Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News
Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

Teller's Tech - DevOps, SRE and Cloud Podcast

Overview
Episodes

Details

Ship It Weekly is a short, practical recap of what actually matters in DevOps, SRE, cloud infrastructure, and platform engineering.Each episode, your host Brian Teller walks through the latest outages, releases, tools, and incident writeups, then translates them into “here’s what this means for your systems” instead of just reading headlines. Expect a couple of main stories with context, a quick hit of tools or releases worth bookmarking, and the occasional segment on on-call, burnout, or team culture.This isn’t a certification prep show or a lab walkthrough. It’s aimed at people who are already working in the space and want to stay sharp without scrolling status pages, cloud updates, and blogs all week. You’ll hear about things like cloud provider incidents, Kubernetes and platform trends, Terraform and infrastructure changes, and real postmortems that are actually worth your time.Most episodes are 10–25 minutes, so you can catch up on the way to work or between meetings. Every now and then there will be a “special” focused on a big outage or a specific theme, but the default format is simple: what happened, why it matters, and what you might want to do about it in your own environment.If you’re the person people DM when something is broken in prod, or you’re building the cloud and platform everyone else ships on top of, Ship It Weekly is meant to be in your rotation.

Recent Episodes

AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk
MAY 14, 2026
AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk
<p>This episode of <strong>Ship It Weekly</strong> is about AI agents moving from helpful coding assistants into real operational actors. Brian covers GitHub making Copilot cloud agent tasks available through a REST API, Auth0 bringing authentication and authorization to MCP servers, Red Hat positioning Ansible as a trusted execution layer for agentic IT operations, and OpenAI Daybreak pushing AI deeper into security research and remediation.</p><p>The bigger thread this week is authority: what these agents can reach, what they can change, who approved the action, and who owns the outcome when something breaks.</p><p>Brian also covers Discord’s ScyllaDB automation work, AWS GuardDuty crypto mining detection, queues and back pressure, and a Datadog PostgreSQL case where an index scan was still painfully slow.</p><p></p><p><strong>Sponsored by Guardsquare </strong><a target="_blank" rel="noopener noreferrer nofollow" href="https://hubs.ly/Q04fJgkJ0"><strong>https://hubs.ly/Q04fJgkJ0</strong></a></p><p></p><p><strong>Links</strong></p><p>GitHub Copilot cloud agent tasks via REST API <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/">https://github.blog/changelog/2026-05-13-start-copilot-cloud-agent-tasks-via-the-rest-api/</a></p><p>GitHub REST API endpoints for agent tasks <a target="_blank" rel="noopener noreferrer nofollow" href="https://docs.github.com/en/rest/agent-tasks/agent-tasks">https://docs.github.com/en/rest/agent-tasks/agent-tasks</a></p><p>Auth0 Auth for MCP is now generally available <a target="_blank" rel="noopener noreferrer nofollow" href="https://auth0.com/blog/auth0-auth-for-mcp-servers-generally-available/">https://auth0.com/blog/auth0-auth-for-mcp-servers-generally-available/</a></p><p>Red Hat on Ansible as the execution layer for agentic IT <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.redhat.com/en/about/press-releases/red-hat-establishes-ansible-automation-platform-trusted-execution-layer-it-operations-agentic-era">https://www.redhat.com/en/about/press-releases/red-hat-establishes-ansible-automation-platform-trusted-execution-layer-it-operations-agentic-era</a></p><p>OpenAI Daybreak <a target="_blank" rel="noopener noreferrer nofollow" href="https://openai.com/daybreak/">https://openai.com/daybreak/</a></p><p>Discord automates ScyllaDB clusters at scale <a target="_blank" rel="noopener noreferrer nofollow" href="https://discord.com/blog/how-discord-automates-scylladb-clusters-at-scale">https://discord.com/blog/how-discord-automates-scylladb-clusters-at-scale</a></p><p>AWS GuardDuty crypto mining detection and prevention <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/security/detecting-and-preventing-crypto-mining-in-your-aws-environment/">https://aws.amazon.com/blogs/security/detecting-and-preventing-crypto-mining-in-your-aws-environment/</a></p><p>Queues do not absorb load, they delay failure <a target="_blank" rel="noopener noreferrer nofollow" href="https://dzone.com/articles/queues-dont-absorb-load-they-delay-bankruptcy">https://dzone.com/articles/queues-dont-absorb-load-they-delay-bankruptcy</a></p><p>Datadog on inefficient PostgreSQL index scans <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.datadoghq.com/blog/detect-inefficient-index-scans-with-dbm/">https://www.datadoghq.com/blog/detect-inefficient-index-scans-with-dbm/</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W20/">https://www.tellerstech.com/on-call-brief/2026-W20/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>
play-circle icon
23 MIN
Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail
MAY 8, 2026
Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail
<p>This episode of <strong>Ship It Weekly</strong> is about modern reliability getting squeezed from both directions. Old-school failures still hit hard, like broken DNSSEC, kernel privilege escalation bugs, and GitOps behavior changes. But newer automation layers add a second kind of risk, where AI agents, machine identity, and cloud control planes can do real damage fast when authority is too broad. Brian covers the Cursor and PocketOS production database wipe, the .de DNSSEC outage and Cloudflare’s response, Bluesky’s April outage postmortem, Argo CD v3.1.16 reaching end of life plus the v3.4.1 behavior change, Linux kernel CVE-2026-31431 under active exploitation, and why Google Cloud Agent Identity and AWS MCP Server GA both point to agents becoming first-class infrastructure actors.</p><p></p><p><strong>Sponsored by Guardsquare </strong><a target="_blank" rel="noopener noreferrer nofollow" href="https://hubs.ly/Q04fJgkJ0"><strong>https://hubs.ly/Q04fJgkJ0</strong></a></p><p></p><p><strong>Links</strong></p><p>Cursor / PocketOS production database wipe <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W19/">https://www.tellerstech.com/on-call-brief/2026-W19/</a></p><p>Cloudflare on the .de DNSSEC outage <a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.cloudflare.com/de-tld-outage-dnssec/">https://blog.cloudflare.com/de-tld-outage-dnssec/</a></p><p>Bluesky April 2026 outage postmortem <a target="_blank" rel="noopener noreferrer nofollow" href="https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2">https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-219ebg2</a></p><p>Argo CD releases: v3.1.16 final release and v3.4.1 behavior change <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/argoproj/argo-cd/releases">https://github.com/argoproj/argo-cd/releases</a></p><p>Linux kernel CVE-2026-31431 <a target="_blank" rel="noopener noreferrer nofollow" href="https://nvd.nist.gov/vuln/detail/CVE-2026-31431">https://nvd.nist.gov/vuln/detail/CVE-2026-31431</a></p><p>AWS bulletin for CVE-2026-31431 <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/">https://aws.amazon.com/security/security-bulletins/rss/2026-026-aws/</a></p><p>Google Cloud Agent Identity <a target="_blank" rel="noopener noreferrer nofollow" href="https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense">https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-security-governance-and-runtime-defense</a></p><p>AWS MCP Server is now generally available <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/">https://aws.amazon.com/blogs/aws/the-aws-mcp-server-is-now-generally-available/</a></p><p>Cross-region disaster recovery for Amazon EKS using AWS Backup <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/">https://aws.amazon.com/blogs/containers/cross-region-disaster-recovery-for-amazon-eks-using-aws-backup/</a></p><p>Google Ads new data retention policy starting June 1, 2026 <a target="_blank" rel="noopener noreferrer nofollow" href="https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html">https://ads-developers.googleblog.com/2026/05/new-data-retention-policy-for-google.html</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W19/">https://www.tellerstech.com/on-call-brief/2026-W19/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>
play-circle icon
21 MIN
Ship It Conversations: Gareth Kersey on IaCConf 2026, AI, and Corey Quinn’s Terraform Keynote
MAY 5, 2026
Ship It Conversations: Gareth Kersey on IaCConf 2026, AI, and Corey Quinn’s Terraform Keynote
<p>This is a guest conversation episode of <strong>Ship It Weekly</strong>, separate from the weekly news recaps.</p><p>This episode is not sponsored. I wanted to cover IaCConf because the theme lines up closely with what Ship It Weekly focuses on: infrastructure, platform engineering, DevOps, SRE, and how teams are adapting to AI-driven change.</p><p>In this Ship It: Conversations episode, I talk with Gareth Kersey about IaCConf 2026, a free virtual conference focused on infrastructure as code, platform engineering, DevOps, SRE, and infrastructure operations. The conference is May 14th 2026.</p><p>The main theme is “keeping pace.” Not just keeping pace with new tools, but keeping pace with the speed of software delivery now that AI is changing how quickly application teams can write, ship, and change code.</p><p>We talk about what that means for the infrastructure teams underneath it all: the people responsible for Terraform, Kubernetes, GitOps, policies, secrets, cost, security, rollback paths, and making sure faster delivery does not turn into faster chaos.</p><p>Gareth walks through the IaCConf 2026 agenda, including Corey Quinn’s keynote, AI and Terraform sessions, platform engineering panels, Kubernetes and Argo CD talks, AI agents managing infrastructure as code, governance challenges, and the risk of 10x code velocity becoming 10x operational risk.</p><p>The bigger theme here is that AI is not just changing how code gets written. It is changing the pressure on the systems around delivery. Infrastructure as code, platform engineering, policy, and operational guardrails matter even more when the pace of change goes up.</p><p><strong>Highlights</strong></p><p>• What “keeping pace” means for infrastructure, DevOps, SRE, and platform teams</p><p>• Why faster application development can create more downstream operational pressure</p><p>• Corey Quinn’s keynote, “AI Speaks Terraform Like a Tourist”</p><p>• How AI-generated infrastructure changes create new governance and review challenges</p><p>• Why infrastructure as code still matters as AI agents and automation become more common</p><p>• Sessions covering Terraform, Kubernetes, Argo CD, GitOps, platform engineering, and AI-driven workflows</p><p>• The risk of 10x code velocity turning into 10x operational risk</p><p>• How platform teams can support faster developers without giving up safety or governance</p><p>• Why IaCConf includes panels, demos, technical talks, and practitioner stories instead of only tool-specific content</p><p>• How IaCConf has grown from its first event in 2025 into a broader infrastructure community</p><p>• Why the event is trying to stay community-focused instead of becoming just another vendor marketing conference</p><p>• The role of feedback, future spotlight events, in-person meetups, and possible community spaces around IaCConf</p><p>• Why registering still makes sense even if you cannot attend live, since sessions are available afterward</p><p><strong>IaCConf links</strong></p><p>• IaCConf 2026 registration page - <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.iacconf.com/iacconf-2026">https://www.iacconf.com/iacconf-2026</a></p><p>• IaCConf LinkedIn page - <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.linkedin.com/showcase/iac-conf/">https://www.linkedin.com/showcase/iac-conf/</a></p><p>• IaCConf: <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.iacconf.com/">https://www.iacconf.com/</a></p><p>• IaCConf is supported by Spacelift: <a target="_blank" rel="noopener noreferrer nofollow" href="https://spacelift.com">https://spacelift.com</a></p><p><strong>Our links</strong></p><p>More episodes + show notes + links: <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm">https://shipitweekly.fm</a></p><p>On Call Brief: <a target="_blank" rel="noopener noreferrer nofollow" href="https://oncallbrief.com">https://oncallbrief.com</a></p>
play-circle icon
31 MIN
GitHub RCE, AI Agent Prompt Injection, and the New Reality: Your Developer Toolchain Is Production Now
MAY 1, 2026
GitHub RCE, AI Agent Prompt Injection, and the New Reality: Your Developer Toolchain Is Production Now
<p>This episode of <strong>Ship It Weekly</strong> is about the developer toolchain becoming part of production. Brian covers GitHub’s critical git push RCE, AI-assisted reverse engineering, prompt injection against AI agents in GitHub workflows, Elementary’s malicious CLI release, GitHub’s merge queue regression, Cal.com going closed source, and Copilot moving toward usage-based billing. Plus: MinIO’s repo archive, Ghostty leaving GitHub, Docker Hardened Images, and Azure DevOps security updates.</p><p><strong>Links</strong></p><p>GitHub git push RCE <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/">https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/</a></p><p>AI-assisted reverse engineering <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug">https://www.darkreading.com/application-security/reverse-engineering-ai-unearths-high-severity-github-bug</a></p><p>AI agents + GitHub Actions prompt injection <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/">https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/</a></p><p>Elementary malicious CLI release <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3">https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3</a></p><p>GitHub merge queue regression <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/news-insights/company-news/an-update-on-github-availability/">https://github.blog/news-insights/company-news/an-update-on-github-availability/</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="http://Cal.com">Cal.com</a> going closed source <a target="_blank" rel="noopener noreferrer nofollow" href="https://cal.com/blog/cal-com-goes-closed-source-why">https://cal.com/blog/cal-com-goes-closed-source-why</a></p><p>GitHub