DevOpsLinks

Three megaclouds rally around an open DocumentDB while GitHub’s AI tilt splinters the community—meanwhile a quiet AWS sandbox escape lands and Terraform finally tames state locks. Add battle-tested incident habits, regex that still pays rent, and whether LLMs can actually write SQL; the details are worth your next five minutes.

🗃️ AWS, Microsoft and Google unite behind Linux Foundation DocumentDB database to cut enterprise costs and limit vendor lock-in
🧭 Being on the Same Page During an Incident: Not Actually Telepathy
🚢 Deploy a containerized application with Kamal and Terraform
🐙 GitHub Copilot on autopilot as community complaints persist
🛡️ Sandboxed to Compromised: New Research Exposes Credential Exfiltration Paths in AWS Code Interpreters
🔒 Terraform State Management Demystified: From Local to Remote
🗂️ Terraform Workspaces: Managing Deployments Across Multiple Environments
🔎 Using Regex in Incident Response: A Powerful Tool for the Modern Analyst
🧮 Which LLM writes the best analytical SQL?
🎭 You Vibe It You Run It?


Less buzz, more leverage—ship something sturdier this week.

Have a great week!
FAUN.dev Team

GitHub's biggest debates right now? Whether to shut down AI-generated "noise" from Copilot—stuff like auto-written issues and code reviews. No clear answers from GitHub yet.

Frustration is piling up. Some devs are ditching the platform altogether, shifting their projects to Codeberg or spinning up self-hosted Forgejo stacks to take back control.

System shift: The more GitHub leans into AI, the more it nudges a group of people out. That old network effect? Starting to crack?

Amazon Q Developer now plugs into Jellyfish. Teams get a clearer view of how AI fits into the real flow of work—prompt usage, code adoption, PR throughput. Not just surface stats.

The setup pipes data from AWS S3 straight into Jellyfish’s analytics engine. It tags AI users, tracks velocity gains, and measures how much Q actually shaves off commit-to-PR time.

Researchers poked holes in sandboxed Bedrock AgentCore code interpreters—and found a way to leak execution role credentials through the MicroVM Metadata Service (MMDS). No outside network? Doesn’t matter. The exploit dodges basic string filters in requests and lets non-agentic code swipe AWS creds to hit control plane APIs from the outside.

Document databases are crucial for AI apps in the gen AI era. Microsoft's open-source DocumentDB project, based on PostgreSQL, is moving to the Linux Foundation, offering a vendor-neutral, open-source alternative to MongoDB. DocumentDB's compatibility with MongoDB drivers and open source governance make it an attractive option for enterprises looking to avoid database vendor lock-in.

Regex isn’t just an old-school hack—it’s still clutch when incidents hit the fan. This piece lays out how regex slices through bloated logs fast, helping teams find root causes before things spiral. In high-stakes response, speed’s everything. Regex delivers.

Terraform 1.10.0 drops a big one: native state locking for S3 backends. No more bolting on a DynamoDB table just to avoid clobbering state.

The new "bucketobjectlocking" setting handles locking at the source. Cleaner config. Fewer parts. Less drama when your whole team hits terraform apply at once.

Terraform workspaces split your infrastructure state by environment—prod, staging, dev—all from one config. The CLI handles the juggling. Each workspace keeps its own state file, usually in a separate S3 path. Clean. Isolated. DRY.

This setup lets teams ship environment-specific infra without copy-pasting themselves into madness.

A Docker-first workflow combines Terraform and Kamal into a lean, Elastic Beanstalk-ish alternative—without the bloat. Terraform spins up a three-tier VPC and wires it to ECR. Kamal takes it from there, booting containers on a raw EC2 box: app, proxy, monitor. One script. Done.

Collaboration in incident response is crucial for effective resolution, starting with establishing a basic compact among responders. Grounding is a process that ensures alignment and common ground is maintained throughout an incident, encompassing initial common ground, public events so far, and the current state of the activity. To nurture effective collaboration, teams can practice scenarios together and implement strategies for maintaining common ground at each of these levels.

Tinybird threw 19 top LLMs at a 200M-row GitHub dataset, testing how well they could turn plain English into solid SQL. Most models kept their syntax clean—but when it came to writing SQL that actually ran well and returned the right results, they lagged behind human pros. Messy schemas or tricky prompts? Total tripwire.

Vibe Coding lets developers create software by chatting with AI, skipping traditional coding. But the non-determinism of AI prompts poses significant risks for reliability and maintainability, potentially leading to addiction-like dependence on this new tool. Think twice before fully embracing this flashy but flawed trend.

☕ Git Pull Coffee – Black Mug Fuel your commits the right way. Perfect for devs who push code and pull coffee.

Effortlessly run tasks and manage your services on AWS ECS (Elastic Container Service).

Codefather protects your codebase by controlling who can change what. Set authorization levels, lock down files, and enforce your rules—offline via CLI or online with Actions.

A CLI to stash secrets. No logins.

The platform for streaming isolated desktop containers.

Did you know Linux exposes real-time resource-saturation signals—called PSI—for CPU, memory, and I/O that reveal stalls long before CPU-usage or memory-graphs budge? On cgroup v2, you can set a soft memory threshold via memory.high and monitor /proc/pressure/memory some avg10 to shed load before hitting OOM, rather than relying on the hard memory.max kill. systemd already integrates this through MemoryHigh= and PSI-based MemoryPressureWatch=, letting services auto-respond without code changes. Many Kubernetes nodes still run on cgroup v1 and miss these capabilities—switching to the unified v2 hierarchy unlocks this early-warning, pressure-aware control.

"Auto-scaling and retries make outages quiet, not absent; SLOs exist to prove otherwise. In the cloud, you rarely own the root cause—only the blast radius and the recovery clock."
— SenseiOne