Prometheus Scaling, npm Supply Chain Attack, Securing GitHub Actions and Windows Apps on Linux

Welcome to this week’s edition of the DevOps Bulletin!

AWS just launched S3 Vectors, sparking hot takes on whether it’s the end of vector databases or just a cheaper sidekick. Meanwhile, a massive npm supply-chain attack slipped malware into debug and chalk, exposing tokens across thousands of repos. Terraform fans get two must-reads: 17 design tips before you write a single module, and why treating Terraform state like a distributed system might save you pain. Oh, and Flipkart showed how they run Prometheus at 80M metrics scale without chaos.

On the “how-to” side: learn to lock down GitHub Actions, manage Postgres without superuser, keep SSH sessions alive with systemd-inhibit, make Python code 80× faster with Cython, and handle multiple Docker environments the smart way. Plus, Signadot shared a neat trick: isolating Kafka messages with OpenTelemetry so teams can test async workflows without cloning entire clusters.

And don’t miss the tools: DetectPack Forge (AI-generated detection packs), OneDev (self-hosted Git + CI/CD), Termix & Lazyssh (server/SSH managers), AnduinOS (a friendly Ubuntu flavor), CloudGovernance.org (free cloud governance tips), and WinBoat (run Windows apps on Linux).