1 minute read

One of the interesting things about curating this newsletter for so long is the historical perspective. Two related posts this week, one on the updated research in the 2021 Accelerate State of DevOps report, the other a look at the evolution of distributed tracing over the last 5 years.

StackHawk sponsors Devops Weekly

Semgrep and StackHawk are showing you what’s new with automated security testing on September 30. Grab your spot!
https://sthwk.com/whats-new

News

The 2021 Accelerate State of DevOps Report is out, with advice on software delivery metrics, cloud adoption, the importance of documentation and more.
https://cloud.google.com/blog/products/devops-sre/announcing-dora-2021-accelerate-state-of-devops-report

An interesting interview covering client library and SDK strategy, the importance of boring tools and adopting new technologies.
https://www.opslevel.com/blog/opslevel-convos-paul-osman/

A post on the evolution of distributed tracing over the past 5 years.
https://ploffay.medium.com/five-years-evolution-of-open-source-distributed-tracing-ec1c5a5dd1ac

As with most things, the DORA metrics can be used poorly or misrepresented. As the post states, when a measure becomes a target, it ceases to be a good measure.
https://techbeacon.com/app-dev-testing/how-devops-teams-are-using-abusing-dora-metrics

Pull requests as an attack vector. A well explained example of a potential attack, and some specific advice for others to help avoid this soft of supply chain attack.
https://goteleport.com/blog/hack-via-pull-request/

A deep dive, multi-page, look at Linux Page Cache. If you’re administering Linux machines then understanding this can help with debugging various IO issues.
https://biriukov.dev/docs/page-cache/0-linux-page-cache-for-sre/

Kubernetes is a lot when it comes to operating a new system. This post is a good set of common beginner errors.
https://medium.com/nerd-for-tech/common-kubernetes-errors-made-by-beginners-274b50e18a01

Events

The Data on Kubernetes community has an upcoming event on 12th October 2021. Lots of interesting talks for anyone running databases or stateful workloads on top of Kubernetes.
https://dok.community/dok-day/

Tools

Jspolicy is another Kubernetes policy agent, this time focused on supporting authoring policies in Javascript or Typescript.
https://www.jspolicy.com/
https://github.com/loft-sh/jspolicy

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.
https://github.com/ovotech/gitoops/

Updated: