0:00
A lot of infrastructure stories sound small right
0:03
up until they change how people build. S3 gets
0:06
a file system interface. A fake plugin turns
0:09
into a foothold. A security incident comes back
0:12
for a second round and gets worse. An old Kubernetes
0:16
path starts running out of runway. And the next
0:19
generation of workloads is already pushing the
0:22
platform to act differently. That's the story
0:25
this week. Not just new features. more like the
0:28
layers around the system are becoming the system
0:31
hey i'm brian teller i work in devops and sre
0:52
and i run teller's tech this is ship it weekly
0:56
where I filter the noise and focus on what actually
0:58
changes how we run infrastructure and own reliability.
1:01
Show notes and links are on shipitweekly .fm.
1:05
If the show's been useful, follow it wherever
1:07
you listen. Ratings help way more than they should.
1:10
And if you want more signal between episodes,
1:12
check out oncallbrief .com. We have five main
1:16
stories today, then the lightning round, and
1:18
we'll wrap with the human closer. we're starting
1:21
with amazon s3 files because aws just changed
1:24
the way that s3 can show up in applications and
1:27
i think people are going to oversimplify that
1:30
story really fast then we've got the malicious
1:32
npm packages pretending to be Strapi plugins
1:36
which is just a very 2026 supply chain story
1:40
after that trivia again but this time as the
1:43
uglier follow -on we talked about the earlier
1:46
incident before and now the sequel is broader
1:49
and hits the ci path even harder then we'll hit
1:53
kubernetes ingress to gateway 1 .0 and the bigger
1:56
reality that teams are going to have to migrate
1:59
towards gateway api without pretending that this
2:02
is a one -click swap and finally kubernetes agent
2:06
sandbox because the platform is already starting
2:09
to admit that agent -style workloads are different
2:16
Story one. Amazon S3 files is interesting, but
2:20
I would not call it S3 is EFS now. Let's start
2:23
there. AWS launched S3 files this week, and the
2:27
headline version is simple. You can expose an
2:29
S3 bucket as a file system and mount it from
2:33
EC2, ECS, EKS, or Lambda. AWS says it supports
2:39
NFS version 4 .1 operations, syncs changes back
2:43
to S3, and uses a high -performance active data
2:46
layer to make file access fast. What I think
2:50
is interesting here is how this compares to the
2:53
old S3FS or generic FUSE -style pattern. Because
2:57
people have been trying to make S3 feel like
2:59
a file system forever. But that old approach
3:02
usually came with the usual caveats. Weird semantics.
3:06
performance trade -offs, caching weirdness, consistency
3:09
questions. General, yes, it mounts, but should
3:13
it? Energy. This feels smarter than that. Not
3:16
because it magically turns object storage into
3:18
a perfect shared file system, but because AWS
3:21
is very clearly building and managing the translation
3:25
layer for you instead of leaving you to duct
3:28
tape it together yourself. So this is related
3:30
to the old S3FS and FUSE idea in the sense that
3:34
it solves the same human problem. which is my
3:37
app or tool wants files, not bucket APIs. But
3:41
it is not just a nicer wrapper around the same
3:44
old hack. It is AWS putting a managed service
3:47
boundary around the pattern. That said, I still
3:51
would not read this as S3 is basically EFS now.
3:54
I think the better read is that AWS put a managed
3:57
file system layer in front of S3 so file -based
4:01
tools and workloads can interact with bucket
4:04
data more naturally. especially AI and ML -style
4:08
workflows, without everybody inventing their
4:11
own copy pipeline or mount trick. Where I still
4:14
have questions is real -world behavior once this
4:18
is under pressure, multi -writer contention.
4:21
Sync behavior. What the latency story looks like
4:24
once the happy path cache assumptions stop being
4:27
happy. So for me, the takeaway is not S3 replaced
4:30
file storage. It is more like the object store
4:33
just got a much friendlier interface for workloads
4:36
that were never really written to think in buckets.
4:39
And that matters because once the interface changes,
4:43
people start building differently. Story 2. The
4:50
fake Strapi plugin story is ugly, but very believable.
4:54
Next up, the supply chain mess. Researchers found
4:57
36 malicious NPM packages disguised as Strapi
5:02
plugins. They followed the Strapi plugin naming
5:05
pattern, used post -install scripts, and came
5:08
with different payloads aimed at Redis and Postgres
5:11
SQL. credential harvesting, reverse shells, and
5:15
persistence. That is the part that I think lands.
