AI 资讯
The Everything-on-Your-Branch Architecture
Database branching is one of the best ideas serverless Postgres brought to the mainstream. Fork the database at a point in time, get an isolated copy with all the data, run something risky against it, throw it away. It made preview databases and safe migrations feel routine. But a real application is not just a database. It is a database, plus the files it stores in object storage, plus the backend code that serves it, plus, increasingly, the model and gateway config it calls for AI. When you branch only the database, those other three stay shared. Your "branch" points at the same S3 bucket, the same deployed backend, and the same AI configuration as everything else. So it is half a copy, and the half it leaves out is where a lot of the interesting bugs and the scary migrations live. Neon's platform preview changes what a branch contains. A branch now forks the database and its data, the object storage and its files, the functions that run your backend, and the AI gateway config, all at the same point in time, all isolated. A branch stops being a database copy and becomes a whole environment. To make sure that is a real claim and not a diagram, I took a full-stack project, branched it, and checked every layer. Here is what happened. TL;DR Elsewhere, "branch" means the database only. Object storage, backend deploys, and AI config stay shared, so you bolt on scripts to fake per-branch versions of them. A Neon branch forks all four together: Postgres + data, object storage + files, functions (each branch gets its own URL), and the AI gateway. I proved it: branched a project with a DB, a bucket of files, a function, and the gateway. The branch came up with a copy of the rows, a copy of the files on its own storage endpoint, its own function URL, and the gateway. A write to the branch left main untouched, and deleting the branch removed all of it. That makes a branch a real environment: true preview stacks, whole-state bug reproduction, and disposable sandboxes for agent
AI 资讯
The Best Test Automation Tool Is the One Your Team Still Uses a Year Later
Most test automation tools look good during a demo. You record a login flow, add an assertion, run it in Chrome, and get a green result. Everyone is impressed. Then the real application gets involved. There are dynamic elements, delayed API responses, test accounts, verification emails, downloaded files, several deployment environments, and a checkout flow that behaves differently on Safari. A few months later, the original test suite has grown from 10 tests to 300. Some failures are product bugs. Others are test problems. A few only happen in CI. Nobody is completely sure which is which. That is when you discover whether you selected a test automation tool or merely a good demo. Creating tests is rarely the main problem When teams compare automation tools, they often begin with questions such as: How quickly can we record a test? Can AI generate the steps? Does it support plain-English instructions? Can a manual tester use it? Does it integrate with our CI pipeline? These are reasonable questions, but they mostly describe the beginning of an automation project. The harder questions appear later: Who updates the tests after a redesign? How do we investigate failures? Can another person understand a test created six months ago? What happens when the original automation engineer leaves? Can we test workflows that involve email, APIs, files, or mobile devices? How much infrastructure do we have to manage? Does the cost increase every time we run the regression suite? The first test tells you whether the tool works. The hundredth test tells you whether the approach works. Maintenance should be part of the evaluation A stable automated test is not a test that never changes. Applications are supposed to change. Buttons move. Components are replaced. Authentication flows evolve. APIs return different data. Product teams redesign entire sections of the interface. The objective is not to prevent tests from changing. It is to make those changes inexpensive and understandable.
AI 资讯
Hetzner was cheaper at every size I tested and I still chose managed Postgres
Twelve pricing tabs open. Neon, Hetzner, Supabase, Prisma, Scaleway, OVH. My database is half a gigabyte. I was comparing ten-terabyte price curves. At some point this week I typed the words "I am super lost here" about my own infrastructure. I advise companies on this exact class of decision. That sentence still came out of my hands. If you have ever spent an evening deep in provider pricing pages for a workload that fits on a USB stick from 2009, this one is for you. All numbers below come from the live pricing pages as of July 2026. Rates move, so verify before you commit. Three fears, all pointed at the wrong layers I went in worried about getting attacked, running out of space, and being locked in. All three dissolved under ten minutes of honest reading. DDoS lands on the website edge, not the database. My site already sits behind Cloudflare and Vercel, and a database is never publicly exposed. Only the app talks to it. Whichever provider I picked, that attack surface stayed identical. Here is the shape of the stack, and where each fear lives. MANAGED (what I run today) visitors ──> Cloudflare edge ──> Vercel app ──> managed Postgres [DDoS absorbed] [stateless] [never public, app-only access, provider patches, provider backups, provider on-call] SELF-HOSTED (the alternative I priced) visitors ──> Cloudflare edge ──> Vercel app ──> Hetzner CAX11 [DDoS absorbed] [stateless] [Postgres :5432 firewalled to app, SSH hardened, fail2ban + auto- patching = MINE] │ pg_dump every 6h ▼ encrypted ────> Cloudflare R2 [off-site copies] Same edge, same app, same attack surface. Everything in the right-hand box is what changes owners. Storage was a rounding error. My data is 0.5 GB. Even the cheapest self-hosted box includes 40 GB, eighty times headroom before the first extra cent. Lock-in was a phantom too. Managed Postgres is still stock Postgres. Exiting means a dump, a restore, and one connection string change in the deployment environment. Minutes of cutover, no rewrite an
AI 资讯
Why Pipelock Is an Egress Agent Firewall, Not an Inbound WAF
Why Pipelock Is an Egress Agent Firewall, Not an Inbound WAF The question behind the word firewall Security teams hear "firewall" and picture something inbound. A firewall, WAF, or IPS sits in front of a service. Traffic comes from the outside world toward the protected app. The control inspects requests before they reach the app and blocks malicious payloads at the door. That is outside-in protection. It fits web applications, where many attacks have recognizable request shapes: SQL injection, cross-site scripting, known exploit signatures, or malformed protocol behavior. The web server is the thing being attacked, and the attacker sends requests into it. AI agents invert that model. The agent is not only a server receiving input. It reads external content, calls tools, sends HTTP requests, invokes MCP servers, and runs with credentials. The dangerous event is rarely that a hostile packet reached the agent. The dangerous event is that the agent got talked into doing something with outbound effects. That is why Pipelock is built as an egress agent firewall, not a WAF-style inbound firewall. Why inbound filtering is the wrong primary model Prompt injection does not behave like a structured malware packet. It is natural-language instruction sitting in places the agent is supposed to read: a web page, a ticket, a search result, a tool response, an MCP server reply, or a user message. The channel is legitimate. The syntax is often normal. The attack is semantic and context-dependent. Solving that by filtering every input before it reaches the agent turns into an enumeration problem. You write patterns for "ignore previous instructions," then the attacker rephrases. You block one formatting trick, then the instruction is split across paragraphs, hidden in quoted text, encoded, or dressed up as policy text. Known phrases are worth catching, and Pipelock catches known injection markers in content it mediates, but input filtering cannot be the center of the security model.
开发者
The Hidden Cost of Manual IAM Review
The Hidden Cost of Manual IAM Review Most teams don't track how long they spend reviewing IAM policies. When I started measuring it on my own team, the numbers were worse than I expected. A thorough manual review of one IAM policy takes 10 to 15 minutes. Not a quick scan. A real review: read every statement, trace every cross-account trust, verify every condition key, check for privilege escalation paths, confirm the resource ARNs match what you think they should. At 4 engineers touching IAM once a week, that's 4 hours a month. 