今日已更新 287 条资讯 | 累计 20259 条内容
关于我们

标签:#DevOps

找到 358 篇相关文章

AI 资讯

Why I Built a New Memory Plugin for Hermes Agent

Hermes Agent already has memory, and that matters. It keeps local context, it improves over time, and it works without forcing you into a cloud service. It also supports several external memory providers. I still built hermes-mempalace , because none of the existing options fit my setup quite right. I wanted something: local-first isolated by Hermes profile verbatim, not just extracted facts easy to inspect on disk simple enough to trust over time That last part is the important one. I did not want a memory layer that turns conversations into an opaque pile of embeddings or summaries you cannot really audit. I wanted actual transcripts, mined into a readable structure, with no hidden server in the middle. Why the existing options were not enough Hermes already gives you a few paths: built-in memory and session context external providers for different use cases enough flexibility to adapt, if you are willing to bend your workflow around them And to be clear, some of those options are good. But ... I run Hermes on a headless machine at home. And I use separate profiles for different contexts. And I do not want conversation content depending on a cloud API or a separate service unless there is a very good reason. So, the best fit had to check a few boxes: [x] no API key [x] no external server [x] no extra runtime I did not already want/install [x] storage isolated by HERMES_HOME [x] memory we can actually read later That let to MemPalace , or https://mempalaceofficial.com/ (hopefully, that's the right one!) What hermes-mempalace does hermes-mempalace wires MemPalace into the Hermes memory provider interface. It follows the same lifecycle as the rest of Hermes memory providers: system_prompt_block() adds a short memory reminder to the prompt. prefetch() can run a MemPalace search before the first model call. sync_turn() buffers completed turns without slowing the chat loop. on_session_end() writes buffered turns to markdown and mines them into the palace. shutdown() flu

2026-06-15 原文 →
AI 资讯

I Run 5M Vectors on a $6/mo Server. Pinecone Would Charge Me $210.

Six months ago I moved my RAG pipeline from Pinecone to self-hosted Qdrant. My vector search bill went from $210/month to $6.50/month. Same latency. Same recall. Here's exactly how. The Setup My app does document Q&A for legal contracts. The numbers: 5.2 million vectors (1536-dim, OpenAI embeddings) ~800K queries/month P99 latency requirement: < 50ms On Pinecone Serverless, this cost me roughly $210/month — storage plus read units plus write units for daily ingestion of new documents. What I Moved To A single Hetzner CX32 server: 4 vCPU, 8 GB RAM, 80 GB SSD €8.50/month (about $9.20) Qdrant running in Docker Automated daily backups to S3-compatible storage ($0.50/month) Total: ~$10/month. That's a 95% cost reduction. The Migration Was Easier Than Expected bash# Export from Pinecone (I used their scroll API) python export_pinecone.py --index legal-docs --output vectors.jsonl Start Qdrant docker run -d -p 6333:6333 -v ./storage:/qdrant/storage qdrant/qdrant Import python import_qdrant.py --input vectors.jsonl --collection legal-docs The whole migration took an afternoon. The Qdrant Python client is straightforward, and the API is surprisingly similar to Pinecone's. Performance Comparison I ran the same 10,000 test queries against both setups: MetricPinecone ServerlessQdrant Self-HostedP50 latency23ms4msP99 latency89ms12msRecall@100.970.97Monthly cost$210$10 The self-hosted Qdrant is actually faster because the data sits in memory on the same machine. Pinecone Serverless loads data from object storage on demand, which adds cold-start latency. When Self-Hosting Is a Bad Idea I want to be honest about the trade-offs: Don't self-host if: You have zero DevOps experience and no one on the team does You need 99.99% uptime SLA for enterprise customers Your vector count is growing unpredictably (10M one month, 100M the next) You're a team of 1-2 and every hour on infra is an hour not building product Do self-host if: Your scale is predictable (you know roughly how many vectors

2026-06-14 原文 →
AI 资讯

Your DR Test Passed. The Assumptions Didn't.

The test passed. The restore completed inside the window. The workload came online. The team signed off, closed the ticket, and filed the results. DR test: successful. And then, somewhere between the test environment and the next real incident, the recovery plan drifted out of alignment with the infrastructure it was written to protect. Not dramatically. Not all at once. Gradually — through a cloud migration, an IdP consolidation, a new SaaS dependency, a network redesign that didn't make it into the runbook. DR plan failure rarely happens where you tested. It happens at the assumptions the exercise never reached. The Test Has a Boundary. The Incident Doesn't. A DR exercise begins with a defined scope. A specific workload. A known starting state. A target environment that has been prepared in advance. The team is available, credentialed, and not managing anything else. The blast radius is controlled before the test starts. A real incident does none of that. Scope expands from the first alert. Authentication problems surface because the IdP that wasn't in exercise scope is now unreachable. Networking issues appear because the failover path assumes a routing table that was updated three months ago. A vendor the plan never named is unavailable, and the recovery sequence stalls waiting for a dependency that was never documented as a dependency. The plan was written for the conditions of the test. The incident arrives in conditions the plan never anticipated. That gap is where DR plan failure actually lives — not in the restore mechanism, but in everything the restore mechanism was assumed to be able to reach. Most DR Plans Depend on Things They Never Recover The recovery exercise validates a workload. What it rarely validates is the recovery infrastructure itself. Consider what a typical enterprise DR plan silently depends on: Assumed — Not Tested: Identity provider, backup management console, cloud account access, ticketing and incident management systems, third-party

2026-06-14 原文 →
AI 资讯

AI Agents Are the Best Thing to Happen to Network Administration Since SDN

AI Agents Are the Best Thing to Happen to Network Administration Since SDN A single API key, an AI agent, and a router behind a double-NAT in Southeast Asia. What happened next changed how I think about network management. I manage UniFi routers spread throughout the ASEAN region — some for friends, some for relatives, one for a charity. They're in different cities, different ISPs, different levels of network hostility. Most sit behind carrier-grade NAT. A few are in places where the government firewall blocks VPN protocols at the transport layer. UniFi's own management interface has always been good. The web dashboard, accessible through Ubiquiti's cloud, gives me visibility into every site: device health, client lists, traffic stats, WiFi experience scores. It's one of the reasons I chose UniFi in the first place — the centralized GUI just works. But the GUI is still a GUI. It's clicks and menus and dropdowns. It's fast for one site, manageable for three, and tedious at ten. For anything beyond what Ubiquiti built into the interface, you'd need to write your own tooling. I never bothered, because I'm not a developer, and the built-in dashboard was good enough. Then AI agents arrived, and suddenly the calculation changed. The Discovery I knew UniFi had an API. I'd heard about it in passing — some REST endpoints for the controller, vaguely documented, probably read-only. I never looked into it seriously because what was I going to do with it? Write a Python script to poll client counts? Build a custom dashboard? Without a team of developers, an API is just a locked door. But when I started working with an AI agent, I gave it my UniFi cloud API key on a whim. I figured it could pull basic stats — the stuff from the Site Manager API at api.ui.com/v1 . Read-only. Dashboard-level. Useful as context for answering questions. Then the agent discovered something I'd completely missed: the Cloud Connector API . I owe this discovery in large part to the Art of WiFi PHP client

