Best of InfrastructureNovember 2025

  1. 1
    Article
    Avatar of dhhDavid Heinemeier Hansson·24w

    No backup, no cry

    A modern approach to data management that eliminates traditional full-system backups by treating computers as disposable, stateless units. The strategy relies on distributed copies through services like Dropbox and GitHub, combined with full-disk encryption, ensuring all important data exists in multiple locations. This setup allows for quick recovery and system restoration, with configuration automated through ISO setups that can install a fully functional system in minutes.

  2. 2
    Article
    Avatar of bytebytegoByteByteGo·25w

    How Disney Hotstar (now JioHotstar) Scaled Its Infra for 60 Million Concurrent Users

    Disney+ Hotstar scaled from 25 million to 61 million concurrent users during the 2023 Cricket World Cup through a comprehensive infrastructure overhaul. Key improvements included separating cacheable from non-cacheable APIs at the CDN layer, migrating from self-managed KOPS to Amazon EKS, implementing distributed NAT gateways per subnet, and introducing a Datacenter Abstraction model. This abstraction unified multiple Kubernetes clusters into logical data centers with a centralized Envoy-based API gateway, replacing 200+ individual load balancers. The team also eliminated NodePort limitations by switching to ClusterIP services, standardized service endpoints, and adopted single-manifest deployments. The final architecture distributed 200+ microservices across six optimized EKS clusters, each designed for specific workload types.

  3. 3
    Article
    Avatar of hnHacker News·27w

    Send this article to your friend who still thinks the cloud is a good idea

    A developer shares their experience moving projects from AWS to bare-metal servers with Hetzner, achieving 10x cost savings and 2x performance improvement. The piece argues that cloud services like AWS charge excessive markups (10x-100x) compared to renting or buying servers directly, and that most small-to-medium businesses don't need expensive managed cloud services. It challenges common fears about server management, suggesting that with modern tools like AI assistants, managing Linux servers is accessible and cost-effective for most developers.

  4. 4
    Article
    Avatar of cyber_secCyber Security·26w

    A New Era of VM-Powered Cyber Attacks

    The Curly COMrades threat group exploited Hyper-V virtualization on compromised Windows systems to evade endpoint detection. Attackers enabled Hyper-V, deployed a minimal Linux VM (120 MB disk, 256 MB RAM), and ran custom tools including CurlyShell reverse shell and CurlCat proxy inside the VM. This technique bypassed host-based EDR and AV solutions that don't inspect nested virtual environments. Active since late 2023 and documented in August 2025, the campaign targeted Georgia and Moldova. Defenders should monitor for unusual VM creation and Hyper-V role enablement on endpoints.

  5. 5
    Article
    Avatar of selfhostedselfhosted·27w

    Nixopus: one-click app hosting on your own server (install apps just like on your phone) now can be extended with extensions.

    Nixopus is an open-source platform that simplifies self-hosting applications on your own server with a user-friendly interface. The new Extensions feature enables one-click deployment of 100+ applications like Appwrite, Excalidraw, and Ollama, with custom domain support, live build logs, and transparent configuration. Users can browse available apps, deploy them instantly, manage all running services from a single dashboard, and even package their own applications as extensions by adding a single file.

  6. 6
    Article
    Avatar of su5hqluae4wlrb1nahjtvSerdarcan Buyukdereli·24w

    Life After NGINX: The New Era of Kubernetes Ingress & Gateways

    A comprehensive comparison of Kubernetes ingress and gateway solutions beyond NGINX, evaluating Traefik, Istio, Kong, Cilium, Pomerium, kgateway, HAProxy, and Contour. The guide analyzes each tool across architecture, traffic management, security features, observability, performance, and future-proofing to help DevOps engineers and SREs make informed production decisions. Includes practical YAML examples, a detailed scoring matrix, and insights on Gateway API adoption for long-term infrastructure planning.

  7. 7
    Article
    Avatar of 7cfwo9pndzfeu8zl03mdtRaghav·27w

    Nixopus: one-click app hosting on your own server (install apps just like on your phone) now can be extended with extensions.

    Nixopus is an open-source platform that simplifies self-hosting applications on your own server with a user-friendly interface. The new Extensions feature enables one-click deployment of 100+ applications like Appwrite, Excalidraw, and Ollama, with custom domain support, live build logs, and transparent configuration. Users can browse available apps, deploy them instantly, manage all running services from a single dashboard, and even package their own applications as extensions by adding a single file.

  8. 8
    Article
    Avatar of giantswarmGiant Swarm·26w

    Infrastructure for AI is finally getting a standard

    The CNCF launched the Kubernetes AI Conformance Program at KubeCon North America, establishing the first standardized baseline for running AI/ML workloads on Kubernetes. Giant Swarm became one of the first platforms to receive certification, addressing the fragmentation in AI infrastructure that has plagued organizations as they move from experimental models to production. The standard defines consistent capabilities, APIs, and configurations needed for reliable AI/ML workloads, with research showing 82% of organizations building custom AI solutions and 58% using Kubernetes. The certification provides teams with confidence in their infrastructure choices, backed by major industry players like Bloomberg, Zalando, OpenAI, NVIDIA, and Apple already using Kubernetes-based platforms for AI workloads.