48 hours a year of senior engineers reading JSON documents. And that's the optimistic case. Add a security incident. Add an audit. Add the emergency Friday-afternoon policy change that needs review before deploy. The real number is higher. What manual review misses The problem isn't just the time. It's that humans are bad at repetitive structured-data review, especially under time pressure. Here are the things I've seen slip through manual IAM reviews on production systems: iam:PassRole with no condition. This is the big one. PassRole lets a principal pass a role to a service — and if there's no iam:PassedToService condition, that role can be passed to any service that accepts roles. Including services the attacker controls. The reviewer saw the action, mentally categorized it as "role stuff," and moved on. It was statement 47 of 52 — the reviewer had already been reading policies for 40 minutes. Wildcard resource with sensitive actions. s3:* on Resource: "*" is obvious. s3:GetObject on "arn:aws:s3:::*-backup/*" with a wildcard in the bucket name — that's subtle. The reviewer reads it as "restricted to backup buckets" and moves on. But the wildcard means any bucket ending in -backup , including ones in other accounts if cross-account access is configured. Missing aws:SourceArn on Lambda invocation permissions. When you grant another service permission to invoke your Lambda function, you need aws:SourceArn to prevent the confused deputy
AI 资讯
Why Browser Test Reliability Is Now a Product Decision, Not Just a Framework Decision
For a long time, teams treated browser test reliability as a framework problem. When tests failed, the usual response was to change selectors, add waits, increase retries, or replace one automation library with another. That approach made sense when the main challenge was simply controlling a browser. Modern applications are different. A single user journey may now include an identity provider, multi-factor authentication, a streaming AI response, a background API request, a feature flag, a canary deployment, and a frontend rendered differently across several operating systems. The test framework is still important, but it is only one part of the reliability problem. The bigger question is whether the entire testing system gives the team enough evidence to make a release decision. Headless failures are usually a symptom, not the real problem A common example is a test that passes locally but fails only in headless Chrome. It is tempting to assume that headless mode is simply unreliable. In practice, the difference is often caused by viewport size, rendering behavior, animation timing, fonts, resource loading, or elements being positioned differently when no visible browser window exists. This breakdown of why browser tests fail only in Chrome headless is useful because it separates several failure categories that are often grouped together as “timing issues.” That distinction matters. A test that fails because an element is outside the viewport needs a different fix from a test that fails because a network request completes later in CI. Adding a longer timeout may hide both problems temporarily, but it does not make the test more trustworthy. Retries can make a weak test suite look healthy Retries are one of the easiest ways to reduce visible failures in CI. They are also one of the easiest ways to hide instability. A flaky test that passes on its third attempt still consumed runner time, delayed feedback, created extra logs, and made it harder to determine whether
AI 资讯
I Built Free Browser-Based Validators for YAML, Kubernetes and Terraform (No Upload, No Signup)
Every DevOps engineer has done this dance: you've got a chunk of YAML or a Terraform file that looks right, something's rejecting it, and you want a fast sanity check. So you paste it into some random online validator — and a small voice asks, wait, where did that config just go? That config often has structure, comments, sometimes internal hostnames or resource names in it. Pasting infrastructure definitions into an unknown server is a habit worth breaking. So I built a set of validators that never send your config anywhere — they run entirely in your browser. What they are Free, browser-based validators for the formats DevOps folks paste-and-pray most: YAML — catches the indentation and structure errors that make Kubernetes and CI configs fail with cryptic messages Kubernetes manifests — schema-aware checks beyond "is it valid YAML," so you catch the wrong apiVersion or a misplaced field before kubectl apply does Terraform / HCL — structural validation for the syntax slips that terraform validate flags only after you've context-switched away The one design decision that matters 100% client-side. No upload, no signup, no server round-trip. Your config is parsed by JavaScript running in your own tab — it never leaves your machine. You can literally open dev-tools, watch the network panel, and see nothing go out. Turn off your wifi and they still work. This isn't a privacy gimmick — it's the correct architecture for a tool that handles infrastructure definitions. A validator has no business seeing your config on a server it doesn't need to. Why I bother Two reasons, honestly. One: I kept wanting this exact thing and kept not trusting the options. The nth time I hesitated before pasting a manifest into a stranger's website, I decided to just build the version I'd trust. Two: fast feedback loops are the whole game in this job. The gap between "save the file" and "find out it's malformed" is pure friction — and the tighter that loop, the less of your working memory it b
AI 资讯
Linkerd 2.20 Delivers Smarter Traffic Management and Dramatic Efficiency Gains