2026-06-14 原文 →
AI 资讯

How to Cut Microsoft Agent Framework Costs With a Gateway Layer

Microsoft Agent Framework is built for production multi-agent systems, which is exactly why its LLM bill can grow faster than expected. If you are running workflows with retries, handoffs, tools, and checkpoints, the easiest savings do not come from prompting harder — they come from adding a gateway layer under the framework. I built Lynkr, so obvious founder disclosure: this article uses Lynkr as the gateway example. I’ll keep it practical and focus on where the cost actually shows up in Microsoft Agent Framework workloads. Why this is a real Microsoft Agent Framework problem The current Microsoft Agent Framework README positions it as a production-grade framework for Python and .NET, with: multi-agent workflows sequential, concurrent, handoff, and group collaboration patterns middleware observability provider flexibility checkpointing and human-in-the-loop flows That is exactly the kind of stack where token usage grows quietly. A single prompt-response app is easy to reason about. A production workflow is not. Once you add routing, retries, multiple agents, MCP tools, and long-lived execution state, the same context starts getting resent over and over. That creates four predictable cost leaks. Where the spend comes from in Microsoft Agent Framework workloads 1. Repeated shared context across agents Multi-agent systems reuse a lot of the same context: task instructions tool definitions previous messages workflow state grounding context Even when the framework orchestrates cleanly, the model provider still sees repeated input tokens. 2. Tool-heavy steps explode prompt size Once agents start using tools, responses stop looking like simple chat. You get: search results file reads JSON blobs browser outputs execution traces Those payloads are often much larger than the user’s actual request. 3. Every task does not need the same model A workflow step that says “classify this,” “summarize these logs,” or “extract the next action” does not need the same model as “resolve

2026-06-14 原文 →
AI 资讯

AI For Debugging Production Issues

It's 2:47am. The pager has just gone off for the third time in twenty minutes. Checkout latency is spiking. The error rate on /api/orders is climbing. Slack is filling with screenshots of half-finished trace views. Somewhere in your logs, the answer is sitting there in plain text, buried under a few million other lines that all look just as urgent. This is the moment people are talking about when they say "AI is going to change how we debug production." Not the demo where someone asks ChatGPT to write a regex. The 2:47am moment. The one where a tired human has to hold five tabs open in their head and form a hypothesis before the executive team starts asking for an ETA. It turns out that's where the technology has the most to offer, and also where it embarrasses itself most often. Let's break down what's actually working in 2026, where the seams still show, and how to wire an LLM into your incident-response loop so it earns its keep instead of just adding another window to glance at. What AI is genuinely good at during an incident The two boring superpowers first: reading fast and correlating across heterogeneous signals . Those are the things humans get worst at when they're tired and time-pressured, and they're the things a good LLM does at the same speed at 2am as at 2pm. Datadog's Bits AI SRE, which the company benchmarked against real incidents from hundreds of internal Datadog teams, is built around exactly this insight: an agent that can fan out across metrics, logs, traces, recent deploys, and incident history simultaneously, then collapse the findings into a single readable narrative. Datadog runs the agent against tens of thousands of evaluation scenarios and claims time-to-resolution wins of up to 95% in its published material. That headline number is marketing (you should always read it as "in the cases where the agent worked, this is what it shaved"), but the underlying capability is real, and it isn't unique to Datadog. Honeycomb's Query Assistant has b

2026-06-14 原文 →
AI 资讯

DevOps Salaries & Hiring in India 2026: What 800+ Live Job Listings Reveal

If you're a DevOps, SRE, or Cloud engineer in India — or hiring one — the market in 2026 looks very different from a few years ago. Instead of guessing, we analyzed 800+ live DevOps/SRE/Cloud/Platform Engineering roles currently on PuneOps to see what's actually being hired for right now. Here's what the data shows. 1. Bangalore dominates, but the market is genuinely national DevOps hiring in India is no longer a one-city story. Of the live roles: Bangalore — the clear leader, ~25% of all listings Pune — a strong #2 (and a serious DevOps hub, not just an IT-services town) Hyderabad, Mumbai, Delhi NCR, Chennai — all with steady, healthy demand Remote / Pan-India — roughly a third of all roles don't tie you to a city at all Takeaway for candidates: you're no longer limited to wherever you live. Remote and pan-India DevOps roles are a huge and growing slice of the market. 2. This is a senior-heavy market The single most striking pattern: DevOps hiring in India skews experienced. The largest band by far is 5–10 years of experience A meaningful chunk wants 10+ years (architects, principals, platform leads) Entry-level (0–2 years) roles are comparatively rare Takeaway: DevOps remains a hard field to break into directly. Most roles assume you've already done software, sysadmin, or cloud work. If you're junior, the path in is usually via a software/ops role, then specializing. 3. The skills employers actually ask for Across the listings, the same technologies show up again and again: Kubernetes — effectively table stakes now Terraform / IaC — infrastructure-as-code is expected, not bonus AWS / Azure / GCP — cloud fluency, often multi-cloud CI/CD pipelines, observability, and Python for automation Takeaway: if you're leveling up, Kubernetes + Terraform + one major cloud is the core combination Indian employers are screening for in 2026. 4. Salary ranges (market benchmarks, 2026) Compensation varies widely by company type (product vs. services), city, and exactly how senior t

