Author: drweb

For years, software supply-chain security discussions focused on centralized infrastructure such as build servers, package registries, and CI/CD systems. Recent attacks suggest that this view is incomplete. The Megalodon campaign injected malicious GitHub Actions workflows into thousands of repositories, while a separate incident involving a malicious Visual Studio Code extension demonstrated how a single compromised developer device can expose large volumes of source code and internal assets. These incidents highlight a growing reality: developer workstations are now a critical part of the software supply chain.The scale of the threat continues to grow. Sonatype identified more than 454,000 new malicious open-source…

Read More
SQL

My old Dell XPS that I used for personal stuff started to degrade; well, it’s old, and it has already served past its useful life. So, a few months ago I bought a 14-inch Macbook Pro M5 Pro with 24GB of memory and the standard for M5 Pro 15-core CPU. It’s not my ideal config and I would have opted for the M5 Max. This machine is quite decent for what I need and I am not complaining.Switching from Windows to Mac has been a challenge, to say the least. This is my first time using macOS as my primary…

Read More
SQL

At the Redgate Summits this year, we’ve highlighted a few things in the Flyway solution that help developers improve their ability to get work done safely and quickly. While lots of developers are moving to automated systems and catching issues in pipelines, plenty of you are still working in an IDE.This post looks at the new code analysis feature in Flyway Desktop that can help warn you of potential issues before you create that PR.I’ve been working with Flyway and Flyway Desktop and helping customers improve their database development. This series looks at some tips I’ve gotten along the way.Generating…

Read More

DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience.Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers.Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others.The ten job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay…

Read More

OpenCode brings an AI coding agent right into your terminal. Once you see it understand an entire project instead of just the file you’re currently editing, it’s hard to go back to a regular editor. I spend most of my day in the terminal, whether I’m debugging a systemd service on a RHEL server or writing Bash scripts for the Pro TecMint courses. So when I first tried OpenCode, I didn’t expect much. I had already used a few AI coding tools that felt like add-ons to an IDE and could only guess what was happening based on the file…

Read More
SQL

Run a profiling pass on a messy table for the first time and the report reads like a doctor listing everything wrong with a patient who skipped a decade of checkups. Twelve thousand rows fail this check. Four hundred fail that one. Forty fail this other one. Not one line of it tells you which finding carries the most data quality risk.Your brain does the natural thing. It sorts by the biggest number.Please do not start with the twelve thousand.The row count and the risk almost never point at the same problem.The forty rows that mattered more than the twelve…

Read More

Most beginning programmers default to the three largest tech channels on YouTube they can find. Although those channels do have their place, actual communities of programmers on Reddit and Discord frequently point students to less well-known creators. These lesser-known channels do not simply cover textbook definitions. They demonstrate how software actually works in production. Getting stuck on abstract coding ideas can slow your progress. When you are faced with tight deadlines or difficult tech tasks while learning programming in college, you may go as far as to seek help from an established essay writing online platform in order to complete…

Read More

Big, distributed computing systems seldom have visible failures. Most of them start without any bang, frequently with a health-check disconnection, a failed TCP connection or a service port that is no longer listening. Such signals are not too big when considered in isolation. However, in the scenario where systems are running with several hundreds of service instances spread across different regions, these small anomalies can be summed into a continuous flow of operational alerts. This alert traffic may eventually turn into a bullying powerhouse of notable operational noise within infrastructure platforms.In most production setups, port-down alerts constitute a significant percentage…

Read More

Traditional CI/CD pipelines were designed around deterministic software: The same input, configuration and dependency set should produce the same output. This assumption works for APIs, batch jobs and most containerized services. It does not hold cleanly for autonomous AI agents.An agent is a runtime composition of orchestration logic, prompt templates, tool schemas, retrieval context, model configuration, memory and external tool calls. A one-line prompt edit can change the reasoning path. A JSON schema update can make the agent choose a different tool. A retry-policy change can create an accidental loop. A model upgrade can shift behavior even when the application…

Read More