Copilot billing <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/">https://github.blog/news-insights/company-news/github-copilot-is-moving-to-usage-based-billing/</a></p><p>MinIO archived repo <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/minio/minio">https://github.com/minio/minio</a></p><p>Ghostty leaving GitHub <a target="_blank" rel="noopener noreferrer nofollow" href="https://mitchellh.com/writing/ghostty-leaving-github">https://mitchellh.com/writing/ghostty-leaving-github</a></p><p>Docker Hardened Images <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/">https://www.docker.com/blog/why-we-chose-the-harder-path-docker-hardened-images-one-year-later/</a></p><p>Azure DevOps security updates <a target="_blank" rel="noopener noreferrer nofollow" href="https://devblogs.microsoft.com/devops/one-click-security-scanning-and-org-wide-alert-triage-come-to-advanced-security/">https://devblogs.microsoft.com/devops/one-click-security-scanning-and-org-wide-alert-triage-come-to-advanced-security/</a></p><p>On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://oncallbrief.com/">https://oncallbrief.com/</a></p><p>More episodes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>
play-circle icon
25 MIN
Kubernetes 1.36, Gateway API v1.5, AWS Copilot End of Support, and Cloudflare Non-Human Identities
APR 24, 2026
Kubernetes 1.36, Gateway API v1.5, AWS Copilot End of Support, and Cloudflare Non-Human Identities
<p>This episode of <strong>Ship It Weekly</strong> is about platforms getting sharper about defaults, ownership, and the old paths they are no longer willing to quietly carry forever. Brian covers Kubernetes 1.36 and why it feels more like a cleanup-and-maturity release than a flashy feature dump, Gateway API v1.5 moving more networking behavior into the stable path, AWS Copilot CLI reaching end of support and what that means for teams still sitting on the older “easy” ECS workflow, Airbnb’s alert-development overhaul and why noisy or weak alerts are often a workflow problem long before they become an on-call problem, and Cloudflare’s push to treat scripts, agents, and third-party tools like real identities with real blast radius. He also hits the latest Azure DevOps Server patches and Google’s OTLP metrics support for Cloud Monitoring.</p><p><strong>Links</strong></p><p>Kubernetes v1.36 release <a target="_blank" rel="noopener noreferrer nofollow" href="https://kubernetes.io/blog/2026/04/22/kubernetes-v1-36-release/">https://kubernetes.io/blog/2026/04/22/kubernetes-v1-36-release/</a></p><p>Gateway API v1.5 <a target="_blank" rel="noopener noreferrer nofollow" href="https://kubernetes.io/blog/2026/04/21/gateway-api-v1-5/">https://kubernetes.io/blog/2026/04/21/gateway-api-v1-5/</a></p><p>AWS Copilot CLI end of support <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/containers/announcing-the-end-of-support-for-the-aws-copilot-cli/">https://aws.amazon.com/blogs/containers/announcing-the-end-of-support-for-the-aws-copilot-cli/</a></p><p>Airbnb on alert development <a target="_blank" rel="noopener noreferrer nofollow" href="https://medium.com/airbnb-engineering/it-wasnt-a-culture-problem-upleveling-alert-development-at-airbnb-01e2290eb0f5">https://medium.com/airbnb-engineering/it-wasnt-a-culture-problem-upleveling-alert-development-at-airbnb-01e2290eb0f5</a></p><p>Cloudflare on non-human identities, OAuth visibility, and scoped permissions <a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.cloudflare.com/improved-developer-security/">https://blog.cloudflare.com/improved-developer-security/</a></p><p>Azure DevOps Server April patches <a target="_blank" rel="noopener noreferrer nofollow" href="https://devblogs.microsoft.com/devops/april-patches-for-azure-devops-server/">https://devblogs.microsoft.com/devops/april-patches-for-azure-devops-server/</a></p><p>OTLP metrics for Google Cloud Monitoring <a target="_blank" rel="noopener noreferrer nofollow" href="https://cloud.google.com/blog/products/management-tools/otlp-opentelemetry-protocol-for-google-cloud-monitoring-metrics">https://cloud.google.com/blog/products/management-tools/otlp-opentelemetry-protocol-for-google-cloud-monitoring-metrics</a></p><p>Past episode where we talked about Cloudflare Mesh <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/ship-it-weekly/aws-interconnect-ga-cloudflare-mesh-gitlab-19-eks-auto-mode-and-opentelemetry-config/">https://www.tellerstech.com/ship-it-weekly/aws-interconnect-ga-cloudflare-mesh-gitlab-19-eks-auto-mode-and-opentelemetry-config/</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W16/">https://www.tellerstech.com/on-call-brief/2026-W16/</a></p><p>On Call Brief: <a target="_blank" rel="noopener noreferrer nofollow" href="https://oncallbrief.com/">https://oncallbrief.com/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>
play-circle icon
20 MIN