Johannes Schnatterer

I think we all recognize that AI changes the way we produce code.
To me it seems it wides the gap what a single dev can reach in terms of output.
The HN discussions shows mixed feelings about this:
news.ycombinator.com/item?id=4550...

What are your thoughts?

Using Coding Agents in combination with software engineering best practices: Unit testing, concept-first, version control, code review, manual testing, etc. for higher output.

TIL the term #VibeEngineering" as opposite of #VibeCoding, proposed by @simonwillison.net

While the term does not feel intuitive to me, the idea does:

⚠️ Recommendations:
At least run: npm/yarn/pnpm audit

npm config set ignore-scripts true --global

What else?

Does anyone know of any specific tooling to check if impacted?

Same attacker as nx?
HackerNews: news.ycombinator.com/item?id=4526...

🗓️ 17 Sep: attack #Shai-Hulud / #CrowdStrike / #tinycolor
Self-replicating worm 😱 started by briefly infecting tinycolor and packages by vendor CrowdStrike. Exposes code and secrets via GitHub and tries to propagate to other packages via npm tokens. Now impacts nearly 500 packages.

🗓️ 8 Sep: #chalk, #debug-js and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️

HackerNews: news.ycombinator.com/item?id=4516...
CVE-2025-59144: github.com/advisories/G...

Image of sandworm Shai-Hulud of the Dune saga. Namesake of the supply chain campaign.

TLDR recent #npm supply chain attacks

🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity

HackerNews: news.ycombinator.com/item?id=4503...
GHSA: github.com/nrwl/nx/secu...

Yep, I've been pwned. 2FA reset email, looked very legitimate.

Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.

Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.

Here is the link for opting out

www.linkedin.com/mypreference...

LinkedIn settings showing settings where this setting is enabled: Data for Generative AI Improvement Can LinkedIn use your personal data and content you create on LinkedIn to train generative AI models that create content? Use my data for training content creation AI models

Shouldn't this be opt in? 🧐😱

Now is the time to opt out.

#linkedin #ai #gdpr

The switch was really easy.

The only customization I did was to enable the constant reminder of my cloud account and node.js version.

Having the time displayed as part of the prompt also turns out useful when scrolling back up later.

github.com/schnatterer/...

Terminal window showing zsh with tmux and starship and a prompt that shows the time. Command "sleep 3" returns "took 3s"

Anyone still using #powerlevel10k #zsh theme?
It has been on "life support" > 1 year.

I had been using it for almost 5 years because of instant prompt.
Now switched to #starship, which I already had an eye on back then.

Is there a reason not to use starship?
What common (zsh) themes are there?

#docker or #podman?

A polarised discussion 👇
news.ycombinator.com/item?id=4513...

Does not motivate me to give podman another go.
I like being efficient and not struggle with things I wouldn't have to with docker 😐

Can anyone share podman success stories?

Project API Token Exposes Repository Credentials ### Summary Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the t...

Just patched Argo CD CVE-2025-55190, scoring 9.9 😱

github.com/argoproj/arg...

nvd.nist.gov/vuln/detail/...

I am impressed that the argo project fixed this in so many versions 🙏
2.13.9, 2.14.16, 3.0.14 and 3.1.2.

#argocd #cve #CVE202555190

Anyway, here is my workaround (to be executed on the host) 😱

sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd

Anyone ever had similar problems and have a better solution?

Presumably, this is a limitation of k3d running in a container itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.

Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.

My LDAP pod failed to start with permission denied errors when the startup script used slapadd. These would not go away, even as root.

Featured graphic: k3d LDAP deployment challenges

As a longtime fan of local #k8s clusters for fast feedback (especially #k3d ),I've just faced my first real challenge: deploying #LDAP 😅
(caused by apparmor and nested containerization)

Anyway, here is my workaround (to be executed on the host) 😱

sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd

Anyone ever had similar problems and have a better solution?

Presumably, this is a limitation of k3d running containerized itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.

My LDAP pod failed to start with permission denied errors when the startup script used slapadd.

Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.

Terminal showing command "helm images get prometheus-community/kube-prometheus-stack" and a list of images as output

TIL: #helm image plugin shows all images for a chart, even respecting dependencies 🧐

github.com/nikhilsbhat/...

Argo CD 3.1 brings OCI support Entdecken Sie das deutsche GitOps Buch. Lernen Sie Best Practices für Continuous Deployment, Kubernetes und sichere GitOps Workflows kennen.

#ArgoCD 3.1 brings OCI support for generic #OCI artifacts 🥳

I had a first look 👇️

gitops-book.dev/blog/2025-08...

XKCD 2347 comes to mind, but I don't feel like laughing.

Health of External Secrets project · Issue #5084 · external-secrets/external-secrets Update 2: OMG thank you all for signing up. We weren't expecting such a positive response from the community <3 Update We've decided to stop releases until more long-term maintainers join our team....

An important building block of many cloud-native architectures just had to stop maintenance:
#ExternalSecretsOperator #ESO.

github.com/external-sec...

The unfortunate fate of so many open source projects: We all use them, but we don't support them. Maintainers burn out.

Cloudogu Platform More flexibility for your software tools.

Facing challenges with air-gapped envs or multi-tenant architectures?
I'd love to hear from you! Schedule here:
🗓️ platform.cloudogu.com/person/johan...

Our goal is to provide a simple UX to platform admins:
Add one file to git, a new tenant gets rolled out.
Change one version number in git, all tenants get upgraded.

#GitOps at it's best!

3/x

The next big thing we are working on is the option to role out dedicated instances per tenant, that are managed centrally.

Kind of like an IDP as a Service (Is #IDPaaS a thing? 😅)

2/x