- Again?
- Again!

This time with eBPF, though.

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks.

>> "Attackers can speculatively hijack control flow within the same domain (e.g., kernel) and leak secrets across privilege boundaries, re-enabling
classic Spectre v2 scenarios without relying on powerful sandboxed environments like eBPF," VUSec said.

#security

​​🎉 On this day, 8 years ago, this channel was created 🎉

I find it to be a big accomplishment: being able to take care of it for so long and also keep somewhat consistent posts schedule! In these 8 years, CatOps grew to more than 5k subscribers, we had our voice chats (although irregular), and a newsletter.

I've led CatOps longer than I stayed at any job. Heck! In these years, I've changed jobs 3 times and moved countries. Yet, this channel is still here. This is cool, but also a bit weird at the same time.

It all is possible because of you! Thank you for keep reading CatOps, reacting to the posts, and sharing them. For real, I have an idea of abandoning it for good many times, Each time though, I thought: well, but at least someone finds it interesting.

If you enjoy CatOps, and you want to make us a small present, you can do it by donating to Hospitallers using this Monobank Jar:

https://send.monobank.ua/jar/9aHg73XmQm

#catops #birthday

A great concise explainer-article about PostgreSQL.

It’s needless to say, how popular is Postgres in the industry. This article covers topics of:

- Connection management
- WAL
- MVCC
- Query execution
- Indexing
- Table partitioning
- Logical decoding
- Extensions
- Statistics collector

So, a quite excessive list actually. My only two nitpicks are:

- When talking about MVCC, there’s a phase that sounds as if locks do not exist in Postgres. They pretty much do! Moreover, it’s crucial to pay attention to what locks what operations acquire. I usually use this reference to double-check.
- When talking about the query planning, there’s article doesn’t explain the subtle difference between EXPLAIN and EXPLAIN ANALYZE. The latter actually runs a query under the hood, which may be ok for SELECT queries, but likely not for inserts and updates.

Apart from this small things, this is a very good article!

#databases #postgres

​A friend of mine's recon team is getting a Shark complex, but they need a trailer to move it!

This powerful UAV needs a two-axle trailer for transport. Let's help them get it.

Donate to get us closer to giving them the mobility they need:

- Monobank jar: https://send.monobank.ua/jar/9hNbCnoiN1
- Card: 4441 1111 2429 2776

#donations #Ukraine

On Describing Not Explaining is a neat life-story that unveils a way of reasoning about incident investigations.

The gist is that instead of guessing what could possibly happen (an instinctive approach), you try to describe what exactly happened and in what order. Just saying this out loud can help you to cut off many unlikely causes, and also may help you to remember some less obvious recent changes.

#sre #incidents

I think, I first encountered this tool in Den Vasyliev's channel. Kubeshark - a network observability tool for Kubernetes.

Network observability comes handy at times. So, here are some other tools and articles one can use to capture packets in your sustem.

- ksniff - a Kubectl plugin to capture traffic
- Hubble - an observability tool for Cilium
- How to use debug containers to capture the traffic - basically running tcpdump inside a pod
- A hands on lab on how to run tcpdump in a pod


Happy capturing!

#kubernetes #networking

A new issue of the CatOps Newsletter is here!

https://newsletter.catops.dev/p/catops-digest-2025-06-01

#newsletter #digest

​​Let’s close the last week’s fundraiser today for good! There’s not that much left.

​A friend of mine's recon team is getting a Shark complex, but they need a trailer to move it!

This powerful UAV needs a two-axle trailer for transport. Let's help them get it.

Donate to get us closer to giving them the mobility they need:

- Monobank jar: https://send.monobank.ua/jar/9hNbCnoiN1
- Card: 4441 1111 2429 2776

#donations #Ukraine

A bundle of book bundles for you today. There were a couple of bundles released recently, so I just grouped them together.

1. ML/AI books by O'Reilly
2. Learn to program by Pearson
3. Cybersecurity and forensics by Pearson

Just keep in mind that often Humble Bundle shares reoccurring bundles. So, always check your library before the purchase :)

#books #ml #ai #security #programming

All talks today are about AI: models, agents, RAGs, MCPs, editors, etc.

In this article, Arseniy Zinchenko explains what is an MCP (model context protocol) with an example.

And in the follow-up article, he expands the example by writing a basic MCP for Victoria Logs.

BTW, if you're still not subscribed to his Substack, make sure to subscribe! Arseniy posts some great technical content there and makes it quite regularly.

#ai

A very nice overview (with examples) of Wardley maps & Pace Layering - methods that can help you building a technical strategy at your company, and reason about planning and budgeting.

#leadership #strategy

To analyze the data, one has to collect it first. So, I'd like to invite you to participate in two ongoing surveys:

- 2025 Stack Overflow Developer Survey - an annual survey from a very important (albeit not so popular anymore) engineering resource (in English).
- DOU Salary survey - an annual survey of the Ukrainian community (in Ukrainian).

#random

Figma runs in Kubernetes. How can I be sure? By reading their blog post How we migrated onto K8s in less than 12 months.

This blog post doesn't dive deep into technical details, but it provides a glimpse of what technologies are used by Figma to manage their infrastructure.

What I liked about this article is that they have "in less than 12 months" right in the title! I think, more articles should provide realistic timelines, especially when talking about production systems under load. "Kubernetes up & running in 30 minutes" have its own merit, but not in prod.

#kubernetes

This article is quite old, but it's interesting nonetheless, since it describes an approach rather than a specific technology.

Moreover, it describes a phenomenon that was identified long time ago. However, here Slack shows how they used it to adopt (or discard) software within the company. Sure, such an approach would work better in larger organizations, but it's still interesting to read about.

#culture

Yet another bundle of programming books on HumbleBundle. This one is from No Starch Press, who usually have good books.

#books

Who would win: a null pointer crash loop or a multi-billion dollar corporation?

And here we have a postmortem of the recent Google’s outage.

P.S. Kudos to Google for releasing this postmortem so quickly!

#postmortem

​​​​For today's Donations Monday, I want to share with you a fundraiser by DOU.ua.

They are raising 20M UAH (~€42k) for reconnaissance drones for the 3rd Assault Brigade.

Here's the direct link to the Monobank Jar:
https://send.monobank.ua/jar/AGK8qiQwQX

There is also a raffle for donations of more than 300UAH. If you know to know more about the raffle, as well as about the fundraiser itself, check out the dedicated page (information is in Ukrainian):
https://dou.ua/triyka/

#donations #Ukraine

I'm experimenting with the day of digest. So, here's the new issue:
https://newsletter.catops.dev/p/catops-digest-2025-06-17

#digest #newsletter

Apple has apparently realized that the big chunk of their customers are tech companies.

So, we are closer to get a native Linux container implementation, or rather the official implementation, in macOS 26 (Tahoe).

An interesting thing about this implementation is that instead of spinning a single big VM for all the containers, which is pretty much what all the existing implementations do; Apple chose to have micro-VMs for each container. In any case, I don't think this implementation detail would impact the UX a lot.

#apple #containers

A quick explainer for the caching strategies. It's concise, but it would be useful, if you're preparing for a system design interview, or thinking of implementing caching in your app.

#system_design

Time to update your passwords, or at least check if you've been pwned. Also, make sure to have MFA configured for your important accouts.

16 billion passwords exposed in record-breaking data breach, opening
access to Facebook, Google, Apple, and any other service imaginable

#security