Episode summaries

Ship It Weekly Show Notes

Show notes are the RSS-synced episode summary: what we covered, links to sources, and the structure of each week's news roundup or conversation. This archive lets you skim every episode's notes in one place without opening the player.

Show notes differ from host commentary (editorial takes) and transcripts (spoken dialogue). Use this page when you want the episode outline and outbound links; open the episode for audio, chapters, and the full experience.

What this page is for

What show notes include

Story summaries, source links, lightning-round items, and conversation topics — synced from the podcast feed when each episode publishes.

Skim or dive in

Read notes inline here to compare weeks or find a link you remember. Open the episode page for audio, transcripts, host commentary, and chapters.

Pair with host commentary

Notes summarize what happened; commentary is the host's read on why it mattered. Host commentaries →

Browse episode show notes

This week on Ship It Weekly, Brian looks at what happens when new interfaces create old responsibilities.

McKinsey patched a vulnerability in its internal AI tool Lilli, Kafka contributors are pushing a diskless-topics model that rethinks durability and replication in cloud environments, and Google officially closed Wiz acquisition in one of the biggest cloud-security moves. Plus: AWS is sunsetting Copilot CLI, Kubernetes launches an AI Gateway Working Group.

Links

McKinsey statement on Lilli

https://www.mckinsey.com/about-us/media/statement-on-strengthening-safeguards-within-the-lilli-tool

Kafka diskless topics proposal

https://cwiki.apache.org/confluence/display/KAFKA/The%2BPath%2BForward%2Bfor%2BSaving%2BCross-AZ%2BReplication%2BCosts%2BKIPs

Google completes acquisition of Wiz

https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/wiz-acquisition/

AWS Copilot CLI end-of-support

https://aws.amazon.com/blogs/containers/announcing-the-end-of-support-for-the-aws-copilot-cli/

Kubernetes AI Gateway Working Group

https://kubernetes.io/blog/2026/03/09/announcing-ai-gateway-wg/

Amazon Bedrock observability for first-token latency and quota consumption

https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-bedrock-observability-ttft-quota/

Cloudflare JSON responses and RFC 9457 support for 1xxx errors

https://developers.cloudflare.com/changelog/post/2026-03-11-json-rfc9457-responses-for-1xxx-errors/

Amazon S3 source-region information in server access logs

https://aws.amazon.com/about-aws/whats-new/2026/02/amazon-s3-source-region-information/

AWS Config adds 30 new resource types

https://aws.amazon.com/about-aws/whats-new/2026/03/aws-config-new-resource-types/

Amazon Bedrock AgentCore Runtime stateful MCP server features

https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-bedrock-agentcore-runtime-stateful-mcp/

More episodes and show notes at

https://shipitweekly.fm

On Call Briefs at

https://oncallbrief.com

Scroll inside the box to read the full show notes.

This week on Ship It Weekly, Brian covers five “AI meets reality” stories that every DevOps, SRE, security, and platform team can learn from.

Block’s AI layoff story is getting messier as follow-up reporting pushes back on the original framing, Meta bought Moltbook and brought more attention to the trust and security problems already showing up around AI-agent platforms, and Atlassian cut about 10% of its workforce while saying AI is changing the skills and roles it needs. Plus: GitHub gives one of the more honest outage breakdowns we’ve seen lately, Anthropic and Mozilla show a more grounded AI use case with Claude finding real Firefox bugs, and there’s a quick lightning round on Bedrock AgentCore policy, Dependabot for pre-commit hooks, and Cloudflare’s latest threat report.

Links

Block layoffs follow-up

https://www.theguardian.com/technology/2026/mar/08/block-ai-layoffs-jack-dorsey

Meta acquires Moltbook

https://www.theguardian.com/technology/2026/mar/10/meta-acquires-moltbook-ai-agent-social-network

Wiz on Moltbook exposure

https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys

Atlassian team update

https://www.atlassian.com/blog/announcements/atlassian-team-update-march-2026

GitHub availability issues write-up

https://github.blog/news-insights/company-news/addressing-githubs-recent-availability-issues-2/

Anthropic + Mozilla Firefox security

https://www.anthropic.com/news/mozilla-firefox-security

Anthropic labor market report

https://www.anthropic.com/research/labor-market-impacts

AWS Bedrock AgentCore Policy GA

https://aws.amazon.com/about-aws/whats-new/2026/03/policy-amazon-bedrock-agentcore-generally-available/

GitHub Dependabot support for pre-commit hooks

https://github.blog/changelog/2026-03-10-dependabot-now-supports-pre-commit-hooks/

Cloudflare 2026 Threat Report

https://blog.cloudflare.com/2026-threat-report/

More episodes and show notes at

https://shipitweekly.fm

On Call Briefs at:

https://oncallbrief.com

Scroll inside the box to read the full show notes.

This is a guest conversation episode of Ship It Weekly (separate from the weekly news recaps).

In this Ship It: Conversations episode I talk with Yvonne Young, a cloud and Linux mentor active in the CloudWhistler community. We talk about the real path into cloud and DevOps, why Linux still matters as a foundation, what “job ready” actually means, and why focus, consistency, and business thinking matter more than chasing every new tool.

