Featured Issues

How to Break Up a Terraform Terralith Without Breaking EverythingCloudPro #97All Books $9.99 | 8 Hours RemainingSHOP NOW1. AWS’s own security tool introduced a privilege escalation risk2. Terraliths slowing you down? Here's how to break them up safely3. Uber’s 3M-core migration to Kubernetes: what it really tookPlus: BitM attacks that bypass MFA, schema migration via CI/CD, and a no-fluff guide to how Kubernetes CRDs actually work.Cheers,Shreyans SinghEditor-in-Chief🔐 Cloud SecurityAWS Launches Threat Technique Catalog to Share Real-World Attack DataAWS has released the Threat Technique Catalog, a resource mapping real-world attack techniques seen in customer incidents to the MITRE ATT&CK framework. Built from AWS CIRT investigations, it includes detection and mitigation advice for tactics like token abuse and misconfigured encryption. This gives cloud defenders a practical way to strengthen their AWS environments using adversary-informed data.AWS Launches Preview of Upgraded Security HubAWS has released a preview of its revamped Security Hub, now offering integrated dashboards, exposure mapping, and attack path visualizations to better prioritize and respond to security threats. It correlates findings across GuardDuty, Inspector, Macie, and CSPM to highlight critical gaps and risks.AWS Built a Security Tool. It Introduced a Security Risk.AWS’s “Account Assessment for AWS Organizations” tool unintentionally introduced a cross-account privilege escalation risk due to insecure deployment instructions. It advised users to avoid the management account without clarifying that deploying the hub role in a less secure account could expose high-sensitivity environments. AWS has since updated its documentation to recommend using a secure account.Forgotten DNS Records Enable CybercrimeA threat actor dubbed Hazy Hawk is hijacking abandoned cloud resources, like AWS S3 buckets and Azure endpoints, through dangling DNS records. By taking over subdomains of major organizations, including CDC, Deloitte, and universities, they reroute users to scams and malware via complex traffic distribution systems. The attacks exploit subtle DNS misconfigurations and show how unmanaged cloud resources can silently expose enterprise users to persistent threats.Browser-in-the-Middle Attacks Bypass MFA to Steal Sessions in Real TimeMandiant warns of a growing threat called Browser-in-the-Middle (BitM), where attackers proxy real login pages through their own browsers to steal fully authenticated sessions, even after MFA. BitM tools like Mandiant's internal “Delusion” make this scalable and fast, bypassing traditional phishing protections. Only hardware-backed MFA like FIDO2 or client certificates can reliably block these attacks.Workshop: Unpack OWASP Top 10 LLMs with SnykJoin Snyk and OWASP Leader Vandana Verma Sehgal on Tuesday, July 15 at 11:00AM ET for a live session covering:-The top LLM vulnerabilities-Proven best practices for securing AI-generated code-Snyk’s AI-powered tools automate and scale secure dev.See live demos plus earn 1 CPE credit!Register today⚙️ Infrastructure & DevOpsAWS CloudTrail Adds Detailed Logging for S3 Bulk DeletesAWS CloudTrail now logs individual object deletions made via the S3 DeleteObjects API, not just the bulk operation. This gives teams clearer visibility into which files were removed, improving audit trails and helping meet compliance and security needs. Granular logs also allow finer control via event selectors.AWS Backup adds new Multi-party approval for logically air-gapped vaultsAWS Backup now supports multi-party approval for logically air-gapped vaults, allowing secure recovery even if your AWS account is compromised. Admins can assign trusted approval teams to authorize vault access from outside accounts. This provides an independent, auditable recovery path, strengthening ransomware resilience and governance for critical backups.Inside AWS’s Strategy for Building Bug-Free, High-Performance SystemsAWS shared how it integrates formal and semi-formal methods, like TLA+, model checking, fuzzing, and deterministic simulation, into everyday development to eliminate bugs, boost developer speed, and enable aggressive optimizations. Tools like the P language and PObserve are used across S3, DynamoDB, EC2, and Aurora to model distributed systems, validate