came across this post about Trivy, https://raxe.ai/labs/advisories/RAXE-2026-045

Claude Code source codes may be leaked…

Additional fall out from the Trivy compromise: https://security.snyk.io/vuln/SNYK-JS-AXIOS-15850650

https://stategraph.com/first-principles

wdy? looks like the case for monolith terraform repos mostly

The Trivy incident is a good reminder that supply chain attacks are as much an incident response problem as a security one. You can harden your pipeline, but when something slips through, the question becomes: how fast can you reconstruct what actually happened and what was touched?

That's the problem we work on at Anyshift. I'm Valentine, ML/Data background, now Founding GTM there. We build causal reasoning over production and infra data so when things break (or get quietly compromised), you're not stitching together logs and timeline manually. https://www.anyshift.io/

Curious how people here handle post-compromise investigation, any tooling beyond the usual SIEM + log grep?

While working around non-prod environments, I kept running into one issue, lack of visibility into actual usage vs assumed usage.

We tend to keep dev/staging infra “ready,” but rarely question:
are these environments really being used at that level?

Tried building a Grafana dashboard combining workload utilization, environment-level signals and rough cost indicators.

Nothing fancy, just trying to make decisions a bit more data-backed.

Shared what I explored here:
https://dev.to/muskan_8abedcc7e12/grafana-dashboards-for-non-prod-environment-observability-cost-performance-in-one-view-40hc

Would love to know how you all handle non-prod optimization in your setups.

finally: https://opentofu.org/docs/language/meta-arguments/enabled/

it took just 12 years to land that

Interesting read on the gap between how fast AI agents can generate code and how slow enterprise teams can actually validate it. Gets into why CI pipelines are becoming the bottleneck and what infrastructure needs to change.
https://thenewstack.io/ai-agent-validation-bottleneck/

https://claude.com/contact-sales/claude-for-oss

This Trivy compromise is insane to me. I've been trying to spread the word that this is probably more widespread than people realize: https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html

Hey everyone,
Just announced our upcoming Skills product and would love to hear the community’s thoughts on it.
Skills are composable, deterministic validation capabilities that platform teams govern, developers define, and agents can run autonomously against live infrastructure to close the loop and deliver validated changes in distributed systems.
Here’s the blog. Please share any feedback or ideas for which skills would be most useful to your team.
https://www.signadot.com/blog/introducing-skills-microservices-validation-superpowers-for-coding-agents/

Was digging into Kubernetes cost optimization and ended up testing Spot + Karpenter + Graviton together, it turned out more practical than I expected.
Would be interested to hear how others are handling stability and trade-offs with similar setups.
Here’s what I observed:
https://dev.to/muskan_8abedcc7e12/going-to-production-spot-instances-karpenter-and-the-graviton-advantage-4oi5

AI tools are powerful… but they keep forgetting your code.

What if context never reset?

This session on Context Engineering with Tetrix shows how AI can actually understand your codebase, retain memory across sessions, and work seamlessly across tools like Cursor & Claude.

If you’re building with AI or working on complex systems — this is a must-attend.

📅 March 24 | 7:30 PM IST

Register here: https://luma.com/gssl6616

I also thought about this incident just now, and chat with ChatGPT, a good takeaway is do not use tag but the image SHA

Here's a bit more a technical security research write up on how the compromise was introduced into the Trivy ecosystem: https://rosesecurity.dev/2026/03/20/typosquatting-trivy.html

Trivy hacked for the second time within a month: https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release

Thanks @Erik Osterman (Cloud Posse) for the opportunity to share my application. One additional area I’ve been exploring is open-source licensing. I’ve noticed that more projects are adopting the AGPL, and I’ve come to the same conclusion that it offers stronger protections compared to licenses like MIT or Apache, even though it is not as widely adopted as those more permissive options.

Stategraph will be at KubeCon Amsterdam next week.

If you want to say hello, come find our booth. Just kidding. We don't have one.

For a bootstrapped company, spending $20,000 on a booth didn’t feel like the move 🤗

But we do have a boat.

We’re doing three canal tours next Wed the 25th (13:00, 15:00, 17:00). Free drinks, infrastructure engineers, and a slow cruise through Amsterdam. This is mostly an excuse to swipe the company credit card.

If you want to join: https://stategraph.com/kubecon-set-sail

I put together a tutorial on creating end-to-end preview environments using Vercel + Signadot so teams can test multi-service changes before merging. Thought it might be useful for anyone working with preview environments or microservices workflows.
https://www.signadot.com/blog/tutorial-end-to-end-hot-reload-style-previews-with-vercel-signadot/

Many teams are struggling to see real velocity gains with AI agents because the focus is often on "risk tolerance" instead of actual capability boundaries.
This article on TNS shares a 3-Tier model for dividing work based on what can be reasoned from the codebase versus what requires external context like product strategy or platform constraints. It’s a helpful framework for anyone looking to balance AI throughput with engineering judgment.
Full blog here: https://thenewstack.io/ai-agents-software-engineering/

Recently I got the Claude Pro, now I can use Claude Code. I also tried Codex 5.2/5.3 which seems to me also an equivalent smart model. Someone even said 5.4 is better than Sonnet/Opus 4.6.

I am at the harness devops modernization summit today, it's been pretty good, the talk from the SFO airport engineer and Tailscale engineer just now was really good. https://www.harness.io/event/devops-modernization-summit free https://www.airmeet.com/e/9cc741e0-f8a2-11f0-b465-d14d8cb3ebe4. some good context for me about devops + ai

Hey! I co-organize a live weekly thing about startup failure stories - F*ckUp Night.
Builders share mistakes they made, what happened next, and what they learned in ~10 min. People ask questions, give suggestions — it's honest and lively. The kind of stuff that can save you time and money at any stage.
Someone from the last one said: "Even though people shared their failures, I was not demotivated but rather motivated by their courage and experience." — and basically that's exactly how it feels.
📆 March 5, 12, 19, 26; 17:00 CET
🔗 Live on Zoom, register: https://lab.flexus.team/events/fuckup-night

Also, if you want to share your story, let's connect in DM.

Curious how SRE teams here handle incident postmortems.
I built a small tool that reads Slack war-room threads and generates an RCA automatically.
Example output:
• Timeline reconstructed from messages
• Root cause analysis
• Evidence links to logs
• Executive summary
Example incident flow:
03:47 — incident posted in Slack
03:49 — RCA generated
03:51 — fix suggested
Would love feedback from people doing on-call / incident response.
https://www.prodrescueai.com

Hey hey! I’ve been working on this project for a couple of years, and I’m really excited (and a bit nervous) to finally share it here.

I built a game called Blind Draw. It’s a drawing game where you draw using invisible ink, so you can’t see what you’re drawing until the end. The results are often hilarious and surprisingly creative. It originally started as something I wanted to play with family and friends, just to laugh and have fun together.

Over time it slowly grew into a real game with different modes:
Free Draw where you can just experiment and create funny drawings

Copycat where you try to mimic a drawing without seeing your lines

Speed Drawing where you race against the clock to draw as fast as possible

Online play where friends draw and the others try to guess what it is

I’m currently doing a soft launch, and honestly it’s doing better than I expected, which makes me really happy after spending so much time building it.

If you enjoy silly creative games or want something fun to play with friends or family, I’d really love for you to try it and tell me what you think.

https://apps.apple.com/de/app/blind-draw-invisible-ink/id6758377109?l=en-GB

Thanks for taking a look and I would really appreciate the support since it has been a tough journey ❤️

Anthropic dropped a guide on building skills https://resources.anthropic.com/hubfs/The-Complete-Guide-to-Building-Skill-for-Claude.pdf

Hello, folks!
I am creating an autonomous agent that helps control AWS costs. I am a semifinalist in the AWS 10,000 AIdeas contest.
I need votes to move on to the next phase, but I don’t have a community, and many others have a lot of “likes” (voting is just a “like”), and I only have 5. It’s not fair, which is why I’m asking for your help.
If you have an AWS Builder Center account, it will only take 10 seconds: https://builder.aws.com/content/3AUmmi7bwtRwfwR8gsTSQno5joQ
Can I count on you?

