DevOps and other issues by Yurii Rochniak (@grem1in) - SRE @ Preply && Maksym Vlasov (@MaxymVlasov) - Engineer @ Star. Opinions on our own.
We do not post ads including event announcements. Please, do not bother us with such requests!
Join @catops for exclusive preply and maxymvlasov content and discussions in 1
No reviews yet. Be the first to share your experience!
Latest Posts
CatOps
May 23, 2026, 05:22 AM
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKIc2n9pOJE8v-71fRNoUFCEfzmTdcnAAIwFmsb1kjwS6yp_Y81THwtAQADAgADdwADOwQRemember https://github.com/V4bel/dirtyfrag https://copy.fail/ which we all checking a week ago?
Here is a continuation - another Linux 0-day to root.
https://github.com/V4bel/dirtyfrag
Btw, I can recommend to checkout https://t.me/setenforce_1 - channel fully dedicated to security, or better say - to vulns that will have real effect on you. No bullshit about "10 common vulns" which you can check on OWASP etc. Love it.
#security #linux
1,330
11
0
CatOps
May 23, 2026, 05:22 AM
A book bundle on https://www.humblebundle.com/books/shells-and-scripting-for-seasoned-admins-oreilly-books-encore by O’Reilly on Humble Bundle.
Just beware that this is a reoccurring bundle. It was featured before, including on this channel. Double-check before you buy!
#books
1,200
2
0
CatOps
May 23, 2026, 05:22 AM
You may have heard already that Mitchell Hashimoto plans to https://mitchellh.com/writing/ghostty-leaving-github.
It could be that you plan such a move yourself for whatever reason, but you're not sure yet. Here's a guide on https://schalkneethling.com/posts/pushing-to-github-and-codeberg-simultaneously-with-git/, so you could still keep the door open.
Codeberg is a non-profit European Git hosting. Although, this guide should work for any provider as long as you can use SSH keys for auth.
#programming #github
1,220
5
0
CatOps
May 23, 2026, 05:22 AM
Figma has replaced PGBouncer with https://www.figma.com/blog/pgkeeper-building-the-bouncer-we-needed-for-postgres/ as a connection pooler for Postgres.
I really enjoyed this article, because they go into the implementation depths and describe why certain decisions were taken. Unfortunately, it doesn't always happen in such articles. Also, this is a nice reminder that software engineering is not only about writing CRUDs.
Unfortunately, https://www.reddit.com/r/golang/comments/1t3nqi3/figma_replaced_pgbouncer_with_a_gobased_database/ for now, also because it's too tightly coupled with libraries and approaches Figma uses internally. To be honest, it makes sense for in-house software to aim to one's specific needs rather than being generic enough to be open sourced.
#databases #postgres
1,360
8
CatOps
May 23, 2026, 05:22 AM
An interesting application for eBPF: patching your Kubernetes nodes against CopyFail (see the previous post) with a DaemonSet. It is supposed to work even if the algif_aead module is built into the kernel.
https://github.com/iwanhae/copyfail-ebpf-k8s
#security
2,200
3
0
CatOps
May 23, 2026, 05:22 AM
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKIP2n4ZtS80bYKCRxCkdgOPRMUPydEAAL9FGsbyGPBS7jYfh1ImqbUAQADAgADeQADOwQMy friends started a helper jar for two pickup trucks for AFU.
More info: https://www.instagram.com/p/DXpgaaWgH00
Monobank jar: https://send.monobank.ua/jar/3U1hBa5WPp
#donations #Ukraine
If you're hosting GitHub Enterprise Server, you need to update to address a recently discovered CVE.
What's interesting about this CVE is that it is a legit CVE that was discovered with AI. As WIZ researchers put it https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Notably, this is one of the first critical vulnerabilities discovered in closed-source binaries using AI, highlighting a shift in how these flaws are identified.
https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/.
