Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

Teller's Tech - DevOps, SRE and Cloud Podcast
  • 0.0 (0)
  • TECH NEWS
  • UPDATED WEEKLY

Ship It Weekly is a short, practical recap of what actually matters in DevOps, SRE, cloud infrastructure, and platform engineering. Each episode, your host Brian Teller walks through the latest outages, releases, tools, and incident writeups, then translates them into “here’s what this means for your systems” instead of just reading headlines. Expect a couple of main stories with context, a quick hit of tools or releases worth bookmarking, and the occasional segment on on-call, burnout, or team culture. This isn’t a certification prep show or a lab walkthrough. It’s aimed at people who are already working in the space and want to stay sharp without scrolling status pages, cloud updates, and blogs all week. You’ll hear about things like cloud provider incidents, Kubernetes and platform trends, Terraform and infrastructure changes, and real postmortems that are actually worth your time. Most episodes are 10–25 minutes, so you can catch up on the way to work or between meetings. Every now and then there will be a “special” focused on a big outage or a specific theme, but the default format is simple: what happened, why it matters, and what you might want to do about it in your own environment. If you’re the person people DM when something is broken in prod, or you’re building the cloud and platform everyone else ships on top of, Ship It Weekly is meant to be in your rotation.

  1. Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail

    2D AGO

    Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail

    This episode of Ship It Weekly is about modern reliability getting squeezed from both directions. Old-school failures still hit hard, like broken DNSSEC, kernel privilege escalation bugs, and GitOps behavior changes. But newer automation layers add a second kind of risk, where AI agents, machine identity, and cloud control planes can do real damage fast when authority is too broad. Brian covers the Cursor and PocketOS production database wipe, the .de DNSSEC outage and Cloudflare’s response, Bluesky’s April outage postmortem, Argo CD v3.1.16 reaching end of life plus the v3.4.1 behavior change, Linux kernel CVE-2026-31431 under active exploitation, and why Google Cloud Agent Identity and AWS MCP Server GA both point to agents becoming first-class infrastructure actors. Sponsored by Guardsquare https://hubs.ly/Q04fJgkJ0 Links Cursor / PocketOS production database wipe https://www.tellerstech.com/on-call-brief/2026-W19/ Cloudflare on the .de DNSSEC outage https://blog.cloudflare.com/de-tld-outage-dnssec/ Bluesky April 2026 outage postmortem https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2 Argo CD releases: v3.1.16 final release and v3.4.1 behavior change https://github.com/argoproj/argo-cd/releases Linux kernel CVE-2026-31431 https://nvd.nist.gov/vuln/detail/CVE-2026-31431 AWS bulletin for CVE-2026-31431 https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/ Google Cloud Agent Identity https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense AWS MCP Server is now generally available https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/ Cross-region disaster recovery for Amazon EKS using AWS Backup https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/ Google Ads new data retention policy starting June 1, 2026 https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W19/ More episodes and show notes https://shipitweekly.fm/

    22 min
  2. Ship It Conversations: Gareth Kersey on IaCConf 2026, AI, and Corey Quinn’s Terraform Keynote

    5D AGO

    Ship It Conversations: Gareth Kersey on IaCConf 2026, AI, and Corey Quinn’s Terraform Keynote

