Operations | Monitoring | ITSM | DevOps | Cloud

Kosli recently released kosli evaluate trail, a command that evaluates selected attestations in a Kosli trail against a Rego policy file. We used it to build a complete and useful solution for tracking Snyk container vulnerabilities for cyber-dojo (an open-sourced browser based online tool for practising TDD which Kosli uses for demos). You’ll read about what we built, why we built it, how we tested it, and specifically.

Kerberos is a secure network authentication protocol that allows users and systems to prove their identity over a network without sending passwords in plain text. It is widely used in enterprise environments (for example, in Windows domains) to enable single sign-on (SSO). At its core, Kerberos uses a trusted authority called the Key Distribution Center (KDC) to issue encrypted “tickets” that verify identity.

The uptime & availability of our status pages hasn't been great these past few days. The root cause is a persistent and pretty aggressive DDoS attack targeted at our own status page, status.ohdear.app. As a result, the overload on our systems also affected all other status pages we host for clients. We're not yet at Github or Claude levels of uptime sadness, but this isn't acceptable to us. In this post, I'll share what's happening and what steps we've already taken.

Running VMs in Kubernetes sounds like a crazy workaround for avoiding vendor lock-in, and standardizing legacy applications and newer containerized workloads on one control plane with one set of security policies to govern them all. It is, however, a rapidly growing pattern, and KubeVirt live migration — moving running VMs between nodes without downtime — is increasingly central to platform engineering use cases that require full VMs, like on-demand CI/CD pipelines.

Every enterprise is building AI agents. Marketing has one summarizing campaign performance. Engineering has one triaging incidents. Customer support has one resolving tickets. Finance has one processing invoices. Each was built by a different team, using a different framework, with different assumptions about security. Now those agents are talking to each other through agent-to-agent (A2A) communication. The incident-triage agent calls the customer-support agent to check affected accounts.

Today, we are going to look at a few things related to handling secrets. While Icinga 2 has no dedicated mechanisms for secret handling, there are a few tricks you can do with standard features. This is not meant as a step-by-step tutorial, but rather as an inspiration where you can adopt the ideas that make sense in your setup.

Non-technical teams are building apps on Lovable, Bolt.new, and Replit with company data and zero governance. Here's why that's a compliance nightmare - and what enterprise platform teams should deploy instead. Romaric founded Qovery to make Kubernetes accessible to every engineering team. He writes about platform strategy, developer experience, and the future of cloud infrastructure.