Skip to main content

Posts

Respect and Trust as DevOps Engineering Disciplines 

DevOps has always carried a larger purpose than installing tools, automating pipelines, or improving deployment frequency. Those things matter. I have spent much of my career helping organizations make those things work. Yet the deeper purpose of DevOps is to improve the flow of value through a complex socio-technical system. The system includes tools, platforms, pipelines, environments, tests, controls and production operations. It also includes people, leadership behavior, decision rights, accountability, learning, fear, confidence and trust.   The technical side is easier to see. A failed build is visible. A broken deployment is visible. A production incident is visible. The human side usually fails more quietly. People stop speaking up. Teams wait for permission. Architects argue in private. Security arrives late. Operations becomes defensive. Leaders ask for more status. Engineers learn which truths are safe to tell and which truths create trouble. The organization continues to r...
Post a Comment
Read more
Recent posts

Moonshot AI’s Kimi K2.7-Code Targets Token Efficiency in Agentic Coding

Moonshot AI shipped Kimi K2.7-Code on June 12, 2026 — the fifth major release in the Kimi series in under a year, and arguably the most developer-friendly yet. The model is open-source, available on Hugging Face under a Modified MIT license, and accessible via the Kimi API and the company’s Kimi Code CLI. The headline claim: a 21.8% improvement on Moonshot’s own Kimi Code Bench v2 over its predecessor, K2.6. But the story that matters more for DevOps teams is efficiency, not just capability. Fewer Tokens, Less Waste Moonshot says K2.7-Code cuts reasoning token usage by 30% compared to K2.6. In practical terms, that means developers consume fewer compute resources while getting better results. For teams running coding agents at scale, that’s a meaningful cost reduction — not just a benchmark number. The model uses a Mixture-of-Experts (MoE) architecture with 1 trillion total parameters but only 32 billion active per token, paired with a 256K-token context window. Th...
Post a Comment
Read more

GitHub Removes PAT Requirement for Agentic Workflows

GitHub has quietly removed one of the more annoying friction points in agentic automation — and the security implications are worth paying attention to. GitHub Agentic Workflows can now use GitHub Actions’ built-in GITHUB_TOKEN instead of a personal access token (PAT). That means developers no longer need to create, store, or rotate a PAT to run agentic workflows, eliminating both the operational hassle and the security risks that come with managing long-lived tokens at scale. It’s a small config change. The security payoff is not small. Why PATs Were a Problem Personal access tokens have always carried risk. They’re long-lived, often broadly scoped, and easy to forget about. In an agentic context — where workflows run autonomously, touching repositories, triggering CI/CD pipelines, and interacting with sensitive resources — a leaked or misconfigured PAT can create serious exposure. A recent arXiv paper flagged “agentic workflow injection” as an emerg...
Post a Comment
Read more

AI Is Here to Stay. The Real Challenge Is Operating It Securely

AI-generated code is already in production. Whether we are comfortable with that or not is beside the point. In the OpenStack project, which I have helped steward for more than 15 years, we are seeing developers submit patches built with AI assistance, and sometimes patches composed almost entirely by AI tools. Some of those contributions have already landed in the past release cycle. This is happening in one of the most rigorously governed open source projects in the world. It is happening everywhere else, too. The code generation itself is not the problem. AI is genuinely good at producing computer programs because the structure of code is sufficiently predictable and syntactically constrained to play to the technology’s strengths. The problem is what happens next. Every AI-generated patch still needs to be reviewed for correctness, security, and long-term maintainability. And when code is easier to produce, more code gets proposed, which puts enormous pressure on the human rev...
Post a Comment
Read more

Why Endpoint Protection Matters More than Ever in CI/CD Environments

CI/CD environments depend on far more than repositories and deployment infrastructure. Developer endpoints hold sensitive data: cloud credentials, SSH keys, deployment permissions, direct access to internal systems. Endpoint security and control are part of daily operational risk management. Engineering teams are shifting more and more toward distributed workflows, so discussions around CI/CD security include the security posture of the devices connected to the pipeline. Many organizations already focus their CI/CD security efforts on secrets management , dependency scanning and supply chain controls. However, advanced endpoint security solutions are also relevant in cloud-native development environments, where local devices maintain direct access to production workflows. Endpoint Compromise Can Bypass Mature CI/CD Controls CI/CD security discussions mostly focus on repositories, containers, infrastructure, and deployment automation. Developer endpoints are often overlooked as a par...
Post a Comment
Read more

Cohere’s North Mini Code Lets Devs Stack Their Own AI

Toronto startup Cohere has released an open-weight model designed for developers to use to build their own AI stack. The open-weight North Mini Code is a 30-billion-parameter “mixture-of-experts” (MoE) model. MoE equips a model with specialized neural nets for individual tasks, such as mathematics and code generation. Mistral pioneered this approach to compete with larger LLMs.  As a result, when it comes time to produce an answer, the GPU won’t need all 30 billion parameters. Instead, a router function picks the most appropriate experts to complete the task, reducing the working size to 3 billion parameters. This means the model, slimmed to 4 bit quantization , can be managed by a single NVIDIA H100 GPU.  In fact, you won’t need a data center of H100s at all to run this model. The open weight release, optimized for software engineering agentic tasks, is one of a growing number of technologies built with the intention to democratize AI – in this case for developers.  “Local de...
Post a Comment
Read more

Using Bicep Modules to Build Enterprise-Grade Azure Infrastructure 

Infrastructure as code (IaC) is no longer optional in modern Azure environments. Teams need repeatable deployments, secure defaults, predictable architecture and strong governance. Azure Bicep has become the preferred IaC language for Azure because it’s declarative, simple, modular and deeply integrated with the Azure platform.   This article breaks down  how to design Bicep modules the right way  for enterprise deployments. These patterns come from real-world use cases such as banking, fintech, multitenant SaaS and regulated workloads.   Why Bicep is the Standard for Azure IaC   Teams that move from ARM and Terraform to Bicep typically do so because Bicep offers:   Cleaner Syntax: No more massive JSON ARM templates.   Native Azure Integration   IntelliSense   Type-checking   Automatic API version updates   First-Class Modularity: Modules can describe reusable components like:   App Services   AKS clusters   Front Door Premium   Key Vault   VNet + su...
Post a Comment
Read more