Pulumi Do ☁️, VS Code Attack 🥷, Go to Rust 🦀

'pulumi do' is a new command-line tool that lets developers create, read, update, delete, and query cloud resources across thousands of providers ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR DevOps 2026-05-25 How do software leaders ship? With CI that turns scale into speed, reliably. (Sponsor) Buildkite has run CI for OpenAI, Airbnb, Canva, Uber and Shopify for 7-12 yrs as they grew. Now we also orchestrate for Cursor, Anthropic, Meta, Mistral, xAI, Discord, Reddit, Ramp, Boston Dynamics, Applied Intuition, ASML, Planetscale, Pierre and Bun... ...and the workloads that build vLLM, Bazel and Backstage. Quietly powering software used by 1B+ people daily, since 2013. Parallelize, fan-out and orchestrate at depths a slightly faster runner won't reach as agentic codegen blows up your build queue. Start with our all-access 30-day trial. Get building → 📱 News & Trends Introducing Pulumi Do: Direct Resource Operations for Any Cloud (6 minute read) 'pulumi do' is a new command-line tool that lets developers create, read, update, delete, and query cloud resources across thousands of providers with a single terminal command—no project setup, code, or state tracking required. The tool is designed for both humans and AI agents to handle quick, one-off cloud operations, with future plans to integrate credential management through Pulumi ESC and provide an upgrade path to full infrastructure-as-code projects. Request-Based Autoscaling Is Now Generally Available on App Platform (4 minute read) DigitalOcean launched request-based autoscaling for its App Platform, allowing applications to scale automatically based on real-time HTTP traffic metrics like requests per second and P95 response latency rather than waiting for CPU utilization to spike. The feature now works on both shared and dedicated CPU instances, expanding autoscaling capabilities to users who were previously limited to manual scaling on shared plans. GitHub internal repositories exfiltrated via malicious VS Code extension (5 minute read) GitHub confirmed that roughly 3,800 internal repositories were accessed after a developer installed a malicious Visual Studio Code extension, highlighting the growing risk of compromised developer tooling in the software supply chain. GitHub says there is no evidence customer repositories were affected, but the incident reinforces the need for extension governance, credential rotation, endpoint monitoring, and tighter controls around tools that can access source code, terminals, and local secrets. 🚀 Opinions & Tutorials Add dynamically updating context to logs with Reference Tables and Observability Pipelines (7 minute read) Datadog Observability Pipelines enables centralized log enrichment using dynamic Reference Tables to add real time context, improve threat investigations, and route data efficiently, reducing manual correlation, latency, and costs across security and logging workflows. Designing end-to-end ingress request tracing for multi-tenant SaaS platforms (7 minute read) The Cloud Native Computing Foundation published a framework for implementing distributed tracing in multi-tenant SaaS platforms that uses trace IDs to follow customer requests across microservices and span IDs to track individual operations, preventing the common problem where disconnected logs make it nearly impossible to diagnose failures that touch multiple services. The framework emphasizes treating tracing as a core platform capability rather than optional tooling, with specific guardrails like excluding sensitive data by design and ensuring trace failures never block actual customer requests. Migrating from Go to Rust (26 minute read) Go teams considering Rust need to weigh stronger compile-time guarantees against a steeper learning curve and more explicit ownership model. Rust shifts more correctness checks into the type system, offering stronger null safety, error handling, memory safety, and concurrency guarantees while preserving strong performance and deployment ergonomics. Common Go patterns are mapped to Rust equivalents, with an emphasis on incremental backend migration instead of risky full rewrites. 🧑‍💻 Resources & Tools Your Pipeline Is Fast. Your Specs Are Slow. (Sponsor) You optimized CI/CD, testing, and deploys—then bad requirements started compiling into AI-generated code at machine speed. It's 10-100x cheaper to fix specs than rework in review or production. In this Allstacks (Sponsor) whitepaper, Jim Grundner maps the AI-driven PM lifecycle and how to create context-aware requirements for AI agents. Read Jim's guidance. Knowledge Work Plugins (GitHub Repo) Anthropic open-sourced 11 plugins for its Claude AI assistant that let companies customize the chatbot with role-specific skills, workflows, and tools using simple markdown files without requiring any code. The plugins, designed for Claude Cowork and Claude Code, cover functions like sales, data analysis, and other knowledge work tasks, and can be installed directly from claude.com/plugins or customized via GitHub to match a company's specific terminology and processes. mvm (GitHub Repo) mvm is a Go interpreter that compiles source to bytecode and runs it on a stack-based virtual machine. It ships as a single static binary with the full Go standard library bundled in, and embeds in Go or C host programs. 🎁 Miscellaneous Deploying to Multiple Azure Subscriptions with Terraform Provider Aliases (5 minute read) Using Terraform with provider aliases enables one project to deploy to multiple Microsoft Azure subscriptions by defining multiple azurerm provider instances with different subscription IDs, pinning resources via a provider, managing everything in a single state. Mitigate credential exposure in Windows environments with Boundary and Vault (8 minute read) Organizations face Windows remote access risks from static credentials and broad VPN based network access. Boundary and Vault provide identity based RDP with short lived dynamic AD credentials and credential injection, plus a Terraform based AWS proof of concept setup. ⚡ Quick Links [Live panel] Build vs. buy: mobile release tooling (Sponsor) How mobile engineers handle release processes ranges from in-house scripts to bespoke platforms. Hear how leaders from Monzo, Spotify, Etsy, and Tuist decided to build or buy May 28, 1pm ET. Save your spot. Is your SIEM actually ready? A new way to find out (7 minute read) SIEM Readiness introduces a centralized, environment-aware view of SIEM operational health by evaluating log coverage, data quality, pipeline continuity, and retention across key telemetry domains, helping teams identify gaps, validate detection readiness, and ensure data is available for security investigations and compliance. Accelerating LLM Inference with Prompt Caching for Open‑Source Models on Databricks (2 minute read) Databricks rolled out automatic prompt caching for open-source LLMs including Llama, Mistral, and DBRX models, reducing redundant processing of repeated prompts to cut costs and latency without requiring any customer configuration. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/3b85ceef/10 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025. If you have any comments or feedback, just respond to this email! Thanks for reading, Kunal Desai & Martin Hauskrecht Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR DevOps isn't for you, please unsubscribe.