Fixed versions:
- GitHub Enterprise Server 3.14.25 or later
- GitHub Enterprise Server 3.15.20 or later
- GitHub Enterprise Server 3.16.16 or later
- GitHub Enterprise Server 3.17.13 or later
- GitHub Enterprise Server 3.18.7 or later
- GitHub Enterprise Server 3.19.4 or later
- GitHub Enterprise Server 3.20.0 or later
P. S. These news came from https://t.me/catops_chat (in Ukrainian).
#security #github
1,460
0
CatOps
May 23, 2026, 05:22 AM
https://copy.fail/
Basically, you need to patch/recreate with new version everything that interact with not trusted part of internet.
Bug found was AI-assisted, btw.
#security
1,650
4
0
CatOps
May 23, 2026, 05:22 AM
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKH5WnvLS3O5HkUpA63bIxH4eTUtqjkAAIqFGsbX8Z5S_EG3JIsYwpbAQADAgADeQADOwQFor today’s Donations Monday, I would like to remind you about a smaller fundraiser that I posted several weeks ago. It’s moving, but rather slow. So, let’s boost it!
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKHf2nc7cjU9QHgVHCMGIhJkWzFosByAAKLFGsbyFvoSoyxdQr2Yi0yAQADAgADeQADOwQA fundraiser for radio-electronic equipment for the 25th Brigade.
Monobank jar:
https://send.monobank.ua/jar/5cXWfFMLHR
The fundraiser is 60% complete.
#donations #Ukraine
1,300
4
0
CatOps
May 23, 2026, 05:22 AM
Apparently, the Dutch Central Bank is opting for the https://www.discountretailconsulting.com/post/netherlands-dnb-goes-to-lidl-for-cloud-services as their cloud provider.
Right now, digital sovereignty may sound like loud promises, but this is one of the main issues the European tech sector will have to solve in the nearest future.
P. S. It’s also a bit funny that a grocery store is completing with a book store in cloud computing.
#cloud #lidl
1,460
19
0
CatOps
May 8, 2026, 08:33 PM
https://www.ufried.com/blog/laws_of_architectural_work/ is a short article with two important insights about architectural decisions:
- They always come with trade-offs.
- Context matters.
This reminded me of a university professor from back in a day. He used to say: “There is no good solution, there is only an optimal solution for our case”. This phrase pretty much summarizes the whole premise of this article.
In any case, I think it’s an important reminder, taking into account that we can “outsource” more and more coding work, so what we left with is basically architectural work, being it software, infrastructure, networks, or something else.
P. S. This article was written in 2020, so take it into account, when you encounter words “recent” there. I’m digging through my archive of saved articles.
#architecture
1,480
3
CatOps
May 8, 2026, 08:33 PM
A new issue of the CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2026-04-24
#newsletter #digest
1,440
3
0
CatOps
May 8, 2026, 08:33 PM
This article may upset some people, but this is a very good retrospective on measuring developer productivity, and what the new AI era may mean for this.
https://a4al6a.substack.com/p/the-developer-productivity-trap?r=10ywg9 is a rather long article, but it totally worth the time! Especially, if you work on the “development experience” side of things or is responsible for engineering metrics. It’s especially valuable read, if you’re on the journey of implementing AI assistants in your company.
#devex #culture
1,520
5
0
CatOps
May 8, 2026, 08:33 PM
Do you trust your colleagues?
An article https://a4al6a.substack.com/p/stop-using-pull-requests from the same author as the previous article in the channel, argues that they may be not ideal.
The core argument is that pull requests were originally created for low trust open source environment, in which contributors may have never seen each other, and often do not know each other at all. Development teams in the corporate world operate on another set of assumptions.
It's interesting that this article also builds up on the ideas of Thierry de Pauw. IIRC, I already posted his talk "Non blocking Pull Requests" on the channel, but in any case, https://fosdem.org/2026/schedule/event/WYHDQZ-non-blocking_continuous_code_reviews/.
The main premise of the article is that you need to adopt T*D practices: test-driven development, trunk-based development, and another made-up T*D practice that basically means pair-programming.
From my experience I can say, that eliminating pull requests is probably not something you can do in a short run, but measuring the waiting time before PRs are merged is a good practice. Another good practice is to team-up on tasks or projects. So, basically pair-programming, but several people can still work on different tasks within a project, share context on this project, and thus be able to review each other's work almost immediately without much context switching.