5:18
Not just NPM had malware again, more like this
5:21
is what the modern trust problem looks like.
5:24
The package ecosystem, the install workflow,
5:27
the environment variables, the local services,
5:30
the containers, the database paths. All of that
5:33
is fair game once developers or pipelines run
5:37
something they should not have trusted. And I
5:40
think the Strapi angle is useful too. Because
5:42
it plays on something real. Developers expect
5:45
there to be plugins. They expect those plugins
5:47
to be named in ways that feel obvious. Attackers
5:51
know that. So the trick is not brilliance. It
5:54
is just getting close enough to expected behavior
5:56
that nobody slows down. That's why these stories
5:59
matter. Not because every team uses Strapi. Because
6:03
every team uses something with a plugin model,
6:06
a package manager, and a little too much trust
6:09
in what shows up during install. Story 3. Trivia
6:16
is back, and this one is the uglier sequel. Next
6:19
up, the trivia follow -up. We talked about the
6:22
earlier trivia incident back in episode 24. This
6:25
is not just the same story repeated. This is
6:28
the second chapter, and Aqua's own write -up
6:31
says that pretty clearly. On March 19th, Aqua
6:34
said a threat actor used compromised credentials
6:37
to publish malicious releases of trivia. trivia
6:41
action and set up trivia and that this was a
6:44
follow -up from the march 1st incident because
6:47
the original containment was incomplete that
6:50
matters because now we are not just talking about
6:53
repo disruption or suspicious activity around
6:56
the project now we are talking about official
6:59
releases and ci tooling being turned into a distribution
7:03
path for credential theft aqua said affected
7:06
users should treat reachable secrets as compromised
7:09
and rotate them Multiple security write -ups
7:13
also called out that the compromised actions
7:15
and releases were used to target CICD environments
7:19
directly. This is the nightmare version of security
7:22
shifted left. The scanner is not outside the
7:25
blast radius. The security tool is not outside
7:28
the blast radius. The thing scanning your code
7:30
may need the same level of paranoia as the thing
7:34
deploying it. And I think that is why this one
7:36
is worth covering even though we already talked
7:39
about Trivi before. The first story was something
7:42
is wrong. The follow -on story is the earlier
7:45
compromise turned into malicious releases and
7:48
broader CI impact because the attacker still
7:51
had a path back in. That is new enough and ugly
7:55
enough to justify a follow -up. Kubernetes' ingress
8:04
to Gateway is the kind of migration story platform
8:07
teams actually live through. Now let's get back
8:09
to platform work. Kubernetes announced ingress
8:12
to Gateway 1 .0, and the framing is pretty direct.
8:16
With Ingress Engine X retired as of March 2026,
8:21
the question is not really whether teams will
8:23
move towards Gateway API, but how they do it
8:26
safely. That is why I like this story. Because
8:29
it is honest. A lot of migration stories get
8:32
told like they are basically just YAML translation
8:35
and maybe a few find and replaces. But anybody
8:38
who has lived through one of these knows the
8:41
hard part is not converting manifests. The hard
8:44
part is discovering all of the weird behavior
8:46
your current setup has been carrying for years
8:49
and deciding what actually needs to survive the
8:51
move. And Gateway API is a real shift. More modular.
8:56
More expressive. Better separation of concerns.
8:59
Great. But the migration still has to happen
9:01
in environments where teams have old annotations,
9:04
old controller -specific assumptions, and production
9:07
traffic that does not care how elegant the destination
9:11
architecture looks on a blog post. So I think
9:14
this is one of those very real platform stories
9:16
where the value is not the destination alone.
9:20
It is having a safer path off the thing everybody
9:23
relied on for years. Story five. Agent Sandbox
9:31
is Kubernetes admitting the workload model is
9:34
changing. Last main story. Kubernetes also published
9:38
a piece on Agent Sandbox. And I think it is worth
9:41
paying attention to. Not because everybody needs
9:43
it tomorrow, but because it signals where the
9:46
platform sees things going. The argument is basically
9:49
that long -running AI agents do not behave like
9:52
normal short -lived stateless workloads. They
9:55
need stable identity, workspace persistence,
9:58
isolation, scale to zero behavior, and warm pulls
10:02
so they do not feel painfully cold every time
10:05
they wake up. That feels right to me. Because
10:07
even if you are not all in on agent hype, the
10:11
platform problem is real. Once you have workloads
10:14
that hold context longer, need tool access, spin
10:17
up and down differently, and may need tighter
10:20
isolation than a normal web app, the old abstractions
10:24
start feeling a little off. And that is part
10:26
of why I like this story paired with S3 Files.
