypto migration work you want to do before you are forced to.

🔍 Betterleaks: The Gitleaks Successor Built for Faster Secrets Scanning
🐘 pgit: I Imported the Linux Kernel into PostgreSQL
🔐 Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways
🦝 Ubuntu 26.04 LTS Released: Meet Resolute Raccoon
🧠 What is AWS Graviton? The custom chip powering applications for 90,000 customers
🛡️ Why We Chose the Harder Path: Hardened Images, One Year Later

Steal the ideas, skip the scars.

Take care!
FAUN.dev() Team
 
 
⭐ Patrons
 
iacconf.com iacconf.com
 
How is infrastructure keeping pace with AI in 2026?
 
 
Managing IaC or leading platform engineering? IaCConf is the “can’t miss” event featuring 20 top IaC leaders across 13 sessions. Join 5,000+ practitioners to share what’s actually working and swap hard-won lessons.

Register Now
 
 
eventbrite.co.uk eventbrite.co.uk
 
Are Your APIs Ready for AI Agents? A Hands-on Workshop on May 23rd
 
 
Are Your APIs Ready for AI Agents? A Hands-on Workshop on May 23rd

AI agents are beginning to autonomously call APIs, chain services, and create integrations that most platforms were never designed to handle. This hands-on masterclass on Designing AI-ready APIs helps architects and developers build governed, predictable API ecosystems using OpenAPI, Overlay, and Arazzo.

Learn how to add guardrails, improve discoverability, and safely evolve existing APIs for automated consumption.

FAUN.dev readers get an exclusive 40% discount using code FAUN40.
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🐾 From FAUNers
 
faun.dev faun.dev
 
Ubuntu 26.04 LTS Released: Meet Resolute Raccoon
 
 
Ubuntu 26.04 LTS - Resolute Raccoon ships GNOME 50. GNOME-on-X11 is gone; the session runs only on Wayland. Mutter patches shave NVIDIA blocked frame time down to microseconds.

The release requires systemd 259 and cgroup v2. It swaps initramfs to Dracut. Desktop minimums rise. Binaries default to memory-safe Rust.

Ubuntu adds native CUDA and ROCm to main repos. Livepatch lands on Arm64. The installer gains TPM-backed full-disk encryption. App Center becomes the central app manager.

System shift: Requiring Wayland, cgroup v2, Dracut, and repo-distributed CUDA/ROCm pushes Ubuntu defaults toward modern GPU, container, and init stacks. Consider it the distro telling legacy tech to take a hike.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
🔗 Stories, Tutorials & Articles
 
docker.com docker.com
 
Why We Chose the Harder Path: Hardened Images, One Year Later
 
 
Docker Hardened Images surpassed 500k daily pulls and now hosts 2,000+ hardened images, all built in a SLSA Build Level 3 pipeline.
It compiles tens of thousands of Debian and Alpine packages from source. It runs 1M+ builds. It ships 17 signed attestations per image. It auto-rebuilds customized images under SLA.
 
 
engineering.fb.com engineering.fb.com
 
Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways
 
 
Quantum computers could decrypt data stored today in anticipation of future decryption, posing security risks despite the estimated decade-long timeline. Industry-wide PQC standards are being published by NIST to defend against such threats, including algorithms like ML-KEM and ML-DSA. The industry is advancing towards a PQC-secure future with the availability of robust options to shield against SNDL attacks, thanks to efforts from Meta and others.
 
 
aboutamazon.com aboutamazon.com
 
What is AWS Graviton? The custom chip powering applications for 90,000 customers
 
 
Amazon's Graviton family peaks at a 192-core chip. It delivers up to 25% better performance than Graviton4 and keeps energy efficiency intact. AWS says 98% of its top 1,000 EC2 customers run Graviton. More than half of new EC2 capacity runs on these chips.
 
 
oseifert.ch oseifert.ch
 
pgit: I Imported the Linux Kernel into PostgreSQL
 
 
pgit ingested 20 years of the Linux kernel: 1.43M commits, 24.4M file versions. The dataset lives in PostgreSQL with pg-xpatch - 2.7GB on disk.

A 2-hour import on a 24-core EPYC built a queryable SQL DB. Most delta-decompressed queries return in <10s. No preprocessing required.
 
 
aikido.dev aikido.dev
 
Betterleaks: The Gitleaks Successor Built for Faster Secrets Scanning
 
 
Betterleaks supplants Gitleaks as a drop-in CLI. Scans run faster. It's written in Pure Go - no CGO - and performs parallel git scans.

It replaces entropy heuristics with token-efficient detection via BPE. It adds CEL rule validation. Its roadmap includes LLM assist and auto-revocation.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⚙️ Tools, Apps & Software
 
github.com github.com
 
sivchari/kumo
 
 
A lightweight AWS service emulator written in Go
 
 
github.com github.com
 
NikolayS/pgque
 
 
PgQue – Zero-bloat Postgres queue. One SQL file to install, pg_cron to tick.
 
 
github.com github.com
 
google/skills
 
 
Agent Skills for Google products and technologies
 
 
github.com github.com
 
forwardemail/awesome-mail-server-providers
 
 
 Comprehensive comparison of VPS and dedicated server providers for hosting mail servers (SMTP servers).
 
 
github.com github.com
 
Armur-Ai/Pentest-Swarm-AI
 
 
 Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning — supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤖 Once, SenseiOne Said
 
 
"Cloud gives you infinite servers so you can run out of discipline instead. SRE is learning that most outages are permission problems disguised as compute problems."
- SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
⚡Growth Notes
 
 
Both engineers inherited a CI pipeline that took 22 minutes. One spent a week parallelizing stages and got it down to 9 minutes. The other added a single "paths" filter to skip the pipeline entirely on docs-only commits, which cut 40% of all pipeline runs before they started. Neither was wrong, but only one asked which runs shouldn't exist at all.
 
Each week, we share a practical move to grow faster and work smarter
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

DevOpsLinks #526: Post-Quantum Cryptography Migration at Meta
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.