DEVOPS WEEKLY ISSUE #304 - 23rd October 2016

2 minute read

A bunch of technical posts this week which also contain lots of people and culture content. Whether it’s Serverless and security, or config management and scaling usage across teams, or threat modelling and security tools. I particularly love cross-over posts and presentations..

Sponsor

Tell the world what you think about being on-call. Participate in the annual State of On-Call Survey.
https://goo.gl/n1g22X

Sponsored

[On-Demand webcast] Gene Kim shares top lessons learned co-authoring The DevOps Handbook

In this on-demand webcast, DevOps researcher & author, Gene Kim, shares first-hand insights and lessons he learned while co-authoring The DevOps Handbook, including: Informative DevOps transformation case studies around continuous integration and delivery, and concrete techniques to build a culture of continuous experimentation and learning – including those from Google, Etsy, Nordstrom, and Capital One. Check it out!
http://ow.ly/EXwE304sS1F

News

Scaling software across teams and organisations is a topic I find endlessly interesting. This talk covers some of the challenges of adoption, in this case of Puppet at GitHub.
https://speakerdeck.com/kpaulisse/puppetconf-2016-scaling-puppet-and-puppet-culture-at-github

Excellent presentation from PuppetConf this week which is relevant to everyone interested in how you actually get hacked. Good content on threat modelling, a few tools and social issues around security.
https://speakerdeck.com/barnbarn/how-you-a-actually-get-hacked

An interesting (and entertaining) comparison of dumpster fires and tire fires, and what the two analogies mean for operations.
https://medium.com/@jpaulreed/a-burning-philosophical-question-94acd3f30e8c#.t5ywxzz7h

Some good observations about security in a serverless deployment. The state of awareness of third party security is poor in many cases, and serverless could make this a bigger issue.
https://snyk.io/blog/Serverless-Security-Vulnerabilities/

The State of Database Management Survey is an attempt to track the rapidly changing field of databases, looking at the technology and the changes in practices and processes.
https://goo.gl/0hToU3

Testing is definitely a topic of interest in the devops space, and I think this post does a good job of pointing out all the various places where testing can bring benefits to operations and collaboration.
https://danashby.co.uk/2016/10/19/continuous-testing-in-devops/

It feels like networking is becoming something that is in the developer conscious more and more. So this post is a good reminder of the types of misconceptions people have about their network which can lead to bugs or operational issues.
http://blog.erratasec.com/2012/06/falsehoods-programmers-believe-about.html#.WAzzspMrJE4

A good post on the human element of debugging production issues and the myth of the root cause in complex systems.
http://blog.scalyr.com/2016/10/the-myth-of-the-root-cause/

A presentation broken down with lots of notes and details which explains how Varnish works and why you should be using a caching proxy.
https://ma.ttias.be/varnish-explained/

Events

KubeCon is coming up in Seattle on the 8th and 9th of November. The schedule is packed with low level technical talks as well as lots of production case studies. Something for Kubernetes experts and those just getting started.
https://events.linuxfoundation.org/events/kubecon?utm_medium=email&utm_campaign=devopsweekly&utm_source=newsletter&utm_content=a

Tools

A handy tool announced at PuppetConf, octocatalog-diff allows for some interesting testing of Puppet code, in particular helping to reduce the risk of refactoring existing code.
http://githubengineering.com/octocatalog-diff-github-s-puppet-development-and-testing-tool/
https://github.com/github/octocatalog-diff

Lots of people will tell you containers are made of cgroups and namespaces, but how do you dig into those? Enter cinf which provides a handy tool for low-level container prodding.
https://github.com/mhausenblas/cinf

Tell the world what you think about being on-call. Participate in the annual State of On-Call Survey.
https://goo.gl/n1g22X

Updated: