Johannes Schnatterer
@schnatterer.info
Software engineer, author, speaker.
Field CTO of Cloudogu.
My particular interests are #k8s, #GitOps, #PlatformEngineering, #o11y, #IaC, #DevOps technical leadership and of course #FLOSS/ #FOSS/ #OSS.
I like owning my data and devices.
Field CTO of Cloudogu.
My particular interests are #k8s, #GitOps, #PlatformEngineering, #o11y, #IaC, #DevOps technical leadership and of course #FLOSS/ #FOSS/ #OSS.
I like owning my data and devices.
TIL the term #VibeEngineering" as opposite of #VibeCoding, proposed by @simonwillison.net
While the term does not feel intuitive to me, the idea does:
While the term does not feel intuitive to me, the idea does:
Vibe engineering | Hacker News
news.ycombinator.com
October 9, 2025 at 10:00 AM
TIL the term #VibeEngineering" as opposite of #VibeCoding, proposed by @simonwillison.net
While the term does not feel intuitive to me, the idea does:
While the term does not feel intuitive to me, the idea does:
TLDR recent #npm supply chain attacks
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: news.ycombinator.com/item?id=4503...
GHSA: github.com/nrwl/nx/secu...
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: news.ycombinator.com/item?id=4503...
GHSA: github.com/nrwl/nx/secu...
September 18, 2025 at 4:46 PM
TLDR recent #npm supply chain attacks
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: news.ycombinator.com/item?id=4503...
GHSA: github.com/nrwl/nx/secu...
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: news.ycombinator.com/item?id=4503...
GHSA: github.com/nrwl/nx/secu...
Reposted by Johannes Schnatterer
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
@bad-at-computer.bsky.social Hey. Your npm account seems to have been compromised. 1 hour ago it started posting packages with backdoors to all your popular packages.
September 8, 2025 at 3:15 PM
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
September 18, 2025 at 1:45 PM
Anyone still using #powerlevel10k #zsh theme?
It has been on "life support" > 1 year.
I had been using it for almost 5 years because of instant prompt.
Now switched to #starship, which I already had an eye on back then.
Is there a reason not to use starship?
What common (zsh) themes are there?
It has been on "life support" > 1 year.
I had been using it for almost 5 years because of instant prompt.
Now switched to #starship, which I already had an eye on back then.
Is there a reason not to use starship?
What common (zsh) themes are there?
September 16, 2025 at 7:46 AM
Anyone still using #powerlevel10k #zsh theme?
It has been on "life support" > 1 year.
I had been using it for almost 5 years because of instant prompt.
Now switched to #starship, which I already had an eye on back then.
Is there a reason not to use starship?
What common (zsh) themes are there?
It has been on "life support" > 1 year.
I had been using it for almost 5 years because of instant prompt.
Now switched to #starship, which I already had an eye on back then.
Is there a reason not to use starship?
What common (zsh) themes are there?
#docker or #podman?
A polarised discussion 👇
news.ycombinator.com/item?id=4513...
Does not motivate me to give podman another go.
I like being efficient and not struggle with things I wouldn't have to with docker 😐
Can anyone share podman success stories?
A polarised discussion 👇
news.ycombinator.com/item?id=4513...
Does not motivate me to give podman another go.
I like being efficient and not struggle with things I wouldn't have to with docker 😐
Can anyone share podman success stories?
September 5, 2025 at 6:46 PM
#docker or #podman?
A polarised discussion 👇
news.ycombinator.com/item?id=4513...
Does not motivate me to give podman another go.
I like being efficient and not struggle with things I wouldn't have to with docker 😐
Can anyone share podman success stories?
A polarised discussion 👇
news.ycombinator.com/item?id=4513...
Does not motivate me to give podman another go.
I like being efficient and not struggle with things I wouldn't have to with docker 😐
Can anyone share podman success stories?
Just patched Argo CD CVE-2025-55190, scoring 9.9 😱
github.com/argoproj/arg...
nvd.nist.gov/vuln/detail/...
I am impressed that the argo project fixed this in so many versions 🙏
2.13.9, 2.14.16, 3.0.14 and 3.1.2.