    This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps. This episode is not sponsored. I wanted to cover IaCConf because the theme lines up closely with what Ship It Weekly focuses on: infrastructure, platform engineering, DevOps, SRE, and how teams are adapting to AI-driven change. In this Ship It: Conversations episode, I talk with Gareth Kersey about IaCConf 2026, a free virtual conference focused on infrastructure as code, platform engineering, DevOps, SRE, and infrastructure operations. The conference is May 14th 2026. The main theme is “keeping pace.” Not just keeping pace with new tools, but keeping pace with the speed of software delivery now that AI is changing how quickly application teams can write, ship, and change code. We talk about what that means for the infrastructure teams underneath it all: the people responsible for Terraform, Kubernetes, GitOps, policies, secrets, cost, security, rollback paths, and making sure faster delivery does not turn into faster chaos. Gareth walks through the IaCConf 2026 agenda, including Corey Quinn’s keynote, AI and Terraform sessions, platform engineering panels, Kubernetes and Argo CD talks, AI agents managing infrastructure as code, governance challenges, and the risk of 10x code velocity becoming 10x operational risk. The bigger theme here is that AI is not just changing how code gets written. It is changing the pressure on the systems around delivery. Infrastructure as code, platform engineering, policy, and operational guardrails matter even more when the pace of change goes up. Highlights • What “keeping pace” means for infrastructure, DevOps, SRE, and platform teams • Why faster application development can create more downstream operational pressure • Corey Quinn’s keynote, “AI Speaks Terraform Like a Tourist” • How AI-generated infrastructure changes create new governance and review challenges • Why infrastructure as code still matters as AI agents and automation become more common • Sessions covering Terraform, Kubernetes, Argo CD, GitOps, platform engineering, and AI-driven workflows • The risk of 10x code velocity turning into 10x operational risk • How platform teams can support faster developers without giving up safety or governance • Why IaCConf includes panels, demos, technical talks, and practitioner stories instead of only tool-specific content • How IaCConf has grown from its first event in 2025 into a broader infrastructure community • Why the event is trying to stay community-focused instead of becoming just another vendor marketing conference • The role of feedback, future spotlight events, in-person meetups, and possible community spaces around IaCConf • Why registering still makes sense even if you cannot attend live, since sessions are available afterward IaCConf links • IaCConf 2026 registration page - https://www.iacconf.com/iacconf-2026 • IaCConf LinkedIn page - https://www.linkedin.com/showcase/iac-conf/ • IaCConf: https://www.iacconf.com/ • IaCConf is supported by Spacelift: https://spacelift.com Our links More episodes + show notes + links: https://shipitweekly.fm On Call Brief: https://oncallbrief.com

    32 min
  3. GitHub RCE, AI Agent Prompt Injection, and the New Reality: Your Developer Toolchain Is Production Now

    MAY 1

    GitHub RCE, AI Agent Prompt Injection, and the New Reality: Your Developer Toolchain Is Production Now

    This episode of Ship It Weekly is about the developer toolchain becoming part of production. Brian covers GitHub’s critical git push RCE, AI-assisted reverse engineering, prompt injection against AI agents in GitHub workflows, Elementary’s malicious CLI release, GitHub’s merge queue regression, Cal.com going closed source, and Copilot moving toward usage-based billing. Plus: MinIO’s repo archive, Ghostty leaving GitHub, Docker Hardened Images, and Azure DevOps security updates. Links GitHub git push RCE https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/ AI-assisted reverse engineering https://www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug AI agents + GitHub Actions prompt injection https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/ Elementary malicious CLI release https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3 GitHub merge queue regression https://github.blog/news-insights/company-news/an-update-on-github-availability/ Cal.com going closed source https://cal.com/blog/cal-com-goes-closed-source-why GitHub Copilot billing https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/ MinIO archived repo https://github.com/minio/minio Ghostty leaving GitHub https://mitchellh.com/writing/ghostty-leaving-github Docker Hardened Images https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/ Azure DevOps security updates https://devblogs.microsoft.com/devops/one-click-security-scanning-and-org-wide-alert-triage-come-to-advanced-security/ On Call Brief https://oncallbrief.com/ More episodes https://shipitweekly.fm/

    25 min
  4. Kubernetes 1.36, Gateway API v1.5, AWS Copilot End of Support, and Cloudflare Non-Human Identities

    APR 24

    Kubernetes 1.36, Gateway API v1.5, AWS Copilot End of Support, and Cloudflare Non-Human Identities

