Monitoring. AI developer tools and AI mode vulnerabilities. DNS (always DNS). And an interesting survey focused on SRE to read and participate in.

StackHawk sponsors Devops Weekly

[June 27] Securing GitOps Pipelines: Open Source, Vendors, and Getting Things Done. StackHawk champion James Berthoty is speaking at DevSecCon24 to discuss security in pipeline, open source vs. vendor tools, fixing security findings, and measuring success.
https://sthwk.com/Securing-GitOps-Pipelines

News

An interesting report based on a survey of SRE practitioners, correlating several behaviours to elite behaviours. The new survey is open for next year’s survey.
https://www.catchpoint.com/asset/2023-sre-report
https://www.catchpoint.com/sre-survey

Monitoring is invariably harder than it looks for any non-trivial systems. This post looks at the problems with logs, metrics and tracing tools.
https://matduggan.com/were-all-doing-metrics-wrong/

AVID is an AI Vulnerability Database, looking at failures in models. The start of a taxonomy of failure modes, and a database of specific failures. Likely to be an important area of research.
https://avidml.org/

Continuing this long-running series, this post explores naked domains. Some interesting stats, including that almost three quarters of all domains are IPv4 only.
https://www.netmeister.org/blog/naked-domains.html

Tools

Rift is a language server and IDE extension that exposes interfaces for code transformations and code understanding, aiming to integrate with open source AI models to provide a base for AI-assisted software development.

https://github.com/morph-labs/rift

M3s is a tool for running a Kubernetes cluster under Apache Mesos/ClusterD.
https://github.com/m3scluster/m3s
https://m3scluster.github.io/m3s/

DevPod is an open source tool for managing repeatable development environments. It works locally, as well as on top of Kubernetes or a cloud environment.
https://devpod.sh/