DEVOPS WEEKLY ISSUE #249 - 11th October 2015

4 minute read

For no apparent reason I have lots of solid security content this week, from an excellent crypto for developers post through presentations and new interesting looking scanning tools. Throw in some warnings about jumping into microservices too quickly and a mix of other posts and hopefully something for everyone.

Sponsor

Devops Weekly is sponsored by Brightbox Cloud: the multi-zone cloud platform built for High Availability.

Try an SSD cloud server in 30 seconds with your £20 free credit…
http://brightbox.com/devopsweekly

Sponsored

[Webinar] 5 Steps to Building a Mature DevOps Organization with Sherwin-Williams

Join our webinar to learn how Sherwin-Williams, a Fortune 500 company in the general building materials industry, transformed from traditional software development and operations into a full-fledged DevOps company by using a simple maturity model to take the right first steps.
http://ow.ly/TbFIY

News

It’s incredibly easy to get basic security wrong, and cryptography is probably even easier to misunderstand. This post is a superb introduction to crypto for developers, worth reading even if you think you know the subject well.
https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded

I failed to mention the Otto and Nomad releases from Hashiconf last week. Here’s a nice writeup of a first look. For those that missed it, Nomad is a new multi-host container sheduler and Otto is an opinionated workflow tool which covers both local development and production deployment.
http://matschaffer.com/2015/09/otto-nomad-first-look/
https://www.nomadproject.io/
https://ottoproject.io/

A solid introduction to why securing infrastructure is hard and a good collection of things you can do, including bounties, paying attention to attackers, auditing everything and more.
https://speakerdeck.com/barnbarn/infrastructure-security-how-hard-could-it-be-right

A great post showing the differences between how Graphite and InfluxDB work, and how you can configure things to move data from Graphite to Influx.
http://roobert.github.io/2015/10/10/Columned-Graphite-Data-in-InfluxDB/

A post asking how much of the current buzz around microservices is simple people cargo-culting. Makes some good points that will probably be ignored unfortunately.
http://www.stavros.io/posts/microservices-cargo-cult/

Programmable Infrastructure is a new site detailing tools but more interesting patterns for modern infrastructure. Some solid early guides on load balancing and service discovery.
http://programmableinfrastructure.com/

Managing an AWS installation, especially as an organisation grows or where many people have access, can be a challenge. This post covers cleaning up instance snapshots using the python boto library.
http://blog.ranman.org/cleaning-up-aws-with-boto3/

A solid list of antipatterns for adopting service based architectures, covering the need for automation, depending on client signoff, gateways, versioning and more. Not sure I agree with everything, but the real-world story-telling style is great.
http://www.infoq.com/articles/seven-uservices-antipatterns

An interesting post from a team that asked the question “what would our infrastructure look like if we designed it today”.
https://segment.com/blog/rebuilding-our-infrastructure/

Jobs

GE Intelligent Platforms is looking for a Lead DevOps Engineer in Charlottesville, VA You’ll be a member of our team responsible for the production and operations of our remote monitoring solution for OEMs, Equipment Insight. You will help us improve our continuous delivery pipeline to enable growth, while improving our ability to maintain existing infrastructure as we scale. Join us in shaping the future of the Industrial Internet!
https://xjobs.brassring.com/tgwebhost/jobdetails.aspx?partnerid=54&siteid=5346&jobid=1251157

LoveCrafts is seeking a smart and kind DevOps/Infrastructure Engineer to join our rapidly growing product development team in Central London. We’re building a Home for Makers in the form of web and mobile products that support them through the Making lifecycle - inspire, buy, make and share. If you, like us, are passionate about monitoring, logging, performance, security and cake, then you might want to check us out. Familiarity with puppet, mcollective, Jenkins and the spectrum of AWS products is definitely a help. Come see us to have a chat and some cake (it’s really not a lie).
http://www.lovecrafts.com/jobs/#op-49314-devops-engineer

Moving Picture Company produce visual effects at a scale unprecedented in any other VFX company. We are looking for a developer to join our Global Core Engineering team in London. We are responsible for building the foundation on which our VFX tools are built and run. We have engineering expertise in development and operations. If this sounds interesting and you are passionate about testing, performance and have a strong attention to detail – come and join us. At our core we are building libraries and SOA architecture using Python, RabbitMQ, NGINX plus a host of other tools like Saltstack, Git and all that good stuff. Get in touch for further details.”
https://ldd.tbe.taleo.net/ldd01/ats/careers/requisition.jsp?org=MPC&cws=1&rid=8704

Events

Devops Days Silicon Valley is coming up on the 6th and 7th of November with a good looking set of tests on security, working as a lone operations person and dealing with outages.
http://www.devopsdays.org/events/2015-siliconvalley/

Tools

Gryffin is a security scanning tool out of Yahoo that’s aimed to work at scale. The deduplication of tests sounds very useful for getting results quickly with testing identical pages.
https://github.com/yahoo/gryffin

Syntribos is another security scanner, but one specifically geared not to HTML and web pages, but to testing APIs.
https://github.com/rackerlabs/syntribos

A nice little dashboard that shows the number of commits on a repo since the last deploy. Surfacing this information can help avoid large deploys later.
https://github.com/dsingleton/deploy-lag-radiator

Devops Weekly is sponsored by Brightbox Cloud: the multi-zone cloud platform built for High Availability.

Try an SSD cloud server in 30 seconds with your £20 free credit…
http://brightbox.com/devopsweekly

Updated: