How I Dropped Our Production Database | DevOpsLinks

🔗 View in your browser. | ✍️ Publish on FAUN.dev | 🦄 Become a sponsor

DevOpsLinks

#DevOps #SRE #PlatformEngineering

📝 A Few Words

"Given enough eyeballs, all bugs are shallow."

That's Linus's Law and it's a great theory.

The idea is: The more people reviewing code, the more likely someone spots a vulnerability. It's the foundational argument for why open source software can be more secure than proprietary alternatives.

Now enter AI agents.

In theory, multiple AI agents continuously reviewing code is Linus's Law finally fulfilled. Tireless, systematic, available 24/7, no ego and no boredom.

But here's the issue: AI agents trained on similar data share similar blind spots. Diversity of "perspective" is precisely what makes many eyeballs valuable.

A roomful of identical reviewers, human or AI, doesn't give you that.

Take the example of OpenSSL and the Heartbleed bug. It was a simple off-by-one error that went unnoticed for years propbably because the contributors share the same "expertise" and "perspective" on the codebase.

Diversity is the key here. Instead of relying on 1 large model, relying on multiple smaller models trained on different data, with different architectures, fine-tuned for different areas of expertise (memory, concurrency, cryptography, etc) could be a more effective way to catch vulnerabilities.

This is where MCP comes in. It gives you the infrastructure to orchestrate exactly that - multiple specialized agents, different models, different focuses, reviewing the same codebase in parallel. Not one genius. A diverse committee. Linus's Law, finally staffed correctly.

If you want to learn how to build systems like this, I'm releasing Practical MCP with FastMCP & LangChain - Engineering the Agentic Experience a complete guide from first principles to production deployment. Pre-sale is open now, at a discount, before the official launch.

Have a great day,
Aymen.

🔍 Inside this Issue

One bad deploy can take down checkout, delete your database, and still somehow raise your AWS bill, all in the same week. This set swings between damage reports and the fixes: cost maturity, safer secrets, and tooling that turns diagrams and chat apps into real parts of your workflow.

🛒 Amazon is back up after outage affecting tens of thousands of shoppers
💸 AWS Cost Optimization Best Practices: A Maturity-Based Guide [2026]
🗺️ Draw.io MCP for Diagram Generation: Why It’s Worth Using
🧨 How I Dropped Our Production Database and Now Pay 10% More for AWS
🤖 NanoClaw Brings Container-Isolated AI Agents to WhatsApp and Telegram
🔐 Secret scanning in CI (and why pre-commit hooks are the real control)
⚡ Why Serverless Compute Partners Are Now More Important Than Ever

Steal the lessons, not the outages.

Cheers!
FAUN.dev() Team

⭐ Patrons

spacelift.io

Your Terraform Plan Passed. Your App Just Broke. Here's Why. (Live Virtual Event, March 12)

At scale, IaC state management isn't a storage problem. It's a people and process problem. Join us live to learn how platform teams map dependencies, govern multi-team workflows, & stop mystery outages before they start. You’ll walk away with a practical checklist for scaling IaC.

Register now for this free virtual event on March 12 @ 12PM ET.

google.com

Call for Presenters: IaCConf 2026 | Real-World Infrastructure as Code & Platform Engineering Talks

If you’ve managed Infrastructure as Code in production, scaled platforms under pressure, or built guardrails that held up at speed, we want to hear from you. IaCConf 2026 is seeking practitioners to present 40-min sessions on May 14 (virtual).

Submit your proposal by April 7.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

ℹ️ News, Updates & Announcements

faun.dev

NanoClaw Brings Container-Isolated AI Agents to WhatsApp and Telegram

NanoClaw runs as a single Node.js process across 15 files (~3,900 LOC). It stores messages, sessions, and tasks in SQLite.

It connects to WhatsApp and Telegram. Messages queue per group. Agents run inside isolated group containers.

Security anchors on container isolation. Uses Docker (or Apple Container on macOS). Each group gets a private filesystem and JSON host–container IPC. Optional Model Context Protocol (MCP) integration. Interactive install via Claude Code.