The Linkerd community has announced the release of Linkerd 2.20, introducing a series of performance, observability, and traffic management enhancements that further strengthen the CNCF-graduated service mesh's position as a lightweight alternative for Kubernetes networking. By Craig Risi
AI 资讯
Verify a Self-Hosted Installer Before Running It as Root
Downloading an installer and immediately executing it as root collapses three operational decisions into one command: Which artifact? -> Did these bytes arrive intact? -> Should this host execute them? Separate those decisions and the install becomes reviewable, reproducible, and recoverable. A concrete source-review boundary At commit c58bcd4 , the MonkeyCode runner installation template selects x86_64 or aarch64 , checks AVX on x86, requires root, and downloads an architecture-specific installer before executing it. The reviewed template uses curl -4sSLk , so certificate verification is disabled by -k . It also downloads an unversioned path. I could not find a pinned version, digest, or signature check in that template. That is a statement about controls visible in one pinned file—not a claim that the release service is compromised or that no external release control exists. Put a manifest before execution For each release artifact, publish immutable metadata through a separately protected release process: { "version" : "1.2.3" , "architecture" : "x86_64" , "file" : "runner-installer-1.2.3-x86_64" , "sha256" : "<64 lowercase hex characters>" , "size" : 18439210 , "rollback" : { "previous_version" : "1.2.2" , "artifact" : "runner-installer-1.2.2-x86_64" } } SHA-256 detects bytes that differ from the manifest. It does not prove who authored the manifest. Serve the manifest over validated TLS, pin it through deployment configuration, or sign it and verify the signature with a trusted offline public key. Verify as an unprivileged staging step The companion verify-installer.mjs checks filename, exact size, digest, version, architecture, and rollback metadata: node verify-installer.mjs release-manifest.json fixture-installer.sh node test-verifier.mjs Expected output uses the fixture's actual digest: PASS 1.2.3-fixture sha256=<digest> PASS verified fixture; rejected tampered artifact before execution The negative test appends a line to the artifact and requires both size
AI 资讯
4 self-hosting failures that return success
The failures that cost me the most in three years of self-hosting were never the ones that threw an error. An error is a gift: it tells you where to look. The expensive ones are the failures that report success while being broken . A page that returns 200 OK . A healthcheck that says the container is fine. A backup that exits cleanly. A command that prints nothing wrong. Everything green, everything lying. Here are four of them, all from the same box (a 2016 desktop, i7-6700 / 32 GB, Docker behind Caddy, reachable only over Tailscale). Each fails by handing you a success signal. Each cost me an evening the first time. The fixes are boring once you know them, the point is knowing the failure exists. Sanitized skeleton with all the config at the end. 1. A loading page that returns 200 This one I could find nothing written about, so it cost me the most. To keep the box quiet, I run the heavy services on-demand: Sablier stops idle containers and starts them on the first request. Caddy (with the Sablier plugin) gates a virtual host behind a container group, serves a "please wait, starting up" page while the group boots, then proxies through: myhost . my - tailnet . ts . net : 8081 { route { sablier http :// sablier : 10000 { group office session_duration 30 m } reverse_proxy nextcloud : 80 } } I gate my whole Nextcloud vhost, WebDAV included, this way. And here is the silent failure: if the gated group is not healthy, Sablier serves that HTML loading page for every request, and it serves it with 200 OK . A browser shows a spinner, fine. But my Obsidian vault syncs over WebDAV, and a WebDAV client asking for a directory listing got a 200 with a chunk of HTML instead of the XML it expected. Sync died with a cryptic no root multistatus found . Nextcloud itself was up and perfectly healthy the whole time. Every uptime check I had was green, because the gate in front kept answering 200 . The structural lesson: the moment you put a service on-demand behind a reverse proxy, tha
AI 资讯
The graph nobody is watching
If you ask me what part of the system I protect the most, the answer is the database. I've been writing software alone for twenty-four years, and across every platform I've built, the rule has stayed the same: the web servers can take whatever you throw at them, the batches can be rebuilt, but the database has to stay idle on purpose. Not because I love idle databases, but because the day a database actually starts to struggle is a day with very few good options. This article is about what "keep the database idle on purpose" actually means in practice, and about one particular kind of graph that, in my experience, almost nobody is watching. The three layers and what each of them gets I think of a production system as having three tiers, and each tier gets a different rule. The web server tier can