2026-06-14 原文 →
AI 资讯

What Happened When I Told Codex to Calm Down

I have been doing a lot of work lately tightening up my diagnostic suite: the mechanics, the workflow, the way it runs against target repos, the way it helps narrow a repair instead of letting everything turn into a fog machine. And because I work with Codex as my coding agent, I have also become very familiar with a specific kind of AI-agent behavior. The “I am helping so hard I am about to make this worse” behavior. If you work with coding agents, you probably know the vibe. You ask for one thing. The agent does that thing. Then it also adjusts a helper. Then it updates a fixture. Then it “notices” a nearby pattern. Then it starts explaining three other improvements you never asked for. And now you’re staring at the diff like: “Why are you in that file?” “I did not tell you to touch that.” “That was not the repair lane.” “Please stop being useful for one second.” I am not proud of how many times I have verbally threatened a language model. But here we are. The funny thing is, I am building Scarab partly because I already expect this kind of drift. I know that when an AI coding agent is given too much uncertainty, it tries to solve the uncertainty itself. Sometimes that is useful. Sometimes it is a raccoon with a soldering iron. The challenge is that while I am developing the diagnostic system, I cannot always use the diagnostic system to supervise itself. So there are moments where I have to manually hold the line. That means a lot of conversations with Codex that sound like: “Do not widen the patch.” “Do not change the diagnostic output to make the diagnostic pass.” “Do not fix the test by changing what the test means.” “Do not touch SDS mechanics while repairing the target repo.” “Stay in the target.” “Stay in the lane.” “Why are you like this?” Very normal. Very calm. Very professional. Then something changed At some point, after a lot of tightening, the workflow started to feel different. Scarab had enough of the diagnostic work under control that I could tell

2026-06-13 原文 →
AI 资讯

AI Agent Architecture: Why Process-Level Resilience Beats Proxy Gateways

The Great AI Architecture Debate When building reliable AI agents, there are two dominant approaches. Approach A: Proxy Gateway (LiteLLM, Braintrust, etc.) App sends request to Gateway Proxy which forwards to LLM Provider. Requires Docker, database, operations team. Approach B: Embedded SDK (NeuralBridge) App plus SDK sends directly to LLM Provider. One dependency, pip install. The Hidden Cost of Gateways Every proxy gateway adds 30-200ms of network latency per call. For an agent that makes 10 LLM calls, that is 300-2000ms of unnecessary overhead. Latency breakdown: Gateway overhead: +30-200ms per call Docker infrastructure: +1-3 GB RAM Database operations: +PostgreSQL maintenance Ops overhead: +0.5 FTE Why Embedding Wins Embedded reliability eliminates the network hop: Factor Gateway Embedded SDK Added latency 30-200ms ~0ms Dependencies Docker, DB, Redis 1 (httpx) Install size 500MB+ 375 KB Single point of failure Yes (proxy) No Ops cost High Zero The Hybrid Reality Gateways serve a purpose for centralized logging, auth, and rate limiting. But for latency-sensitive AI agents, embedding reliability directly in the process is strictly better. The ideal stack: embedded SDK for reliability plus lightweight observability layer on top. https://github.com/hhhfs9s7y9-code/neuralbridge-sdk NeuralBridge: Apache 2.0, 1 dependency, 375 KB.

