Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

Teller's Tech - DevOps, SRE and Cloud Podcast
  • 5,0 (9)
  • НОВОСТИ ТЕХНОЛОГИЙ
  • ЕЖЕНЕДЕЛЬНО

Ship It Weekly is a short, practical recap of what actually matters in DevOps, SRE, cloud infrastructure, and platform engineering. Each episode, your host Brian Teller walks through the latest outages, releases, tools, and incident writeups, then translates them into “here’s what this means for your systems” instead of just reading headlines. Expect a couple of main stories with context, a quick hit of tools or releases worth bookmarking, and the occasional segment on on-call, burnout, or team culture. This isn’t a certification prep show or a lab walkthrough. It’s aimed at people who are already working in the space and want to stay sharp without scrolling status pages, cloud updates, and blogs all week. You’ll hear about things like cloud provider incidents, Kubernetes and platform trends, Terraform and infrastructure changes, and real postmortems that are actually worth your time. Most episodes are 10–25 minutes, so you can catch up on the way to work or between meetings. Every now and then there will be a “special” focused on a big outage or a specific theme, but the default format is simple: what happened, why it matters, and what you might want to do about it in your own environment. If you’re the person people DM when something is broken in prod, or you’re building the cloud and platform everyone else ships on top of, Ship It Weekly is meant to be in your rotation.

  1. Hackerbot-Claw Grows, Xygeni Tag Poisoning, GitHub Search HA, Windows SID Failures, and AI Skills Supply Chain

    -6 ДН.

    Hackerbot-Claw Grows, Xygeni Tag Poisoning, GitHub Search HA, Windows SID Failures, and AI Skills Supply Chain

    This episode of Ship It Weekly is about the places where convenience quietly turns into trust. Brian revisits the Trivy story by zooming out to the bigger hackerbot-claw GitHub Actions campaign, then gets into the Xygeni tag-poisoning compromise, GitHub’s search high availability rebuild for GitHub Enterprise Server, Windows Server 2025 surfacing duplicate SID problems in cloned images, and the agent-skills ecosystem replaying package supply chain history. Plus: a quick lightning round on GitHub pausing self-hosted runner minimum-version enforcement and March secret scanning updates. Links OpenSSF advisory on active GitHub Actions exploitation https://seclists.org/oss-sec/2026/q1/246 Xygeni action compromise via tag poisoning https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning GitHub Enterprise Server search high availability rebuild https://github.blog/engineering/architecture-optimization/how-we-rebuilt-the-search-architecture-for-high-availability-in-github-enterprise-server/ Microsoft on duplicate SIDs and nongeneralized Windows Server 2025 images https://learn.microsoft.com/en-us/troubleshoot/exchange/administration/exchange-server-issues-on-incorrect-windows-server-image Socket on supply chain security for skills.sh https://socket.dev/blog/socket-brings-supply-chain-security-to-skills Snyk ToxicSkills research https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/ GitHub self-hosted runner minimum version enforcement paused https://github.blog/changelog/2026-03-13-self-hosted-runner-minimum-version-enforcement-paused/ GitHub secret scanning pattern updates, March 2026 https://github.blog/changelog/2026-03-10-secret-scanning-pattern-updates-march-2026/ More episodes and show notes at https://shipitweekly.fm On Call Briefs at https://oncallbrief.com

    15 мин.
  2. Ship It Conversations: Ang Chen on Project Vera, AI Cloud Emulation, and Safer Infrastructure Testing

    23 МАР.

    Ship It Conversations: Ang Chen on Project Vera, AI Cloud Emulation, and Safer Infrastructure Testing

