FAUN.dev's DevOps Weekly Newsletter 🔗 View in your browser. | ✍️ Publish on FAUN.dev | 🦄 Become a sponsor
DevOpsLinks
#DevOps #SRE #PlatformEngineering
📝 The Opening Call
FAUNSensei is almost here.
As you may know, we're launching our new platform where developers don’t just learn — they teach, share, and earn from their expertise.
You can turn your experience into premium courses, and reach hundreds of learners hungry for practical content. You focus on teaching — FAUNSensei handles the rest.
And if you're here to learn? You'll find battle-tested lessons from engineers who've actually done the work.
👉 Join the early access list to be the first to know when we go live.
As you may know, we're launching our new platform where developers don’t just learn — they teach, share, and earn from their expertise.
You can turn your experience into premium courses, and reach hundreds of learners hungry for practical content. You focus on teaching — FAUNSensei handles the rest.
And if you're here to learn? You'll find battle-tested lessons from engineers who've actually done the work.
👉 Join the early access list to be the first to know when we go live.
🔍 Inside this Issue
In the ever-evolving world of software development, stacking up against challenges like modern cloud strategies or unraveling backdoor malware can feel like playing on expert mode. Whether you're hunting leaked secrets in GitHub commits or realigning your infrastructure with Terraform, this edition is your key to navigating the labyrinth of complexity with ease and precision.
📊 2025 Stack Overflow Developer Survey: Unveiling the Dev World
🍃 Amazon DocumentDB Serverless: Auto-Scale Revolution
☁️ Automating Infrastructure Deployments with Terraform
📜 AWS CLI Cheatsheet: Command-Line Mastery
🔐 Beyond IAM Access Keys: A Modern AWS Approach
🐍 Tracing the Infinite Sadness of Migrations with Cloudflare
🛠️ Boosting DevOps via GitHub App in Azure Pipelines
⚠️ Supply Chain Attack on npm: A Cautionary Tale
👀 Scanning GitHub Oops Commits for Leaked Secrets
💡 Zero Trust and Cloud-Native Windows: A New Era
Tackle the next big thing confidently—innovation is just one tweak away.
Have a great week!
FAUN.dev Team
⭐ Patrons
faun.dev
Why the next generation of tooling is built for developers, not ops. From always-on profiling to AI-driven root cause analysis, here's what modern observability looks like when it’s developer-native.
👉 Read the article
👉 Read the article
ℹ️ News, Updates & Announcements
csoonline.com
A fresh supply chain ambush—Scavenger—slipped into npm through the front door. Attackers phished maintainers of high-profile packages like is, eslint-plugin-prettier, and synckit, then dropped cross-platform JavaScript malware straight into the codebase. Real-time C2 channels included.
They typosquatted with npnjs.org (slick) and hijacked contributor accounts to quietly backdoor packages nobody thought to question. Not even the malware scanners flinched.
They typosquatted with npnjs.org (slick) and hijacked contributor accounts to quietly backdoor packages nobody thought to question. Not even the malware scanners flinched.
surfingcomplexity.blog
A recent Cloudflare DNS outage traced back to legacy gear tangled with global config changes. Turns out, incomplete migrations can still pack a punch. Their newer topology system does support progressive rollouts—but running it side-by-side with the old one just made the blast radius bigger.
System shift: Keeping legacy and modern systems online together adds fragility. The longer a migration drags, the higher the operational debt.
System shift: Keeping legacy and modern systems online together adds fragility. The longer a migration drags, the higher the operational debt.
survey.stackoverflow.co
The 2025 Developer Survey is the definitive report on the state of software development. In its fifteenth year, Stack Overflow received over 49,000+ responses from 177 countries across 62 questions focused on 314 different technologies, including new focus on AI agent tools, LLMs and community platforms. This annual Developer Survey provides a crucial snapshot into the needs of the global developer community, focusing on the tools and technologies they use or want to learn more about.
aws.amazon.com
Amazon DocumentDB Serverless is out of preview and ready to roll. It auto-scales compute and memory using DCUs for MongoDB-compatible clusters. No migration needed—just upgrade your existing instance and go. Available starting in version 5.0, with per-second billing based on DCU burn.
What’s new: Fixed instance sizes are out. Real-time, load-aware capacity is in.
What’s new: Fixed instance sizes are out. Real-time, load-aware capacity is in.
