A story from OpenAI on how they scale Postgres.

While this is an interesting read, and you can definitely borrow some ideas from there; I got an impression that OpenAI is moving towards Azure’s CosmosDB from Postgres.

If a new feature requires additional tables, they must be in alternative sharded systems such as Azure CosmosDB rather than PostgreSQL.

—-

While we’re happy with how far PostgreSQL has taken us, we continue to push its limits to ensure we have sufficient runway for future growth. We’ve already migrated the shardable write-heavy workloads to our sharded systems like CosmosDB. The remaining write-heavy workloads are more challenging to shard—we’re actively migrating those as well to further offload writes from the PostgreSQL primary.

Cosmos DB, from my understanding, is a document-oriented DB from Microsoft, similar to MongoDB.

#databases

You know that I keep the most juicy articles for Friday, right?

AI Isn't Replacing SREs. It's Deskilling Them.

Here's the article. I leave you with that.


#sre #culture

These days all the talks are about AI.

My (hypothetical) SRECon26 keynote is an article from Charity Majors with her advice on how SREs should approach AI.

BTW, I’ve heard good things about SRECon. I don’t know if the upcoming SRECon Americas is the same as SRECon in Dublin in October, but maybe I should check that one out!

#sre #ai

4 ways to use Argo CD and Terraform together is an article on how to pass data between Terraform (or OpenTofu) and ArgoCD (or any other GitOps tool for that matter). For example, if you're creating a new infrastructure component and need to pass its endpoints to an app.


They pointed out quite explicitly, that you shouldn't just pass raw secrets around. However, they didn't mention any secret storage for whatever reason. For example, you can use vault_generic_secret resource to store credentials in Vault and then something like the External Secrets Operator to fetch them from there. I am not saying, you should, but you can.

P.S. This article was shared in our chat. Come join us! The chat is in Ukrainian, and it's usually fun!

#terraform #argocd #cd #kubernetes

So, Amazon pushed back on the Financial Times report about AI causing outages. This is not news.

However, they now require a senior engineer's approval on the AI generated code pushed by non-senior engineers, apparently. It's not clear, who should review AI code generated by seniors, though.

- Financial Times (paywalled).
- Opinion on Xitter.
- Discussion on Hacker News.

This is an interesting twist on the whole AI adoption, and it would be very interesting to see where it would go from here. At least, at Amazon.

P.S. As a bonus, here's a book bundle about LLMs and some related stuff, so you could review AI-generated code more efficiently!

#ai #aws #culture

A colleague of mine wrote an article on using Cloudflare Tunnels to securely connect to your self-hosted things. It specifically covers quirks of connecting mobile apps, since not all of them can handle auth redirects correctly.

This is a nice read if you have a home lab or anything self-hosted. However, you can also use Cloudflare Tunnels for your business cases, like exposing your staging backend to test mobile devices, etc.

#security #cloudflare

​​For today’s Donations Monday, I’d like to remind you about the UA Responders foundation that raises money for the rehabilitation of Ukrainian veterans.

#donations #Ukraine

I guess many of you are familiar with the concept of OKRs - Objective-Key-Results. OKRs have been around for quite some time. So, of course, there is a book about it.

Here is a short summary of this book by someone on the internet, alongside with their rating and recommendation for whom this book may be interesting.

Now, you can easily generate a book summary using AI these days. The summary itself is not the reason I want to share it with you. I think, writing such summaries is a great way of conceptualizing books for yourself in the first place. I keep telling myself, I should do this as well. Unfortunately, I am lazy :\

#books #okr #management

A former colleague of mine wrote an article on how to write better tests with AI.

I recall, there were debates, what should a human write: tests or the implementation. Now, there are debates on whether a human should open their IDE at all.

This article is front-end focused, but it has some actionable and more or less universal advice on how to make AI do tests better. At the end of the day, AI is just another tool and the whole trick is in how good do you apply it.

#ai #programming

A new issue of the CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-03-22

Should have come out on Friday, but alas.

#newsletter #digest

For today's Donations Monday, I'd like to share with you a Monobank jar from a friend of mine, who had his birthday last weekend.

https://send.monobank.ua/jar/AYR2HGkbxg

Jar card number:

4874100025989107

He currently serves in Armed Forces of Ukraine, and has a Telegram channel about books (in Ukrainian) that he still updates, albeit not as often as before for obvious reasons. You can subscribe there as well!

#donations #Monday

You may already know that Trivy - a popular security scanner - was compromised last Friday.

- Here is a report by Wiz about this breach.
- Here is another article that goes beyond the GitHub Actions exploit.

If you run Trivy in any form, including locally, double-check what and when you ran.

Check if you had in your CI logs lines like below. Especially, if you’re not using curl in your CI normally.

Terminate orphan process: pid (xxxx) (curl)

Check if you have this file on your local machine or a non-GHA executor: ~/.config/systemd/user/sysmon.py.

You may need to rotate a lot of credentials as a fallout of this breach.

Also, as harsh as it sounds, this line from one of the articles above makes sense:

~
Stop using Trivy. This isn’t the first time Aqua Security’s infrastructure has been compromised, and the `aqua-bot` account that enabled this attack was reportedly left exposed from a previous incident earlier in March that was never fully contained. That’s not a one-off failure; it’s an organizational pattern. A security scanning tool that can’t secure its own supply chain is a liability, not an asset. Remove `trivy-action` from your workflows and the Trivy CLI from your toolchains.

#security

Kubernetes' SIG Network released a Ingress2Gateway tool version 1.0.

This is a tool which aim is to help you to migrate your deprecated Nginx Ingress configuration to the new Gateway API. They do not advertise this tool as a one-click migration solution, but rather as a helper to recreate your manifests.

P.S. Cannot wait to see, how this tool would translate all the custom spaghetti server snippets for Nginx 😈

#kubernetes #networking

"From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out."

Official statement.

You can opt out in Copilot's "Privacy" settings, or migrate to Codeberg :D

#github #ai

I wish, I could say: "Good morning", but instead I say:

- axios Compromised on npm - Malicious Versions Drop Remote Access Trojan. Axios is an incredibly popular HTTP client for NodeJS, so if you use that, there's a high chance, you're affected.
- Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561

#security

Linux - The Good Stuff is a book bundle by No Starch Press that really has good stuff! Including the book I recommend to everyone starting with Linux - "How Linux Works" by Brian Ward and "The Linux Programming Interface" by Michael Kerrisk for those who want to know how Linux works, but on the API level.

There are some other interesting books as well. Yet, this bundle is not cheap: you have to pay at least €56 unlike the usual €20-25 to unlock it.

#books #linux

A new issue of CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-04-04

#digest #newsletter

​​From time to time, I share a standing jar for FPV drones for a guy from my wife’s hometown.

Today, I’d like to share a fundraiser for rehabilitation of his brother-in-arms, who lost his leg near Kostiantynivka. Now he needs to undergo a series of surgeries. Here’s a Monobank jar to help him financially:

https://send.monobank.ua/jar/5AmpbpVRxm

Card number:
4874 1000 2602 4938

#donations #Ukraine

Terragrunt has released version 1.0. According to them, this is not about a lot of brand-new features, but a commitment to backwards compatibility within the 1.x branch.

The press-release also has an overview of some features that Terragrunt has.

#terraform #terragrut #opentofu