    This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps. In this Ship It: Conversations episode, I talk with Ang Chen from the University of Michigan about Project Vera, a cloud emulator built to help teams test infrastructure changes more safely before they touch real cloud. We talk about why testing against real cloud APIs is slow, expensive, and risky, how Vera works under tools like Terraform and CloudFormation, what “high fidelity” actually means, and where a tool like this could fit in local dev and CI/CD. The bigger theme is one I think matters a lot: if AI is going to play a real role in cloud operations, it probably needs a sandbox first, not direct access to production. Note This interview was recorded on February 13, 2026. Since then, Vera’s public project materials have expanded the framing a bit further around multi-cloud support and safe environments for agent learning, so keep that in mind while listening. Highlights • Why real cloud testing still creates cost, delay, and risk • How Vera emulates cloud behavior at the API layer • Where this could help with Terraform, CloudFormation, and CI/CD workflows • Why “useful enough to catch real mistakes” may matter more than perfect emulation • The limits, tradeoffs, and fidelity questions that still need to be solved • Why safe training grounds may matter before AI agents touch real infrastructure Ang’s links • LinkedIn: https://www.linkedin.com/in/ang-chen-8b877a17/ • University of Michigan profile: https://eecs.engin.umich.edu/people/chen-ang/ • Publications: https://web.eecs.umich.edu/~chenang/pubs.html Project Vera • Project site: https://project-vera.github.io/ • GitHub: https://github.com/project-vera/vera • The quest for AI Agents as DevOps: https://project-vera.github.io/blogs/cloudagent/cloudagent/ • No More Manual Mocks: https://project-vera.github.io/blogs/cloudemu/cloudemu/ Stuff mentioned • A Case for Learned Cloud Emulators: https://dl.acm.org/doi/10.1145/3718958.3754799 • Cloud Infrastructure Management in the Age of AI Agents: https://dl.acm.org/doi/abs/10.1145/3759441.3759443 • LocalStack: https://www.localstack.cloud/ Our links More episodes + show notes + links: https://shipitweekly.fm On Call Brief: https://oncallbrief.com

    24 мин.
  3. McKinsey AI Flaw, Kafka Goes Diskless, Google Buys Wiz, AWS Copilot Ends, and AI Gateway on Kubernetes

    20 МАР.

    McKinsey AI Flaw, Kafka Goes Diskless, Google Buys Wiz, AWS Copilot Ends, and AI Gateway on Kubernetes

    This week on Ship It Weekly, Brian looks at what happens when new interfaces create old responsibilities. McKinsey patched a vulnerability in its internal AI tool Lilli, Kafka contributors are pushing a diskless-topics model that rethinks durability and replication in cloud environments, and Google officially closed Wiz acquisition in one of the biggest cloud-security moves. Plus: AWS is sunsetting Copilot CLI, Kubernetes launches an AI Gateway Working Group. Links McKinsey statement on Lilli https://www.mckinsey.com/about-us/media/statement-on-strengthening-safeguards-within-the-lilli-tool Kafka diskless topics proposal https://cwiki.apache.org/confluence/display/KAFKA/The%2BPath%2BForward%2Bfor%2BSaving%2BCross-AZ%2BReplication%2BCosts%2BKIPs Google completes acquisition of Wiz https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/wiz-acquisition/ AWS Copilot CLI end-of-support https://aws.amazon.com/blogs/containers/announcing-the-end-of-support-for-the-aws-copilot-cli/ Kubernetes AI Gateway Working Group https://kubernetes.io/blog/2026/03/09/announcing-ai-gateway-wg/ Amazon Bedrock observability for first-token latency and quota consumption https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-bedrock-observability-ttft-quota/ Cloudflare JSON responses and RFC 9457 support for 1xxx errors https://developers.cloudflare.com/changelog/post/2026-03-11-json-rfc9457-responses-for-1xxx-errors/ Amazon S3 source-region information in server access logs https://aws.amazon.com/about-aws/whats-new/2026/02/amazon-s3-source-region-information/ AWS Config adds 30 new resource types https://aws.amazon.com/about-aws/whats-new/2026/03/aws-config-new-resource-types/ Amazon Bedrock AgentCore Runtime stateful MCP server features https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-bedrock-agentcore-runtime-stateful-mcp/ More episodes and show notes at https://shipitweekly.fm On Call Briefs at https://oncallbrief.com

    15 мин.
  4. Meta Buys Moltbook, Block AI Layoffs Get Messier, Atlassian Cuts Jobs, and GitHub Explains the Outages

    13 МАР.

