Shell Tricks That Actually Make Life Easier (And Save Your Sanity) | DevOpsLinks

FAUN.dev's DevOps / SRE / Platform Engineering Weekly Newsletter

🔗 View in your browser. | ✍️ Publish on FAUN.dev | 🦄 Become a sponsor

DevOpsLinks

This week in DevOps, with Dolly the Cow

📝 A Few Words

Should your Linux init system know your birthday?

Systemd just merged an optional birthDate field into its JSON user records: a direct response to age verification laws gaining traction in California, Colorado, and Brazil.

The field sits alongside metadata like realName and emailAddress, can only be set by an admin, and is explicitly not a policy engine.

Lennart Poettering (systemd author) was clear: it is a data slot, not a policy engine. Distros can ignore it. A revert PR was rejected.

Someone forked systemd anyway and called it "Liberated systemd." It strips the field entirely. Right now, it is one person, no releases, and dozens of commits behind mainline.

💡 Compliance is no longer something Linux projects can treat as someone else's problem. At the same time, the Linux ecosystem has no shared playbook for compliance. Everyone is figuring it out independently, and the laws are not slowing down.

Have a great week,
Aymen

🔍 Inside this Issue

This one swings from massive, real-world codebases (2 million lines of Haskell) to the unglamorous work that keeps systems honest: verification, profiling, caching, and repo hygiene. If you have ever chased a mystery CPU spike or waited on a giant clone, these links will feel uncomfortably familiar in the best way.

🧩 A Couple Million Lines of Haskell: Production Engineering at Mercury
🔒 Don’t trust, verify
⚡ Figma's next-generation data caching platform
🔥 Reaching for top or htop during a latency investigation
🧱 Reducing our monorepo size to improve developer velocity
⌨️ Shell Tricks That Actually Make Life Easier (And Save Your Sanity)

Take the shortcuts, keep the rigor, ship the boring wins.

Until next time!
FAUN.dev() Team

⭐ Patrons

iacconf.com

🚨IaCConf 2026 Agenda is Live!

With 20 speakers across 13 sessions, IaCConf 2026 is the “can't miss” event for those working with infrastructure as code. Join 5,000+ practitioners & catch live demos, panel discussions, and frameworks you can put to use.

Register for the free, virtual event.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

⭐ Sponsors

faun.dev

Stop bolting security on at the end. Start building it in from the first commit.

Most teams treat security like a final exam, cram at the end, hope for the best, patch what breaks in production. DevSecOps In Practice teaches you to wire security into every stage of your pipeline - from Git hooks to Kubernetes runtime.

This is not theory. You'll get hands-on with 15+ real tools across 20 chapters:

Catch leaked secrets before they hit the repo (TruffleHog, detect-secrets, pre-commit hooks). Scan dependencies for CVEs before they ship (OWASP Dependency-Check). Lint your code for SQL injection, weak crypto, and insecure deserialization (Bandit). Harden your Dockerfiles and scan images for vulnerabilities (Hadolint, Trivy). Lock down your Kubernetes manifests and Terraform configs (Checkov, KubeLinter). Generate SBOMs and enforce security policy as code before anything reaches production.

By the end, you'll have a fully automated DevSecOps pipeline - not slides about one :)

👉 Start learning (risk-free with a 30-day money-back guarantee.)

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 Stories, Tutorials & Articles

daniel.haxx.se

Don’t trust, verify ^✅

Daniel Stenberg, creator of curl, argues that software security should be built on verification rather than trust, outlining the many ways a widely used project like curl could be compromised - from malicious insiders and breached credentials to hacked distribution sites and CI tool exploits. To counter these threats, the curl project employs an extensive set of practices including mandatory code reviews, strict coding standards, thousands of tests run across 200+ CI jobs, continuous fuzzing, a ban on binary blobs and Unicode tricks, and full transparency - all designed so that independent outsiders can verify every release matches the source repository and catch any tampering.

dropbox.tech

Reducing our monorepo size to improve developer velocity

Dropbox cut its monorepo from 87GB to 20GB.
It ran a GitHub‑approved server‑side git repack, tuned by window/depth. Clone times dropped to under 15 minutes.

Engineers traced growth to Git’s 16‑char path heuristic. That heuristic mispaired i18n files. They tested --path-walk locally, then ran phased replica repacks and measured the impact.

blog.haskell.org

A Couple Million Lines of Haskell: Production Engineering at Mercury

Mercury runs ~2M lines of Haskell in production.
They chose Temporal to replace cron and DB-backed state machines. Durable workflows replace brittle coordination.

They open-sourced a Haskell SDK for Temporal, wired in OpenTelemetry hooks, and pushed records-of-functions plus domain-error types.

figma.com

Figma's next-generation data caching platform

Figma rearchitected their storage systems to support scalability, including horizontally sharding their Postgres stack and building FigCache, a stateless proxy service for Redis. FigCache decouples connection scalability from Redis, centralizes traffic routing, enhances security, and provides end-to-end observability. The caching layer has achieved six nines of uptime since its rollout, addressing previous operational challenges and paving the way for Figma's future growth.

blog.hofstede.it

Shell Tricks That Actually Make Life Easier (And Save Your Sanity)

This post provides a collection of lesser-known terminal tricks that can improve productivity and efficiency when working in various POSIX shells. The tricks cover a range of functions, from efficient text manipulation to file operations and script writing. By incorporating these tips into daily workflows, users can enhance their command-line experience and streamline their tasks.

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

⚙️ Tools, Apps & Software

github.com

mutonby/pleng

Your AI Platform Engineer. Self-hosted cloud built for AI agents — deploy, monitor, and operate your infrastructure through natural language. One VPS. One command.

github.com

BoraKostem/InfraLens

InfraLens is an Electron desktop workspace for Cloud operators, combining multi-service Cloud management, Terraform workflows, compliance checks, session switching, and an embedded terminal in one app.

github.com

boostsecurityio/smokedmeat

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.

github.com

starkross/augur

A static analysis tool for OpenTelemetry Collector configurations. Built on OPA/Rego, it validates your pipelines, receivers, processors, and exporters against customizable policy rules – catching misconfigurations before they reach production

github.com

Yeachan-Heo/oh-my-claudecode

Teams-first Multi-agent orchestration for Claude Code

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🤔 Did you know?

Did you know that without a readinessProbe, Kubernetes treats any running container as eligible to receive traffic - even one actively returning errors? By default, the kubelet considers a container ready the moment it starts, and only withdraws that status if a readiness probe explicitly fails. A livenessProbe failure does something different: it restarts the container but does not pull it from the EndpointSlice, so a liveness-only setup still routes live traffic to a broken pod right up until the restart kicks in. The key distinction is that the readiness probe runs for the entire pod lifetime, not just at startup - so it also catches mid-life degradation like a cache miss storm or a saturated downstream dependency, temporarily removing the pod from load balancing without killing it.

🤖 Once, SenseiOne Said

Every new cloud control plane you adopt makes outages someone else’s problem and your diagnosis harder. SRE is paying interest on that convenience in the only currency that matters, time to restore.

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

⚡Growth Notes

Reaching for top or htop during a latency investigation gives you a snapshot of resource consumption but tells you nothing about why the CPU is busy - perf record with flame graph output shows you the actual call stack distribution, and more often than not the bottleneck is a lock contention or a syscall pattern that idle-looking CPU percentages never surface.

Each week, we share a practical move to grow faster and work smarter

😂 Meme of the week

❤️ Thanks for reading

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.

DevOpsLinks #525: Shell Tricks That Actually Make Life Easier (And Save Your Sanity)
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.