be horizontally scaled. If load grows, you add machines. If something is wrong, you take a machine out of the pool, and the others handle it. Failures here are visible immediately, and they're cheap to recover from. The batch server tier can be scaled up or out depending on the work. A batch that's too slow can be split. A batch that crashes can be retried. End users don't see batch servers, so a stuck batch is a problem for me and not for them. Some headroom up here is fine. The database tier is the one I treat completely differently. The database is not where you absorb load. The database is what you protect from load. The reason is simple: the other tiers can be rebuilt or re-scaled. The database is the irreplaceable record. If it slows down, everything slows down. If it falls over, you don't have many minutes before the rest of the stack notices. So my rule for the database is: keep it idle. Not idle in the sense of "doing nothing." Idle in the sense of "running well below its capacity, at all times, so that any extra load it picks up has somewhere to go." For more than a decade I ran a large appliance-grade database where I kept the load average below 1 at all times. N
AI 资讯
Architecting Kubernetes Deployments with Python
Python is an excellent language for automating cloud infrastructure, but the official Kubernetes Python client leaves developers with an important architectural decision: Where should Kubernetes manifests live? Should they be constructed directly with Python objects? Embedded as multiline strings? Or stored as external files and rendered at runtime? Each approach works, but they have very different implications for readability, maintainability, and long-term operational cost. The key is recognizing that deployment logic and platform configuration evolve on different lifecycles. Your deployment code, the part that authenticates to Kubernetes, renders templates, and applies resources, may remain unchanged for months. Your manifests, however, often change weekly as applications evolve, resource limits are tuned, cloud-provider annotations are added, or networking requirements change. When those two concerns are tightly coupled, even a configuration, only change forces you to modify, test, and redeploy the delivery or application code itself. Over time, this increases maintenance costs, slows platform changes, and makes configuration drift and production mistakes more likely. This is a familiar software engineering principle: separate concerns that evolve independently. The same thinking that keeps application configuration separate from executable code also applies to Kubernetes manifests. Treating manifests as first-class configuration artifacts allows them to evolve independently from the Python code that delivers them. In this article we'll compare three ways of deploying Kubernetes resources with the official kubernetes-python-client , ranging from tightly coupled implementations to a design that cleanly separates deployment logic from platform configuration. The Landscape at a Glance The comparison below assumes a common application deployment scenario, where the desired state is largely known ahead of time. Controllers and Operators have fundamentally different r
AI 资讯
The monitoring agent that cannot be told what to do
Here is a design decision we made early, wrote into the architecture as an invariant, and have refused to revisit since: our agent accepts no commands. Not "we don't currently use that feature" — the hub has no way to tell an installed agent to do anything at all. No remote execution, no self-update, no "collect this for us right now". It sends data outward, and that is the entire surface. This is not a limitation we are working around. It is the product. And it costs us features that customers ask for, which is exactly why it is worth explaining. The uncomfortable arithmetic of remote control Any tool that can update a plugin across fifty client sites is, by construction, a tool that can execute code on fifty client sites. Any dashboard that can restart a service on your server holds, somewhere, a credential that lets it in. This is not a flaw in those products — it is what they are for. You cannot automate a repair without the power to perform it. But that power has an owner, and the owner has a login, and the login has a support team, and somewhere in that chain there is a version of the software with a bug in it. When the tool is compromised, the blast radius is not the tool. It is every machine the tool could reach. The industry has already run this experiment at scale. In July 2021, attackers exploited a vulnerability in a widely used remote monitoring and management platform. They did not break into a single company — they broke into the thing that had access to the companies. Roughly sixty managed service providers were hit, and through them, an estimated 800 to 1,500 downstream businesses were encrypted in a single weekend, with a $70 million ransom demand attached. Read that shape again, because it is the whole argument: the victims did nothing wrong. They had bought a well-known product from a serious vendor and installed it exactly as instructed. Their compromise arrived through the door they had deliberately, sensibly, contractually left open — the one
