Skip to main content

Posts

Most Outages Don’t Announce Themselves

Many outages never announce themselves as outages. They show up as rising latency or an error rate that creeps from 2% to 4% over an afternoon while everyone’s busy with something else. The site is up. Nothing has paged. Something is still wrong, and by the time it’s obvious, it’s been wrong for an hour. Catching the server that falls over is the easy case. The hard one is deciding which of these slow, quiet changes should pull someone out of bed. Most teams get that wrong, and they get it wrong by monitoring too specifically. Start From a Baseline A CPU spike on one box out of a hundred running the same workload isn’t worth a phone call. The same spike on your only server might be. It depends entirely on the case, and that’s the part people skip. The number on its own barely tells you anything. Take a 2% error rate. If it’s been flat at 2% all year, that’s your baseline. It’s what normal looks like for you, and it doesn’t need ...
Recent posts

Novee Uncovers Cordyceps: The Latest Threat to CI/CD Pipelines

A newly discovered supply chain security flaw is once again putting a spotlight on inherent weaknesses in CI/CD pipelines and the growing interest among cyberthreat actors to exploit them. Security researchers with Novee, an AI penetration testing platform provider, wrote about Cordyceps, an exploitable pattern in the open source supply chain that can allow attackers to hijack workflows and gain full control of code repositories, including those at dozens of the world’s largest companies, including Microsoft, Google, Python, Apache, and Cloudflare. In addition, the vulnerability can be exploited by any unauthenticated user, according to Elad Meged, founding engineer and security researcher at Novee. “No org membership or special privileges; a free account is enough to forge approvals, push code, or steal credentials,” Meged wrote in a report . The Novee team scanned 30,000 “high-impact” repositories, 654 were flagged in a single scan and more than 300 were confirmed to be ful...

Ten Great DevOps Job Opportunities

DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The ten job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. Greenhouse Cadence Solutions Remote, US Staff DevOps Engineer $200,000 to $260,000 Vast Long Beach, CA Staff DevOps Engineer $188,600 to $267,700 DV Trading New York, NY Senior DevOps Engine...

Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk

Toronto, Canada, July 6th, 2026, CyberNewswire Most software composition analysis tools read what developers declare. Insignary Clarity’s patented binary-first platform analyzes what is actually built, shipped, and deployed — including the open-source components that never appear in any manifest. Insignary, Inc. , whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026 . According to Gartner: “Open-source and third-party components may contain a long list of vulnerabilities, but not all of them directly impact your code base. Reachability analysis helps in triaging the vulnerabilities based on their exploitability.” *1 The urgency is clear across independent industry research. A 2024 Venafi survey of 800 security decision-makers across the U.S., U.K., Germany, and France found that 92% are concerned abou...

Mistral Releases Leanstral 1.5, an Open Model That Solved 587 of 672 Putnam Math Problems

Mistral AI has released Leanstral 1.5, an open-source model built to write and check formal proofs in Lean 4. It’s a specialized tool with a specific job: Verifying that mathematical reasoning and code logic are actually correct, not just plausible. The numbers are the headline. Mistral says the model hits 100% on miniF2F, a formal math benchmark that spans high school problems up through olympiad difficulty. On PutnamBench, a set of 672 problems from the Putnam math competition, Leanstral 1.5 solved 587 of them. On two harder algebra benchmarks, FATE-H and FATE-X, which test graduate- and doctoral-level work in areas such as group theory and ring theory, it posted top open-source scores of 87% and 34%, respectively. Only one closed-source competitor, Aleph Prover, beats it on PutnamBench. The model is released under the Apache 2.0 license, so developers can use, modify, and deploy it without the licensing restrictions that come with many frontier models. It runs as an 119-billi...

When AI Agents Get Production Access: The Next Big DevOps Risk

It wasn’t that long ago that AI assistants just watched from the sidelines. They could answer your questions, explain how things worked, sum up logs, and write deployment scripts. Handy, sure, but the real decisions? Still up to the engineers. That’s changing now. AI agents are stepping right into the heartbeat of operations. They can peek into monitoring platforms, tweak cloud settings, kick off deployments, change configs, restart services, you name it. For a lot of teams, giving AI this kind of access feels like the next obvious step in automation. If an AI finds a problem, why not let it fix it? If it can see a deployment fail, why not just roll things back automatically? If it spots resources running low, let it bump them up. On paper, it makes perfect sense. But here’s the catch. Production environments never really stick to the script. As AI agents start mixing directly with ops, DevOps folks find themselves in a new era. The hard part isn’t just what these agents can do. It...

Z.ai Debuts ZCode to Compete With GitHub Copilot, Cursor and Anthropic

Chinese AI developer Z.ai has introduced ZCode, a desktop application that automates software development tasks, positioning the platform to compete with established coding platforms from Anthropic, GitHub and Cursor. The company built ZCode, which it calls an Agentic Development Environment, around its recently released GLM-5.2 LLM. Rather than functioning as a traditional coding assistant that responds to individual prompts, the software manages multi-step development projects by planning work, modifying code, running validation tests and running successive tasks with limited user intervention. Available for Windows, macOS and Linux, ZCode also supports third-party AI models through bring-your-own-key configurations. Developers can monitor long-running coding sessions from mobile devices through integrations with WeChat, Feishu and Telegram, while high-privilege actions require user approval before execution. Z.ai is pairing the launch with aggressive pricing and promotional offer...