#argocd #cve #CVE202555190
github.com/argoproj/arg...
nvd.nist.gov/vuln/detail/...
I am impressed that the argo project fixed this in so many versions 🙏
2.13.9, 2.14.16, 3.0.14 and 3.1.2.
#argocd #cve #CVE202555190
Project API Token Exposes Repository Credentials
### Summary
Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the t...
github.com
September 5, 2025 at 9:17 AM
Just patched Argo CD CVE-2025-55190, scoring 9.9 😱
github.com/argoproj/arg...
nvd.nist.gov/vuln/detail/...
I am impressed that the argo project fixed this in so many versions 🙏
2.13.9, 2.14.16, 3.0.14 and 3.1.2.
#argocd #cve #CVE202555190
github.com/argoproj/arg...
nvd.nist.gov/vuln/detail/...
I am impressed that the argo project fixed this in so many versions 🙏
2.13.9, 2.14.16, 3.0.14 and 3.1.2.
#argocd #cve #CVE202555190
TIL: #helm image plugin shows all images for a chart, even respecting dependencies 🧐
github.com/nikhilsbhat/...
github.com/nikhilsbhat/...
August 18, 2025 at 5:33 PM
TIL: #helm image plugin shows all images for a chart, even respecting dependencies 🧐
github.com/nikhilsbhat/...
github.com/nikhilsbhat/...
#ArgoCD 3.1 brings OCI support for generic #OCI artifacts 🥳
I had a first look 👇️
gitops-book.dev/blog/2025-08...
I had a first look 👇️
gitops-book.dev/blog/2025-08...
Argo CD 3.1 brings OCI support
Entdecken Sie das deutsche GitOps Buch. Lernen Sie Best Practices für Continuous Deployment, Kubernetes und sichere GitOps Workflows kennen.
gitops-book.dev
August 14, 2025 at 2:23 PM
#ArgoCD 3.1 brings OCI support for generic #OCI artifacts 🥳
I had a first look 👇️
gitops-book.dev/blog/2025-08...
I had a first look 👇️
gitops-book.dev/blog/2025-08...
An important building block of many cloud-native architectures just had to stop maintenance:
#ExternalSecretsOperator #ESO.
github.com/external-sec...
The unfortunate fate of so many open source projects: We all use them, but we don't support them. Maintainers burn out.
#ExternalSecretsOperator #ESO.
github.com/external-sec...
The unfortunate fate of so many open source projects: We all use them, but we don't support them. Maintainers burn out.
Health of External Secrets project · Issue #5084 · external-secrets/external-secrets
Update 2: OMG thank you all for signing up. We weren't expecting such a positive response from the community <3 Update We've decided to stop releases until more long-term maintainers join our team....
github.com
August 13, 2025 at 8:15 PM
An important building block of many cloud-native architectures just had to stop maintenance:
#ExternalSecretsOperator #ESO.
github.com/external-sec...
The unfortunate fate of so many open source projects: We all use them, but we don't support them. Maintainers burn out.
#ExternalSecretsOperator #ESO.
github.com/external-sec...
The unfortunate fate of so many open source projects: We all use them, but we don't support them. Maintainers burn out.
#GitOpsPlayground (GOP) version 0.11.0 finally facilitates running in air-gapped environments:
It can provide standardized #IDPs,
even when are they are #airgapped,
even when they run on #OpenShift.
🥳
github.com/cloudogu/git...
1/x
It can provide standardized #IDPs,
even when are they are #airgapped,
even when they run on #OpenShift.
🥳
github.com/cloudogu/git...
1/x
May 15, 2025 at 9:48 AM
#GitOpsPlayground (GOP) version 0.11.0 finally facilitates running in air-gapped environments:
It can provide standardized #IDPs,
even when are they are #airgapped,
even when they run on #OpenShift.
🥳
github.com/cloudogu/git...
1/x
It can provide standardized #IDPs,
even when are they are #airgapped,
even when they run on #OpenShift.
🥳
github.com/cloudogu/git...
1/x
ArgoCon: Upgrade on the future experience of UI promotion
@crenshaw-dev.bsky.social and Zach Aller give a sneak peek on how automatic promotion between envs could look like in the future with Argo Project CD.
www.youtube.com/watch?v=Usi3...
@crenshaw-dev.bsky.social and Zach Aller give a sneak peek on how automatic promotion between envs could look like in the future with Argo Project CD.
www.youtube.com/watch?v=Usi3...
No More Pipelines: Reconciling Environment Promotion Via Commit Statuses W... M. Crenshaw & Z. Aller
YouTube video by CNCF [Cloud Native Computing Foundation]
www.youtube.com
April 4, 2025 at 8:15 AM
ArgoCon: Upgrade on the future experience of UI promotion
@crenshaw-dev.bsky.social and Zach Aller give a sneak peek on how automatic promotion between envs could look like in the future with Argo Project CD.
www.youtube.com/watch?v=Usi3...
@crenshaw-dev.bsky.social and Zach Aller give a sneak peek on how automatic promotion between envs could look like in the future with Argo Project CD.
www.youtube.com/watch?v=Usi3...
Who writes #unittests for #helm #charts? 🙋
Same as for code, they speed up development and prevent recursions.
The helm-unittest plugin makes them easy to use.
github.com/helm-unittes...
I found helm-unittest easy to read, write and execute. See for yourself 👇️
Same as for code, they speed up development and prevent recursions.
The helm-unittest plugin makes them easy to use.
github.com/helm-unittes...
I found helm-unittest easy to read, write and execute. See for yourself 👇️
March 24, 2025 at 2:37 PM
Who writes #unittests for #helm #charts? 🙋
Same as for code, they speed up development and prevent recursions.
The helm-unittest plugin makes them easy to use.
github.com/helm-unittes...
I found helm-unittest easy to read, write and execute. See for yourself 👇️
Same as for code, they speed up development and prevent recursions.
The helm-unittest plugin makes them easy to use.
github.com/helm-unittes...
I found helm-unittest easy to read, write and execute. See for yourself 👇️
Reposted by Johannes Schnatterer
For our next release after 2025030800, we've added support for the Android 15 QPR2 Terminal for running other operating systems using hardware virtualization. It's currently only a terminal but Android is adding support for graphics and GPU acceleration for a future release.
March 9, 2025 at 2:27 PM
For our next release after 2025030800, we've added support for the Android 15 QPR2 Terminal for running other operating systems using hardware virtualization. It's currently only a terminal but Android is adding support for graphics and GPU acceleration for a future release.
Reposted by Johannes Schnatterer
Du hast spannende Neuigkeiten oder möchtest Deine Erfahrungen teilen – rund um #PlatformEngineering #DeveloperExperience & Co?
Dann freuen wir uns auf Deine Vorschläge beim #CallforProposals für die #CLC_Conf im November!
@ixmagazin.bsky.social @dpunkt.bsky.social
Dann freuen wir uns auf Deine Vorschläge beim #CallforProposals für die #CLC_Conf im November!
@ixmagazin.bsky.social @dpunkt.bsky.social
Für die Vor-Ort-Konferenz zu Developer Experience, Platform Engineering und Software Delivery suchen die Veranstalter bis 27. April Vorträge und Workshops. #Softwareentwicklung
CLC 2025: Vorträge zu Developer Experience und Platform Engineering gesucht
Für die Vor-Ort-Konferenz zu Developer Experience, Platform Engineering und Software Delivery suchen die Veranstalter bis 27. April Vorträge und Workshops.
www.heise.de
February 28, 2025 at 1:52 PM
Du hast spannende Neuigkeiten oder möchtest Deine Erfahrungen teilen – rund um #PlatformEngineering #DeveloperExperience & Co?
Dann freuen wir uns auf Deine Vorschläge beim #CallforProposals für die #CLC_Conf im November!
@ixmagazin.bsky.social @dpunkt.bsky.social
Dann freuen wir uns auf Deine Vorschläge beim #CallforProposals für die #CLC_Conf im November!
@ixmagazin.bsky.social @dpunkt.bsky.social
Heads up #ingressNginx users!
Controller version 1.12 / chart 4.12, contains breaking changes.
Even though a minor release, one change blocks risky annotations like the 'snippet' annotations.
These are often used to block access to specific URLs, like /metrics.
Controller version 1.12 / chart 4.12, contains breaking changes.
Even though a minor release, one change blocks risky annotations like the 'snippet' annotations.
These are often used to block access to specific URLs, like /metrics.
January 13, 2025 at 5:03 PM
Heads up #ingressNginx users!
Controller version 1.12 / chart 4.12, contains breaking changes.
Even though a minor release, one change blocks risky annotations like the 'snippet' annotations.
These are often used to block access to specific URLs, like /metrics.
Controller version 1.12 / chart 4.12, contains breaking changes.
Even though a minor release, one change blocks risky annotations like the 'snippet' annotations.
These are often used to block access to specific URLs, like /metrics.
Wait, did #Bitnami remove their charts from #ArtifactHub? 😱
I understand they launched premium, introducing rate limit and DockerHub and stopped supporting non-LTS versions in their free tier.
But leaving ArtifactHub? Why?
Can someone share insights here?
I understand they launched premium, introducing rate limit and DockerHub and stopped supporting non-LTS versions in their free tier.
But leaving ArtifactHub? Why?
Can someone share insights here?
January 13, 2025 at 9:53 AM
Wait, did #Bitnami remove their charts from #ArtifactHub? 😱
I understand they launched premium, introducing rate limit and DockerHub and stopped supporting non-LTS versions in their free tier.
But leaving ArtifactHub? Why?
Can someone share insights here?
I understand they launched premium, introducing rate limit and DockerHub and stopped supporting non-LTS versions in their free tier.
But leaving ArtifactHub? Why?
Can someone share insights here?
In 2024 #GitOps reached the peak of inflated expectations.
It could be reaching the plateau of productivity in less than two years, so Gartner predicts.
That's some major progress after being stuck in the lower left corner for as far as I can remember. Which is 2021 😅
It could be reaching the plateau of productivity in less than two years, so Gartner predicts.
That's some major progress after being stuck in the lower left corner for as far as I can remember. Which is 2021 😅
January 9, 2025 at 2:32 PM
In 2024 #GitOps reached the peak of inflated expectations.
It could be reaching the plateau of productivity in less than two years, so Gartner predicts.
That's some major progress after being stuck in the lower left corner for as far as I can remember. Which is 2021 😅
It could be reaching the plateau of productivity in less than two years, so Gartner predicts.
That's some major progress after being stuck in the lower left corner for as far as I can remember. Which is 2021 😅
#Bitnami rate limit for DockerHub became effective on January 6. What to do about it?
On rather short notice, bitnami introduced rate limits on their DockerHub Account, "due to business and partner requirements".
github.com/bitnami/cont...
On rather short notice, bitnami introduced rate limits on their DockerHub Account, "due to business and partner requirements".
github.com/bitnami/cont...
January 8, 2025 at 10:24 AM
#Bitnami rate limit for DockerHub became effective on January 6. What to do about it?
On rather short notice, bitnami introduced rate limits on their DockerHub Account, "due to business and partner requirements".
github.com/bitnami/cont...
On rather short notice, bitnami introduced rate limits on their DockerHub Account, "due to business and partner requirements".
github.com/bitnami/cont...
Great improvement for #GitOps #promotions ahead:
gitops-promoter and argocd-diff-preview
Just watched two talks recorded at #ArgoCon by Zach Aller and Michael Crenshaw as well as Regina Voloshin and Dag Bjerre Andersen.
1/
gitops-promoter and argocd-diff-preview
Just watched two talks recorded at #ArgoCon by Zach Aller and Michael Crenshaw as well as Regina Voloshin and Dag Bjerre Andersen.
1/
November 22, 2024 at 4:46 PM
Great improvement for #GitOps #promotions ahead:
gitops-promoter and argocd-diff-preview
Just watched two talks recorded at #ArgoCon by Zach Aller and Michael Crenshaw as well as Regina Voloshin and Dag Bjerre Andersen.
1/
gitops-promoter and argocd-diff-preview
Just watched two talks recorded at #ArgoCon by Zach Aller and Michael Crenshaw as well as Regina Voloshin and Dag Bjerre Andersen.
1/