<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[Teller's Tech's Substack]]></title><description><![CDATA[Weekly DevOps, SRE, and platform engineering news, Ship It Weekly podcast episodes, and practical insights for engineers building production systems.]]></description><link>https://substack.tellerstech.com</link><image><url>https://substackcdn.com/image/fetch/$s_!SB2G!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcb70ac50-d834-479c-80ce-f10c70872b26_8372x8372.png</url><title>Teller&apos;s Tech&apos;s Substack</title><link>https://substack.tellerstech.com</link></image><generator>Substack</generator><lastBuildDate>Mon, 13 Jul 2026 22:53:36 GMT</lastBuildDate><atom:link href="https://substack.tellerstech.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[Teller's Tech]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[tellerstech@gmail.com]]></webMaster><itunes:owner><itunes:email><![CDATA[tellerstech@gmail.com]]></itunes:email><itunes:name><![CDATA[Teller's Tech]]></itunes:name></itunes:owner><itunes:author><![CDATA[Teller's Tech]]></itunes:author><googleplay:owner><![CDATA[tellerstech@gmail.com]]></googleplay:owner><googleplay:email><![CDATA[tellerstech@gmail.com]]></googleplay:email><googleplay:author><![CDATA[Teller's Tech]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[On Call Brief — Week 28, 2026]]></title><description><![CDATA[This week&#8217;s On Call Brief is live &#8212; a curated read for SRE, DevOps, and platform engineers on call.]]></description><link>https://substack.tellerstech.com/p/on-call-brief-week-28-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/on-call-brief-week-28-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 12 Jul 2026 14:01:18 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!fs1S!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!fs1S!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!fs1S!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 424w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 848w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" width="1200" height="675" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:675,&quot;width&quot;:1200,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Cloud News &#8212; On Call Brief topic banner illustration&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Cloud News &#8212; On Call Brief topic banner illustration" title="Cloud News &#8212; On Call Brief topic banner illustration" srcset="https://substackcdn.com/image/fetch/$s_!fs1S!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 424w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 848w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>This week&#8217;s On Call Brief is live &#8212; a curated read for SRE, DevOps, and platform engineers on call.</p><p>Read the full issue (searchable, with topic links):</p><p><a href="https://www.tellerstech.com/on-call-brief-news/2026-W28/?utm_source=substack&amp;utm_medium=email&amp;utm_campaign=2026-W28">https://www.tellerstech.com/on-call-brief-news/2026-W28/?utm_source=substack&amp;utm_medium=email&amp;utm_campaign=2026-W28</a></p><p>Want the brief in your inbox every Sunday? Subscribe for the full email edition (not this Substack note):</p><p><a href="https://oncallbrief.com/">https://oncallbrief.com</a></p><p>&#8212; Teller&#8217;s Tech</p>]]></content:encoded></item><item><title><![CDATA[EKS Rollbacks, GitHub Actions Supply Chain Attacks, AI Agentjacking, CloudWatch Log Alarms, and Why Safety Nets Don’t Replace Ownership]]></title><description><![CDATA[This week on Ship It Weekly: Amazon EKS added Kubernetes version rollbacks, Novee Security published Cordyceps research on GitHub Actions supply chain risk, Tenet Security showed how fake telemetry can hijack AI coding agents, and Amazon CloudWatch added alarms directly from log queries.]]></description><link>https://substack.tellerstech.com/p/eks-rollbacks-github-actions-supply-d48</link><guid isPermaLink="false">https://substack.tellerstech.com/p/eks-rollbacks-github-actions-supply-d48</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 10 Jul 2026 08:00:00 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/206413848/48835c8ad4d85a1c82d78721d74bf31b.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This week on <strong>Ship It Weekly</strong>: Amazon EKS added Kubernetes version rollbacks, Novee Security published Cordyceps research on GitHub Actions supply chain risk, Tenet Security showed how fake telemetry can hijack AI coding agents, and Amazon CloudWatch added alarms directly from log queries.</p><p>The theme: safety nets are getting better, but the blast radius is getting wider. Rollback buttons, log alarms, zone-aware routing, secret scanning, and AI agent workflows all help, but they do not replace ownership.</p><p>Brian covers why EKS rollbacks are useful but not a substitute for real upgrade discipline, why GitHub Actions YAML is production code with credentials, how fake Sentry telemetry can become hostile agent context, and why easier log-based alarms can also mean easier pager noise.</p><p>In the lightning round: ECS Service Connect zone-aware routing, etcd 3.7, GitHub innersource advisories, secret scanning metadata improvements, and CloudWatch Application Signals service events.</p><p><strong>Links</strong></p><p>Amazon EKS Kubernetes version rollbacks <a href="https://aws.amazon.com/blogs/aws/upgrade-amazon-eks-clusters-with-confidence-using-kubernetes-version-rollbacks/">https://aws.amazon.com/blogs/aws/upgrade-amazon-eks-clusters-with-confidence-using-kubernetes-version-rollbacks/</a></p><p>Novee Security: Cordyceps supply chain research <a href="https://novee.security/blog/cordyceps/">https://novee.security/blog/cordyceps/</a></p><p>Tenet Security: Agentjacking through fake Sentry errors <a href="https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/">https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/</a></p><p>Amazon CloudWatch log query alarms <a href="https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-cloudwatch-log-alarms/">https://aws.amazon.com/about-aws/whats-new/2026/07/amazon-cloudwatch-log-alarms/</a></p><p>ECS Service Connect zone-aware routing <a href="https://aws.amazon.com/about-aws/whats-new/2026/07/ecs-service-connect-zone-aware/">https://aws.amazon.com/about-aws/whats-new/2026/07/ecs-service-connect-zone-aware/</a></p><p>etcd 3.7 announcement <a href="https://etcd.io/blog/2026/announcing-etcd-3.7/">https://etcd.io/blog/2026/announcing-etcd-3.7/</a></p><p>GitHub innersource security advisories <a href="https://github.blog/changelog/2026-07-08-innersource-security-advisories-are-generally-available/">https://github.blog/changelog/2026-07-08-innersource-security-advisories-are-generally-available/</a></p><p>GitHub secret scanning extended metadata and multipart validation <a href="https://github.blog/changelog/2026-07-07-secret-scanning-extended-metadata-and-multipart-validation/">https://github.blog/changelog/2026-07-07-secret-scanning-extended-metadata-and-multipart-validation/</a></p><p>CloudWatch Application Signals service events <a href="https://aws.amazon.com/about-aws/whats-new/2026/06/cloudwatch-service-events/">https://aws.amazon.com/about-aws/whats-new/2026/06/cloudwatch-service-events/</a></p><p><strong>Our Links</strong></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief-news/2026-W28/">https://www.tellerstech.com/on-call-brief-news/2026-W28/</a></p><p>More episodes and full show notes <a href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>]]></content:encoded></item><item><title><![CDATA[Ship It Conversations: Evan Phoenix of Miren on Deployment Pain, Terraform, Waypoint, and Better Defaults for Small Teams]]></title><description><![CDATA[This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.]]