Author: drweb

Every time your server needs to look up a domain name, it sends a DNS request to another DNS resolver. If it’s asking for the same domains over and over, those repeated requests still have to travel across the network, even though the answer probably hasn’t changed. For example, imagine a web application that connects to three external APIs every time someone visits your site. If your server handles thousands of requests a day, it also ends up performing those same DNS lookups thousands of times. That’s unnecessary network traffic and adds a small delay to every request. A local…

Read More

A clean GitHub repository that contains no malicious code can launch an attack and fully compromise a developer’s systems by using indirect prompt injections to trick AI-powered coding agents like Anthropic’s Claude Code into taking steps that hand control to attackers and expose a wide range of secrets.In a proof-of-concept (PoC) attack, Mozilla 0DIN researchers Andre Hall and Miller Engelbrecht showed how chaining a few seemingly routine agent actions can give a threat actor shell command access and persistence on a targeted developer system.In addition, this all happens without any warnings or alerts because the payload doesn’t appear anywhere in…

Read More

OpenAI is preparing to launch its first branded hardware product, but rather than entering the crowded consumer device market, the company is starting with a tool designed specifically for software developers.The company has scheduled a July 15 unveiling for Codex Micro, a compact input device created in partnership with keyboard manufacturer Work Louder. OpenAI began teasing the product on social media with the message, “Your favorite Codex shortcuts are getting an upgrade,” offering a glimpse of a square-shaped controller while withholding technical specifications.The short promotional video posted on X received nearly one million views within 24 hours, despite being short…

Read More

Every engineering team I talk to is adding AI agents to their workflow. Almost none of them are updating the practices around those agents. The DevOps practices we built over the last two decades apply directly, but the failure modes have changed. If you don’t adapt to a world where some of your developers aren’t human, you’ll ship bugs faster than you ever could before.The biggest shift is that the bottleneck moved from shipping code to learning from what you shipped, and most teams haven’t built the rituals to close that gap. Gene Kim’s Three Ways from the DevOps handbook…

Read More

Configuration drift is the gap between the infrastructure state declared in code and the state actually running in your environment. It occurs when resources are changed outside of your infrastructure as code (IaC) workflow, so the live system no longer matches its definition.In a single cloud, drift is usually straightforward to find and correct. Across multiple providers, it is harder to detect and more costly to leave unaddressed.Why Does Multicloud Make Drift Worse?Each provider has its own API, resource model, console, and defaults. A change made directly in one cloud does not resemble the equivalent change in another, so the…

Read More

Threat actors are exploiting a known security flaw in the SimpleHelp remote monitoring and management (RMM) software to drop two previously unknown pieces of malware that can compromise a broad range of systems and steal massive amounts of sensitive data.Researchers with Blackpoint Cyber’s Adversary Pursuit Group said they detected an intrusion in which the adversaries abused a critical authentication bypass vulnerability — tracked as CVE-2026-48558 — to obtain an authenticated technician session without valid credentials on an internet-facing SimpleHelp server.“The compromised RMM platform provided the operator with a trusted administrative channel capable of transferring files and executing commands on systems…

Read More

It’s officially summer, and I am bringing you some HOT Python deals today! Get 33% off almost all my books and courses on Gumroad today using the following H5N5F7K You can start learning the basics of Python with Python 101, or get more targeted learning with my book, Python Logging. If you want to create a user interface, then you might enjoy Creating TUI Applications with Textual and Python. I have over a DOZEN Python books to choose from! Check them out today: https://driscollis.gumroad.com/ Plus even more that aren’t pictured here!

Read More

A survey of 406 IT decision makers at organizations with more than 250 employees in North America finds 93% have experienced at least one infrastructure incident caused by reliance on artificial intelligence (AI) tooling.Conducted by Panterra Group on behalf of Spacelift, a provider of a platform for automating the management of infrastructure-as-code (IaC), the survey also finds 86% reporting that AI has increased demands on infrastructure teams, with security vulnerabilities appearing faster (40%), governance becoming harder (40%), change rates increasing (37%), more strain on pipelines experienced (35%) and growing infrastructure drift (35%) being seen.In general, more than two thirds (67%)…

Read More
SQL

Many years ago, before I joined Oracle, I was working on a major modernisation project. We were replacing an existing non-Oracle system with an entirely new Oracle database application written from scratch. Not long after deploying a new version into our test environment, the results came back and a large number of tests had failed.I sat down with one of the subject matter experts, a long-serving employee who had helped build the original system. As we worked through the failures, he looked at me and said: “The problem here is blue sky programming.” I’d never heard the expression before.“What do…

Read More
SQL

One of the things I’ve been requesting for a number of years is cost information. I could see this coming in 2015 with the move to the cloud and need to justify the resources provisioned along with sizes. Doing that effectively needs cost information.Redgate Monitor has added a bit of cost information, and the virtual machine section in the Estate tab contains this. This post looks at what is available (as of June 2026).This is part of a series of posts on Redgate Monitor. Click to see the other posts.Virtual MachinesWhen I first started managing VMs and moving database loads…

Read More