gets aggressive damping).

Result: 0.27°C MAE on battery.



My solution is simple: never reach 42° C.



https://github.com/DaSettingsPNGN/S25_THERMAL-

Please take a look and give me feedback.

Thank you!

https://redd.it/1opvxum
@r_devops

Cost optimization teams, is that a thing?

Hi

I have for the last year been heavily focused on. Cost reduction for our vloud infrastructure (and sometimes non cloud services). Although it isn't the most exciting thing in the world to be the person that goes around trying to save money, it is needed.

In general engineering is unaware/uninterested on how much the resources they consume cost. So in order to control the waste this tends to be something done by a random person in the team when red lights start flashing in a short term tactical manner.

I am wondering if there are teams that specialize in this cost optimization work for technology infrastructure. Is this a thing? Is management willing to invest money to be able to cut percentage points from their infrastructure bill?

I feel this is a need because the skills for someone to be able to do this work sit between an accountant, procurement and engineering. It seems someone hard to get.

https://redd.it/1opvgsz
@r_devops

Here is why you have a bad experience with AI while software engineers enjoy it

There is almost no value in writing infrastructure code.

It’s short, not repetitive, and anything boilerplate is already wrapped in modules. Typing it out isn’t the hard part.

The real work in DevOps is understanding the environment, the dependencies, the risks, and what can break if you touch something. Most popular and generic AI tools don’t handle that. They wait for your instructions, they guess context, and they produce changes you still have to validate line by line and consider their impact.

So you end up guiding the AI instead of getting help. Might as well type it out yourself while you are thinking.

Here is where we make our bet. Agents that can actually do the complete job - discover the problem, solve it end-to-end, validate it, document it, justify the decision, and guide you through what’s changing and why. It can make mistakes just like humans, but at least it went ahead and did 90% of the useful research and provides direction from which engineer can then jump off.

That’s when AI become from "mildly useful to check documentation" to actually being deployed for serious DevOps work.

What do you think?

https://redd.it/1oq03xz
@r_devops

DevOps Internship DevSkiller Questions

I just got invited to do a coding test for a DevOps Internship. I'm kinda new to this, it's my first time I got past the CV check phase. The test is on DevSkiller platform and it includes 32 multi-choice questions. I have 20 minutes only, so I assume they won't make it too hard. Topics will be Bash, Cybersecurity, Linux, Powershell, cloud, DevOps, QA, CI/CD, Containers, Docker, Kubernetes... I don't know how to start preparing, so any advice would be appreciated. Anyone had any experience with this platform? Or can someone tell me what would be the most efficient way to prepare for this? Thanks!

https://redd.it/1oq1fmr
@r_devops

How to use a .env File with Devcontainers/Codespaces

Ever wanted to use `"runArgs": \["--env-file",".env"\]` in your `devcontainer.json` but get errors when booting the devcontainer for the first time since the file doesn't exist yet? Maybe you clone onto your host machine, add your .env, then "Reopen in Devcontainer," but what if you're on a Codespace, or cloning into a volume?

The solution: include a `.env.example` file in your repo root and add these commands to your `.devcontainer.json`:

* `"initializeCommand": "cp -n .env.example .env"`
* `"runArgs": ["--env-file",".env"]`
* `"onCreateCommand": "sudo chown $(whoami):$(whoami) .env"`

Now, the *first* time you boot up you'll have a .env file ready to be filled out. Then you simply `Rebuild Container` and voila! No errors and no weird volume editing or recovery container shenanigans.

https://redd.it/1oq35l7
@r_devops

How I will now handle "wait-until-ready" problems in CI/CD

I ran several time into the same issue in CI/CD pipelines needing to wait for a service to reach a ready state before running the next step.

At first I handled this with arbitrary sleep timers and retry loops, but it felt wrong so I ended up building a small command-line utility that does state-based polling instead for the job.

For example, waiting until a service becomes healthy before tests run:

watchfor \
-c "curl -s https://api.myservice.com/health" \
-p '"status":"green"' \
--max-retries 10 \
--interval 5s \
--backoff 2 \
--on-fail "echo 'Service never became healthy'; exit 1" \
-- ./run_tests.sh


Recently, I added regex and case-insensitive matching so it can handle more flexible patterns, may it be useful for things like Kubernetes pod readiness checks?:

watchfor \
-c "kubectl get pod my-app-pod -o jsonpath='{.status.containerStatuses[0].ready}'" \
-p "true" \
--ignore-case \
--timeout 2m \
--on-fail "echo 'Pod did not become ready in time'; exit 1" \
-- echo "Kubernetes pod is ready!"


