DevOpsLinks

One AWS region face-planted and half the internet felt it; elsewhere, teams quietly shipped fixes—Redis patched, Git re-keying, kernels rolling, and Shopify proving a monolith can sprint. If resilience, cost gravity, and sharper pipelines are on your mind, these threads run deep—follow the details and lift what fits your stack.

🌩️ AWS Outage: A Single Cloud Region Shouldn’t Take Down the World. But It Did.
🚨 CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded
🔐 Git 3.0 to Launch by 2026 with SHA-256 for Enhanced Security
🧹 Discussion of the Benefits and Drawbacks of the Git Pre-Commit Hook
🛡️ How I Block All 26 Million Of Your Curl Requests
🧱 How Shopify Handles 30TB of Data Every Minute with a Monolithic Architecture
💸 Migrating to Hetzner — We saved 76% on our cloud bills
☁️ Hosting Remote MCP Server on Azure Container Apps (ACA)
🐧 Linux Kernel 6.18 RC1 Released: Public Testing Begins
🤖 How AI can help your DevSecOps pipeline

Less fragility, more leverage—apply it and ship.

Have a great week!
FAUN.dev Team

Easily secure any site by putting SSL management on autopilot, supporting one-step validation and renewal via REST API.

Report URI closed the door on Redis CVE-2025-49844 fast. They rolled out ACL-based command blocks and jumped to Redis 8.2.2, now running on a fresh Redis Sentinel-based HA setup.

To prove the fix stuck, they ran command counter checks and layered in enforced blocking rules—then pushed it all out fleet-wide with Ansible. No drama. Just done.

Git 3.0 is coming by the end of 2026—and it's bringing SHA-256 hashes with it. Out with SHA-1, in with a stronger, modern standard. That means tighter integrity and less technical debt dragging things down.

First major version bump since 2014. Not just a version number. This one's deep.

What’s changing:
Switching Git’s core hash function rewires the guts of every repo. That breaks assumptions across workflows, CI/CD pipes, hosting platforms—you name it. Every tool that speaks Git needs to catch up.

Linux 6.18 cracked open its merge window on Oct 1, 2025. RC1 dropped two weeks later, right on schedule, landing Oct 15. The full release? Aiming for Nov 30—but if things get spicy, expect Dec 7 after a possible RC8.

An AWS hiccup in US-EAST-1 knocked out over 70 services, sidelining Coinbase, Reddit, and even UK banks. Root cause? DNS resolution tanked. AWS throttled traffic to catch up.

The bigger problem: Too much of the internet still leans on too few clouds. Fragile by design.

Cloud DNS is the most cost-effective way to manage your domain names. You can use it with Free DNS or Premium DNS, depending on your needs. Our Cloud DNS service provides up to 10,000% uptime Service Level Agreement (SLA).

ClouDNS offers Free DNS zone migration for all new customers!

DigitalSociety ditched AWS and DigitalOcean. Swapped the comfort of cloud for full control on Hetzner, built on Talos Linux. PostgreSQL? Now running on CloudNativePG. Traffic flows through Ingress NGINX with ExternalDNS handling the names.

The payoff: monthly costs dropped from $449.50 to under $100. ARM vCPUs and OSS tools replaced pricey managed services.

Bottom line: Managed services are costly and you probably noticed it! More startups are gearing up to trade cloud ease for control, forging lean Kubernetes stacks with eyes wide open on cost.

A developer built a razor-sharp TLS fingerprinting and blocking tool—all in kernel space—with eBPF and XDP. It hooks into incoming packets, scrapes TLS Client Hello messages, and cranks out simplified JA4-style hashes from their cipher suite lists.

The fun part? It's running under tight stack limits, so the dev stuffed a custom O(n²) sort into the hash logic. Yeah—bubble-sort energy, in 2024. But it fits. For state management, it leans on eBPF maps as on-the-fly blacklists. No stack overflows. No userspace detours.

System shift: Real-time packet filtering is moving down the stack. Kernel-level signals. No more babysitting by bloated firewalls or load balancers.

Pre-commit hooks catch secrets and fix formatting before bad stuff hits your repo. But if they’re clunky or slow, devs bail. Tools like Pre-Commit, Husky, and devenv are trying to fix that. devenv stands out—hooks are baked right into your Nix env, no extra glue scripts.

A fresh setup shows how to run Model Context Protocol (MCP) servers over HTTP inside Azure Container Apps—stateless, serverless, and ready for real-time jobs like live forex conversion. It pipes in a live API fallback, adds caching, and speaks JSON-RPC 2.0 over POST. You can spin it up with Bicep templates and the Azure CLI.

Shopify handles billions of Black Friday requests on a modular monolith, built with Ruby on Rails and kept in check by Packwerk. Domain boundaries are enforced. Chaos averted.

Inside, it blends Hexagonal Architecture, isolated Pods, and real-time Kafka pipes. The system scales without fracturing into microservices confetti.

System shift: Monoliths aren't dead—they're just disciplined now. Clean code, strong boundaries, fewer regrets.

AI is sliding into DevSecOps and turning security into less of a slog. Tools like Darktrace PREVENT, CrowdStrike Falcon, and Microsoft Security Copilot aren't just watching—they're flagging weird behavior, proposing fixes, and unclogging patch pipelines inside CI/CD.

The shift: DevSecOps is on its way to turning into an AI-powered defense grid, tightening delivery without slowing it down.

Show your Kubernetes pride with the Kubectl Heavy Blend™ Hoodie — soft, durable, and built for long dev sessions or quick rollouts. This hoodie keeps you warm and ready to ship, whether you’re scaling clusters, sipping coffee or debugging last week incident :)

A persistent bot blitzing from AWS Singapore—armed with the user-agent 'Mozilla/5.0 (compatible; crawler)'—is slamming endpoints with 700+ req/sec, nonstop for months. It shrugs off 4XX and 30X like they're polite suggestions. Only a Cloudflare WAF throwing 444 responses is keeping the flood in check.

Docker Prometheus: a lightweight Prometheus container for fast monitoring and metrics collection. Deploy easily and scale observability across Kubernetes, Compose, and Swarm.

htop-like network monitoring tool. The Swiss Army Knife for Network Ops

Instant, easy, and predictable development environments

Modern image vulnerability scanning & patching platform with multi-tool integration.

Did you know that in 2025, Rust is increasingly popular in AI development by combining its speed and safety with Python’s flexibility? Developers use Rust for performance-critical parts like data processing and custom inference modules, often integrating Rust code as Python packages for easy use. This hybrid Rust + Python approach boosts both efficiency and productivity, making Rust a powerful tool in modern AI workflows. Rust’s memory safety and concurrency features also help build more robust and scalable AI systems without sacrificing performance.

"Cloud elasticity turns performance bugs into invoice spikes; SRE decides which spike is cheaper. Ship faster all you like — if your error budget never burns, your cash budget will."
— SenseiOne

This Week’s Human is Waldemar Hummer, Co-Founder and CTO at LocalStack, building a platform for developing and testing cloud and AI apps locally. He led engineering at Zurich Insurance, shaping strategy across a 300+-person organization and managing 40+ engineers, and as CTO at Advanon drove a platform overhaul that resulted in acquisition by CreditGate24. Earlier at IBM he built the cloud backend for Watson Machine Learning and owned ModelOps; at Atlassian he led teams shipping a real-time stream processing platform and tuning their Hadoop/Hive/Presto stack, alongside steady open source work.