></description><link>https://substack.tellerstech.com/p/ship-it-conversations-evan-phoenix</link><guid isPermaLink="false">https://substack.tellerstech.com/p/ship-it-conversations-evan-phoenix</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Mon, 06 Jul 2026 21:00:06 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/205669379/136008bd330e5a56f94a43fc58b76634.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This is a guest conversation episode of <strong>Ship It Weekly,</strong> separate from the weekly news recaps.</p><p>In this Ship It: Conversations episode, I talk with Evan Phoenix of Miren about why deployment is still painful, what teams keep getting wrong when they try to simplify it, and why small teams may need better defaults more than more platform knobs.</p><p>Evan is the CEO of Miren. He previously worked on Terraform Enterprise and Waypoint at HashiCorp, and he also built Puma and Rubinius.</p><p>We talk about deployment as the &#8220;final boss&#8221; of software delivery. Not because teams do not know how to ship code, but because deployment is where everything collides: runtimes, registries, secrets, networking, cloud services, databases, rollbacks, and the internal platform nobody wants to touch anymore.</p><p>A big theme is opinionated tooling. Engineers often say they want flexibility, but many teams are really asking for good defaults, a clear happy path, and fewer decisions to own.</p><p>We also get into Terraform Enterprise, Terraform Cloud, Terragrunt, OpenTofu, Waypoint, Kubernetes, Heroku, ECS, container registries, and how AI changes the deployment conversation. AI can generate infrastructure code, but when that setup breaks, someone still has to understand it and be on call for it.</p><p><strong>Highlights</strong></p><p>&#8226; Why deployment is still painful after years of platforms and abstractions</p><p>&#8226; What Evan learned from Terraform Enterprise and Waypoint</p><p>&#8226; Why Terraform structure, state, modules, and repo layout remain hard</p><p>&#8226; Why OpenTofu gained traction beyond the Terraform licensing change</p><p>&#8226; Why Kubernetes can be too much surface area for some teams</p><p>&#8226; What small teams actually need from deployment tooling</p><p>&#8226; How AI changes infrastructure and deployment workflows</p><p>&#8226; Why generated infrastructure still needs ownership and accountability</p><p><strong>Links</strong></p><p>&#8226; Miren: <a href="https://miren.dev/">https://miren.dev</a></p><p>&#8226; Miren on GitHub: <a href="https://github.com/mirendev">https://github.com/mirendev</a></p><p>&#8226; Evan Phoenix: <a href="https://evanphx.dev/">https://evanphx.dev</a></p><p>&#8226; Evan on Bluesky: <a href="https://bsky.app/profile/evanphx.dev">https://bsky.app/profile/evanphx.dev</a></p><p>&#8226; Evan on Linkedin: <a href="https://www.linkedin.com/in/evanphoenix/">https://www.linkedin.com/in/evanphoenix/</a></p><p><strong>Things mentioned</strong></p><p>&#8226; Terraform Enterprise: <a href="https://developer.hashicorp.com/terraform/enterprise">https://developer.hashicorp.com/terraform/enterprise</a></p><p>&#8226; Terraform Cloud: <a href="https://developer.hashicorp.com/terraform/cloud-docs">https://developer.hashicorp.com/terraform/cloud-docs</a></p><p>&#8226; Terragrunt: <a href="https://terragrunt.gruntwork.io/">https://terragrunt.gruntwork.io</a></p><p>&#8226; OpenTofu: <a href="https://opentofu.org/">https://opentofu.org</a></p><p>&#8226; HashiCorp Waypoint: <a href="https://github.com/hashicorp/waypoint">https://github.com/hashicorp/waypoint</a></p><p>&#8226; Knative: <a href="https://knative.dev/">https://knative.dev</a></p><p><strong>Our links</strong></p><p>More episodes + show notes: <a href="https://shipitweekly.fm/">https://shipitweekly.fm</a></p><p>On Call Brief: <a href="https://oncallbrief.com/">https://oncallbrief.com</a></p>]]></content:encoded></item><item><title><![CDATA[On Call Brief — Week 27, 2026]]></title><description><![CDATA[This week&#8217;s On Call Brief is live &#8212; a curated read for SRE, DevOps, and platform engineers on call.]]></description><link>https://substack.tellerstech.com/p/on-call-brief-week-27-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/on-call-brief-week-27-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 05 Jul 2026 14:01:56 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!fs1S!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!fs1S!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!fs1S!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 424w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 848w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" width="1200" height="675" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:675,&quot;width&quot;:1200,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Cloud News &#8212; On Call Brief topic banner illustration&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Cloud News &#8212; On Call Brief topic banner illustration" title="Cloud News &#8212; On Call Brief topic banner illustration" srcset="https://substackcdn.com/image/fetch/$s_!fs1S!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 424w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 848w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption"></figcaption></figure></div><p>This week&#8217;s On Call Brief is live &#8212; a curated read for SRE, DevOps, and platform engineers on call.</p><p>Read the full issue (searchable, with topic links):</p><p><a href="https://www.tellerstech.com/on-call-brief-news/2026-W27/?utm_source=substack&amp;utm_medium=email&amp;utm_campaign=2026-W27">https://www.tellerstech.com/on-call-brief-news/2026-W27/?utm_source=substack&amp;utm_medium=email&amp;utm_campaign=2026-W27</a></p><p>Want the brief in your inbox every Sunday? Subscribe for the full email edition (not this Substack note):</p><p><a href="https://oncallbrief.com/">https://oncallbrief.com</a></p><p>&#8212; Teller&#8217;s Tech</p>]]></content:encoded></item><item><title><![CDATA[Amazon Q CVEs, Hijacked npm and Go Packages, AWS WAF HTTP/2 Issues, Lambda MicroVMs, and Why Execution Is the Boundary Now]]></title><description><![CDATA[This week on Ship It Weekly: Amazon Q Developer and the AWS language servers had a pair of trust-boundary CVEs, JFrog found hijacked npm and Go packages using hidden VS Code tasks to run malware when a workspace opens, AWS WAF had HTTP/2 request-body inspection issues, and AWS introduced Lambda MicroVMs for running user-generated and AI-generated code in isolated sandboxes.]]></description><link>https://substack.tellerstech.com/p/amazon-q-cves-hijacked-npm-and-go</link><guid isPermaLink="false">https://substack.tellerstech.com/p/amazon-q-cves-hijacked-npm-and-go</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 03 Jul 2026 01:27:04 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/204769408/5d2d06d1959e4e02c1de608cc790922a.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This week on <strong>Ship It Weekly</strong>: Amazon Q Developer and the AWS language servers had a pair of trust-boundary CVEs, JFrog found hijacked npm and Go packages using hidden VS Code tasks to run malware when a workspace opens, AWS WAF had HTTP/2 request-body inspection issues, and AWS introduced Lambda MicroVMs for running user-generated and AI-generated code in isolated sandboxes.</p><p>The bigger theme: execution is the boundary now. The repo, the IDE, the AI assistant, the WAF, and the sandbox all sit at the point where something gets to run, inspect, block, or decide. Before execution, trust is a policy. After execution, trust is a blast radius.</p><p>In the lightning round, Brian covers GitHub&#8217;s record advisory volume, Git 2.55, Valkey 9.1 on Amazon ElastiCache, and a quick Fable 5 callback now that Anthropic&#8217;s Fable 5 is back online.</p><p><strong>Links</strong></p><p>AWS security bulletin: Amazon Q / AWS language server CVEs <a href="https://aws.amazon.com/security/security-bulletins/2026-047-aws/">https://aws.amazon.com/security/security-bulletins/2026-047-aws/</a></p><p>JFrog: Hijacked npm packages using VS Code tasks <a href="https://research.jfrog.com/post/hijacked-npm-vscode-tasks-blockchain/">https://research.jfrog.com/post/hijacked-npm-vscode-tasks-blockchain/</a></p><p>AWS security bulletin: AWS WAF HTTP/2 inspection issues <a href="https://aws.amazon.com/security/security-bulletins/2026-048-aws/">https://aws.amazon.com/security/security-bulletins/2026-048-aws/</a></p><p>AWS Lambda MicroVMs <a href="https://aws.amazon.com/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms/">https://aws.amazon.com/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms/</a></p><p>GitHub Advisory Database record volume <a href="https://github.blog/security/supply-chain-security/inside-the-advisory-database-and-what-happens-when-vulnerability-volume-breaks-records/">https://github.blog/security/supply-chain-security/inside-the-advisory-database-and-what-happens-when-vulnerability-volume-breaks-records/</a></p><p>Git 2.55 highlights <a href="https://github.blog/open-source/git/highlights-from-git-2-55/">https://github.blog/open-source/git/highlights-from-git-2-55/</a></p><p>Amazon ElastiCache Valkey 9.1 <a href="https://aws.amazon.com/blogs/database/announcing-valkey-9-1-for-amazon-elasticache/">https://aws.amazon.com/blogs/database/announcing-valkey-9-1-for-amazon-elasticache/</a></p><p>Claude Fable 5 and Mythos 5 model docs <a href="https://platform.claude.com/docs/en/about-claude/models/introducing-claude-fable-5-and-claude-mythos-5">https://platform.claude.com/docs/en/about-claude/models/introducing-claude-fable-5-and-claude-mythos-5</a></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief-news/2026-W27/">https://www.tellerstech.com/on-call-brief-news/2026-W27/</a></p><p>More episodes and full show notes </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>]]></content:encoded></item><item><title><![CDATA[On Call Brief — Week 26, 2026]]></title><description><![CDATA[This week&#8217;s On Call Brief is live &#8212; a curated read for SRE, DevOps, and platform engineers on call.]]></description><link>https://substack.tellerstech.com/p/oncallbrief-26th-week-of-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/oncallbrief-26th-week-of-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 28 Jun 2026 14:02:48 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!fs1S!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!fs1S!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!fs1S!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 424w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 848w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg" width="1200" height="675" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:675,&quot;width&quot;:1200,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Cloud News &#8212; On Call Brief topic banner illustration&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Cloud News &#8212; On Call Brief topic banner illustration" title="Cloud News &#8212; On Call Brief topic banner illustration" srcset="https://substackcdn.com/image/fetch/$s_!fs1S!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 424w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 848w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!fs1S!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef104883-fbb9-49fb-ab38-a05d4d8ad8fb_1200x675.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>This week&#8217;s On Call Brief is live &#8212; a curated read for SRE, DevOps, and platform engineers on call.</p><p>Read the full issue (searchable, with topic links):</p><p><a href="https://www.tellerstech.com/on-call-brief-news/2026-W26/?utm_source=substack&amp;utm_medium=email&amp;utm_campaign=2026-W26">https://www.tellerstech.com/on-call-brief-news/2026-W26/?utm_source=substack&amp;utm_medium=email&amp;utm_campaign=2026-W26</a></p><p>Want the brief in your inbox every Sunday? Subscribe for the full email edition (not this Substack note):</p><p><a href="https://oncallbrief.com/">https://oncallbrief.com</a></p><p>&#8212; Teller&#8217;s Tech</p>]]></content:encoded></item><item><title><![CDATA[Ship It Conversations: Kat Traxler of Vectra AI on AI Security, the Zero-Day Clock, IAM, and Cloud Risk]]></title><description><![CDATA[This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.]]></description><link>https://substack.tellerstech.com/p/ship-it-conversations-kat-traxler</link><guid isPermaLink="false">https://substack.tellerstech.com/p/ship-it-conversations-kat-traxler</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 28 Jun 2026 13:03:15 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/203652695/7c920b5fbc563665ac2e6746533cbe40.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This is a guest conversation episode of <strong>Ship It Weekly</strong>, separate from the weekly news recaps.</p><p>In this Ship It: Conversations episode, I talk with Kat Traxler of Vectra AI about AI security, the zero-day clock, IAM, cloud risk, AI-assisted bug hunting, and why the scariest future security problems may still start with the boring fundamentals teams already struggle with today.</p><p>Kat is a Principal Security Researcher at Vectra AI focused on abuse techniques and vulnerabilities in the public cloud, especially around the intersection of cloud security, AppSec, IAM, managed identities, and insecure-by-design flaws.</p><p>We talk about the current AI security mood, from the excitement around faster research and bug hunting to the fear that AI could shrink the window between vulnerability disclosure and exploitation. Kat explains the &#8220;San Francisco Consensus,&#8221; why the zero-day clock is getting so much attention, and why she thinks the facts may be real while some of the conclusions are overextended.</p><p>The bigger theme here is that AI is absolutely changing security work, but it does not erase the fundamentals. Attackers still take the lowest-friction path that works. For most teams, that still means credentials, IAM, misconfigurations, known vulnerabilities, and systems that were never threat-modeled as deeply as people assume.</p><p><strong>Highlights</strong></p><p>&#8226; Why AI security feels exciting and unsettling at the same time</p><p>&#8226; What the &#8220;San Francisco Consensus&#8221; means and why people are talking about the zero-day clock</p><p>&#8226; How AI may shrink the time between vulnerability disclosure and exploitation</p><p>&#8226; Why Kat is skeptical of the full &#8220;zero-day apocalypse&#8221; narrative</p><p>&#8226; Why credentials, IAM, misconfigurations, and known vulnerabilities still matter most for many teams</p><p>&#8226; How AI helps narrow the search space in bug hunting and security research</p><p>&#8226; Where AI is useful for code-level bugs, and where it still struggles with context and threat modeling</p><p>&#8226; Why human expertise still matters when using AI for writing, research, and cloud security analysis</p><p>&#8226; Why IAM remains hard because it sits at the intersection of people, access, and technology</p><p>&#8226; What insecure-by-design flaws are, and why AI may not solve those anytime soon</p><p><strong>Kat / Vectra AI links</strong></p><p>&#8226; Kat Traxler at Vectra AI: <a href="https://www.vectra.ai/about/author/kat-traxler">https://www.vectra.ai/about/author/kat-traxler</a></p><p>&#8226; Kat&#8217;s site: <a href="https://kattraxler.cloud/">https://kattraxler.cloud/</a></p><p>&#8226; The San Francisco Consensus: <a href="https://kattraxler.cloud/the-san-francisco-consensus/">https://kattraxler.cloud/the-san-francisco-consensus/</a></p><p>&#8226; Kat on X: <a href="https://x.com/NightmareJS">https://x.com/NightmareJS</a></p><p>&#8226; Vectra AI: <a href="https://www.vectra.ai/">https://www.vectra.ai/</a></p><p><strong>Our links</strong></p><p>More episodes + show notes + links: <a href="https://shipitweekly.fm/">https://shipitweekly.fm</a></p><p>On Call Brief: <a href="https://oncallbrief.com/">https://oncallbrief.com</a></p>]]></content:encoded></item><item><title><![CDATA[containerd CRI Vulnerabilities, Datadog PostgreSQL HA on Kubernetes, AWS DevOps Agent with Datadog MCP Server, EKS Control Plane Egress, and Why Users Feel the Wait]]></title><description><![CDATA[This week on Ship It Weekly: containerd disclosed a batch of CRI plugin vulnerabilities, Datadog tested PostgreSQL high availability on Kubernetes and found that failover is not useful if it cannot happen safely, AWS DevOps Agent and Datadog MCP Server moved AI incident response closer to real production workflows, and Amazon EKS added customer-routed control-plane egress.]]></description><link>https://substack.tellerstech.com/p/containerd-cri-vulnerabilities-datadog</link><guid isPermaLink="false">https://substack.tellerstech.com/p/containerd-cri-vulnerabilities-datadog</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 26 Jun 2026 04:17:17 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/203650338/50c0c7316abc3d3be33b05d2651e3dc9.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This week on <strong>Ship It Weekly</strong>: containerd disclosed a batch of CRI plugin vulnerabilities, Datadog tested PostgreSQL high availability on Kubernetes and found that failover is not useful if it cannot happen safely, AWS DevOps Agent and Datadog MCP Server moved AI incident response closer to real production workflows, and Amazon EKS added customer-routed control-plane egress.</p><p>The bigger theme: the control plane keeps getting wider. Runtimes, databases, incident agents, API-server egress, credentials, the cloud console, and object metadata are all becoming part of the production blast radius. And when something breaks, users do not experience your architecture diagram. They experience waiting.</p><p>In the lightning round, Brian covers GitHub self-service credential revocation for incident response, AWS Management Console Private Access without internet connectivity, Vercel Connect and short-lived agent credentials, and Amazon S3 annotations.</p><p><strong>Links</strong></p><p>containerd CRI plugin vulnerabilities / AWS security bulletin <a href="https://aws.amazon.com/security/security-bulletins/2026-046-aws/">https://aws.amazon.com/security/security-bulletins/2026-046-aws/</a></p><p>Datadog: PostgreSQL high availability on Kubernetes <a href="https://www.datadoghq.com/blog/engineering/postgresql-ha-kubernetes/">https://www.datadoghq.com/blog/engineering/postgresql-ha-kubernetes/</a></p><p>AWS DevOps Agent and Datadog MCP Server <a href="https://aws.amazon.com/blogs/devops/production-ready-autonomous-incident-resolution-with-aws-devops-agent-now-ga-and-datadog-mcp-server/">https://aws.amazon.com/blogs/devops/production-ready-autonomous-incident-resolution-with-aws-devops-agent-now-ga-and-datadog-mcp-server/</a></p><p>Amazon EKS customer-routed control-plane egress <a href="https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-control-plane-egress-through-your-vpc/">https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-control-plane-egress-through-your-vpc/</a></p><p>GitHub self-service credential revocation for incident response <a href="https://github.blog/changelog/2026-06-24-self-service-credential-revocation-for-incident-response/">https://github.blog/changelog/2026-06-24-self-service-credential-revocation-for-incident-response/</a></p><p>AWS Management Console Private Access <a href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-management-console-private/">https://aws.amazon.com/about-aws/whats-new/2026/06/aws-management-console-private/</a></p><p>Vercel Connect <a href="https://vercel.com/blog/introducing-vercel-connect">https://vercel.com/blog/introducing-vercel-connect</a></p><p>Amazon S3 annotations <a href="https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/">https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/</a></p><p>Marc Brooker: Waiting, latency, MTTR, and the inspection paradox <a href="https://brooker.co.za/blog/2026/06/19/waiting.html">https://brooker.co.za/blog/2026/06/19/waiting.html</a></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief-news/2026-W26/">https://www.tellerstech.com/on-call-brief-news/2026-W26/</a></p><p>More episodes and full show notes </p><p><a href="https://www.shipitweekly.fm/">https://www.shipitweekly.fm</a></p>]]></content:encoded></item><item><title><![CDATA[Ship It Conversations: Guardsquare’s Joel DeStefano on Mobile App Security, Runtime Protection, App Hardening, and Why Scanning Isn’t Enough]]></title><description><![CDATA[This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.]]></description><link>https://substack.tellerstech.com/p/ship-it-conversations-guardsquares</link><guid isPermaLink="false">https://substack.tellerstech.com/p/ship-it-conversations-guardsquares</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 21 Jun 2026 14:03:24 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/202680989/974a7ed654962cc89dc2aced4c797094.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This is a guest conversation episode of <strong>Ship It Weekly</strong>, separate from the weekly news recaps.</p><p>In this Ship It: Conversations episode, I talk with Joel DeStefano from Guardsquare about mobile app security, why it is different from backend and cloud security, and why scanning alone is not enough once an app is shipped into the real world.</p><p>We talk about the shift in trust model that happens with mobile apps. In backend and cloud systems, teams usually have more control over the runtime, infrastructure, policies, and monitoring. With mobile, the app becomes a public artifact running on someone else&#8217;s device, in an environment you do not fully control.</p><p>The bigger theme here is that mobile security is not just &#8220;scan it before release.&#8221; Scanning matters, but teams also need to think about app hardening, obfuscation, runtime protection, monitoring, and whether the app connecting back to their APIs is genuine and uncompromised.</p><p><strong>Highlights</strong></p><p>&#8226; Why mobile changes the trust model compared to backend and cloud systems</p><p>&#8226; What DevOps, SRE, and platform teams should understand about mobile app risk</p><p>&#8226; Why scanning is useful, but not enough by itself</p><p>&#8226; The danger of assuming app store approval means an app is secure</p><p>&#8226; Why &#8220;we do not store sensitive data in the app&#8221; can be a misleading security argument</p><p>&#8226; How attackers can reverse engineer apps, inspect workflows, and learn how the app talks to backend APIs</p><p>&#8226; What code hardening and obfuscation actually help protect against</p><p>&#8226; Why runtime checks matter for rooted devices, compromised environments, debuggers, hooking frameworks, overlays, and accessibility abuse</p><p>&#8226; The difference between Android and iOS security assumptions</p><p>&#8226; Why the OS is not responsible for protecting your app&#8217;s business logic</p><p>&#8226; How mobile security should fit into CI/CD without destroying release velocity</p><p>&#8226; What should block a release versus what should become tracked risk</p><p>&#8226; Why testing, hardening, runtime protection, and monitoring should work together as one strategy</p><p>&#8226; How AI may speed up attackers without fundamentally changing the need for strong security fundamentals</p><p>&#8226; Joel&#8217;s advice for improving mobile security posture: start with the app&#8217;s critical workflows, backend interactions, and real business risk</p><p><strong>Joel / Guardsquare links</strong></p><p>&#8226; Guardsquare: <a href="https://hubs.ly/Q04fJgkJ0">https://hubs.ly/Q04fJgkJ0</a></p><p>&#8226; Guardsquare Blog: <a href="https://www.guardsquare.com/blog">https://www.guardsquare.com/blog</a></p><p><strong>OWASP mobile security links</strong></p><p>&#8226; OWASP Mobile Application Security: <a href="https://owasp.org/www-project-mobile-app-security/">https://owasp.org/www-project-mobile-app-security/</a></p><p>&#8226; OWASP MASVS: <a href="https://mas.owasp.org/MASVS/">https://mas.owasp.org/MASVS/</a></p><p><strong>Our links</strong></p><p>More episodes + show notes + links: </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm</a></p><p>On Call Brief: </p><p><a href="https://oncallbrief.com/">https://oncallbrief.com</a></p>]]></content:encoded></item><item><title><![CDATA[OnCallBrief - 25th Week of 2026]]></title><description><![CDATA[https://www.tellerstech.com/on-call-brief-news/2026-W25/]]></description><link>https://substack.tellerstech.com/p/oncallbrief-25th-week-of-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/oncallbrief-25th-week-of-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 21 Jun 2026 12:03:58 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SB2G!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcb70ac50-d834-479c-80ce-f10c70872b26_8372x8372.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><a href="https://www.tellerstech.com/on-call-brief-news/2026-W25/">https://www.tellerstech.com/on-call-brief-news/2026-W25/</a></p>]]></content:encoded></item><item><title><![CDATA[PeopleSoft Zero-Day Exploited, npm v12 Install Script Changes, GitHub Agentic Tokens, Anthropic Model Risk, and Default Trust Breaking]]></title><description><![CDATA[This episode of Ship It Weekly is about default trust getting punished.]]></description><link>https://substack.tellerstech.com/p/peoplesoft-zero-day-exploited-npm</link><guid isPermaLink="false">https://substack.tellerstech.com/p/peoplesoft-zero-day-exploited-npm</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 19 Jun 2026 05:01:19 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/202677786/1ad06951a55b0f1a423a85c6e09b64c7.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This episode of <strong>Ship It Weekly</strong> is about default trust getting punished. Brian covers Oracle&#8217;s emergency PeopleSoft advisory for CVE-2026-35273, npm v12 changing install-script defaults, GitHub Agentic Workflows moving away from long-lived personal access tokens, and Anthropic disabling Fable 5 and Mythos 5 after a U.S. export-control directive. The common thread: legacy ERP systems, package installs, CI/CD agents, and AI models all become production risks when teams trust the default without checking what that trust can actually do.</p><p>In the lightning round, Brian covers Tekton CloudEvents moving to a dedicated events controller, NVIDIA Triton Inference Server 26.04 changing inference defaults, AWS Nitro Isolation Engine bringing formal verification to Graviton5-based isolation, and Homebrew 6.0 adding explicit trust for third-party taps. The bigger theme: production does not care why you trusted the default. It only cares what that default was allowed to do.</p><p>The bigger theme: production does not care why you trusted the default. It only cares what that default was allowed to do.</p><p><strong>Links</strong></p><p>Oracle PeopleSoft CVE-2026-35273 advisory <a href="https://www.oracle.com/security-alerts/alert-cve-2026-35273.html">https://www.oracle.com/security-alerts/alert-cve-2026-35273.html</a></p><p>npm v12 breaking changes <a href="https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/">https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/</a></p><p>GitHub Agentic Workflows no longer need PATs <a href="https://github.blog/changelog/2026-06-11-agentic-workflows-no-longer-need-a-personal-access-token/">https://github.blog/changelog/2026-06-11-agentic-workflows-no-longer-need-a-personal-access-token/</a></p><p>Anthropic Fable 5 / Mythos 5 access statement <a href="https://www.anthropic.com/news/fable-mythos-access">https://www.anthropic.com/news/fable-mythos-access</a></p><p>Tekton Pipelines releases <a href="https://github.com/tektoncd/pipeline/releases">https://github.com/tektoncd/pipeline/releases</a></p><p>NVIDIA Triton Inference Server 26.04 release notes <a href="https://docs.nvidia.com/deeplearning/triton-inference-server/release-notes/rel-26-04.html">https://docs.nvidia.com/deeplearning/triton-inference-server/release-notes/rel-26-04.html</a></p><p>AWS Nitro Isolation Engine <a href="https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/">https://aws.amazon.com/blogs/compute/aws-nitro-isolation-engine-formally-verifying-the-hypervisor-in-the-aws-nitro-system/</a></p><p>Homebrew 6.0.0 <a href="https://brew.sh/2026/06/11/homebrew-6.0.0/">https://brew.sh/2026/06/11/homebrew-6.0.0/</a></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief-news/2026-W25/">https://www.tellerstech.com/on-call-brief-news/2026-W25/</a></p><p>More episodes and show notes </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>]]></content:encoded></item><item><title><![CDATA[Ship It Conversations: Meta’s Francois Richard on AI Incident Response, SLOs, and Reliability at Scale]]></title><description><![CDATA[This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.]]></description><link>https://substack.tellerstech.com/p/ship-it-conversations-metas-francois</link><guid isPermaLink="false">https://substack.tellerstech.com/p/ship-it-conversations-metas-francois</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Tue, 16 Jun 2026 04:01:17 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/202231018/070e7fc0a3e59251cd986cb19b320b11.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This is a guest conversation episode of <strong>Ship It Weekly</strong>, separate from the weekly news recaps.</p><p>In this Ship It: Conversations episode, I talk with Francois Richard, Engineering Director at Meta, about reliability at scale, how AI is changing production risk, what teams actually learn from incidents, and why recovery practice matters just as much as prevention.</p><p>We talk about the proactive and reactive sides of reliability, why SLOs should represent a promise to users instead of just another dashboard number, how incident reviews should drive real system improvements, and how teams can practice recovery before production forces the lesson on them.</p><p>The bigger theme here is that reliability is not just about avoiding failure. It is about knowing what happens when prevention fails. That means practicing regional failure, understanding overload behavior, improving incident response, using AI carefully during investigation, and making reliability targets match the actual lifecycle and importance of the system.</p><p><strong>Highlights</strong></p><p>&#8226; Why reliability work starts with both prevention and recovery</p><p>&#8226; The difference between reactive incident response and proactive reliability engineering</p><p>&#8226; How Meta thinks about disaster recovery testing and regional failure practice</p><p>&#8226; Why an SLO should be treated like a promise to users, not just a dashboard metric</p><p>&#8226; How SLO trends help teams decide when to invest more in reliability or take more product risk</p><p>&#8226; What engineers actually learn during the &#8220;pressure cooker&#8221; of an incident</p><p>&#8226; Why incident reviews should produce follow-up work, not just a nicer explanation of what broke</p><p>&#8226; The difference between finding the cause of an incident and improving the system</p><p>&#8226; Where AI agents can help with incident investigation, telemetry, metrics, and query building</p><p>&#8226; Why AI-generated code can increase change volume while reducing human context</p><p>&#8226; How faster code generation changes the kinds of reliability problems teams should expect</p><p>&#8226; Why recovery practice matters, especially for region loss, traffic spikes, overload, and restart behavior</p><p>&#8226; What smaller DevOps and SRE teams can learn from Meta-scale reliability patterns</p><p>&#8226; Why not every system needs six nines, especially early in a product lifecycle</p><p>&#8226; How to think about reliability investment based on user promise, product maturity, and operational risk</p><p>&#8226; Why At Scale Systems &amp; Reliability is focused on the infrastructure behind AI and the use of AI to operate large-scale systems</p><p><strong>Francois&#8217; links</strong></p><p>&#8226; LinkedIn: <a href="https://www.linkedin.com/in/francoisrichard/">https://www.linkedin.com/in/francoisrichard/</a></p><p><strong>At Scale links</strong></p><p>&#8226; Systems &amp; Reliability 2026: <a href="https://bit.ly/4xd2FdG">https://bit.ly/4xd2FdG</a></p><p>&#8226; At Scale Conferences: </p><p>https://atscaleconference.com/</p><p><strong>Our links</strong></p><p>More episodes + show notes + links: </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm</a></p><p>On Call Brief: </p><p><a href="https://oncallbrief.com/">https://oncallbrief.com</a></p>]]></content:encoded></item><item><title><![CDATA[OnCallBrief - 24th Week of 2026]]></title><description><![CDATA[https://www.tellerstech.com/on-call-brief-news/2026-W24/]]></description><link>https://substack.tellerstech.com/p/oncallbrief-24th-week-of-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/oncallbrief-24th-week-of-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 14 Jun 2026 12:03:57 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SB2G!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcb70ac50-d834-479c-80ce-f10c70872b26_8372x8372.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><a href="https://www.tellerstech.com/on-call-brief-news/2026-W24/">https://www.tellerstech.com/on-call-brief-news/2026-W24/</a></p>]]></content:encoded></item><item><title><![CDATA[Coinbase Outage, Meta AI Account Recovery, AWS AgentCore Code Injection, Apigee Tenant Isolation, and the Glue That Breaks Production]]></title><description><![CDATA[This episode of Ship It Weekly is about the hidden glue holding production together.]]></description><link>https://substack.tellerstech.com/p/coinbase-outage-meta-ai-account-recovery</link><guid isPermaLink="false">https://substack.tellerstech.com/p/coinbase-outage-meta-ai-account-recovery</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 12 Jun 2026 05:32:43 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/201701149/f1f085d305e15bb15fb7dba0d9284fc4.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This episode of <strong>Ship It Weekly</strong> is about the hidden glue holding production together.</p><p>Brian covers Coinbase&#8217;s May 7 outage postmortem, where an AWS us-east-1 cooling failure exposed the difference between being &#8220;multi-AZ&#8221; on paper and actually being able to recover when stateful, low-latency systems are tied to a failed zone.</p><p>Then he looks at Meta&#8217;s AI-assisted Instagram support issue and why account recovery is identity infrastructure, not just customer support. If AI can influence password resets, email changes, MFA resets, or account ownership flows, that workflow needs to be treated like a production control plane.</p><p>The episode also covers AWS AgentCore CLI CVE-2026-11393, where collaborator metadata could break out into generated Python code during agent import, and an Apigee cross-tenant issue from Google&#8217;s Apigee security bulletins that shows why tenant isolation has to be tested beyond the obvious happy path.</p><p><strong>Links</strong></p><p>Coinbase May 7 outage postmortem <a href="https://www.coinbase.com/blog/a-postmortem-of-our-may-7-2026-outage">https://www.coinbase.com/blog/a-postmortem-of-our-may-7-2026-outage</a></p><p>Meta AI support / Instagram account recovery reporting <a href="https://www.theverge.com/tech/945658/meta-ai-support-chatbot-exploit-instagram-accounts">https://www.theverge.com/tech/945658/meta-ai-support-chatbot-exploit-instagram-accounts</a></p><p>AWS AgentCore CLI CVE-2026-11393 <a href="https://aws.amazon.com/security/security-bulletins/2026-040-aws/">https://aws.amazon.com/security/security-bulletins/2026-040-aws/</a></p><p>AgentCore CLI GitHub advisory <a href="https://github.com/aws/agentcore-cli/security/advisories/GHSA-m4x6-gwgp-4pm7">https://github.com/aws/agentcore-cli/security/advisories/GHSA-m4x6-gwgp-4pm7</a></p><p>Google Apigee security bulletins <a href="https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins">https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins</a></p><p>Cloudflare real-time threat intel WAF rules <a href="https://blog.cloudflare.com/realtime-threat-intel-waf-rules/">https://blog.cloudflare.com/realtime-threat-intel-waf-rules/</a></p><p>AWS Lambda tenant isolation with event source mappings <a href="https://aws.amazon.com/blogs/compute/integrating-event-source-mappings-with-aws-lambda-tenant-isolation-mode/">https://aws.amazon.com/blogs/compute/integrating-event-source-mappings-with-aws-lambda-tenant-isolation-mode/</a></p><p>Amazon OpenSearch Serverless next generation <a href="https://aws.amazon.com/about-aws/whats-new/2026/05/amazon-opensearch-serverless-next-generation-generally-available/">https://aws.amazon.com/about-aws/whats-new/2026/05/amazon-opensearch-serverless-next-generation-generally-available/</a></p><p>GitHub Enterprise Managed Users IP allow list coverage <a href="https://github.blog/changelog/2026-06-08-ip-allow-list-coverage-for-emu-namespaces-in-general-availability/">https://github.blog/changelog/2026-06-08-ip-allow-list-coverage-for-emu-namespaces-in-general-availability/</a></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief-news/2026-W24/">https://www.tellerstech.com/on-call-brief-news/2026-W24/</a></p><p>More episodes and show notes </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>]]></content:encoded></item><item><title><![CDATA[OnCallBrief - 23rd Week of 2026]]></title><description><![CDATA[https://www.tellerstech.com/on-call-brief/2026-W23]]></description><link>https://substack.tellerstech.com/p/oncallbrief-23rd-week-of-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/oncallbrief-23rd-week-of-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 07 Jun 2026 12:03:30 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SB2G!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcb70ac50-d834-479c-80ce-f10c70872b26_8372x8372.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><a href="https://www.tellerstech.com/on-call-brief/2026-W23">https://www.tellerstech.com/on-call-brief/2026-W23</a></p>]]></content:encoded></item><item><title><![CDATA[Kiro CLI Approval Bypass, Amazon Braket Pickle Risk, AWS Org Logging, KEDA Upgrades, and Automation’s Hidden Boundaries]]></title><description><![CDATA[This episode of Ship It Weekly is about automation&#8217;s hidden boundaries.]]></description><link>https://substack.tellerstech.com/p/kiro-cli-approval-bypass-amazon-braket</link><guid isPermaLink="false">https://substack.tellerstech.com/p/kiro-cli-approval-bypass-amazon-braket</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 05 Jun 2026 06:19:25 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/200722327/7ff768c419c85aaa28147439cb722c21.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This episode of <strong>Ship It Weekly</strong> is about automation&#8217;s hidden boundaries. Brian covers Kiro CLI CVE-2026-9255, where piped stdin could act like user approval, Amazon Braket SDK CVE-2026-9291 and the very normal Python pickle risk hiding inside quantum job results, AWS Organizations finally emitting CloudTrail events when accounts join or leave an org, and KEDA updates that remind us autoscaling upgrades are production behavior changes.</p><p>The bigger thread this week is that automation does not remove boundaries. It moves them. Approval paths, trusted data, account membership, scaling signals, platform access, and AI-generated output all need clear ownership and visibility.</p><p>Brian also covers Kubernetes Dashboard being archived with Headlamp as the path forward, Google Cloud Remote MCP Server for AlloyDB, Apache Kafka 4.3.0, and Atlassian&#8217;s AI-native SDLC productivity claims.</p><p><strong>Sponsored by @Scale: Systems &amp; Reliability, happening June 25 at the Meydenbauer Center in Bellevue, Washington. Register at <a href="https://bit.ly/4xd2FdG">https://bit.ly/4xd2FdG</a></strong></p><p><strong>Links</strong></p><p>Kiro CLI CVE-2026-9255 <a href="https://aws.amazon.com/security/security-bulletins/2026-035-aws/">https://aws.amazon.com/security/security-bulletins/2026-035-aws/</a></p><p>Amazon Braket SDK CVE-2026-9291 <a href="https://aws.amazon.com/security/security-bulletins/2026-036-aws/">https://aws.amazon.com/security/security-bulletins/2026-036-aws/</a></p><p>AWS Organizations CloudTrail account events <a href="https://aws.amazon.com/about-aws/whats-new/2026/05/aws-organizations-cloudtrail/">https://aws.amazon.com/about-aws/whats-new/2026/05/aws-organizations-cloudtrail/</a></p><p>KEDA v2.20.0 release <a href="https://github.com/kedacore/keda/releases/tag/v2.20.0">https://github.com/kedacore/keda/releases/tag/v2.20.0</a></p><p>KEDA v2.19.0 release <a href="https://github.com/kedacore/keda/releases/tag/v2.19.0">https://github.com/kedacore/keda/releases/tag/v2.19.0</a></p><p>Kubernetes Dashboard archived / Headlamp path forward <a href="https://kubernetes.io/blog/2026/06/04/dashboard-archived-what-now/">https://kubernetes.io/blog/2026/06/04/dashboard-archived-what-now/</a></p><p>Google Cloud Remote MCP Server for AlloyDB <a href="https://cloud.google.com/blog/products/databases/alloydb-remote-mcp-server-now-ga">https://cloud.google.com/blog/products/databases/alloydb-remote-mcp-server-now-ga</a></p><p>Apache Kafka 4.3.0 <a href="https://www.confluent.io/blog/apache-kafka-4-3-release-announcement/">https://www.confluent.io/blog/apache-kafka-4-3-release-announcement/</a></p><p>Atlassian AI-native SDLC productivity claims <a href="https://www.atlassian.com/blog/software-teams/ai-native-sdlc">https://www.atlassian.com/blog/software-teams/ai-native-sdlc</a></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief/2026-W23/">https://www.tellerstech.com/on-call-brief/2026-W23/</a></p><p>More episodes and show notes </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>]]></content:encoded></item><item><title><![CDATA[OnCallBrief - 22nd Week of 2026]]></title><description><![CDATA[https://www.tellerstech.com/on-call-brief/2026-W22/]]></description><link>https://substack.tellerstech.com/p/oncallbrief-22nd-week-of-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/oncallbrief-22nd-week-of-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 31 May 2026 12:03:48 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SB2G!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcb70ac50-d834-479c-80ce-f10c70872b26_8372x8372.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><a href="https://www.tellerstech.com/on-call-brief/2026-W22/">https://www.tellerstech.com/on-call-brief/2026-W22/</a></p>]]></content:encoded></item><item><title><![CDATA[GitHub Supply Chain Attacks, Railway’s GCP Outage, Discord’s Voice Failure, AWS Retry Changes, and Trusted Tool Risk]]></title><description><![CDATA[This episode of Ship It Weekly is about trusted tools becoming production dependencies.]]></description><link>https://substack.tellerstech.com/p/github-supply-chain-attacks-railways</link><guid isPermaLink="false">https://substack.tellerstech.com/p/github-supply-chain-attacks-railways</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Fri, 29 May 2026 03:43:44 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/199689968/e1df3ca74de93212382049fb6d79e101.