runtime behavior, and prove correctness of critical code paths.How to Break Up a Terraform Terralith Without Breaking EverythingLarge monolithic Terraform setups (“Terraliths”) can slow down deploys and increase risk. This guide lays out a clean migration path, starting with dependency mapping and backups, then moving to new root modules using import and removed blocks (in TF 1.7+), or scripted state mv operations. It also covers real-world lessons on inter-module communication, safe rollouts, automation, and state isolation, helping teams modernize IaC safely and modularly.Why It’s Time to Automate Your Database Schema MigrationsMany teams automate their app deployments but still manage database changes manually, leaving room for human error, schema drift, and security risks. This guide explains how tools like Atlas bring schema migrations into your CI/CD pipelines using declarative definitions, automatic diffs, and linting. The result: safer deployments, fewer production credentials, and consistent environments.📦 Kubernetes & Cloud NativeAmazon EKS Pod Identity adds cross-account access supportAmazon EKS Pod Identity now supports cross-account resource access without code changes. You can assign a second IAM role from another AWS account when creating a pod identity, enabling secure access to resources like S3 or DynamoDB via IAM role chaining. This simplifies multi-account architectures in EKS and reduces the complexity of credential management.Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clustersAmazon GuardDuty now detects advanced attack sequences in EKS clusters by correlating signals across audit logs, runtime activity, and API usage. This helps uncover threats like privilege escalation and secret exfiltration that might be missed by isolated alerts. It gives security teams a complete view of Kubernetes compromises and reduces time to investigate and respond.How CRDs Extend and Hook into the Kubernetes APIThis deep dive explains how Kubernetes Custom Resource Definitions (CRDs) work behind the scenes. It walks through how CRDs register with the Kubernetes API, how schemas validate custom objects, and how controllers fetch and handle them via client-go. You’ll learn how CRDs are serialized, discovered, and routed through the aggregation layer, giving you a detailed mental model for building robust Kubernetes extensions.Migrating Uber’s Compute Platform to KubernetesUber migrated all stateless services, powering 3M+ cores and 100K daily deployments, from Mesos to Kubernetes to standardize infrastructure and tap into the cloud-native ecosystem. They tackled extreme scale (7,500-node clusters), rebuilt integrations, and automated the shift using their internal “Up” platform. Custom solutions like artifact preservation, gradual scaling, and rollout heuristics ensured reliability, while Kubernetes UI and scheduler tweaks enabled smooth operations.Stop Building Platforms Nobody Uses: Pick the Right Kubernetes Abstraction with GitOpsThis post calls out a common pitfall: over-engineering internal platforms that developers don’t adopt. It argues that real developer pain: context switching, CI/CD complexity, insecure YAML sprawl, must shape the abstraction layer. Tools like Kro and Score can simplify Kubernetes via GitOps, but only when they reduce complexity without hiding critical decisions. The message: build abstractions that solve real problems, not just tick architectural boxes.🔍 Observability & SREAmazon VPC Route Server announces logging enhancementsAWS has added new monitoring features to VPC Route Server, including real-time logs for BGP and BFD sessions, historical data tracking, and flexible delivery via CloudWatch, S3, and Firehose. This helps engineers troubleshoot connectivity issues faster without needing AWS Support.Amazon Athena adds managed query results with built-in storage and cleanupAmazon Athena now supports managed query results, eliminating the need to preconfigure S3 buckets or manually clean up old results. This simplifies analysis workflows, especially for teams using automated workgroup creation.Grepr - Dynamic ObservabilityGrepr launched an ML-powered observability pipeline that filters, aggregates, and routes telemetry data before it hits your tools, reducing log volumes and storage costs significantly. It can scale automatically, backfill data during