DevOpsLinks

Infra is pulling in opposite directions: one team dumps AWS for bare metal and saves $1.2M, while AWS lays its own transatlantic fiber to feed the beast. Along the way, tracing hooks into LLMs, zero trust drops the sidecars, Compose holds its ground in prod, and even Linux gets an API—with a legal curveball for AI-written code—let’s dig.

💾 AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS

🌊 AWS Unveils Fastnet Cable to Boost Transatlantic Cloud Connectivity

⚖️ FSF Talks GPL Compliance and AI Code at GNU Cauldron

🧠 Grafana Tempo 2.9 Supercharges Distributed Tracing with LLM Integration

🖥️ IncusOS Launches: A Secure, API-Driven Linux for Servers and VMs

🔬 Perfetto: Swiss Army Knife for Linux Client Tracing

🤖 Pulumi’s Neo Now Fixes Infra Policy Violations - Not Just Flags Them

🧭 VMware Cloud Foundation – what’s actually going on?

🐳 Why I Like Using Docker Compose in Production

🔐 Zero Trust with Cilium : Enforcing mTLS in Kubernetes

Ship safer, cheaper, faster—your future self will thank you.

Have a great week!
FAUN.dev() Team

Easily secure any site by putting SSL management on autopilot, supporting one-step validation and renewal via REST API.

Grafana Tempo 2.9 ships with experimental support for the Model Context Protocol (MCP) server. That means LLMs can now hook directly into distributed tracing via TraceQL—no duct tape required.

Big leap: probabilistic TraceQL metrics sampling gets dynamic controls, so you can fine-tune what flows through. Search and query speeds? Faster. Multi-tenant trace visibility? Now with clearer metrics.

IncusOS dropped on Nov 7. It's built on Debian 13, but that’s where the similarities end. Think: atomic A/B updates, TPM 2.0, no shell, no frills - just a clean API with strict TLS/OIDC auth.

It's aimed squarely at servers and VMs. Image-based deploys. Hands-free auto-installs. Smooth integration with Linstor, Netbird, and Incus Deploy for building out hybrid environments.

Pulumi Neo now fixes policy violations on its own - using AI to patch your IaC. You can gate it behind approvals if you want, and it plays nice across clouds. Enforcement works both during deploys and in post-hoc scans. It supports the big compliance frameworks too.

Need help writing policies? Neo’s got real-code suggestions on tap.

At GNU Tools Cauldron, Krzysztof Siewicz dug into the legal mess swirling around LLM-generated code—who owns it, how to license it, and what happens when you skip attribution. Right now, AI-assisted code is skating on thin legal ice.

System shift: LLMs aren’t just writing code—they’re rewriting the rules. Licensing and compliance need a reboot.

AWS just dropped plans for Fastnet - a 320 Tbps transatlantic cable stretching from Maryland to Ireland by 2028. It’s AWS’s own pipe this time, built with optical switching and a scalable architecture. Translation: fewer bottlenecks, more control, and instant upgrades when traffic spikes.

This a shift: AWS is stacking its global backbone to handle the raw, high-speed firepower AI and cloud-native systems demand. No middlemen..

Cilium ditches sidecar proxies and runs mutual TLS (mTLS) right in the K8s data plane using eBPF. Fewer hops. Less mess.

It enforces identity-based policies at the source, handles dynamic cert rotation with SPIFFE and cert-manager, and pipes in real-time visibility through Hubble—even for encrypted traffic.

System shift: No more juggling sidecars. Cilium flips service mesh on its head with a sleek, identity-first approach built into the cluster itself.

Cloud DNS is the most cost-effective way to manage your domain names. You can use it with Free DNS or Premium DNS, depending on your needs. Our Cloud DNS service provides up to 10,000% uptime Service Level Agreement (SLA).

ClouDNS offers Free DNS zone migration for all new customers!

The interview with Prashanth Shenoy, vice president of product marketing in the VMware Cloud Foundation (VCF) Division of Broadcom, sheds light on the integration between the two companies. Shenoy discusses the shift to subscription-based pricing and the simplification of VMware's product portfolio. Despite confusion and pushback in the market, Broadcom claims to have lowered prices for customers.

OneUptime ditched the cloud bill and rolled their own dual-site setup. Think bare metal, orchestrated with MicroK8s, booted by Tinkerbell, patched together with Ceph, Flux, and Terraform. Result? 99.993% uptime and $1.2M/year saved - 76% cheaper than even well-optimized AWS.

They run it all with just ~14 engineer-hours/month. Thanks, Talos. The cloud's still in play, but only where it helps: archival, CDN, and burst capacity.

Perfetto now pulls in mixed trace data - perf samples, scheduler events, app-level instrumentation - and lines it all up on a single timeline. One view, no silos.

It reads trace-cmd’s text format now, with smoother flame graphs, sharper bottom-up views, and SQL-powered filtering baked right into the UI.

A decade in, and this dev still rides with Docker Compose for production. Why? It just works. Clean deployments, solid uptime, same setup everywhere. No yak-shaving.

It shines when you pair it with Git hooks for hands-off, zero-downtime deploys. No need to drag in Kubernetes unless you’re actually wrangling a fleet.

Show your Kubernetes pride with the Kubectl Heavy Blend™ Hoodie — soft, durable, and built for long dev sessions or quick rollouts. This hoodie keeps you warm and ready to ship, whether you’re scaling clusters, sipping coffee or debugging last week incident :)

Permify is an open-source authorization service & policy engine based on Google Zanzibar.

A lightweight tool for deploying and managing containerised applications across a network of Docker hosts. Bridging the gap between Docker and Kubernetes

Scalable S3-backed sharded counters

PostgreSQL backup tool

Did you know that Amazon Aurora considers a write committed once it’s acknowledged by 4 out of 6 distributed storage nodes - rather than waiting for local disk fsync? Their storage layer replicates data across three Availability Zones and handles crash recovery inside the storage tier, which means the compute instance can promote a new writer without replaying logs locally. This design boosts resilience even if an AZ fails, but your commit latency can still reflect cross-AZ network latency.

"DevOps traded tickets for APIs and root for roles; the cloud happily enforces both. SRE is what ensures that bargain doesn't cost you your availability."
— SenseiOne

This Week’s Human is Geoffrey Dayrit, Cyber Security Senior Lead Technical Program Manager at Lumen Technologies. He builds and scales secure Government Cloud environments aligned with CMMC 2.0, DFARS 252.204‑7012, and FedRAMP/NIST 800‑171, driving zero‑trust architecture and vulnerability remediation to cut risk and shorten audit timelines. Previously he led the Global Security Services PMO, grounding teams in the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover).