TLDR DevOps 2026-03-02

Opus 4.5 scores 80.6% on SWE-bench Verified. Opus 4 scored 72.5%. So Opus 4.5 is better at programming than Opus 4, right?

Well...maybe. But that's not what SWE-bench Verified tells you. What it really measures is a model's ability to fix small bugs in 12 popular open source Python repositories, all of which are likely part of its training data.

Yes, that's it 🙄

ngrok wrote this post to explain what 14 AI benchmarks actually test — and if they tell you what you're looking for.

Read the article and never get fooled by a benchmark again

Autonomous System Provider Authorization builds on RPKI and ROAs to cryptographically verify BGP AS paths and prevent route leaks and some forged origin hijacks, while Cloudflare Radar now tracks ASPA adoption and records across RIRs and individual Autonomous Systems.

Kubernetes announced it will retire the widely-used Ingress-NGINX controller in March, prompting a detailed migration guide that reveals surprising default behaviors like case-insensitive prefix matching for regex patterns and automatic trailing-slash redirects that could cause outages if not properly handled during the transition to Gateway API.

Go 1.25 and 1.26 improve performance by allocating small slice backing arrays on the stack instead of the heap, reducing allocation and GC overhead. Even when slices escape, Go 1.26 can use a stack buffer first and move it to the heap only if needed, often cutting allocations down to one.

Python type checkers handle empty containers using three strategies: infer Any (permissive but unsafe), infer from all usages (accurate but errors may appear far from the bug), or infer from the first usage (more actionable but sometimes wrong). Each approach balances type safety, performance, and error clarity, with Pyrefly defaulting to first-use inference for more actionable errors.

In Octopus Cloud, a Script project is created with a required project tenant variable, two tenants each supplying its own value, and a script step that echoes the variable. The setup enforces tenanted deployments and demonstrates tenant-specific variable substitution.

Cloudflare Radar introduced origin side post quantum TLS monitoring and a hostname testing tool, a Key Transparency dashboard auditing logs for services like WhatsApp and Facebook Messenger, and expanded ASPA routing security insights with global adoption tracking and detailed AS level data.

Experiments show random I/O on SSDs is ~25–35× slower than sequential reads, far above PostgreSQL's default random_page_cost = 4.0, meaning the default often underestimates true cost. Still, lowering it can make sense depending on caching and workload, so changes should be based on real performance data, not just SSD assumptions.

Kubernetes v1.35 “Timbernetes” adds workload aware and gang scheduling, stable in place Pod resizing, continued Dynamic Resource Allocation support, and KYAML as default kubectl output, improving coordinated placement, resource tuning, and configuration safety for AI and mixed production workloads.

Cloudflare reported an outage on February 20 that was caused by a bug in automated BYOIP prefix cleanup that misinterpreted a pending_delete flag.