2026-06-13 原文 →
AI 资讯

LLM API Reliability in Production: What 10,000 Calls Taught Us About Failure Patterns

LLM API Reliability: The Reality Nobody Talks About If you have run more than a few thousand LLM calls in production, you have seen the pattern: things work perfectly in development, then fall apart under load. The Numbers Failure Type Rate Root Cause Timeout 2-5 percent Network congestion, provider throttling Rate Limit (429) 1-3 percent Burst traffic patterns Empty Response 0.5-2 percent Content filtering, model degradation Schema Violation 1-4 percent Model behavior drift 5xx Server Error 0.5-1 percent Provider-side outages Total: 5-15 percent of calls fail on first attempt. Why Retry-Only Is Not Enough Most teams implement exponential backoff and call it done. But retry alone does not help when: The provider is genuinely down (retrying into a black hole) The model has degraded silently (retrying returns the same bad output) You are being rate limited (retrying makes it worse) Self-Healing: A Better Approach Instead of naive retries, a self-healing approach: Diagnoses the failure type (~19 microseconds) Escalates through layers: retry, degrade, failover, learned rule Validates output quality across multiple dimensions Learns from each failure for next time Key Takeaways 5-15 percent of production LLM calls fail on first attempt Retry-only strategies fail when providers are degraded Self-healing with diagnosis and failover recovers 84.1 percent of faults Multi-provider routing eliminates single points of failure Try It https://github.com/hhhfs9s7y9-code/neuralbridge-sdk NeuralBridge is Apache 2.0 open source.

2026-06-13 原文 →
AI 资讯

OS Architecture, Kernel, Shell & File System

🐧 Linux for DevOps — Session 2: Understanding the Kernel, Shell, OS Architecture & File System 📓 Learning in public — These are my personal notes from my Linux for DevOps & Cloud journey. I'm sharing them in a way that's easy to revisit later and hopefully useful for anyone else starting out. In the previous session, I got comfortable with Linux basics and terminal access. This session focused on understanding what actually happens behind the scenes when we run commands , how Linux is structured internally, and how files are organized on the system. These concepts might sound theoretical at first, but they're the foundation of everything you'll do in DevOps—from managing EC2 instances and Docker containers to troubleshooting production servers. The Linux Kernel: The Heart of the Operating System The kernel is the most important component of Linux. Think of it as a translator sitting between software and hardware. Applications can't directly talk to the CPU, RAM, disks, or network interfaces. Instead, every request goes through the kernel. When you run a command, open a browser, start a Docker container, or deploy an application, the kernel is responsible for making it happen. Its main responsibilities include: Responsibility Purpose Resource Management Decides which process gets CPU time Memory Management Allocates and releases RAM Process Management Creates, schedules, and terminates processes Device Management Communicates with hardware through drivers Without the kernel, Linux would simply be a collection of files with no way to interact with hardware. Types of Kernels Not every operating system uses the same kernel design. Monolithic Kernel (Linux) keeps most operating system services inside a single kernel space. This approach is extremely fast because components communicate directly. Microkernel keeps only essential functionality in kernel space and moves other services outside. This improves isolation and stability but introduces additional overhead. Hybrid K

2026-06-13 原文 →
AI 资讯

Not Your Weights, Not Your Workflow

I left a multi-agent refactor running overnight. By morning the model was gone, pulled out from under me by a government I don't even vote for, on the other side of an ocean. This isn't really a story about Anthropic. It's a story about who's actually holding the off-switch, and right now it probably isn't you. So here's how my morning went. I had a job running. Not a toy, a proper codebase-wide refactor that had been grinding away continuously for the best part of two days. Multi-agent setup, left to run overnight, the kind of long, messy, long-horizon task that every model before this one just fell over on. Claude Fable 5 was handling it like it was nothing. Anthropic's own launch notes talk about it compressing months of work into days, and honestly, on my own codebase, that wasn't marketing. It was just what was happening. Then I woke up. And the model was gone. Not rate-limited. Not having a wobble. Gone. The thing I'd built two days of momentum on simply did not exist any more. Turns out that on the 12th of June the US government issued an export-control directive telling Anthropic to cut off all access to Fable 5 and Mythos 5 for any foreign national. And because you can't exactly sort a global user base by passport in real time, that meant pulling it for everyone. Including me, sat in Tyrol, watching my overnight run go cold. Anthropic did the right things, for what it's worth. They complied fast, they said out loud that they disagreed, and they're fighting to get it back. About as well as a vendor can behave in that situation. (As I write this it's still down. Anthropic reckon it's a misunderstanding and they're trying to get it restored, so maybe by the time you read this it's back up. Doesn't change a single thing about the point I'm making.) And it made absolutely no difference to me. That, right there, is the whole point of this post. The offer was the trap Wind back a few days. Fable 5 dropped as the best model anyone had shipped, and the offer was lov