incidents, and runs alongside existing setups with minimal config. Ideal for teams seeking cost control without losing visibility.Chip auto-detects root causes without manual alerting or dashboardsChip is a zero-config monitoring agent that auto-instruments apps and alerts only on real customer-impacting issues. It tracks everything from code commits to Kubernetes events to find root causes fast, using real-time outlier and cohort detection. Built for fast-moving teams who want signal without the noise.Parseable offers fast, open-source observability on S3 with low resource useParseable is a lightweight, S3-first observability platform designed for speed and cost-efficiency. It delivers 90% faster queries than Elastic, uses up to 70% less CPU/memory, and integrates easily with AI and observability tools. Fully open source with no vendor lock-in.Forward to a Friend📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.If you have any comments or feedback, just reply back to this email.Thanks for reading and have a great day!Disclaimer: Some eBooks and videos are excluded from the $9.99 offer. For selected countries, tiered discount pricing may vary.*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}

Crafting the Web: Tips, Tools, and Trends for Developers Advertise with Us|Sign Up to the Newsletter @media only screen and (max-width: 100%;} #pad-desktop {display: none !important;} } @media only screen and (max-width: 100%;} #pad-desktop {display: none !important;} } WebDevPro #97: LTS-Level Node Upgrades, Rust Introduces Let Chains, Claude Now Lets You Create Apps in Chat 🌍🔍 Crafting the Web: Tips, Tools, and Trends for Developers Hi , Welcome to WebDevPro #97! This week brings updates that you will want to bookmark. Let's start with the highlights: 🟢 Node.js v24.3.0 & v22.17.0 LTS Released: V8 upgrades, better diagnostics, and more stable production builds 🦀 Rust 1.88 Sharpens Safety and Extensibility: Adds non-exhaustive traits, assume intrinsic, and wildcard Cargo features 🧠 GitHub CEO: Manual Coding Still Matters: Thomas Dohmke reminds devs they're still essential—even in the AI era 📄 Claude’s “Artifacts” Feature: Turn chats into editable, versionable documents for collaborative projects ✨ Gemini CLI as Your AI Agent: Google’s new tool makes terminal scripting cleaner and AI-assisted We’ve rounded up releases, tools, and expert takes that sharpen your workflow and won’t waste your time. Scroll down and dig in. Latest news: what's new in web development? 🧑‍💻 🟢 Node.js v24.3.0 & v22.17.0 LTS Released: This week’s Node.js update delivers something for everyone. The current version, v24.3.0, upgrades to V8 12.4 and brings improved performance diagnostics and bug fixes. Meanwhile, v22.17.0 (LTS) is a stability-focused release with important security patches and production-ready enhancements. 🦀 Rust 1.88 Sharpens Safety and Extensibility: Rust 1.88.0 adds support for #[non_exhaustive] on traits, letting library authors design more resilient APIs. The release also introduces a new assume intrinsic for unsafe code optimizations and brings glob pattern support to Cargo’s --features flag. Clean, smart, and built for scale. 💡 Google Debuts Gemini CLI as an AI Agent for Your Terminal: Google’s Gemini CLI is now open source and ready to streamline dev workflows. It’s built for scripting, automation, and direct integration with Gemini models, right from your local terminal. Think AI-assisted coding, testing, and deployment all within reach of a simple command. 🧠 Claude’s New “Artifacts” Feature Adds Collaborative Muscle: Anthropic’s Claude just got a major UX upgrade. The new Artifacts feature turns conversations into editable, persistent code or content blocks, right inside the interface. This lets you iterate, refine, and co-develop with Claude in a much more interactive way. Ideal for code, writing, and docs. 