    Meta Buys Moltbook, Block AI Layoffs Get Messier, Atlassian Cuts Jobs, and GitHub Explains the Outages

    This week on Ship It Weekly, Brian covers five “AI meets reality” stories that every DevOps, SRE, security, and platform team can learn from. Block’s AI layoff story is getting messier as follow-up reporting pushes back on the original framing, Meta bought Moltbook and brought more attention to the trust and security problems already showing up around AI-agent platforms, and Atlassian cut about 10% of its workforce while saying AI is changing the skills and roles it needs. Plus: GitHub gives one of the more honest outage breakdowns we’ve seen lately, Anthropic and Mozilla show a more grounded AI use case with Claude finding real Firefox bugs, and there’s a quick lightning round on Bedrock AgentCore policy, Dependabot for pre-commit hooks, and Cloudflare’s latest threat report. Links Block layoffs follow-up https://www.theguardian.com/technology/2026/mar/08/block-ai-layoffs-jack-dorsey Meta acquires Moltbook https://www.theguardian.com/technology/2026/mar/10/meta-acquires-moltbook-ai-agent-social-network Wiz on Moltbook exposure https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys Atlassian team update https://www.atlassian.com/blog/announcements/atlassian-team-update-march-2026 GitHub availability issues write-up https://github.blog/news-insights/company-news/addressing-githubs-recent-availability-issues-2/ Anthropic + Mozilla Firefox security https://www.anthropic.com/news/mozilla-firefox-security Anthropic labor market report https://www.anthropic.com/research/labor-market-impacts AWS Bedrock AgentCore Policy GA https://aws.amazon.com/about-aws/whats-new/2026/03/policy-amazon-bedrock-agentcore-generally-available/ GitHub Dependabot support for pre-commit hooks https://github.blog/changelog/2026-03-10-dependabot-now-supports-pre-commit-hooks/ Cloudflare 2026 Threat Report https://blog.cloudflare.com/2026-threat-report/ More episodes and show notes at https://shipitweekly.fm On Call Briefs at: https://oncallbrief.com

    17 мин.
  5. Ship It Conversations: Yvonne Young on Linux Foundations, Mentorship, and Getting Job Ready in Cloud

    9 МАР.

    Ship It Conversations: Yvonne Young on Linux Foundations, Mentorship, and Getting Job Ready in Cloud

    This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps). In this Ship It: Conversations episode I talk with Yvonne Young, a cloud and Linux mentor active in the CloudWhistler community. We talk about the real path into cloud and DevOps, why Linux still matters as a foundation, what “job ready” actually means, and why focus, consistency, and business thinking matter more than chasing every new tool. Highlights Linux fundamentals still matter because so much of cloud and infra work sits on top of LinuxWhat “job ready” really means: prepare for both technical and behavioral interviews, know the basics, and show how you learn when you don’t know somethingWhy so many juniors stall out by trying to learn everything instead of picking a directionWhy daily reps beat cramming: short, consistent practice keeps skills fresh better than marathon study sessionsHow Yvonne thinks about certifications, including why hands-on certs like RHCSA stand outHands-on practice ideas: break things on purpose, troubleshoot, fix services, inspect ports, and use the help filesWhy tools matter less than the business problem they solveUsing Vault as an example of solving real issues like secret sprawl, rotation, and centralized accessHow to think about cloud learning: pick one provider, learn the concepts, and map your path to the kinds of companies you want to work forWhy mentorship and community matter, especially for juniors trying not to waste time or head in the wrong directionWhat seniors can do better: better onboarding, real availability, and giving juniors an actual lifeline when they get stuckYvonne’s links LinkedIn: https://www.linkedin.com/in/yvonne-youngStuff mentioned Ali Sohail on LinkedIn: https://www.linkedin.com/in/alisohailit/Tech With Engineers on LinkedIn: https://uk.linkedin.com/company/tech-with-engineersCloudWhistler community / training: training.cloudwhistler.comVault: https://www.hashicorp.com/en/products/vaultOpenBao: https://openbao.org/More episodes + details: https://shipitweekly.fm

    31 мин.
  6. AWS Bahrain/UAE Data Center Issues Amid Iran Strikes, ArgoCD vs Flux GitOps Failures, GitHub Actions Hackerbot-Claw Attacks (Trivy), RoguePilot Codespaces Prompt Injection, Block “AI Remake” Layoffs, Claude Code Security

    7 МАР.