I found this approach handy for preventing race conditions or flaky runs when waiting for services to stabilize.
If anyone else deals with similar “wait-until-X” scenarios, I’d love to hear how you solve them (or what patterns you use).

(Code and examples here if you’re curious: [github.com/gregory-chatelier/watchfor](https://github.com/gregory-chatelier/watchfor))

https://redd.it/1oq43is
@r_devops

Built a GitHub PR security scanner (79+ checks, AI auto-fix). Need beta testers.

Hey r/learnjava,


I'm Vitor, solo dev who spent 4 months building CodeSlick.dev - automated security analysis for GitHub PRs.


What it does:
- Scans PRs for 79+ security vulnerabilities (SQL injection, XSS, command injection, hardcoded secrets, etc.)
- Static analysis + dependency scanning (npm, pip, Maven)
- API security checks (insecure HTTP, missing auth, CORS misconfig)
- AI-powered auto-fix suggestions (one-click fixes)
- OWASP Top 10 2021 compliance (100% coverage)
- Sub-3s analysis time per file


Tech stack:
- Next.js 15 + TypeScript
- Acorn parser for JS/TS analysis
- Custom Python/Java AST parsers
- Google OSV for dependency vulnerabilities
- CVSS scoring + CWE mapping
- Neon Postgres + Vercel hosting


Languages supported:
JavaScript, TypeScript, Python, Java


Need beta testers:
- Free for 3 months (Nov-Jan)
- 5-minute GitHub App install
- Test on 2-3 PRs, give feedback
- Ideal: Teams of 2-5 devs using GitHub


What I need from you:
- 30 mins total time (install + test + feedback)
- Honest feedback (what works, what sucks)
- If you like it, a testimonial quote


Limitations (being transparent):
- No C/C++/Go/Rust support yet (roadmap Q1 2026)
- GitHub only (no GitLab/Bitbucket yet)
- EU hosting only (Vercel EU)
- Solo founder (just me, no 24/7 support)


Security/Privacy:
- Only reads PRs you approve (GitHub App permissions)
- Nothing stored long-term (analysis cached 24h max)
- GDPR compliant
- Open to security audit if anyone wants to review


Comment "interested" or DM me for beta access.

https://redd.it/1oq5zm1
@r_devops

How to Use OIDC to Give GitHub Actions Secure Access to AWS

i wrote about a step by step guide on setting up OIDC with github actions. you can read the full breakdown on linkedin

https://redd.it/1oq7ncn
@r_devops

Is This Worth It For A Brand New IT interested guy?

Hi, I am interested in getting into the DevOps world as I have links and people in my network who currently work directly as DevOps technicians or have other IT positions. I wanted to know if this degree will help me? It has promising things on the website, including an internship and I do know people who graduate from here get into a role much easier than just doing stuff by yourself and hoping for a role. https://madisoncollege.edu/academics/programs/cloud-support-associate

https://redd.it/1oq8u25
@r_devops

Game developing

If you’re working on a game but don’t have the skills to make it yet is it better to focus on writing down all your ideas for now?


https://redd.it/1oqajrx
@r_devops

Alternate to Chainguard libraries for Python

I recently came across this blog by Chainguard: Chainguard Libraries for Python Overview.

As both a developer and security professional I really appreciate artifact repositories that provide fully secured libraries with proper attestations, provenance and SBOMs. This significantly reduces the burden on security teams to remediate critical-to-low severity vulnerabilities in every library in every sprint or audit or maybe regularly

I've experienced this pain firsthand tbh so right now, I pull dependencies from PyPI and whenever a supply chain attack occurs and then I have to comb through entire SBOMs to identify affected packages and determine appropriate remediations. I need to assess whether the vulnerable dependencies actually pose a risk to my environment or if they just require minor upgrades for low-severity CVEs or version bumps. This becomes incredibly frustrating for both developers and security professionals.

Also i have observed a very very common pattern i.e., developers pull dependencies from global repositories like NPM and PyPI then either forget to upgrade them or face situations where packages are so tightly coupled that upgrading requires massive codebase changes often because newer versions introduce breaking changes or cause build failures.

Chainguard Libraries for Python address these issues by shipping packages securely with proper attestations and provenance. Their Python images are CVE-free, and their patching process is streamlined. My Question is I'm looking for less expensive or open-source alternatives to Chainguard Libraries for Python that I can implement for my team (especially python developers) and use to benchmark our current SCA process.

Does anyone have recommendations or resources for open-source alternatives that provide similar security guarantees?

https://redd.it/1oqcomb
@r_devops

Any warp alternative?

