TLDR DevOps 2025-12-01

Attackers are no longer skipping over smaller businesses. In fact, they're increasingly targeting them. The N-able team observed a surge in detected threat instances—from approximately 48,749 in June 2024 to over 13.3 million by June 2025.

That means SMBs now face enterprise-level threats without enterprise-level resources. Read the 2025 Annual Threat Report to understand:

→ Top attack trends shaping 2025, including AI-driven exploits and supply chain risks.

→ Why mid-market IT teams are prime targets—and how to harden your environment.

→ Practical steps to reduce exposure and improve resilience without adding headcount.

Read the report

NixOS 25.11 “Xantusia” introduces a massive update to the ecosystem, adding 7,000+ new packages, updating over 25,000, removing outdated ones, and shipping 107 new modules with nearly 1,800 new configuration options. Major desktop and tooling upgrades include GNOME 49, LLVM 21, and CMake 4. This broad modernization release will be supported through June 2026.

PHP 8.5.0 introduces many improvements, including a new URI extension, a pipe operator, “clone with”, and enhanced support for advanced constant expressions.

Google Cloud proved GKE can scale to an experimental 130,000-node cluster, sustaining 1,000 Pods/sec and over 1M objects. New control-plane optimizations, advanced scheduling with Kueue, and improved storage and data access enable massive, dynamic AI workloads at extreme scale.

Datacenters in space are wildly impractical because they can't be powered, cooled, or protected from radiation anywhere close to what modern GPUs require, making them orders of magnitude less efficient than Earth-based datacenters. Even with massive solar arrays, complex radiators, and radiation-hardened designs, you'd get only a tiny fraction of normal compute capacity at enormous cost, so the idea simply doesn't make sense.

Grafana Cloud users can now monitor AWS Bedrock AgentCore agents by configuring CloudWatch metric streams. The new integration leverages OpenTelemetry, Amazon CloudWatch, and Grafana Cloud to provide end-to-end visibility into AI agent performance, including dashboards that track latency, token usage, and tool execution. Users also gain immediate access to pre-built dashboards and alerts tailored to AWS metrics through the Cloud Provider Observability application.

Using OpenRewrite and AI-assisted static analysis, Uber automated 4,000 pull requests and modernized 1 million lines of code safely. Learn how they used context-aware refactoring to pull off a migration that would take most teams months in just two weeks. Watch the Moderne webinar on-demand

HAProxy version 3.3 has been released and includes a toolkit for converting configurations from Ingress NGINX to HAProxy Kubernetes Ingress Controller. The new HAProxy also supports SSL/TLS termination, TCP service load balancing, and PHP application load balancing over FastCGI within Kubernetes clusters.

AWS' AI-Driven Development Life Cycle (AI-DLC) methodology addresses challenges in AI-integrated software development by promoting adaptive workflows, flexible depth in each stage, and consistent human oversight. The AI-DLC workflow, now available as open-source Amazon Q Rules and Kiro Steering Files, guides AI through software creation, ensuring AI adapts to the project's needs. This method uses collaborative human-in-the-loop cycles, where AI generates a plan to execute a task, and relevant stakeholders assemble, review, and validate it.

Amazon EKS and ECS now offer fully managed MCP servers in preview, giving AI tools real-time cluster context without local setup. These servers provide automatic updates, IAM security, CloudTrail auditing, and scalable guidance for development and operations.

Datadog's Internal Developer Portal now includes IDP Campaigns, which build on Scorecards to help engineering leaders coordinate organization-wide, time-bound initiatives with clear goals, measurable rules, and automated progress tracking.

AWS has released the Infrastructure-as-Code (IaC) MCP Server, a tool that lets AI assistants search documentation, validate templates, and troubleshoot deployments for CloudFormation and Cloud Development Kit (CDK).

ty is an extremely fast Python type checker, written in Rust.

Amazon ECR now offers managed container image signing, making it easy to verify trusted image sources without managing your own signing infrastructure.