    This episode of Ship It Weekly is about platforms getting sharper about defaults, ownership, and the old paths they are no longer willing to quietly carry forever. Brian covers Kubernetes 1.36 and why it feels more like a cleanup-and-maturity release than a flashy feature dump, Gateway API v1.5 moving more networking behavior into the stable path, AWS Copilot CLI reaching end of support and what that means for teams still sitting on the older “easy” ECS workflow, Airbnb’s alert-development overhaul and why noisy or weak alerts are often a workflow problem long before they become an on-call problem, and Cloudflare’s push to treat scripts, agents, and third-party tools like real identities with real blast radius. He also hits the latest Azure DevOps Server patches and Google’s OTLP metrics support for Cloud Monitoring. Links Kubernetes v1.36 release https://kubernetes.io/blog/2026/04/22/kubernetes-v1-36-release/ Gateway API v1.5 https://kubernetes.io/blog/2026/04/21/gateway-api-v1-5/ AWS Copilot CLI end of support https://aws.amazon.com/blogs/containers/announcing-the-end-of-support-for-the-aws-copilot-cli/ Airbnb on alert development https://medium.com/airbnb-engineering/it-wasnt-a-culture-problem-upleveling-alert-development-at-airbnb-01e2290eb0f5 Cloudflare on non-human identities, OAuth visibility, and scoped permissions https://blog.cloudflare.com/improved-developer-security/ Azure DevOps Server April patches https://devblogs.microsoft.com/devops/april-patches-for-azure-devops-server/ OTLP metrics for Google Cloud Monitoring https://cloud.google.com/blog/products/management-tools/otlp-opentelemetry-protocol-for-google-cloud-monitoring-metrics Past episode where we talked about Cloudflare Mesh https://www.tellerstech.com/ship-it-weekly/aws-interconnect-ga-cloudflare-mesh-gitlab-19-eks-auto-mode-and-opentelemetry-config/ This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W16/ On Call Brief: https://oncallbrief.com/ More episodes and show notes https://shipitweekly.fm/

    20 min
  5. Ship It Conversations: Stephane Moser on Pipedrive’s Jenkins-to-GitHub Actions Migration, Argo CD, and CI/CD at Scale

    APR 19

    Ship It Conversations: Stephane Moser on Pipedrive’s Jenkins-to-GitHub Actions Migration, Argo CD, and CI/CD at Scale

    This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps. In this Ship It: Conversations episode, I talk with Stephane Moser about Pipedrive’s move from Jenkins to GitHub Actions, building self-hosted runners on Kubernetes, shifting deployments toward GitOps with Argo CD, and what it actually takes to roll out a big CI/CD change across a large engineering org. We talk about why Jenkins had become painful, from Groovy friction to noisy-neighbor problems on shared VMs, why GitHub Actions fit better, how reusable workflows and custom actions helped, why Argo CD beat out Flux for their use case, and how they had to build better observability and internal deployment visibility around GitHub as they scaled. The bigger theme here is that this was not just a tooling swap. It was a product and platform migration. Isolation, repeatability, self-service, rollout strategy, and observability mattered just as much as the actual CI/CD tools. Highlights • Why Jenkins stopped working well for them: Groovy friction, shared VM contention, and poor predictability • Replacing CodeShip pull request validation first as the low-blast-radius starting point • Using Actions Runner Controller on Kubernetes with EKS and Karpenter for self-hosted runners • Why reusable workflows and custom actions helped cut repetition across hundreds of services • Choosing Argo CD over Flux, Argo Workflows, Tekton, and even a short Spinnaker attempt • Moving from push-based deploys toward GitOps for better isolation and safer credentials handling • Building internal observability because GitHub’s workflow visibility was not enough at their scale • Dogfooding first, then rolling migration out in batches until teams could self-serve the move • What broke when the new system actually worked too well: bot-driven deploy volume, queueing, and fairness • The mobile side of the story: Mac minis, unstable runners, GitHub-hosted runners, and a very different migration path • How AI sped up parts of the mobile migration and troubleshooting, without making the migration trivial • Stephane’s advice for big CI/CD shifts: start small, reduce blast radius, and use your own platform first Stephane’s links • LinkedIn: https://www.linkedin.com/in/moserss/ • Talk video: https://www.youtube.com/watch?v=VrE1dh-1zEY • Blog post Part 1: https://medium.com/pipedrive-engineering/so-long-jenkins-hello-github-actions-pipedrives-big-ci-cd-switch-03be29c75f63 • Blog post Part 2: https://medium.com/pipedrive-engineering/all-aboard-the-github-actions-express-pipedrives-big-ci-cd-switch-part-2-fcacf834afd2 • GitHub: https://github.com/moser-ss Our links More episodes + show notes + links: https://shipitweekly.fm On Call Brief: https://oncallbrief.com

