This past week featured a good number of cloud developments. Opscode unveiled a new version of its flagship automation platform, security researchers discovered a critical flaw in Google Cloud Messaging (GCM) and Hewlett-Packard announced a new scale-out appliance. Mega CEO Vikram Kumar also grabbed headlines after he called on cloud providers to commit “Privacy Seppuku” rather than hand over user data to the feds.

On Monday we reported that DevOps titan OpsCode rolled out the latest release of its flagship cloud automation framework. Puppet v11 features an Erlang API server, a PostgreSQL-based data store and integration with IBM’s AIX operating system. The new version also includes a set of pre-built ‘recipes’ that make it easier for developers to automate provisioning, configuration management, app delivery and a number of other tasks.

Two days after OpsCode’s big launch, a Kaspersky researcher by the name of Roman Unuchek revealed the existence of a vulnerability that enables hackers to control and direct malicious apps via the Google Cloud Messaging service. According to Unuchek, the exploit can be used for a wide range of malicious applications, such as displaying ads that recommend malicious apps or generating shortcuts to infected websites.

A day after word of the vulnerability came out, Hewlett Packard pulled the curtains back on a scale-out StoreVirtual VSA platform that features auto tiering at the sub-LUN level. HP says that the solution deploys three times faster and scales 11 times faster than competing solutions.

While HP is working toward securing a stake in the software-defined data center, Kim Dotcom’s Mega is building a privacy-centric email service. Vikram Kumar, the company’s CEO, has reacted to the recent termination of Lavabit by calling on cloud providers to avoid disclosing user data at all costs – even if it means shutting down.