    AWS Bahrain/UAE Data Center Issues Amid Iran Strikes, ArgoCD vs Flux GitOps Failures, GitHub Actions Hackerbot-Claw Attacks (Trivy), RoguePilot Codespaces Prompt Injection, Block “AI Remake” Layoffs, Claude Code Security

    This week on Ship It Weekly, Brian looks at how the boundary of ops keeps expanding. We cover AWS flagging issues in Bahrain/UAE amid Iran strikes, ArgoCD vs Flux and why ArgoCD can get stuck in failed sync states, GitHub Actions being exploited at scale (plus Trivy’s incident), RoguePilot prompt injection meeting real credentials in Codespaces, Block’s “AI remake” layoffs, and Anthropic’s Claude Code Security for defenders. Lightning round: DeepSeek model access geopolitics, Vercel’s agentic security boundaries, a KEV CVE to patch, an MCP-atlassian SSRF-to-RCE chain, and Claude Cowork scheduled tasks. Links AWS Bahrain/UAE (Reuters) https://www.reuters.com/world/middle-east/amazon-cloud-unit-flags-issues-bahrain-uae-data-centers-amid-iran-strikes-2026-03-02/ ArgoCD to Flux https://hai.wxs.ro/migrations/argocd-to-flux/ GitHub Actions exploitation https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation Trivy incident https://github.com/aquasecurity/trivy/discussions/10265 RoguePilot https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html Block layoffs (WSJ) https://www.wsj.com/business/jack-dorseys-block-to-lay-off-4-000-employees-in-ai-remake-28f0d869 Claude Code Security https://www.anthropic.com/news/claude-code-security DeepSeek (Reuters) https://www.reuters.com/world/china/deepseek-withholds-latest-ai-model-us-chipmakers-including-nvidia-sources-say-2026-02-25/ Agentic boundaries https://vercel.com/blog/security-boundaries-in-agentic-architectures CISA KEV https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog mcp-atlassian CVE https://arcticwolf.com/resources/blog-uk/cve-2026-27825-critical-unauthenticated-rce-and-ssrf-in-mcp-atlassian/ Claude Cowork tasks https://support.claude.com/en/articles/13854387-schedule-recurring-tasks-in-cowork More: https://shipitweekly.fm

    18 мин.
  7. Cloudflare BYOIP BGP Withdrawals, Clerk’s Postgres Query-Plan Flip Outage, and AWS Kiro Permissions Lessons (Grafana Privesc + runc CVEs)

    27 ФЕВР.

    Cloudflare BYOIP BGP Withdrawals, Clerk’s Postgres Query-Plan Flip Outage, and AWS Kiro Permissions Lessons (Grafana Privesc + runc CVEs)

    This week on Ship It Weekly, Brian looks at how the boundary of ops keeps expanding. We cover AWS flagging issues in Bahrain/UAE amid Iran strikes, ArgoCD vs Flux and why ArgoCD can get stuck in failed sync states, GitHub Actions being exploited at scale (plus Trivy’s incident), RoguePilot prompt injection meeting real credentials in Codespaces, Block’s “AI remake” layoffs, and Anthropic’s Claude Code Security for defenders. Lightning round: DeepSeek model access geopolitics, Vercel’s agentic security boundaries, a KEV CVE to patch, an MCP-atlassian SSRF-to-RCE chain, and Claude Cowork scheduled tasks. Links AWS Bahrain/UAE (Reuters) https://www.reuters.com/world/middle-east/amazon-cloud-unit-flags-issues-bahrain-uae-data-centers-amid-iran-strikes-2026-03-02/ ArgoCD to Flux https://hai.wxs.ro/migrations/argocd-to-flux/ GitHub Actions exploitation https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation Trivy incident https://github.com/aquasecurity/trivy/discussions/10265 RoguePilot https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html Block layoffs (WSJ) https://www.wsj.com/business/jack-dorseys-block-to-lay-off-4-000-employees-in-ai-remake-28f0d869 Claude Code Security https://www.anthropic.com/news/claude-code-security DeepSeek (Reuters) https://www.reuters.com/world/china/deepseek-withholds-latest-ai-model-us-chipmakers-including-nvidia-sources-say-2026-02-25/ Agentic boundaries https://vercel.com/blog/security-boundaries-in-agentic-architectures CISA KEV https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog mcp-atlassian CVE https://arcticwolf.com/resources/blog-uk/cve-2026-27825-critical-unauthenticated-rce-and-ssrf-in-mcp-atlassian/ Claude Cowork tasks https://support.claude.com/en/articles/13854387-schedule-recurring-tasks-in-cowork More: https://shipitweekly.fm