    51 min
  6. AWS Interconnect GA, Cloudflare Mesh, GitLab 19, EKS Auto Mode, and OpenTelemetry Config

    APR 17

    AWS Interconnect GA, Cloudflare Mesh, GitLab 19, EKS Auto Mode, and OpenTelemetry Config

    This episode of Ship It Weekly is about networking, ingress, and private access moving further up into the platform layer. Brian covers AWS Interconnect going generally available, Cloudflare Mesh, GitLab 19.0 breaking changes around Gateway API and bundled services, EKS Auto Mode networking, and OpenTelemetry declarative config reaching stability. He also hits containerd security patches, GitHub’s new Code Security risk assessment, and AWS guidance on securing AI agents with MCP. (Amazon Web Services, Inc.) Links AWS Interconnect GA and last mile connectivity https://aws.amazon.com/blogs/aws/aws-interconnect-is-now-generally-available-with-a-new-option-to-simplify-last-mile-connectivity/ Cloudflare Mesh https://blog.cloudflare.com/mesh/ GitLab 19.0 breaking changes https://about.gitlab.com/blog/a-guide-to-the-breaking-changes-in-gitlab-19-0/ EKS Auto Mode networking https://aws.amazon.com/blogs/containers/navigating-enterprise-networking-challenges-with-amazon-eks-auto-mode/ OpenTelemetry declarative config reaches stability https://opentelemetry.io/blog/2026/stable-declarative-config/ containerd security releases https://github.com/containerd/containerd/releases GitHub Code Security risk assessment for organizations https://github.blog/changelog/2026-04-08-code-security-risk-assessment-available-for-organizations/ AWS secure AI agent access patterns using MCP https://aws.amazon.com/blogs/security/secure-ai-agent-access-patterns-to-aws-resources-using-model-context-protocol/ This week’s On Call Brief https://www.tellerstech.com/on-call-brief/2026-W16/ More episodes and show notes https://shipitweekly.fm/

    15 min
  7. Special: Claude Mythos Preview and Project Glasswing: AI Exploit Discovery, Zero-Day Risk, Business Fallout, and What It Means for DevOps, Cloud, and Platform Security

    APR 16

    Special: Claude Mythos Preview and Project Glasswing: AI Exploit Discovery, Zero-Day Risk, Business Fallout, and What It Means for DevOps, Cloud, and Platform Security

    In this Ship It Weekly special, Brian breaks down Claude Mythos Preview and Project Glasswing, and why this story matters beyond normal AI launch hype. Anthropic is treating Mythos like a real security inflection point, not just a better coding model. Project Glasswing is their coordinated effort to get early access into the hands of defenders, critical software maintainers, and major infrastructure organizations before similar capability becomes more broadly available. If OpenClaw was about agents becoming a new control plane, this episode is about what happens when finding ways into messy environments and control planes starts getting faster too. We walk through the practical angle for DevOps, cloud, platform, and infra teams: exploit timelines may be compressing, platform debt becomes attacker leverage, and the boring work most orgs treat like cleanup suddenly looks a lot more like frontline security work. We also zoom out to the business side, including why banks, regulators, and government officials are already paying attention. Chapters Why This Episode ExistsOpenClaw CallbackWhat Actually HappenedDon’t Get Gullible, Don’t Get LazyWhat Changes If This Is Even Half TrueWhy Business People Should CareWhat This Means for DevOps, Cloud, and PlatformBoring Work Just Got PromotedThe Uncomfortable TakeawayWhat I’d Do Right NowLinks from this episode Claude Mythos Preview https://red.anthropic.com/2026/mythos-preview/ Project Glasswing https://www.anthropic.com/project/glasswing AI cyber threats: open letter to business leaders https://www.gov.uk/government/publications/ai-cyber-threats-open-letter-to-business-leaders/ai-cyber-threats-open-letter-to-business-leaders-html AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks https://www.reuters.com/legal/litigation/ai-boosted-hacks-with-anthropics-mythos-could-have-dire-consequences-banks-2026-04-13/ ECB to quiz bankers about risks of Anthropic's new AI model, source says https://www.reuters.com/world/ecb-warn-bankers-about-new-anthropic-model-risks-source-says-2026-04-15/ Related episode: OpenClaw special https://www.tellerstech.com/ship-it-weekly/special-openclaw-security-timeline-and-fallout-cve-2026-25253-one-click-token-leak-malicious-clawhub-skills-exposed-agent-control-panels-and-why-local-ai-agents-are-a-new-devops-sre-control-plane/