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This episode of <strong>Ship It Weekly</strong> is about trusted tools becoming production dependencies. Brian covers a rough GitHub supply chain week, including the compromised Nx Console VS Code extension tied to exposed GitHub internal repositories and the Megalodon campaign abusing GitHub Actions workflows across thousands of public repos.</p><p>The bigger thread this week is that the tools around production are increasingly part of production. Brian also covers Railway&#8217;s GCP account suspension outage, Discord&#8217;s voice outage during a Kubernetes migration, AWS changing SDK retry behavior, CVE-2026-9133 in the RabbitMQ AWS plugin, and a Reddit story about stolen AWS keys turning into a $14,000 Bedrock bill.</p><p>Brian also touches on OpenTelemetry graduating from the CNCF, Claude Code security risk, GitLab Secrets Manager, Google Cloud AI spend caps, and a Redshift Python driver RCE.</p><p><strong>Full source list and extra links are available on this episode&#8217;s page at <a href="http://shipitweekly.fm/">shipitweekly.fm</a>.</strong></p><p><strong>Links</strong></p><p>Nx Console compromise <a href="https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised">https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised</a></p><p>Megalodon GitHub Actions attack <a href="https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories">https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories</a></p><p>Railway GCP outage </p><p>https://blog.railway.com/p/incident-report-may-19-2026-gcp-account-outage</p><p>Discord voice outage <a href="https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage">https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage</a></p><p>AWS SDK retry changes <a href="https://aws.amazon.com/blogs/developer/announcing-updated-retry-behavior-for-aws-sdks-and-tools/">https://aws.amazon.com/blogs/developer/announcing-updated-retry-behavior-for-aws-sdks-and-tools/</a></p><p>RabbitMQ AWS plugin CVE-2026-9133 <a href="https://aws.amazon.com/security/security-bulletins/2026-034-aws/">https://aws.amazon.com/security/security-bulletins/2026-034-aws/</a></p><p>AWS Bedrock cost spike Reddit thread <a href="https://www.reddit.com/r/aws/comments/1tm3ydo/aws_bedrock_cost_spike_14000_usd/">https://www.reddit.com/r/aws/comments/1tm3ydo/aws_bedrock_cost_spike_14000_usd/</a></p><p>This week&#8217;s On Call Brief <a href="https://www.tellerstech.com/on-call-brief/2026-W22/">https://www.tellerstech.com/on-call-brief/2026-W22/</a></p><p>More episodes and show notes </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>]]></content:encoded></item><item><title><![CDATA[Ship It Conversations: Jake Warner on Cycle.io, Bare Metal’s Comeback, and Why Private Cloud Is Getting Interesting Again]]></title><description><![CDATA[This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.]]></description><link>https://substack.tellerstech.com/p/ship-it-conversations-jake-warner</link><guid isPermaLink="false">https://substack.tellerstech.com/p/ship-it-conversations-jake-warner</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Tue, 26 May 2026 05:55:09 GMT</pubDate><enclosure url="https://api.substack.com/feed/podcast/199285462/76637c8e512d0b25e44e4b7698f1d22e.mp3" length="0" type="audio/mpeg"/><content:encoded><![CDATA[<p>This is a guest conversation episode of <strong>Ship It Weekly</strong>, separate from the weekly news recaps.</p><p>In this Ship It: Conversations episode, I talk with Jake Warner, founder and CEO of Cycle.io, about private cloud, bare metal, Kubernetes fatigue, and why some teams are rethinking how much infrastructure complexity they actually want to carry.</p><p>We talk about why bare metal and private cloud are getting interesting again, especially around cost, performance, data sovereignty, compliance, and platform ownership. Jake explains how Cycle approaches infrastructure as a pool of resources, why he thinks in terms of &#8220;environments as code&#8221; instead of traditional infrastructure as code, and how teams can run containers and VMs together across bare metal, cloud, and hybrid environments.</p><p>The bigger theme here is that this is not really a &#8220;cloud versus bare metal&#8221; conversation. It is about choosing the right level of abstraction. Sometimes Kubernetes is the right answer. Sometimes managed cloud services make sense. And sometimes teams just need a more opinionated platform that lets developers ship without requiring a large DevOps army to keep everything running.</p><p><strong>Highlights</strong></p><p>&#8226; Why some teams are moving back toward private cloud and bare metal</p><p>&#8226; The role of cost, data sovereignty, compliance, and performance in infrastructure decisions</p><p>&#8226; Why bare metal does not have to mean going back to old-school racking and stacking pain</p><p>&#8226; How Cycle turns raw compute into a private cloud-style resource pool</p><p>&#8226; Why Jake thinks about &#8220;environments as code&#8221; instead of only infrastructure as code</p><p>&#8226; What &#8220;no DevOps army required&#8221; means in practice for engineering-heavy teams</p><p>&#8226; Why some companies need VMs and containers running together on the same platform</p><p>&#8226; Where Kubernetes still makes sense, especially for highly customized infrastructure needs</p><p>&#8226; Why opinionated platforms can be valuable when teams want fewer knobs and better defaults</p><p>&#8226; Active-active thinking, failover risk, and why application-level replication often matters more than platform-level storage magic</p><p>&#8226; Why bandwidth, performance density, and predictable pricing can make bare metal attractive again</p><p>&#8226; The weird continued gravity of AWS us-east-1, even for teams trying to move workloads elsewhere</p><p>&#8226; How AI workloads, GPUs, and hype cycles fit into the private cloud and platform conversation</p><p>&#8226; Jake&#8217;s advice for modernizing hybrid or on-prem infrastructure: containerize first, then look hard at your dependencies</p><p><strong>Jake&#8217;s links</strong></p><p>&#8226; <a href="http://cycle.io/">Cycle.io</a>: </p><p><a href="https://cycle.io/">https://cycle.io/</a></p><p>&#8226; Cycle Slack community: </p><p><a href="https://slack.cycle.io/">https://slack.cycle.io/</a></p><p>&#8226; Jake Warner on LinkedIn: <a href="https://www.linkedin.com/in/jakewarner/">https://www.linkedin.com/in/jakewarner/</a></p><p><strong>Our links</strong></p><p>More episodes + show notes + links: </p><p><a href="https://shipitweekly.fm/">https://shipitweekly.fm</a></p><p>On Call Brief: </p><p><a href="https://oncallbrief.com/">https://oncallbrief.com</a></p>]]></content:encoded></item><item><title><![CDATA[OnCallBrief - 21st Week of 2026]]></title><description><![CDATA[https://www.tellerstech.com/on-call-brief/2026-W21/]]></description><link>https://substack.tellerstech.com/p/oncallbrief-21st-week-of-2026</link><guid isPermaLink="false">https://substack.tellerstech.com/p/oncallbrief-21st-week-of-2026</guid><dc:creator><![CDATA[Teller's Tech]]></dc:creator><pubDate>Sun, 24 May 2026 12:03:15 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SB2G!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcb70ac50-d834-479c-80ce-f10c70872b26_8372x8372.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><a href="https://www.tellerstech.com/on-call-brief/2026-W21/">https://www.tellerstech.com/on-call-brief/2026-W21/</a></p>]]></content:encoded></item></channel></rss>