🔗 Stories, Tutorials & Articles
aws.amazon.com
AWS wants long-term IAM access keys gone. In their place: temporary creds via IAM roles, IAM Identity Center, CloudShell, and OIDC integrations.
The push covers everything—CLI tools, local dev, compute, CI/CD, even old-school on-prem. The message is clear: rotate automatically, grant minimally, and stop treating static keys like they're safe.
Big picture: Shifting the default to short-lived creds and federated identity is not just a best practice—it’s the new norm.
The push covers everything—CLI tools, local dev, compute, CI/CD, even old-school on-prem. The message is clear: rotate automatically, grant minimally, and stop treating static keys like they're safe.
Big picture: Shifting the default to short-lived creds and federated identity is not just a best practice—it’s the new norm.
blogs.blackmarble.co.uk
Azure DevOps made it easier to link up with GitHub—no more re-installing the Azure Pipelines GitHub App to kick things off.
Teams can spin up a GitHub App–based service connection directly from a dummy pipeline setup. The service connection comes GitHub App–authenticated out of the gate. Super handy during messy multi-org migrations.
Teams can spin up a GitHub App–based service connection directly from a dummy pipeline setup. The service connection comes GitHub App–authenticated out of the gate. Super handy during messy multi-org migrations.
trufflesecurity.com
Truffle Security dropped a sharp new open-source tool that digs through GitHub’s public commit history looking for zero-commit force pushes—a tactic devs use to erase mistakes, usually secrets. Problem is, they don’t go quietly.
By tapping into historical GitHub PushEvents via GH Archive, the tool hunts down dangling commits—the ghosts of deleted secrets that still linger. Stuff most scanners miss.
Heads-up: Force-pushing doesn’t scrub secrets anymore. Assume every leaked key is burned.
By tapping into historical GitHub PushEvents via GH Archive, the tool hunts down dangling commits—the ghosts of deleted secrets that still linger. Stuff most scanners miss.
Heads-up: Force-pushing doesn’t scrub secrets anymore. Assume every leaked key is burned.
bower.sh
A dev swapped out tmux for a slick combo: Zellij, SSH multiplexing, and systemd socket daemons. No more virtual splits. Just clean session persistence and tight remote control.
This setup brings scrollback back where it belongs—your terminal’s native buffer. It plays nice with extras like the Kitty graphics protocol and offloads window juggling to your actual window manager.
The shift: Multiplexers aren’t dead—but the old models are looking crusty. More devs are ditching all-in-one tools for modular setups powered by Unix-native parts that speak standard protocols.
This setup brings scrollback back where it belongs—your terminal’s native buffer. It plays nice with extras like the Kitty graphics protocol and offloads window juggling to your actual window manager.
The shift: Multiplexers aren’t dead—but the old models are looking crusty. More devs are ditching all-in-one tools for modular setups powered by Unix-native parts that speak standard protocols.
tannerhoelzel.com
A developer walks through building a custom GNU Guix system service for kmonad—yes, the keyboard remapper—by wiring up a new
To get there, they lift patterns from services like
service-type that plugs into Shepherd and account-service-type.To get there, they lift patterns from services like
wesnothd, use make-forkexec-constructor to spin up the daemon, and define the right user/group accounts so the whole thing boots cleanly under Guix.arinco.com.au
GitHub Copilot just leveled up: prompt files, custom instructions, and custom chat modes are live.
Now it's not just tagging along—it’s shaping how you work. Automate code reviews, security scans, or implementation plans. Reuse setups across teams. Control it all from VS Code.
Now it's not just tagging along—it’s shaping how you work. Automate code reviews, security scans, or implementation plans. Reuse setups across teams. Control it all from VS Code.
localhost
This Azure lab wires up Terraform with Azure Pipelines CI/CD to spin up infrastructure and deploy a .NET Core app using IaC. It handles remote state with Azure Storage, automates
plan and apply in pipelines, and swaps in config values via token replacement during deploy.techcommunity.microsoft.com
Microsoft’s moving the cheese again—this time steering Windows deep into the cloud. The old on-prem management playbook? Getting dusty.
At the core: Intune, pushing Zero Trust like it means it. Identity-based access, always-on compliance, real-time config—no more trusting the device just because it’s plugged into the right network.
Out of the box, it taps Conditional Access, Windows Autopatch, and Security Copilot to lock things down, update automatically, and chase threats without blinking. The network perimeter? Irrelevant.