AI 资讯
Enhancing CI/CD and E2E Testing with Sentry Integration in tvview
Enhancing CI/CD and E2E Testing with Sentry Integration in tvview TL;DR: I integrated Sentry for error tracking and improved End-to-End (E2E) testing in the tvview project, enhancing the CI/CD pipeline. This resulted in a score increase from 85 to 95+. The Problem The tvview project lacked comprehensive error tracking and E2E testing, making it difficult to identify and resolve issues in production. The existing CI/CD pipeline needed improvement to ensure smoother deployments and better code quality. What I Tried First Initially, I focused on setting up E2E tests using Vitest, but encountered issues with the test configuration. I also attempted to integrate Sentry, but faced challenges with the DSN (Data Source Name) configuration. The Implementation Step 1: Configuring Sentry To integrate Sentry, I created separate configuration files for the client, edge runtime, and server: // sentry.client.config.ts import * as Sentry from " @sentry/nextjs " ; Sentry . init ({ dsn : " https://385038c88b6eb6ddac52d05a144ab8c1@o4511628189630464.ingest.us.sent " , // Additional configuration options }); // sentry.edge.config.ts import * as Sentry from " @sentry/nextjs " ; Sentry . init ({ dsn : " https://385038c88b6eb6ddac52d05a144ab8c1@o4511628189630464.ingest.us.sent " , // Additional configuration options }); // sentry.server.config.ts import * as Sentry from " @sentry/nextjs " ; Sentry . init ({ dsn : " https://385038c88b6eb6ddac52d05a144ab8c1@o4511628189630464.ingest.us.sentry.io " , // Additional configuration options }); Step 2: Enhancing CI/CD Pipeline I updated the .github/workflows/ci-e2e.yml file to include Sentry configuration and E2E testing: name : 📺 CI + E2E — TVView on : push : branches : [ main ] workflow_dispatch : {} schedule : - cron : " 35 6 * * *" jobs : build-and-test : runs-on : ubuntu-latest steps : - name : Checkout code uses : actions/checkout@v2 - name : Install dependencies run : npm install - name : Generate Prisma client env : DATABASE_URL : " postgre
AI 资讯
Enhancing CraveView's CI/CD Pipeline with Sentry and E2E Tests
Enhancing CraveView's CI/CD Pipeline with Sentry and E2E Tests TL;DR: I upgraded CraveView's CI/CD pipeline by integrating Sentry for error tracking and implementing End-to-End (E2E) tests, boosting the score from 85 to 95+. This technical deep-dive explores the architecture decisions, code changes, and lessons learned. The Problem The initial problem wasn't a single error message but a series of inefficiencies in the CI/CD pipeline. The existing setup lacked comprehensive error tracking and test coverage, leading to potential issues in production. Specifically, the pipeline didn't have: Robust Error Tracking : No integrated system for capturing and analyzing errors. End-to-End Tests : Limited test coverage, which could lead to undetected issues in production. What I Tried First Initially, I focused on enhancing the test suite. I explored various testing frameworks but decided to implement E2E tests using Vitest, given its compatibility with the existing tech stack. The first approach involved setting up a basic E2E test framework. However, I encountered issues with the test environment configuration, particularly with database connectivity. The tests required a realistic database setup, which wasn't properly simulated. The Implementation Step 1: Configuring Sentry To integrate Sentry, I created configuration files for client, edge, and server initialization: sentry.client.config.ts import * as Sentry from " @sentry/nextjs " ; Sentry . init ({ dsn : " https://385038c88b6eb6ddac52d05a144ab8c1@o4511628189630464.ingest.us.sentry.io/4511629 " , // Additional config options }); sentry.edge.config.ts and sentry.server.config.ts follow a similar structure, adjusted for their respective environments. Step 2: Implementing E2E Tests I added a new test file e2e-production.test.ts in src/__tests__ : import { test , expect } from ' @playwright/test ' ; test ( ' should render the homepage ' , async ({ page }) => { await page . goto ( ' https://craveview.vercel.app ' ); await expe
AI 资讯
Upgrading CI Workflows: From Node 20 to Node 22 and Actions v5/v6
Upgrading CI Workflows: From Node 20 to Node 22 and Actions v5/v6 TL;DR: I upgraded the CI workflows for the content-automation repository from Node 20 to Node 22 and Actions v5/v6, addressing compatibility issues and improving performance. Key changes included updating upload-artifact from v5 to v7 and implementing retry with backoff. The Problem The CI workflows for the content-automation repository were using Node 20 internally, despite the configuration specifying Node 20. This discrepancy caused compatibility issues with newer versions of the GitHub Actions. Specifically, the upload-artifact action was still on version 5, which was internally targeting Node 20. What I Tried First Initially, I attempted to update the upload-artifact action to version 7, which supports Node 22. However, this change alone did not resolve the issue, as other actions like checkout and setup-python were still on older versions. The Implementation To address