Highlights

  • Linux fundamentals still matter because so much of cloud and infra work sits on top of Linux
  • What “job ready” really means: prepare for both technical and behavioral interviews, know the basics, and show how you learn when you don’t know something
  • Why so many juniors stall out by trying to learn everything instead of picking a direction
  • Why daily reps beat cramming: short, consistent practice keeps skills fresh better than marathon study sessions
  • How Yvonne thinks about certifications, including why hands-on certs like RHCSA stand out
  • Hands-on practice ideas: break things on purpose, troubleshoot, fix services, inspect ports, and use the help files
  • Why tools matter less than the business problem they solve
  • Using Vault as an example of solving real issues like secret sprawl, rotation, and centralized access
  • How to think about cloud learning: pick one provider, learn the concepts, and map your path to the kinds of companies you want to work for
  • Why mentorship and community matter, especially for juniors trying not to waste time or head in the wrong direction
  • What seniors can do better: better onboarding, real availability, and giving juniors an actual lifeline when they get stuck

Yvonne’s links

Stuff mentioned

More episodes + details: https://shipitweekly.fm

Scroll inside the box to read the full show notes.

This week on Ship It Weekly, Brian looks at how the boundary of ops keeps expanding.

We cover AWS flagging issues in Bahrain/UAE amid Iran strikes, ArgoCD vs Flux and why ArgoCD can get stuck in failed sync states, GitHub Actions being exploited at scale (plus Trivy’s incident), RoguePilot prompt injection meeting real credentials in Codespaces, Block’s “AI remake” layoffs, and Anthropic’s Claude Code Security for defenders.

Lightning round: DeepSeek model access geopolitics, Vercel’s agentic security boundaries, a KEV CVE to patch, an MCP-atlassian SSRF-to-RCE chain, and Claude Cowork scheduled tasks.

Links

AWS Bahrain/UAE (Reuters) https://www.reuters.com/world/middle-east/amazon-cloud-unit-flags-issues-bahrain-uae-data-centers-amid-iran-strikes-2026-03-02/

ArgoCD to Flux https://hai.wxs.ro/migrations/argocd-to-flux/

GitHub Actions exploitation https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation

Trivy incident https://github.com/aquasecurity/trivy/discussions/10265

RoguePilot https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html

Block layoffs (WSJ) https://www.wsj.com/business/jack-dorseys-block-to-lay-off-4-000-employees-in-ai-remake-28f0d869

Claude Code Security https://www.anthropic.com/news/claude-code-security

DeepSeek (Reuters) https://www.reuters.com/world/china/deepseek-withholds-latest-ai-model-us-chipmakers-including-nvidia-sources-say-2026-02-25/

Agentic boundaries https://vercel.com/blog/security-boundaries-in-agentic-architectures

CISA KEV https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog

mcp-atlassian CVE https://arcticwolf.com/resources/blog-uk/cve-2026-27825-critical-unauthenticated-rce-and-ssrf-in-mcp-atlassian/

Claude Cowork tasks https://support.claude.com/en/articles/13854387-schedule-recurring-tasks-in-cowork

More: https://shipitweekly.fm

Scroll inside the box to read the full show notes.

This week on Ship It Weekly, Brian looks at how the boundary of ops keeps expanding.

We cover AWS flagging issues in Bahrain/UAE amid Iran strikes, ArgoCD vs Flux and why ArgoCD can get stuck in failed sync states, GitHub Actions being exploited at scale (plus Trivy’s incident), RoguePilot prompt injection meeting real credentials in Codespaces, Block’s “AI remake” layoffs, and Anthropic’s Claude Code Security for defenders.

Lightning round: DeepSeek model access geopolitics, Vercel’s agentic security boundaries, a KEV CVE to patch, an MCP-atlassian SSRF-to-RCE chain, and Claude Cowork scheduled tasks.

Links

AWS Bahrain/UAE (Reuters) https://www.reuters.com/world/middle-east/amazon-cloud-unit-flags-issues-bahrain-uae-data-centers-amid-iran-strikes-2026-03-02/

ArgoCD to Flux https://hai.wxs.ro/migrations/argocd-to-flux/

GitHub Actions exploitation https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation

Trivy incident https://github.com/aquasecurity/trivy/discussions/10265

RoguePilot https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html

Block layoffs (WSJ) https://www.wsj.com/business/jack-dorseys-block-to-lay-off-4-000-employees-in-ai-remake-28f0d869

Claude Code Security https://www.anthropic.com/news/claude-code-security

DeepSeek (Reuters) https://www.reuters.com/world/china/deepseek-withholds-latest-ai-model-us-chipmakers-including-nvidia-sources-say-2026-02-25/

Agentic boundaries https://vercel.com/blog/security-boundaries-in-agentic-architectures

CISA KEV https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog

mcp-atlassian CVE https://arcticwolf.com/resources/blog-uk/cve-2026-27825-critical-unauthenticated-rce-and-ssrf-in-mcp-atlassian/

Claude Cowork tasks https://support.claude.com/en/articles/13854387-schedule-recurring-tasks-in-cowork

More: https://shipitweekly.fm

Scroll inside the box to read the full show notes.

This page is for you if…

  • You want episode outlines without listening first
  • You are looking for a link or source mentioned on the show
  • You compare weekly news roundups side by side
  • You share episode summaries with teammates who prefer reading
Scroll to Top