T*D practices are also nice. Honestly, I have an impression that the majority of people are using the trunk-based merge model and continuous deployment these days. Also, it's interesting how AI can facilitate test-driven development: spec (by human) => test (by a machine) => tests review (by humans) => coding (by a machine).
#culture #programming
CatOps
May 8, 2026, 08:33 PM
After painful and not particularly successful adoption path of IPv6, a draft proposal for IPv8 is here. However, it has some https://shitwolfymakes.substack.com/p/we-need-to-talk-about-the-ipv8-draft not on the technical, but on the operational and policy level. In short, in its current form, it would make the Internet more prone to be controlled by a centralized entity.
Here’s https://www.ietf.org/archive/id/draft-thain-ipv8-00.html I haven't read it yet, but now I sure will.
#networking
1,430
3
0
CatOps
May 8, 2026, 08:33 PM
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKHf2nc7cjU9QHgVHCMGIhJkWzFosByAAKLFGsbyFvoSoyxdQr2Yi0yAQADAgADeQADOwQFor today’s Donations Monday, I’d like to ask you to help with another smaller scale fundraiser for radio-electronic equipment for the 25th Brigade.
Monobank jar:
https://send.monobank.ua/jar/5cXWfFMLHR
The fundraiser is ~41% complete for now.
#donations #Ukraine
1,540
3
0
CatOps
May 8, 2026, 08:33 PM
Yet another https://medium.com/codex/the-engineers-complete-guide-to-technical-debt-c820bee4101d.
It uses Martin Fowler's "Technical Debt Quadrant" to reason about the technical debt and provides some advices on how to address it.
P. S. There is some self-promotion in the end, but it's subtle. So, I would say that this article is still a nice entry point into the topic.
#culture
1,540
0
0
CatOps
May 8, 2026, 08:33 PM
https://www.vaines.org/posts/2026-03-24-the-comforting-lie-of-sha-pinning/featured.png https://www.vaines.org/posts/2026-03-24-the-comforting-lie-of-sha-pinning/ is an article inspired by those supply chain attacks that happened lately.
It shows some quirks of how GitHub works with SHAs, which are quite unexpected. The gist and the main excerpt:
From the platform’s perspective, a fork is a separate repository with a shared object graph/history. When the runner resolves the reference, it ultimately looks up the commit in the Git object database; if that object exists and is reachable, it can be used regardless of which fork introduced it. A commit object is globally identifiable. If the SHA exists anywhere reachable, that is apparently sufficient.
The article also describes the way of how to mitigate this risk in GitHub organizations, if you have one.
#security #github
1,550
5
CatOps
May 8, 2026, 08:33 PM
As you may know, https://blog.localstack.cloud/the-road-ahead-for-localstack/#will-i-need-to-start-paying-for-localstack-for-aws starting from the 23rd of March.
So, here are a few alternatives you may consider:
- https://ministack.org/ - a free alternative written in Python.
- https://floci.io/ - another free alternative written in Java.
- https://github.com/sivchari/kumo - a lightweight AWS simulator written in Go.
I haven't tried any of them yet. I guess, I'll need to, since I'm using LocalStack to test my open sourced https://github.com/grem11n/terraform-aws-vpc-peering.
#aws #localstack
1,860
7
0
CatOps
May 8, 2026, 08:33 PM
Terragrunt https://www.gruntwork.io/blog/terragrunt-1-0-released. According to them, this is not about a lot of brand-new features, but a commitment to backwards compatibility within the 1.x branch.
The press-release also has an overview of some features that Terragrunt has.
#terraform #terragrut #opentofu
1,560
16
0
CatOps
May 2, 2026, 12:08 AM
https://www.humblebundle.com/books/linux-good-stuff-no-starch-books is a book bundle by No Starch Press that really has good stuff! Including the book I recommend to everyone starting with Linux - "How Linux Works" by Brian Ward and "The Linux Programming Interface" by Michael Kerrisk for those who want to know how Linux works, but on the API level.
There are some other interesting books as well. Yet, this bundle is not cheap: you have to pay at least €56 unlike the usual €20-25 to unlock it.
