Newslurp

<< Stories

Bazelโ€™s Sins โšซ, Securing Open Source Credentials ๐Ÿ”’, Azure DevOps MCP Server โœจ

TLDR DevOps <dan@tldrnewsletter.com>

June 25, 11:09 am

TLDR DevOps
Bazel compromises its promise of hermetic builds by mounting the root filesystem, leading to hidden dependencies and inconsistent behavior โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ  โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ โ€Œ 

TLDR

Together With Chronosphere

TLDR DevOps 2025-06-25

The Manning Guide to Logging Best Practices (Sponsor)

Modern applications generate obscene amounts of log data. Good logging practices make this data actually useable for debugging purposes, rather than a JSON dump that no one has the courage to sift through.

Grab a copy of the Manning eBook Logging Best Practices and use it as a handy reference for logging best practices, applying filters to control log events, and different logging frameworks for app development.

Get your free copy from Chronosphere

๐Ÿ“ฑ

News & Trends

New: Use Terraform Modules in Pulumi Without Conversion (7 minute read)

Pulumi announced direct support for executing Terraform modules, aiming to simplify migration to Pulumi for users with complex module dependencies. The new feature allows incorporating existing Terraform modules into Pulumi projects, with a three-phase approach: start new projects in Pulumi, incrementally migrate modules, and fully migrate when ready.
Google Cloud donates A2A to Linux Foundation (5 minute read)

Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, launching a new open-source project to standardize communication between AI agents. Backed by companies like AWS, Microsoft, and Cisco, A2A aims to foster a vendor-neutral, interoperable ecosystem for secure and collaborative AI agent interactions.
๐Ÿš€

Opinions & Tutorials

DNS best practices for implementation in Azure Landing Zones (5 minute read)

Azure Landing Zones use centralized DNS with Private DNS Zones and Resolvers for secure, scalable name resolution across hub-and-spoke networks. On-premises DNS integration requires conditional forwarders without AD replication to maintain hybrid connectivity and control.
DevOps: Automating Release Tags (4 minute read)

A GitHub Actions workflow can automate semantic version tagging and release creation on pull request merges, including automatic major version bumps triggered by labels or keywords. This system generates release notes from PR metadata and pushes tags and releases without manual intervention.
Bazel's Original Sins (3 minute read)

Bazel compromises its promise of hermetic builds by mounting the root filesystem, leading to hidden dependencies and inconsistent behavior. Its added support for Windows and bzlmod introduces complexity and dependency issues, diverging from the tightly controlled, monorepo approach that made it successful at Google.
๐Ÿง‘โ€๐Ÿ’ป

Resources & Tools

WireGuard Easy (GitHub Repo)

WireGuard Easy is the easiest way to install and manage WireGuard on any Linux host. The project provides an easy-to-use Web UI for Wireguard management.
Cognee (GitHub Repo)

Cognee is a tool for building dynamic memory for AI agents. It utilizes scalable, modular ECL (Extract, Cognify, and Load) pipelines and can be installed with pip, poetry, or uv.
๐ŸŽ

Miscellaneous

How Google Cloud is securing open-source credentials at scale (3 minute read)

Google Cloud has developed a scanning tool that automatically detects leaked credentials in open-source artifacts, such as packages and Docker images, helping prevent misuse and improve security across the software supply chain. The system enables near-instant remediation of credential exposures. It will soon expand to include third-party credentials and broader open-source platform coverage.
Remote Code Execution on 40,000 WiFi alarm clocks 2024-12-13 23:44 label reverse engineering IoT (6 minute read)

A security researcher found that Loftie alarm clocks have critical vulnerabilities, including publicly available credentials that can be used to access alarm settings, WiFi network BSSIDs, and even send commands to any of the 40,000+ clocks.
โšก

Quick Links

Azure DevOps MCP Server, Public Preview (2 minute read)

Azure DevOps MCP Server is now in public preview, enabling GitHub Copilot in Visual Studio and VS Code to interact with Azure DevOps environments using local, private data.
Implicit is better than explicit (3 minute read)

Google Cloud's outage in June was caused by a misconfigured policy with blank fields that triggered a crash loop in Service Control across regions.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/fc7198a6/10
Track your referrals here.

Want to advertise in TLDR? ๐Ÿ“ฐ

If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.

Want to work at TLDR? ๐Ÿ’ผ

Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Kunal Desai & Martin Hauskrecht


Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR DevOps isn't for you, please unsubscribe.