the compatibility issues, I updated the following actions: upload-artifact from v5 to v7 checkout to v5 setup-python to v6 Here are the specific code changes: // .github/workflows/main.yml steps: - name: Checkout code uses: actions/checkout@v5 - name: Setup Python uses: actions/setup-python@v6 - name: Upload artifact uses: actions/upload-artifact@v7 Additionally, I implemented a retry mechanism with backoff for the CI workflows: // .github/workflows/main.yml steps : - name : Retry with backoff run : | for i in {1..3}; do if ./script.sh; then break else echo "Retry $i failed, backing off..." sleep $((i * 2)) fi done Key Takeaway The key takeaway from this experience is the importance of keeping CI workflows up-to-date with the latest versions of GitHub Actions. This not only ensures compatibility but also improves performance and reliability. What's Next Next, I plan to monitor the CI workflows for any issues and continue to optimize the retry mechanism for better performance. I will also explore other ways to improve the reliabili
AI 资讯
I built HostShift to migrate Linux servers
Hey everyone, I change servers more often than I probably should. A discounted VPS or a good coupon is usually enough to convince me, but manually recreating the same web stack every time stopped being fun a long time ago. That is why I built HostShift , an Apache-2.0 licensed Go CLI for discovering, planning, migrating, and verifying Ubuntu and Debian servers. The rule I would not compromise on The source server must remain read-only. HostShift does not install packages, stop services, enable maintenance mode, create temporary archives, or change configuration on the source. It reads approved facts and streams data directly to the target. Any target mutation requires an explicit CLI apply command. What it currently covers Docker Compose projects and standalone containers MySQL/MariaDB, PostgreSQL, and Redis Nginx, Apache, Caddy, and systemd services SSH and firewall configuration PHP-FPM, Supervisor, Fail2ban, Certbot, and Logrotate Migration planning, audit journals, status, resume, rollback metadata, and verification checks The migration engine is deterministic Go code and does not need AI. I also added an optional Codex plugin and a deliberately non-apply MCP interface for discovery, planning, review, and dry runs. Actual changes stay in the human-operated CLI. Testing real migrations I did not want to call it tested just because a few unit tests passed. The repository includes Docker migration matrices and real Lima VM matrices covering Ubuntu 22.04, Ubuntu 24.04, Ubuntu 25.10, Debian 12, and Debian 13, including cross-distribution moves. The VM tests also reboot the target and verify persistence while comparing source snapshots before and after the migration. The project is still new, so I expect real-world edge cases. I am sharing it now because feedback from people who actually move and maintain servers will be more useful than polishing it alone forever. GitHub: https://github.com/oguzhankrcb/HostShift Documentation: https://hostshift.karacabay.com
AI 资讯
Decoupling Prompt Engineering from your Deployment Pipeline
Engineering prompts inside your source code is a recipe for deployment fatigue. If you've spent any time moving an AI feature from a prototype to production, you know the specific frustration of 'prompt drift.' You make a subtle tweak to a system instruction—perhaps changing how the model handles edge cases in JSON formatting—and suddenly you're forced into a full CI/CD cycle. A PR, a review, a build, and a deployment, all because of three words changed in a long string constant. In a mature engineering organization, your application logic should be decoupled from your prompt instructions. The code handles the orchestration, the plumbing, and the security; the prompts represent the dynamic configuration. This is what LLMOps aims to achieve, but until recently, there was a massive friction gap between managing these prompts in a dashboard and actually using them inside an agentic workflow. This is where the Humanloop MCP server changes the interaction model entirely. It's not just about having a central repository for strings; it's about bringing those strings into your execution context—your IDE, your Claude instance, or your Cursor agent—as actionable tools. The Architecture of Prompt-as-a-Service The core idea here is treating prompts as versioned assets rather than hardcoded constants. By using the Humanloop API via MCP, you're essentially turning prompt management into a service call. When I look at the toolset available in this server, the first thing that stands out isn't just the ability to read data—it's the ability to manipulate state. Take upsert_prompt for instance. You aren't just fetching text; you can create or update configurations directly from your agent. This transforms your development loop. Instead of context-switching between a browser tab with Humanloop and a terminal, you can instruct an agent to 'Refine the customer-support-reply prompt to be more concise and save it.' The agent performs the engineering work and updates the source of truth in
AI 资讯
DORA Metrics Measure Delivery Health. What Measures Security Posture Health?