2026-06-13 原文 →
AI 资讯

Stop Hand-Editing Fragile APT Lines: Practical deb822 `.sources` Files for Debian and Ubuntu

If you still manage APT repositories as long one-line deb ... entries, you are working with a format APT now explicitly marks as deprecated. It still works, but it is harder to read, harder to automate safely, and easier to get wrong when you add options like arch= or signed-by= . The better option is deb822 style .sources files. This post shows how to: read the structure of a .sources file migrate a legacy .list entry safely use Signed-By without falling back to apt-key disable a repository cleanly without deleting it verify that APT accepts the new configuration I am focusing on practical host administration, not packaging theory. Why move to deb822 now? The sources.list(5) man page now says the traditional one-line .list format is deprecated and may eventually be removed, though not before 2029. More importantly, deb822 solves real operational annoyances: fields are explicit instead of positional one stanza can describe multiple suites or types Enabled: no is cleaner than commenting lines in and out machine parsing is much easier Signed-By is clearer and safer in structured form On a current Debian host, you may already be using it without noticing: find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.sources' On my test system, the default Debian repository is already stored as /etc/apt/sources.list.d/debian.sources . The old format vs the new format A traditional one-line entry looks like this: deb [arch=amd64 signed-by=/etc/apt/keyrings/example.gpg] https://packages.example.com/apt stable main The same source in deb822 format becomes: Types: deb URIs: https://packages.example.com/apt Suites: stable Components: main Architectures: amd64 Signed-By: /etc/apt/keyrings/example.gpg That is the core win. Instead of cramming everything into one line and hoping spacing stays correct, each field says exactly what it means. Example 1, a clean Debian .sources file Here is a practical example for Debian using separate stanzas for the main archive and the security arch

2026-06-12 原文 →
AI 资讯

Run Untrusted AI Agent Code Safely with Azure Container Apps Sandboxes

Microsoft has announced the public preview of Azure Container Apps Sandboxes. This new ARM resource type is Microsoft.App/SandboxGroups, runs untrusted code generated by agents in hardware-isolated environments. Each sandbox starts from an OCI disk image in less than a second. It can scale to thousands of instances at once and costs nothing when idle. By Claudio Masolo

2026-06-12 原文 →
AI 资讯

I stopped trusting “same answers, fewer tokens” after watching an agent lose 1 field name and burn 3 hours

I used to hear the pitch for context compression and think: sure, makes sense. Smaller prompts. Lower latency. Lower cost. Same output quality. Then I watched an agent blow a perfectly good debugging session because one field name disappeared from compressed memory. That changed my opinion fast. Three hours into a Claude Code run, the agent made the wrong API call with full confidence. The plan looked coherent. The reasoning looked clean. The summary of prior steps sounded smart. It was also missing the one detail that mattered: a field name from an earlier error log. The agent had already seen the bug. It had already “understood” the bug. But the compressed version of history dropped the exact detail it needed to avoid repeating it. That’s the real failure mode. Not “compression loses words.” Compression loses the one fact your agent needs later, after it has already committed to the wrong action. While researching this, I found a thread on r/openclaw about using Headroom with OpenClaw: https://reddit.com/r/openclaw/comments/1u3j5xs/anyone_using_headroom_with_openclaw/ That thread gets at the real tension: compression is useful, but only if you treat it as a reversible optimization, not a memory wipe with better branding. The bug pattern nobody talks about Here’s the pattern I keep seeing in long-running agents: The agent collects a lot of noisy context. The team compresses it to save tokens. The summary preserves the broad story. The summary drops one edge-case fact. Two hours later, that fact becomes the only thing that matters. The agent confidently does the wrong thing. This is why “same answers, fewer tokens” is not a serious reliability claim for agent workflows. It might be true for some short chat tasks. It is absolutely not something I’d assume for: n8n agents Make scenarios Zapier AI steps OpenClaw sessions Claude Code runs custom OpenAI-compatible agent loops multi-step debugging or incident workflows In those systems, exact details matter more than eleg

