Author: drweb

SQL

One of the things I’ve been requesting for a number of years is cost information. I could see this coming in 2015 with the move to the cloud and need to justify the resources provisioned along with sizes. Doing that effectively needs cost information.Redgate Monitor has added a bit of cost information, and the virtual machine section in the Estate tab contains this. This post looks at what is available (as of June 2026).This is part of a series of posts on Redgate Monitor. Click to see the other posts.Virtual MachinesWhen I first started managing VMs and moving database loads…

Read More

You ran dnf update, and now something has stopped working. Instead of spending hours troubleshooting, you just want to go back to the package version that was working before. This happens more often than most Linux administrators would like to admit. Maybe a new Nginx release introduced a default configuration change that broke your virtual hosts. A Python library update changed an API that your internal scripts rely on. Or perhaps a kernel update no longer works with a third-party driver. From DNF’s point of view, everything installed successfully, but that doesn’t always mean your applications will continue to work…

Read More

Traditional software deployments are high-risk, all-or-nothing events. A single faulty release configuration can cascade into outages, increased error rates, customer impact and costly rollbacks. Progressive delivery changes this paradigm by introducing controlled, observable and reversible releases. The traditional ‘big bang’ release — where code is merged and deployed at 2:00 a.m. — is increasingly a relic of the past.‘Progressive delivery’ is the modern evolution of continuous delivery, designed to reduce the blast radius of new features and decouple ‘deployment’ (moving code to production) from ‘release’ (exposing features to users).In a progressive-delivery model, the goal is to move from a binary…

Read More

Last month, one of our autonomous coding agents (not a copilot suggesting inline completions, but a system that reads a ticket, plans a multi-file implementation and opens a PR without a human touching the keyboard) analyzed a ticket, touched 37 files, updated two database migrations and opened a PR in 11 minutes flat. The diff looked clean. Tests passed. The reviewer approved it.We found the problem at 2:47 a.m. on a Thursday, three days later, during an unrelated log audit. One of our SREs was tailing canary logs trying to trace an intermittent 401, and there it was: A staging…

Read More

Continuous software delivery in the digital age depends on CI/CD pipelines, which enable engineering teams to rapidly develop, test, and deploy code while maintaining high usability and consistency across environments. However, CI/CD pipelines — when systems start small and become complex — can themselves produce a source of friction. Pipelines set up to work for small projects have difficulty scaling with ever more repositories, larger test suites and larger development teams. Slow feedback cycles, increased infrastructure costs and decreased developer productivity are some by-products of bad pipeline design.Here are 10 CI/CD pipeline mistakes that you’ll often come across as part…

Read More

Most Node.js teams rely on CI pipelines to tell them whether their dependencies are secure. By the time that feedback arrives, however, the most important decisions have already been made.A developer installs a package, writes code, commits changes and pushes to a repository. Only then does the pipeline run, a scanner execute and a report appear. At that point, the issue is no longer discovery; it is remediation under time pressure.This is the core problem. CI-based security workflows are fundamentally delayed.From Feedback to FrictionIn theory, CI pipelines provide a consistent and automated way to validate security. In practice, they introduce…

Read More

Modernization used to mean something simpler: Move the workloads, update the tooling, declare the project done. In practice, that approach meant engineers manually migrating hundreds of DataStage jobs one at a time — a process that was slow, error-prone and impossible to scale as platforms grew. The traditional model worked when volumes were low. It broke entirely when weekly release windows started carrying 500 jobs and the only way through was brute-force manual effort.What changed the equation was not just cloud infrastructure, but a fundamentally different operating model. When a CI/CD-based promotion mechanism replaces manual steps — reducing what once…

Read More

The FM life cycle is just the SDLC with more math and less mercy at 3 a.m.You have survived canary deployments that took out 40% of prod instead of 5%. You have been paged because someone merged a config change on a Friday. You know exactly what it feels like when your monitoring tells you everything is fine, right up until the moment customers start tweeting.Now your organization has a foundation model (FM) in production, and I promise you: The on-call playbook you have built over a decade does not cover what happens when your model starts confidently answering customer…

Read More

AI coding assistants have made it trivially easy to ship software faster — and that is precisely the problem. Human developers used to absorb the gaps in a vague spec by asking questions, reading between the lines and quietly steering toward something useful. AI tools do not work that way. They take incomplete requirements at face value and build them literally, which means small ambiguities at the front of the process compound into expensive mistakes at the back. The result is shops moving at AI speed in directions they never meant to go.Jeff Keyes, Field CTO at Allstacks and a…

Read More

Key Takeaways:Vishing is the new frontline threat: Attackers are shifting from emails to phone-based scams, using AI and social engineering to bypass traditional security controls.DevSecOps must expand its scope: Securing code is no longer enough; communication channels like voice, chat, and messaging must be integrated into threat models and security pipelines.Human and technical defenses must work together: Strong architecture (encryption, authentication, Zero Trust) combined with employee awareness and verification practices is key to stopping modern social engineering attacks.As cybercriminals shift from email to phone lines, security professionals need to expand their scope. As a result, voice phishing or “vishing”, which…

Read More