👉 Enjoyed this?Read more news on FAUN.dev/news

⭐ Sponsors

packt.com

Build & Scale AI Workloads on Kubernetes

If you're working with Kubernetes and exploring AI/ML in real-world environments, this 5-hour live workshop focuses on the practical side of running AI workloads in production.

🎟 Early Bird Offer – 50% Off (No Code Needed) : Build & Scale AI Workloads on Kubernetes Tickets, Sat, Mar 28, 2026 at 7:00 PM | Eventbrite

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 Stories, Tutorials & Articles

thomasthornton.cloud

Draw.io MCP for Diagram Generation: Why It’s Worth Using

Draw.io MCP links the Model Context Protocol to draw.io. It ingests structured input (text, CSV, Mermaid) and emits draw.io XML, PNG/SVG, or hosted links.

Draw.io MCP runs as an MCP Tool Server, CLI, or Copilot skill. It drafts small graphs (<50 nodes) in seconds and stores diagrams in Git for diffs and CI/CD automation (for example, from Terraform plans).

cerebrium.ai

Why Serverless Compute Partners Are Now More Important Than Ever

The note says AI workloads are bursty. They spawn parallel tool calls, pull multi‑GB model weights into RAM, and endure long cold starts (e.g., vLLM, SGLang). Companies wrestle with a fragmented GPU market and poor peak GPU utilization. To hit latency, compliance, and cost targets they adopt multi‑region/multi‑cloud setups or partner with serverless compute.

alexeyondata.substack.com

How I Dropped Our Production Database and Now Pay 10% More for AWS

Planned migration shifts the static site from GitHub Pages to AWS S3. DNS moves to AWS. Django stages on a subdomain before the main domain swaps.

A Terraform auto-approve ran with no remote state. It destroyed production RDS, VPC, ECS, and automated snapshots. AWS found a hidden snapshot and recovered the DB in ~24h.

towardsthecloud.com

AWS Cost Optimization Best Practices: A Maturity-Based Guide [2026]

The guide maps a five-stage maturity model — from Visibility to FinOps Culture. It prescribes staged actions before commitment purchases.

It recommends turning on Cost Explorer and AWS Budgets, enforcing tag policies, running Compute Optimizer, testing Graviton, and using CloudBurn/Amazon Q for pre-deploy estimates.

businessinsider.com

Amazon is back up after outage affecting tens of thousands of shoppers

Amazon faced an outage, affecting tens of thousands of shoppers globally on Thursday afternoon. Downdetector reported a surge in complaints, peaking at 20,000 by 3:49 p.m. ET. The outage involved checkout and pricing errors caused by a software code deployment.

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

💬 Discussions, Q&A & Forums

reddit.com

What things do you do with Claude?

⚙️ Tools, Apps & Software

github.com

KeygraphHQ/shannon

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

github.com

AikidoSec/safe-chain

Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx with Aikido Safe Chain. Free to use, no tokens required.

github.com

xmpuspus/cloudwright

Architecture intelligence for cloud engineers

github.com

txthinking/brook

A cross-platform programmable network tool

github.com

ventoy/Ventoy

A new bootable USB solution.

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🤔 Did you know?

Did you know that randomize_kstack_offset, a Linux kernel security feature introduced in 5.13, adds a random offset to the kernel stack on every syscall entry to prevent stack layout attacks - and it has a real, measurable cost? On syscall-heavy workloads, it can add 10-13% mean latency overhead per syscall, and p99.9 tail latency can spike above 20%, which means microbenchmarks and tight syscall loops can look slower after a kernel upgrade even when no application code changed. A Java benchmark was traced spending roughly 10% of its runtime inside get_random_u16() because of this feature, which looked exactly like a performance regression until engineers traced it to the hardening toggle.

⚡Growth Notes

Secret scanning in CI added as an afterthought runs on commits that already exist in git history, which means the credential is already compromised the moment it was pushed, regardless of whether the pipeline blocks the merge. The actual control is pre-commit hooks with baseline enforcement - everything downstream is incident response with extra steps.

Each week, we share a practical move to grow faster and work smarter

😂 Meme of the week

❤️ Thanks for reading

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.

DevOpsLinks #519: How I Dropped Our Production Database
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.