InfoQ Homepage DevOps Content on InfoQ
-
AWS Introduces S3 Files, Bringing File System Access to S3 Buckets
AWS recently introduced S3 Files, which lets users mount an Amazon S3 bucket and access its data through a standard file system interface. Applications can read and write files using standard file operations, while the system automatically translates them into S3 requests, allowing compute services to work directly with data stored in S3.
-
OpenTelemetry Declarative Configuration Reaches Stability Milestone
The OpenTelemetry project has announced that key portions of its declarative configuration specification have reached stable status. The observability framework is a vendor-neutral and language-agnostic way to configure telemetry collection.
-
New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover
Security researchers have demonstrated a new class of Rowhammer attacks targeting NVIDIA GPUs that can escalate from memory corruption to full system compromise, marking a significant shift in hardware-level security risks.
-
Airbnb Migrates High-Volume Metrics Pipeline to OpenTelemetry
Airbnb's observability engineering team has published details of a large-scale migration away from StatsD and a proprietary Veneur-based aggregation pipeline toward a modern, open-source metrics stack built on OpenTelemetry Protocol (OTLP), the OpenTelemetry Collector, and VictoriaMetrics' vmagent. The resulting system now ingests over 100 million samples per second in production.
-
AWS Launches Sustainability Console with API Access and Scope 1-3 Emissions Reporting
AWS launched a standalone Sustainability console with API access, configurable CSV exports, and Scope 1-3 emissions data by service and Region. The console decouples emissions reporting from billing permissions. AWS CTO Werner Vogels framed carbon as an architectural metric belonging alongside latency, cost, and error rates in the observability stack.
-
GitHub Copilot CLI Reaches General Availability
GitHub has launched Copilot CLI into general availability, bringing generative AI directly to the terminal. Integrated with the GitHub CLI, it offers natural language command suggestions and code explanations. Recent updates introduce "agentic" workflows with Autopilot mode and GPT-5.4 support, alongside new enterprise telemetry for tracking usage across development teams.
-
CNCF and Kusari Partner to Strengthen Software Supply Chain Security across Cloud-Native Projects
The Cloud Native Computing Foundation (CNCF) and Kusari have announced a new collaboration aimed at strengthening software supply chain security across cloud-native projects, providing free access to Kusari's AI-powered security tooling for CNCF-hosted projects.
-
GitHub Actions Custom Runner Images Reach General Availability
GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview phase that started back in October behind them. This feature will enable teams to use a GitHub-approved base image and then construct a virtual machine image that really meets their workflow requirements.
-
Istio Evolves for the AI Era with Multicluster, Ambient Mode, and Inference Capabilities
The Cloud Native Computing Foundation (CNCF) has announced a major evolution of Istio, introducing new capabilities aimed at making service meshes “future-ready” for AI-driven workloads.
-
Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response
A major security incident affecting the widely used open source vulnerability scanner Trivy has exposed critical weaknesses in software supply chain security, after maintainers confirmed that a malicious release was briefly distributed to users.
-
Cloudflare Launches Dynamic Workers Open Beta: Isolate-Based Sandboxing for AI Agent Code Execution
Cloudflare has released Dynamic Worker Loader into open beta, offering V8 isolate-based sandboxing for AI-generated code execution. The company claims isolates start in milliseconds, using megabytes of memory, making them roughly 100x faster and up to 100x more memory-efficient than containers. The feature builds on Cloudflare's Code Mode approach.
-
PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information
Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3 million times per day.
-
Agentic AI Patterns Reinforce Engineering Discipline
Paul Duvall recently discussed his library of engineering patterns for AI assisted development and practices that ground high quality delivery. Related discussions from Paul Stack and Gergely Orosz highlight a shift toward remixing and specification driven development.
-
Kubernetes Autoscaling Demands New Observability Focus beyond Vendor Tooling
As adoption of Kubernetes autoscalers like Karpenter accelerates, a new set of platform-agnostic observability practices is emerging, shifting focus from traditional infrastructure metrics to deeper insights into provisioning behavior, scheduling latency, and cost efficiency.
-
Cloudflare Adds Active API Vulnerability Scanning to Its Edge
Cloudflare has announced the open beta of its Web and API Vulnerability Scanner. This Dynamic Application Security Testing (DAST) tool is part of the API Shield platform.