DevOpsLinks

"Given enough eyeballs, all bugs are shallow."

That's Linus's Law and it's a great theory.

The idea is: The more people reviewing code, the more likely someone spots a vulnerability. It's the foundational argument for why open source software can be more secure than proprietary alternatives.

Now enter AI agents.

In theory, multiple AI agents continuously reviewing code is Linus's Law finally fulfilled. Tireless, systematic, available 24/7, no ego and no boredom.

But here's the issue: AI agents trained on similar data share similar blind spots. Diversity of "perspective" is precisely what makes many eyeballs valuable.

A roomful of identical reviewers, human or AI, doesn't give you that.

Take the example of OpenSSL and the Heartbleed bug. It was a simple off-by-one error that went unnoticed for years propbably because the contributors share the same "expertise" and "perspective" on the codebase.

Diversity is the key here. Instead of relying on 1 large model, relying on multiple smaller models trained on different data, with different architectures, fine-tuned for different areas of expertise (memory, concurrency, cryptography, etc) could be a more effective way to catch vulnerabilities.

This is where MCP comes in. It gives you the infrastructure to orchestrate exactly that - multiple specialized agents, different models, different focuses, reviewing the same codebase in parallel. Not one genius. A diverse committee. Linus's Law, finally staffed correctly.

If you want to learn how to build systems like this, I'm releasing Practical MCP with FastMCP & LangChain - Engineering the Agentic Experience a complete guide from first principles to production deployment. Pre-sale is open now, at a discount, before the official launch.

Have a great day,
Aymen.

One bad deploy can take down checkout, delete your database, and still somehow raise your AWS bill, all in the same week. This set swings between damage reports and the fixes: cost maturity, safer secrets, and tooling that turns diagrams and chat apps into real parts of your workflow.

🛒 Amazon is back up after outage affecting tens of thousands of shoppers
💸 AWS Cost Optimization Best Practices: A Maturity-Based Guide [2026]
🗺️ Draw.io MCP for Diagram Generation: Why It’s Worth Using
🧨 How I Dropped Our Production Database and Now Pay 10% More for AWS
🤖 NanoClaw Brings Container-Isolated AI Agents to WhatsApp and Telegram
🔐 Secret scanning in CI (and why pre-commit hooks are the real control)
⚡ Why Serverless Compute Partners Are Now More Important Than Ever

Steal the lessons, not the outages.

Cheers!
FAUN.dev() Team

At scale, IaC state management isn't a storage problem. It's a people and process problem. Join us live to learn how platform teams map dependencies, govern multi-team workflows, & stop mystery outages before they start. You’ll walk away with a practical checklist for scaling IaC.

Register now for this free virtual event on March 12 @ 12PM ET.

If you’ve managed Infrastructure as Code in production, scaled platforms under pressure, or built guardrails that held up at speed, we want to hear from you. IaCConf 2026 is seeking practitioners to present 40-min sessions on May 14 (virtual).

Submit your proposal by April 7.

NanoClaw runs as a single Node.js process across 15 files (~3,900 LOC). It stores messages, sessions, and tasks in SQLite.

It connects to WhatsApp and Telegram. Messages queue per group. Agents run inside isolated group containers.

Security anchors on container isolation. Uses Docker (or Apple Container on macOS). Each group gets a private filesystem and JSON host–container IPC. Optional Model Context Protocol (MCP) integration. Interactive install via Claude Code.

If you're working with Kubernetes and exploring AI/ML in real-world environments, this 5-hour live workshop focuses on the practical side of running AI workloads in production.

🎟 Early Bird Offer – 50% Off (No Code Needed) : Build & Scale AI Workloads on Kubernetes Tickets, Sat, Mar 28, 2026 at 7:00 PM | Eventbrite

Draw.io MCP links the Model Context Protocol to draw.io. It ingests structured input (text, CSV, Mermaid) and emits draw.io XML, PNG/SVG, or hosted links.

Draw.io MCP runs as an MCP Tool Server, CLI, or Copilot skill. It drafts small graphs (<50 nodes) in seconds and stores diagrams in Git for diffs and CI/CD automation (for example, from Terraform plans).

The note says AI workloads are bursty. They spawn parallel tool calls, pull multi‑GB model weights into RAM, and endure long cold starts (e.g., vLLM, SGLang). Companies wrestle with a fragmented GPU market and poor peak GPU utilization. To hit latency, compliance, and cost targets they adopt multi‑region/multi‑cloud setups or partner with serverless compute.

Planned migration shifts the static site from GitHub Pages to AWS S3. DNS moves to AWS. Django stages on a subdomain before the main domain swaps.

A Terraform auto-approve ran with no remote state. It destroyed production RDS, VPC, ECS, and automated snapshots. AWS found a hidden snapshot and recovered the DB in ~24h.

The guide maps a five-stage maturity model — from Visibility to FinOps Culture. It prescribes staged actions before commitment purchases.

It recommends turning on Cost Explorer and AWS Budgets, enforcing tag policies, running Compute Optimizer, testing Graviton, and using CloudBurn/Amazon Q for pre-deploy estimates.

Amazon faced an outage, affecting tens of thousands of shoppers globally on Thursday afternoon. Downdetector reported a surge in complaints, peaking at 20,000 by 3:49 p.m. ET. The outage involved checkout and pricing errors caused by a software code deployment.

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx with Aikido Safe Chain. Free to use, no tokens required.

Architecture intelligence for cloud engineers

A cross-platform programmable network tool

A new bootable USB solution.

Did you know that randomize_kstack_offset, a Linux kernel security feature introduced in 5.13, adds a random offset to the kernel stack on every syscall entry to prevent stack layout attacks - and it has a real, measurable cost? On syscall-heavy workloads, it can add 10-13% mean latency overhead per syscall, and p99.9 tail latency can spike above 20%, which means microbenchmarks and tight syscall loops can look slower after a kernel upgrade even when no application code changed. A Java benchmark was traced spending roughly 10% of its runtime inside get_random_u16() because of this feature, which looked exactly like a performance regression until engineers traced it to the hardening toggle.

Secret scanning in CI added as an afterthought runs on commits that already exist in git history, which means the credential is already compromised the moment it was pushed, regardless of whether the pipeline blocks the merge. The actual control is pre-commit hooks with baseline enforcement - everything downstream is incident response with extra steps.