#books #linux
1,670
3
0
CatOps
May 2, 2026, 12:08 AM
A new issue of CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2026-04-04
#digest #newsletter
1,470
13
0
CatOps
May 2, 2026, 12:08 AM
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKHSmnTj_A7sYoG_aKWuBVuoy4uJaYZAALKFWsbqHGhSmdRz3Z_spGuAQADAgADeQADOwQFrom time to time, I share a standing jar for FPV drones for a guy from my wife’s hometown.
Today, I’d like to share a fundraiser for rehabilitation of his brother-in-arms, who lost his leg near Kostiantynivka. Now he needs to undergo a series of surgeries. Here’s a Monobank jar to help him financially:
https://send.monobank.ua/jar/5AmpbpVRxm
Card number:
4874 1000 2602 4938
#donations #Ukraine
1,480
7
0
CatOps
May 2, 2026, 12:08 AM
Kubernetes' SIG Network https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/ version 1.0.
This is a tool which aim is to help you to migrate your deprecated Nginx Ingress configuration to the new Gateway API. They do not advertise this tool as a one-click migration solution, but rather as a helper to recreate your manifests.
P. S. Cannot wait to see, how this tool would translate all the custom spaghetti server snippets for Nginx 😈
#kubernetes #networking
1,790
11
0
CatOps
May 2, 2026, 12:08 AM
"From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out."
https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/.
You can opt out in Copilot's "Privacy" settings, or migrate to Codeberg :D
#github #ai
1,910
2
0
CatOps
May 2, 2026, 12:08 AM
I wish, I could say: "Good morning", but instead I say:
- https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan. Axios is an incredibly popular HTTP client for NodeJS, so if you use that, there's a high chance, you're affected.
- https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8561/
#security
1,690
10
0
CatOps
Apr 22, 2026, 06:41 AM
You may already know that Trivy - a popular security scanner - was compromised last Friday.
- Here is a https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack about this breach.
- Here is https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html that goes beyond the GitHub Actions exploit.
If you run Trivy in any form, including locally, double-check what and when you ran.
Check if you had in your CI logs lines like below. Especially, if you’re not using curl in your CI normally.
Terminate orphan process: pid (xxxx) (curl)
Check if you have this file on your local machine or a non-GHA executor: ~/.config/systemd/user/sysmon.py.
You may need to rotate a lot of credentials as a fallout of this breach.
Also, as harsh as it sounds, this line from one of the articles above makes sense:
~
Stop using Trivy. This isn’t the first time Aqua Security’s infrastructure has been compromised, and the `aqua-bot` account that enabled this attack was reportedly left exposed from a previous incident earlier in March that was never fully contained. That’s not a one-off failure; it’s an organizational pattern. A security scanning tool that can’t secure its own supply chain is a liability, not an asset. Remove `trivy-action` from your workflows and the Trivy CLI from your toolchains.
#security
1,590
CatOps
Apr 22, 2026, 06:41 AM
A new issue of the CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2026-03-22
Should have come out on Friday, but alas.
#newsletter #digest
1,400
3
0
CatOps
Apr 22, 2026, 06:41 AM
For today's Donations Monday, I'd like to share with you a Monobank jar from a friend of mine, who had his birthday last weekend.
https://send.monobank.ua/jar/AYR2HGkbxg
Jar card number:
4874100025989107
He currently serves in Armed Forces of Ukraine, and has a https://t.me/ivanibooks (in Ukrainian) that he still updates, albeit not as often as before for obvious reasons. You can subscribe there as well!
#donations #Monday
1,350
6
0
CatOps
Apr 22, 2026, 06:41 AM
http://telegraph.controller.bot/files/380457111/AgACAgIAAxkBAAKGr2m36brnCBDDN8bdaGPjVo5T53QzAALIF2sbxz3BSQ5CrBfuflDDAQADAgADeQADOgQFor today’s Donations Monday, I’d like to remind you about the https://uaresponders.org/ foundation that raises money for the rehabilitation of Ukrainian veterans.
#donations #Ukraine