2026-06-12 原文 →
AI 资讯

Ephemeral Inboxes: Spin Up a Mailbox Per Test Run

Two CI workers kick off at the same moment. Both sign up a test user, both poll the shared QA Gmail account for "the" verification email, and worker #7 grabs the message that belonged to worker #12. The test passes. The wrong test. You spend an afternoon staring at a green build that should've been red. Shared inboxes are the single biggest source of flakiness in email-dependent E2E tests, and every workaround — catch-all forwarding rules, label rules scoped per PR, OAuth tokens living on the runner — adds another moving part that breaks on its own schedule. The fix is structural: every test gets its own address, on infrastructure your suite provisions and destroys. One wildcard, infinite addresses The E2E email testing recipe sets this up with one CLI command: nylas inbound create e2e You get back an inbox ID and a wildcard pattern shaped like e2e-*@yourapp.nylas.email . From there, each test mints a unique address under the wildcard — e2e-<uuid>@yourapp.nylas.email — and there's nothing to provision per address. You don't pay or configure per address either; the wildcard is just a convention, so burn UUIDs freely. Mail flows through MX records hosted on the Nylas side, which means zero DNS work in your own zone (the tradeoff: addresses live under *.nylas.email ). The Playwright fixture is two pieces — an address minter and a poller: export const test = base . extend < Fixtures > ({ testEmail : async ({}, use ) => { await use ( `e2e- ${ randomUUID ()} @yourapp.nylas.email` ); }, pollInbox : async ({ testEmail }, use ) => { const poll = async ( timeoutMs = 30 _000 ) => { const deadline = Date . now () + timeoutMs ; while ( Date . now () < deadline ) { const out = execSync ( `nylas inbound messages ${ process . env . INBOX_ID } --json --limit 50` , ). toString (); const match = JSON . parse ( out ). find (( m ) => m . to . some (( t ) => t . email === testEmail ), ); if ( match ) return match ; await new Promise (( r ) => setTimeout ( r , 1500 )); } throw new Error (

2026-06-12 原文 →
AI 资讯

Datadog and AWS Shipped Ops Agents on the Same Day. What Are They Fighting Over?

On June 9, 2026 (US time), two big announcements landed on the same day. At the keynote of Datadog's annual event DASH 2026 in New York, the Bits AI family expanded significantly: Detection, Investigation, Remediation, Infrastructure, Code, Release, Testing, Data Analysis, Chat, Memories, and Evals. Counting by agent, that is more than ten, with over 100 new features announced together. The full picture is laid out in the keynote roundup. https://www.datadoghq.com/blog/dash-2026-new-feature-roundup-keynote/ The same day, AWS announced FinOps Agent as a public preview. It bundles four data sources, Cost Explorer, Cost Anomaly Detection, Cost Optimization Hub, and Compute Optimizer, and delivers automated cost-anomaly investigation, natural-language cost questions, periodic cost reports, and aggregated optimization opportunities straight into Slack and Jira. The details are in the AWS blog. https://aws.amazon.com/blogs/aws-cloud-financial-management/aws-finops-agent-is-now-public-preview/ AWS DevOps Agent had already gone GA in March, handling incident response. With FinOps Agent now added, AWS-built standard agents line up across the main operational domains. That said, DevOps Agent also covers multicloud and on-premises environments, so its scope differs from FinOps Agent, which targets AWS cost data. https://aws.amazon.com/blogs/mt/announcing-general-availability-of-aws-devops-agent/ On the surface, this looks like two separate stories: Datadog the monitoring platform, AWS the cloud provider. But read the two announcements side by side, and you see both reaching for the same territory, Ops, through different entrances. Line up their features and most of them overlap, so a surface spec comparison won't show the difference. This article sorts out the same-day releases by the two companies' positioning, asks what these very similar agent lineups are actually fighting over, and goes as far as the axes for telling them apart and the predictions that follow. This is writ