📦 JSON Imports Now Baseline Across Major Browsers: Importing JSON just got simpler; no bundler tricks required. That means you can now import data from './file.json' directly in your modules. It’s a small change with big cleanup potential for modern JavaScript projects. ☕ Jakarta EE 11 Is Official with Java 21 Support: Jakarta EE 11 has landed, marking the platform’s first feature release under a faster, six-month cadence. It adds support for Java 21, introduces a leaner Core Profile for modern workloads, and reaffirms Jakarta’s push toward cloud-native enterprise Java. This is the most forward-looking EE release in years. Eyes on the prize, not the strain 👁️ After a marathon of debugging and deployments, your eyes deserve a break. Whether you’ve been wrangling flexboxes or frameworks, this one’s for you. Try the 20-20-20 Rule: Every 20 minutes, look at something 20 feet away for 20 seconds. This quick habit helps reduce digital eye strain, boost focus, and protect long-term eye health. 🔬 Learn the science behind it: How a simple visual reset can make a big difference. 🧘 Get a gentle reminder: Install the 20-20-20 EyeCare Chrome extension, it’ll nudge you to take breaks before the fatigue kicks in. Expert corner: what's the web community talking about?🎙 🧠 GitHub CEO says AI Can’t Replace Manual Coding (Yet): In a recent interview with The New Stack, GitHub CEO Thomas Dohmke emphasized that AI is a productivity enhancer, not a replacement for human developers. His message echoes a growing sentiment in the dev community: large language models are powerful tools, but understanding how and why your code works still matters more than ever. ⚡️ Python devs meet ‘uv’ the new pip for lightning-fast Docker builds: Nick Janetakis dives into switching from pip to uv, a new ultra-fast Python package installer. The result? Dramatically faster Docker image builds, especially for Flask or Django apps. If you're optimizing for CI/CD speed, this swap might be your new secret weapon. 🛠️ Building AI Text Apps with React + Vite + OpenAI: This DZone tutorial breaks down how to spin up an AI-powered text analysis app using React, Vite, and the OpenAI API. Beyond the basics, it covers token management, real-time user interaction, and prompt engineering tips. Ideal if you're exploring LLM integration in frontend workflows. 🔄 Event-Driven Architectures Meet MCP for Maximum Flexibility: If you're exploring ways to simplify asynchronous workflows in complex systems, this intro to Multi-Channel Processing (MCP) shows how it can complement event-driven architectures. It's a high-level overview, but useful if you're mapping patterns for large-scale service orchestration. ⚛️ Preact Signals rethink state with zero virtual DOM fuss: Preact’s signals are gaining traction among performance-first JavaScript developers. This guide explains how they deliver fine-grained reactivity without the overhead of virtual DOM diffing or excessive state management. A strong case for rethinking the state in lean web apps. Want to be featured in WebDevPro? Share your tips or takes, we’re all ears! Workshop: Unpack OWASP Top 10 LLMs with Snyk REGISTER TODAY Join Snyk and OWASP Leader Vandana Verma Sehgal on Tuesday, July 15 at 11:00AM ET for a live session covering: ✓ The top LLM vulnerabilities ✓ Proven best practices for securing AI-generated code ✓ Snyk’s AI-powered tools automate and scale secure dev. See live demos plus earn 1 CPE credit! Advertise with us Interested in reaching our audience? Reply to this email or write to [email protected]. Learn more about our sponsorship opportunities here. Packt catalogue: must read dev books📚 📘 Practical Serverless and Microservices with C# on Azure by Gabriel Baptista and Francesco Abbruzzese This book helps C# developers transition to cloud-native thinking by building scalable, event-driven systems using Azure services. It's hands-on, practical, and tailored to real-world production needs. Why pick it up: ✅ Learn how to build serverless APIs with Azure Functions ✅ Apply microservices architecture patterns in C# ✅ Master event-driven workflows using Event Grid and Service Bus Grab your copy! 🎬 That’s your scoop from the dev-verse this week.If your brain’s buzzing with ideas or feedback, hit reply. Until next week. Cheers! Kinnari Chohan, Editor-in-chief SUBSCRIBE FOR MORE AND SHARE IT WITH A FRIEND! *{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0}#converted-body .list_block ol,#converted-body .list_block ul,.body [class~=x_list_block] ol,.body [class~=x_list_block] ul,u+.body .list_block ol,u+.body .list_block ul{padding-left:20px} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}} @media only screen and (max-width: 100%;} #pad-desktop {display: none !important;} } @media only screen and (max-width: 100%;} #pad-desktop {display: none !important;} }