    16 min
  8. Amazon S3 Files, Malicious npm Plugins, Trivy Fallout, and Kubernetes’ Gateway Shift

    APR 10

    Amazon S3 Files, Malicious npm Plugins, Trivy Fallout, and Kubernetes’ Gateway Shift

    This episode of Ship It Weekly is about the interface layer becoming the story. Brian covers Amazon S3 Files and why it feels more like a managed filesystem layer in front of S3 than “S3 is EFS now,” including how it relates to the old s3fs and FUSE-style approach. He also digs into 36 malicious npm packages posing as Strapi plugins, the uglier follow-on to the Trivy incident he discussed previously, Kubernetes Ingress2Gateway 1.0 and the push toward Gateway API, and Kubernetes Agent Sandbox as a sign that newer AI-style workloads are starting to reshape the platform itself. Links Amazon S3 Files https://aws.amazon.com/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems/ Malicious npm packages posing as Strapi plugins https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html Trivy follow-on incident discussion https://github.com/aquasecurity/trivy/discussions/10425 RoseSecurity on Trivy / typosquatting angle https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html Earlier episode covering the first Trivy incident https://www.tellerstech.com/ship-it-weekly/aws-bahrain-uae-data-center-issues-amid-iran-strikes-argocd-vs-flux-gitops-failures-github-actions-hackerbot-claw-attacks-trivy-roguepilot-codespaces-prompt-injection-block-ai-remake/ Kubernetes Ingress2Gateway 1.0 https://kubernetes.io/blog/2026/03/20/ingress2gateway-1-0-release/ Kubernetes Agent Sandbox https://kubernetes.io/blog/2026/03/20/running-agents-on-kubernetes-with-agent-sandbox/ Fortinet FortiClient EMS emergency patch https://www.fortiguard.com/psirt/FG-IR-26-099 Karpathy post https://x.com/karpathy/status/2036487306585268612 ProofShot https://github.com/AmElmo/proofshot More episodes and show notes https://shipitweekly.fm On Call Briefs https://oncallbrief.com

    15 min
See All (40)

Trailer

About

Ship It Weekly is a short, practical recap of what actually matters in DevOps, SRE, cloud infrastructure, and platform engineering. Each episode, your host Brian Teller walks through the latest outages, releases, tools, and incident writeups, then translates them into “here’s what this means for your systems” instead of just reading headlines. Expect a couple of main stories with context, a quick hit of tools or releases worth bookmarking, and the occasional segment on on-call, burnout, or team culture. This isn’t a certification prep show or a lab walkthrough. It’s aimed at people who are already working in the space and want to stay sharp without scrolling status pages, cloud updates, and blogs all week. You’ll hear about things like cloud provider incidents, Kubernetes and platform trends, Terraform and infrastructure changes, and real postmortems that are actually worth your time. Most episodes are 10–25 minutes, so you can catch up on the way to work or between meetings. Every now and then there will be a “special” focused on a big outage or a specific theme, but the default format is simple: what happened, why it matters, and what you might want to do about it in your own environment. If you’re the person people DM when something is broken in prod, or you’re building the cloud and platform everyone else ships on top of, Ship It Weekly is meant to be in your rotation.

Information

You Might Also Like