    18 мин.
  8. Ship It Conversations: Mike Lady on Day Two Readiness + Guardrails in the AI Era

    24 ФЕВР.

    Ship It Conversations: Mike Lady on Day Two Readiness + Guardrails in the AI Era

    This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps). In this Ship It: Conversations episode I talk with Mike Lady (Senior DevOps Engineer, distributed systems) from Enterprise Vibe Code on YouTube. We talk day two readiness, guardrails/quality gates, and why shipping safely matters even more now that AI can generate code fast. Highlights Day 0 vs Day 1 vs Day 2 (launching vs operating and evolving safely)What teams look like without guardrails (“hope is not a strategy”)Why guardrails speed you up long-term (less firefighting, more predictable delivery)Day-two audit checklist: source control/branches/PRs, branch protection, CI quality gates, secrets/config, staging→prod flowAI agents: they’ll “lie, cheat, and steal” to satisfy the goal unless you gate themMulti-model reviews (Claude/Gemini/Codex) as different perspectivesAI in prod: start read-only (logs/traces), then earn trust slowlyMike’s links YouTube: https://www.youtube.com/@EnterpriseVibeCodeSite: https://www.enterprisevibecode.com/LinkedIn: https://www.linkedin.com/in/mikelady/Stuff mentioned Vibe Coding (Gene Kim + Steve Yegge): https://www.simonandschuster.com/books/Vibe-Coding/Gene-Kim/9781966280026Beads (agent memory/issue tracker): https://github.com/steveyegge/beadsGas Town (agent orchestration): https://github.com/steveyegge/gastownAGENTS.md (agent instructions file): https://agents.md/OpenAI Codex: https://openai.com/codex/More episodes + details: https://shipitweekly.fm

    35 мин.
См. все (30)

Трейлер

Оценки и отзывы

5
из 5
Оценок: 9

Об этом подкасте

Ship It Weekly is a short, practical recap of what actually matters in DevOps, SRE, cloud infrastructure, and platform engineering. Each episode, your host Brian Teller walks through the latest outages, releases, tools, and incident writeups, then translates them into “here’s what this means for your systems” instead of just reading headlines. Expect a couple of main stories with context, a quick hit of tools or releases worth bookmarking, and the occasional segment on on-call, burnout, or team culture. This isn’t a certification prep show or a lab walkthrough. It’s aimed at people who are already working in the space and want to stay sharp without scrolling status pages, cloud updates, and blogs all week. You’ll hear about things like cloud provider incidents, Kubernetes and platform trends, Terraform and infrastructure changes, and real postmortems that are actually worth your time. Most episodes are 10–25 minutes, so you can catch up on the way to work or between meetings. Every now and then there will be a “special” focused on a big outage or a specific theme, but the default format is simple: what happened, why it matters, and what you might want to do about it in your own environment. If you’re the person people DM when something is broken in prod, or you’re building the cloud and platform everyone else ships on top of, Ship It Weekly is meant to be in your rotation.

Информация

  • Автор
    Teller's Tech - DevOps, SRE and Cloud Podcast
  • Годы выхода
    2025 - 2026
  • Выпуски
    30
  • Ограничения
    Без ненормативной лексики
  • Авторские права
    © Brian Teller - Teller's Tech - DevOps, SRE and Cloud
  • Сайт подкаста
    Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

Вам может также понравиться