  9. 9
    Article
    Avatar of lobstersLobsters·27w

    A prison of my own making

    A developer reflects on how adopting best practices like GitOps, immutable infrastructure, Kubernetes, and declarative systems turned their homelab from a relaxing hobby into an overwhelming burden. They realized that enterprise-grade tooling (NixOS, Fedora Silverblue, CI/CD pipelines) made simple tasks impossibly complex for a solo project. The author shares their decision to simplify by abandoning immutable distros, reducing automation, accepting stateful backups, and prioritizing ease of use over architectural purity.

  10. 10
    Article
    Avatar of awsAWS·24w

    Build production-ready applications without infrastructure complexity using Amazon ECS Express Mode

    Amazon ECS Express Mode is a new capability that automates containerized application deployment with a single command. It handles infrastructure setup including load balancers, auto scaling, networking, and security groups automatically. Developers can deploy production-ready applications using AWS best practices without managing hundreds of configuration parameters. The service provisions ECS clusters, task definitions, Application Load Balancers, and Route 53 domains from one entry point. Available in all AWS Regions with no additional cost beyond standard AWS resource usage.

  11. 11
    Article
    Avatar of cncfCNCF·26w

    Lima becomes a CNCF incubating project

    Lima, a tool for running Linux virtual machines optimized for containers in local development environments, has been promoted to CNCF incubating status. Originally created in 2021 as a containerd demonstration tool for Mac users, Lima now supports multiple container engines (containerd, Docker, Podman, Kubernetes) and has expanded to include AI agent sandboxing use cases. The project has grown significantly since joining CNCF as a sandbox project in 2022, doubling its GitHub stars to 18,200+ and gaining adoption by tools like Colima, Rancher Desktop, and AWS Finch. Version 2.0 introduces a plug-in system for VM drivers, GPU acceleration support, and Model Context Protocol server capabilities.

  12. 12
    Article
    Avatar of grabGrab Tech Blog·27w

    Grab's Mac Cloud Exit supercharges macOS CI/CD

    Grab migrated their macOS CI/CD infrastructure from a US-based cloud vendor to a colocation facility in Southeast Asia, scaling from 1 Mac Pro to 250+ Mac minis. The migration achieved $2.4M in projected three-year savings and 20-40% performance improvements by reducing network latency to Git servers. The team evaluated cloud vs colocation vs on-premises options, chose Malaysia for its data center infrastructure and energy costs, and implemented zero-touch provisioning using Jamf MDM. The bare-metal approach avoided virtualization overhead while maintaining stability, with progressive migration ensuring no disruption to their 8 iOS apps serving millions of users.

  13. 13
    Article
    Avatar of hnHacker News·26w

    the terminal of the future

    Proposes a radical redesign of terminal infrastructure by combining Jupyter-like notebook interfaces with shell integration, transactional semantics, and persistent sessions. The vision includes features like undo/redo for commands, dataflow tracking, sandboxed process execution, and structured terminal logs. The author outlines a four-stage incremental adoption strategy: starting with transactional CLI semantics, adding persistent sessions with client/server architecture, implementing structured RPC with metadata-tagged I/O, and finally building a Jupyter-like frontend. This approach aims to solve longstanding terminal limitations while maintaining backward compatibility and low switching costs.

  14. 14
    Video
    Avatar of beabetterdevBe A Better Dev·27w

    AWS Explained: The Most Important AWS Services To Know

    A comprehensive walkthrough of essential AWS services organized by function: networking (Route 53, CloudFront), storage (S3, EBS, EFS), compute (EC2, Lambda, ECS, Fargate), databases (RDS, DynamoDB, Aurora), security (WAF, Cognito, Certificate Manager), AI/ML (Bedrock, SageMaker), messaging (SNS, SQS, EventBridge), analytics (Athena, EMR, Redshift), monitoring (CloudWatch, X-Ray), and CI/CD (CodeBuild, CodeDeploy, CodePipeline). Uses an e-commerce application as a practical example to demonstrate how these services integrate to build production systems.

  15. 15
    Article
    Avatar of lastweekinawsThe Last Week in AWS·24w

    AWS Finally Lets You Find Your Idle NAT Gateways

    AWS Compute Optimizer now identifies idle NAT Gateways, helping users eliminate unnecessary costs. Each idle gateway costs approximately $35/month plus data processing fees. A NAT Gateway is considered idle when it has no active connections, no incoming packets from VPC clients or destinations for 32 days, and isn't associated with a route table. This feature addresses the low-end cost problem of forgotten resources, though high-volume data processing charges remain a separate concern.

  16. 16
    Article
    Avatar of ubuntuUbuntu·26w

    Canonical Kubernetes officially included in Sylva 1.5

    Canonical Kubernetes has been officially integrated into Sylva 1.5, a European telecommunications cloud-native framework backed by major operators like Nokia and Ericsson. The distribution offers up to 12 years of long-term support and is designed for mission-critical telco workloads including 5G core, O-RAN, and edge services. Sylva 1.5 becomes the first release to include Kubernetes 1.32, enabling validated deployment of cloud-native and virtualized network functions across telco infrastructure with guaranteed interoperability and performance.

See all Infrastructure archives