10:30
S3 Files says here's a friendlier interface for
10:33
data because these newer workflows want file
10:36
semantics. Agent Sandbox says here's a friendlier
10:40
runtime shape because these newer workloads want
10:43
different lifecycle semantics. Those are different
10:46
stories, but they rhyme. the platform is getting
10:49
nudged by new usage patterns, whether we want
10:52
to call that AI, agents, or just another round
10:55
of abstraction pressure. A few quick ones before
11:05
we wrap. Fortinet customers have an actively
11:08
exploited problem on their hands. Fortinet released
11:11
an emergency update for Fortinet EMS after CVE
11:15
-2026 35616. A critical flaw was exploited in
11:21
the wild, and CISA added it to the known exploited
11:25
vulnerabilities list on April 6th. Karpathy had
11:28
one of those posts making the rounds again that
11:31
taps into the bigger conversation around how
11:34
much software work is shifting from direct coding
11:37
towards orchestration, review, and steering.
11:41
I do not think the useful takeaway there is blind
11:43
hype. I think it is that a lot of engineers are
11:46
already feeling the interface to software work
11:49
changing, even if the results are still uneven.
11:52
And then there is Proofshot, which I actually
11:55
think is a pretty fun tool mention. It is an
11:57
open -sourced CLI that tries to give AI coding
12:01
agents eyes by recording browser sessions. capturing
12:05
screenshots, collecting console and server errors,
12:08
and bundling proof artifacts for humans to review
12:11
or attach to pull requests. If agents are going
12:15
to claim they built something, they should probably
12:17
bring receipts. I think the cleanest closer for
12:28
this one is this. The interface layer is becoming
12:31
the story. Not just the database. Not just the
12:35
bucket. Not just the cluster. And not just the
12:38
scanner. The layer in front of it. The workflow
12:41
around it. The migration path off of it. The
12:44
trust assumptions baked into it. This is where
12:47
a lot of the real action is now. S3 is still
12:50
S3. But the file system interface changes who
12:54
can use it and how. Until the second incident
12:57
shows it can turn into a broader distribution
13:00
path for secret theft if the first breach was
13:03
not fully closed. Ingress is still just ingress.
13:07
Until the controller everybody built around it
13:10
starts aging out and you realize how much invisible
13:14
behavior you were carrying the whole time. And
13:17
Kubernetes is still just Kubernetes, but even
13:20
it is starting to say out loud that newer workloads
13:23
may need different shapes, different assumptions,
13:26
and different guardrails. That's the human side
13:29
of this stuff. A lot of ops pain comes from realizing
13:32
too late that the helper layer was never really
13:35
a helper layer. It was part of the system, maybe
13:39
the important part. And the teams that do well
13:42
are usually the ones that figure that out before
13:45
the incident does. All right, that's it for this
13:48
week of Ship It Weekly. Quick recap. Amazon S3
13:52
files and why I think it is more managed file
13:55
layer over S3 than S3 is EFS now, especially
14:00
compared with the old S3FS and Fuse -style approach.
14:05
Malicious Strapi flavored NPM packages, the
14:08
trivia follow -on incident, and why it was worth
14:11
revisiting. Kubernetes ingress to gateway and
14:14
the bigger gateway API migration pressure and
14:17
agent sandbox as a look at where the platform
14:20
may be headed next. Links and show notes are
14:23
on shipitweekly .fm. You can also find the video
14:26
versions on YouTube. And if you want more signal
14:29
before the episode, check out on callbrief .com.
14:33
If this episode was useful, follow or subscribe
14:35
wherever you listen, and send it to the person
14:38
on your team who keeps having to explain that
14:40
the thing everybody calls just glue is usually
14:43
sitting directly on the blast radius. Thanks
14:46
for listening, and I'll see you next week.