✓ Human-authored analysis; AI used for formatting and proofreading. Delivery teams have DORA. Four metrics — deployment frequency, lead time for changes, mean time to restore, change failure rate that predict whether a team is shipping well. Thoughtworks recently added a fifth: rework rate, measuring how much of the pipeline is consumed by fixing work previously considered complete. These metrics changed how delivery organizations operate. Because they're leading indicators. They tell you the trajectory before the outcome arrives. A team with increasing lead times is heading for trouble. A team with rising rework rate is accumulating debt. You see it in the metrics before you see it in the incidents. Security teams have no equivalent. What security teams measure today Finding counts. "We found 247 misconfigurations this quarter." More scanning produces more findings. A team that scans more frequently or adds a new tool sees the number go up which looks worse even if posture is improving. Finding counts measure scanning effort, not security health. Compliance percentages. "We're 94% compliant with CIS Benchmarks." This measures the last audit, not the current trajectory. A team at 94% today might be at 87% next week if three Terraform changes introduced misconfigurations. The percentage is a snapshot, not a trend. It rewards breadth of coverage over depth. 94% across 200 checks sounds better than 100% across 50 checks, even if the 50 are the ones that matter. Incident counts. "We had two security incidents this quarter." This is a trailing indicator. It measures failures that already happened. A team with zero incidents might have excellent posture or might have excellent luck. You can't tell. By the time the count goes up, the damage is done. None of these answer the question delivery teams answer with DORA: are we getting better, and how fast? The mapping The five DORA metrics adapt directly to security posture. The definitions are concrete and measurable from eval
AI 资讯
From Resetting Passwords to Containerizing Java: My Pivot to DevOps
For 4 years, I lived in the world of IT Operations. My days were spent handling incident response, managing data lifecycles, and making sure systems stayed online. I learned how to troubleshoot under pressure, talk to frustrated users, and keep the business running. But I had a lingering frustration: I was always fixing other people's code. I never got to build it. And more importantly, I was fixing problems manually that I knew could be automated. So, I decided to make a massive pivot. I went back to university (VILNIUS TECH) and recently started a Java Engineering internship at Coherent Solutions. My goal isn't just to become a Java developer. My goal is to bridge the gap between Development and Operations- DevOps . In my first few weeks at Coherent, we started learning about enterprise architecture. But the moment that truly clicked for me was when I built my first Docker image for our project. In my past IT life, deploying an app was a nightmare. "It works on my machine!" was a constant joke (and a constant headache for the Ops team). Setting up environments, installing the right Java version, configuring databases—it was manual, error-prone, and boring. Then I wrote a Dockerfile . I packaged our Java application and its dependencies into a single, isolated container. Suddenly, I realized: This is how you solve the "works on my machine" problem forever. As someone who used to be the guy manually fixing those environment issues, writing a few lines of code to completely automate that process felt like a superpower. I'm starting this blog to document my journey in real-time. I'm currently diving deep into: 🔹 Java 21 (the newest LTS—highly recommend checking out Virtual Threads!) 🔹 Spring Boot & enterprise backend architecture 🔹 Docker & containerization 🔹 Next up: CI/CD pipelines and Infrastructure as Code (Terraform) If you are currently stuck in IT Support or SysAdmin roles and dreaming of becoming a DevOps or Software Engineer—you aren't alone. Let's learn toge