The shift: Windows goes cloud-native, identity-first. Built for hybrid work, wired for Zero Trust.
At the core: Intune, pushing Zero Trust like it means it. Identity-based access, always-on compliance, real-time config—no more trusting the device just because it’s plugged into the right network.
Out of the box, it taps Conditional Access, Windows Autopatch, and Security Copilot to lock things down, update automatically, and chase threats without blinking. The network perimeter? Irrelevant.
The shift: Windows goes cloud-native, identity-first. Built for hybrid work, wired for Zero Trust.
dzone.com
Indexed views are a powerful yet underutilized feature in SQL Server for optimizing complex query performance, with potential for significant performance gains in read-heavy applications. Automatic query substitution is a game-changer when it comes to leveraging indexed views for performance optimization, offering a competitive edge over other solutions like Oracle's materialized views or PostgreSQL's manual refresh approach.
rootly.com
In incident response, adaptability is key. Instead of endless playbooks, focus on flexible frameworks for faster, more effective responses. Brandon Chalk, 16-year Google SRE, shares insights on balancing structure and speed when every second counts.
medium.com
GitOps ditches hand-rolled deployment scripts for a cleaner, declarative model. Git becomes the truth. Agents like Argo CD or Flux CD watch for changes and sync your clusters on their own.
It’s not just about pushing YAML. Good GitOps setups lean on Kustomize for modular config, wire in automated image updates, and roll out changes safely with Argo Rollouts. Want guardrails? Add OPA or Kyverno to enforce policy.
Big picture: GitOps flips CI/CD on its head. GitOps trades step-by-step deployments for event-driven automation, all versioned like proper infrastructure should be.
It’s not just about pushing YAML. Good GitOps setups lean on Kustomize for modular config, wire in automated image updates, and roll out changes safely with Argo Rollouts. Want guardrails? Add OPA or Kyverno to enforce policy.
Big picture: GitOps flips CI/CD on its head. GitOps trades step-by-step deployments for event-driven automation, all versioned like proper infrastructure should be.
netflixtechblog.com
Netflix’s Open Connect program rewires the streaming game. Enter Open Connect Appliances (OCAs): these local units demolish latency, curb cache misses, and pump up streaming power. How? By magnetizing servers with network proximity wizardry. Meanwhile, Kafka rolls up its sleeves, juggling low-latency logs like a pro. Real-time miss metrics? Covered. A slick ballet of data that refines content delivery and spruces up user experiences worldwide.
bluematador.com
The AWS CLI lets developers skip the console and drive AWS straight from the terminal. It’s scriptable, cross-region, and built for automation. Run a command, get back JSON. Pipe it into jq, slice what you need, done.
Tab-completion and in-line help make it faster to poke around and stitch together workflows—without leaving the keyboard.
Tab-completion and in-line help make it faster to poke around and stitch together workflows—without leaving the keyboard.
⚙️ Tools, Apps & Software
github.com
ForgeMT is a secure, scalable Actions runner platform for ephemeral workloads. Designed for multi-tenant environments, it automates isolated runner provisioning on Kubernetes or EC2, with built-in OIDC, IAM, cost optimization, and deep observability.
github.com
MicroMonitor – Lightweight Server Monitoring Built by AI in 24 Hours
🤔 Did you know?
Did you know that Netflix uses a tool called Chaos Monkey that randomly terminates production instances to test service resilience? This tool is part of their broader Simian Army suite, designed to ensure system reliability under failure conditions. While Netflix focuses on infrastructure faults, other companies like Amazon have explored chaos engineering approaches to validate durability and disaster recovery, often simulating failure scenarios to stress-test backup systems and ensure data integrity under pressure.
😂 Meme of the week
🤖 Once, SenseiOne Said
"In cloud computing, the complexity taken out of your infrastructure eventually creeps into your designs; in DevOps, the automation you create eventually reveals the fragility you believe you've eliminated."
— SenseiOne
— SenseiOne
👤 This Week's Human
Meet Peter Stoyanov,a Software Engineer at Amusnet Interactive in Sofia, Bulgaria, where he applies a strong grasp of Workload Prioritization and Database Systems. Peter transitioned from a Software Engineer Intern to a full-time role, building on his foundation in MySQL and Git, alongside 31 other notable skills.