2026-06-12 原文 →
AI 资讯

Kubernetes kills your pod? Here's why

Your pods keep getting killed. Not crashing — killed. One moment they're running fine, the next they're gone and Kubernetes is spinning up replacements. You check the logs and there's nothing useful. The pod just… disappeared. Turns out Kubernetes killed it on purpose. And if you don't tell it how much memory your app actually needs, it'll keep doing it. Why Kubernetes evicts pods Kubernetes runs on nodes — physical or virtual machines that host your containers. Each node has a finite amount of CPU and memory. When a node runs low on resources, Kubernetes has to make a choice: which pods stay, and which ones get evicted to free up space. The decision comes down to QoS classes — Quality of Service tiers that Kubernetes assigns to every pod based on how you've configured resource requests and limits. There are three classes: BestEffort — no resource requests or limits defined. Kubernetes has no idea how much CPU or memory the pod needs. These get killed first. Burstable — requests and limits are defined, but they're different (e.g., requests: 256Mi , limits: 512Mi ). The pod is guaranteed the request amount, but can burst up to the limit. Killed second. Guaranteed — requests and limits are set to the same value. Kubernetes reserves exactly that amount of resources for the pod. Killed last. If your pods don't have resource configuration at all, they're running as BestEffort. And when the node hits memory pressure, BestEffort pods are the first to go — no questions asked. The Guaranteed class Setting your pod to the Guaranteed class is one line in your deployment config. Define requests and limits for both CPU and memory, and make them identical: resources : requests : memory : " 512Mi" cpu : " 500m" limits : memory : " 512Mi" cpu : " 500m" That's it. Kubernetes now knows this pod needs exactly 512 MiB of RAM and half a CPU core, and it reserves that capacity when scheduling the pod onto a node. If a node doesn't have 512 MiB available, the pod won't be placed there. An

2026-06-12 原文 →
AI 资讯

Error Budget Policies That Hold Leadership Accountable

Error budgets are useless without a policy. 'We're out of error budget' should trigger consequences. If it doesn't, you don't have an error budget — you have a vanity metric. Here's a policy that actually works. The four states Healthy (< 70% of budget used). Business as usual. Feature development proceeds at full speed. Watch (70-90% used). Feature velocity continues but new risky changes require explicit sign-off from an SRE. No gate, just attention. Constrained (90-100% used). Feature freezes. Only reliability work and critical bug fixes until we're back below 90%. Breached (> 100% used). Incident-level response. Leadership informed. Post-mortem for why we blew through. Feature work stays frozen until we recover and identify systemic causes. The part most policies miss The feature freeze in 'constrained' state is the part that actually changes behavior. Everything else is documentation. Without consequences, teams ignore the budget. The freeze has to be real . Leadership can't override it for a 'really important feature' — that's exactly the time the freeze matters. The only exception is a legitimate emergency fix, and those should be rare. Selling this to leadership Executives hate feature freezes. They see it as slowing the business. Counter-argument: feature freezes during budget exhaustion protect the business. Shipping features onto broken infrastructure creates more breakage, which burns more budget, which is a doom loop. Frame it as: 'the feature freeze is a safety valve. When it triggers, it's because something's wrong and we need to fix it before making it worse.' Also: a good policy lets you spend the budget aggressively when you have it. Feature teams should be encouraged to experiment, deploy fast, and take risks when you're at 30% budget used. The freeze is only for when the safety margin is gone. The review cadence Weekly error budget review, 15 minutes max. Who attended: SRE lead, engineering manager, maybe a PM. Decisions: are we in healthy/watch/

2026-06-12 原文 →