Welcome to this week’s edition of the DevOps Bulletin!

Ever imagined using GitHub Actions to run C code or even a fake bash script? It turns out you can, and it’s weirder than you think. We’re also celebrating 20 years of Git, diving deep into its quirky origins and surprising history. And speaking of surprises: MCP (Model Context Protocol), the popular AI integration standard, isn't as secure as you might assume—here’s what you need to know about its hidden vulnerabilities.

We’ll also cover critical issues like why single-function AWS Lambdas might actually slow you down, a significant privilege escalation vulnerability in GCP Cloud Run, and why the order of your SSH config files matters. Plus, Microsoft patches 126 flaws.

Don’t miss our featured AWS live session covering practical tips for cloud governance at scale—ideal for FinOps teams and security leaders looking to track costs, ensure compliance, and fix security gaps.

Our tutorials this week are packed: optimize PostgreSQL full-text search, use tag-based IaC ownership strategies, and discover top MCP servers. Learn how to build a spelling game with AWS Serverless and GenAI, deploy IAM Roles Anywhere, scale data stores the Nextdoor way, migrate a full Podcast site to DynamoDB, understand Linux Kernel security defenses, and review the state of online schema migrations in MySQL.

We’re also spotlighting useful open-source tools such as DrawDB for easy database modeling, Coolify as a self-hosted Heroku alternative, ChronDB for chronological storage inspired by Git, BlackCat for validating Azure security, Coroot for powerful open-source observability, Hatchet for Postgres-based background tasks, and Zev, helping you remember terminal commands through natural language.

All this and more in this week’s DevOps Bulletin—don’t miss out!

Newsworthy Stories

• Any program can be a GitHub Actions shell

• 20 years of Git. Still weird, still wonderful

• The “S” in MCP stands for security

• Why single-function Lambdas is a terrible choice for Serverless development

• A privilege escalation vulnerability impacting GCP Cloud Run

• The order of files in /etc/ssh/sshd_config.d/ matters

• Why we won't hire a junior with five years of experience

• Microsoft patches 126 flaws

Event of the week

Today, I’m joining AWS for a live session on cloud governance at scale. We’ll cover practical ways to:

• Find untagged or misconfigured resources.

• Track costs across accounts and teams.

• Detect compliance and security gaps.

So, if you’re part of a Cloud Center of Excellence, working in FinOps, or leading cloud governance, this will be worth your time - Join for free!

Podcast of the week

Tutorials of the week

• PostgreSQL full-text search: fast when done right

• IaC Ownership: Tag-based approach

• Awesome MCP servers

• Systems approach to Infrastructure as Code

• How to build a spelling game with AWS Serverless and GenAI

• Planning for your IAM Roles Anywhere deployment

• Scaling Nextdoor’s datastores

• How I migrated an entire Podcast website’s data To DynamoDB

• Linux Kernel defense map

• The state of online schema migrations in MySQL

Projects of the week

• DrawDB is a user-friendly database entity relationship (DBER) editor right in your browser.

• Coolify is an open-source & self-hostable alternative to Heroku / Netlify / Vercel / etc.

• ChronDB is a chronological key/value database storing based on database-shaped git (core) architecture.

• BlackCat is a PowerShell module designed to validate Microsoft Azure's security. It provides a set of functions to identify potential security holes.

• Coroot is an open-source APM & Observability tool, a DataDog and NewRelic alternative.

• Hatchet is a platform for running background tasks, built on top of Postgres.

• Zev helps you remember (or discover) terminal commands using natural language.

Meme of the week