I have been using warp for a year now and and for $20 a month I used to get 2500 AI credits that used to be enough for me but now they decide to go goblin mode and for $20 a month they give 1500 credits and extra 1000 credits cost extra $20. And I fell the credits burn faster too, so can you guys suggest me a good alternative?

https://redd.it/1oqedgk
@r_devops

Does anyone integrate real exploit intelligence into their container security strategy?

We're drowning in CVE noise across our container fleet. Getting alerts on thousands of vulns but most aren't actively exploited in the wild.

Looking for approaches that prioritize based on actual exploit activity rather than just CVSS scores. Are teams using threat intel feeds, CISA KEV, or other sources to filter what actually needs immediate attention?

Our security team wants everything patched yesterday but engineering bandwidth is finite. Need to focus on what's actually being weaponized.

What's worked for you?



https://redd.it/1oqbsfz
@r_devops

System design interviews for SRE prep help

Hi All,


I have an upcoming system design interview which is based on SRE and I'm really struggling to prepare on it. There are so many resources out there that I have used like hello interview previously but they have absolutely zero on SRE. I've been informed this is a system design prompt on cloud agnostic architecture and I have no idea if that means I will not only do the traditional system design along with doing the cloud infra e.g. no more of that whiteboarding an API Gateway/Load Balancer in the same box, now they absolutely must be separated with the flow clearly explained - or if now I basically put the actual service in a similar little box whilst drafting the cloud architecture around it.

Has anyone had anything similar? Any resources for this?

https://redd.it/1oqgilr
@r_devops

SRE SE Interview at Google - Help Appreciated

# I got a phone screen in few weeks time, and it is a practical coding/noscripting round. Anyone here interviewed for this role?

Prep guide does mention it’s not algorithmically complex, but I’ll need familiarity with basic DSA like hash tables, trees, recursion and linked lists

If anyone interviewed for SE SRE, can you share how you prepped for this round? Is there any problem-set that i can look at online to practice such questions? I tried looking online, but very limited info for SE role.

https://redd.it/1oqfod1
@r_devops

Experimenting with AI for sprint management?

Has anyone tried using AI tools to help with sprint planning, retrospectives, or other agile ceremonies? Most tools just seem like glorified assistants but wondering if anyone's found something actually useful.

https://redd.it/1oqdvqy
@r_devops

Struggling to connect AWS App Runner to RDS in multi-environment CDK setup (dev/prod isolation, VPC connector, Parameter Store confusion)

I’m trying to build a clean AWS setup with FastAPI on App Runner and Postgres on RDS, both provisioned via CDK.

It all works locally, and even deploys fine to App Runner.

I’ve got:

* `CoolStartupInfra-dev` → RDS + VPC
* `CoolStartupInfra-prod` → RDS + VPC
* `coolstartup-api-core-dev` and `coolstartup-api-core-prod` App Runner services

I get that it needs a VPC connector, but I’m confused about how this should work long-term with multiple environments.

What’s the right pattern here?


Should App Runner import the VPC and DB directly from the core stack, or read everything from Parameter Store?


Do I make a connector per environment?


And how do people normally guarantee “dev talks only to dev DB” in practice?

Would really appreciate if someone could share how they structure this properly - I feel like I’m missing the mental model for how "App Runner ↔ RDS" isolation is meant to fit together.

https://redd.it/1oqjrq7
@r_devops

Email Header Injection: Turning Contact Forms into Spam Cannons 📧

https://instatunnel.my/blog/email-header-injection-turning-contact-forms-into-spam-cannons

https://redd.it/1oqlody
@r_devops

Azure pipeline limitations DockerCompose@1

Folks, I was trying to build image for a specific service of my compose file but I unable to do with pipeline. I found only below from azure doc, why it is there for only run? not for build?

serviceName \- Service Name
string. Required when action = Run a specific service.

https://redd.it/1oqniv9
@r_devops

How do you track if code quality is actually improving?

We’ve been fixing a lot of tech debt but it’s hard to tell if things are getting better. We use a few linters, but there’s no clear trend line or score.
Would love a way to visualize progress over time, not just see today’s issues.

https://redd.it/1oqqcsv
@r_devops

How to Post CodeQL Analysis Results (High/Critical Counts + Details) as a Comment on a GitHub Pull Request?


I'm working with a custom-built CodeQL GitHub Actions workflow, and I want to automatically push the analysis results directly into a comment on the pull request. Specifically, I'd like to include things like the count of high and critical severity issues, along with some details about them (e.g., denoscriptions, locations, etc.).

I need them visible in the PR for easier review. Has anyone done something similar? Maybe by parsing the SARIF file and using the GitHub API to post a comment?

Any step-by-step guidance, workflow YAML snippets, or recommended actions/tools would be awesome. Thanks in advance!

https://redd.it/1oqshfj
@r_devops