Cron still works well for simple scheduling, but once you’re dealing with multiple servers or distributed workloads, it starts to show its limits.
I put together a comparison of several cron alternatives (Airflow, Rundeck, CloudRay, ActiveBatch, etc.) and when each actually makes sense in practice.
https://cloudray.io/articles/cron-job-alternative

Hi community, I’m not active this year but still helped my client on Infra, either AWS or Azure, and now I open sourced an application, not sure if this is a good place to promote it 🙂

I bought some cheap 15.6" N5095 16GB, 1TB laptops new from Temu that came with Windows 11 pro but now run https://cachyos.org/ and https://omarchy.org/:
Molegar Laptop 15.6" FHD IPS Display, Intel 12th Gen N95, 16GB RAM, 1TB SSD, Fin $244.26 Delivered July 15, 2025, Unavailable for purchase
Founder 15.6-Inch Business Ultra-Thin Gaming Laptop | Intel N5095 Processor | Intel UHD Graphics (750Mhz) | 1920*1080 IPS Display | Supports 4K High-Bitrate Playback | 16GB LPDDR4 512GB / 1TB SSD | Backlit Keyboard | Glass-Proof Touchpad | USB 3.2/USB 2.0 TYPE-C PD Charging | Ideal for Workplaces And Schools | Great Gift for Family And Friends | Includes Adapter | 8-Hour Battery Life $222.34 Order: Aug 28, 2025
Both prices are before tax and $5 recycling fee.

The Intel Celeron N5095 is a budget-friendly 11th Gen Jasper Lake quad-core processor (released 2021) designed for lightweight, affordable laptops and Mini PCs

Some open source projects are setting guidelines on ai usage

https://github.com/kyverno/community/blob/main/AI_USAGE_POLICY.md

Hey folks. For those of you already using Xata for copy-on-write, how are you handling the application side of your preview environments?
We just put together a tutorial on pairing Signadot sandboxes with Xata to get full-stack isolation for every branch. It handles massive concurrency without having to duplicate your whole infra or wait for shared staging slots.
See the full workflow: https://www.signadot.com/docs/integrations/databases/xata

Cron jobs are simple until they fail silently in production.

I put together a practical guide covering the most common causes (PATH issues, environment variables, logging, overlapping jobs, and Docker pitfalls) and how to fix each one properly.
https://cloudray.io/articles/why-cron-job-fails-silently-in-production

@Prasanna has joined the channel

@JS has joined the channel

@Salman Shaik has joined the channel

@Deep has joined the channel

Hi folks - I wanted to share a project I've been working on called Stategraph.

It replaces Terraform and OpenTofu's flat state file with a database-backed dependency graph, so independent changes can plan in parallel. In practice that means plans in seconds instead of minutes.

Live demo on Feb 25 if you’re curious:
https://stategraph.com/demo-day

Most Heroku alternatives get compared by features, but in practice the billing model is what really shapes your experience.
I put together a decision framework based on real production usage and actual costs from Jan 2026, focusing on when Railway, Render, Fly.io, or fixed tiers actually make sense.
https://seenode.com/blog/heroku-alternatives-decision-framework

Interesting article on Ramp’s Inspect platform and how closed-loop agents are shaping the SDLC.
Worth a read for anyone who is thinking about how to turn coding agents into actual developer velocity.
Read the full breakdown: https://thenewstack.io/ramps-inspect-shows-closed-loop-ai-agents-are-softwares-future/

Wrote a blog explaining how inference engines work under the hood and how GPU metrics change with them. If you’re interested, check it out here

https://medium.com/@pabhi18/how-llm-inference-works-under-the-hood-prompt-processing-and-gpu-behavior-0b69a222a0b6