1 minute read

Posts on everything from secure supply chain, performance testing and reliable systems design to conversational architecture and team organisation. A good range of technical and people topics this week.

StackHawk sponsors Devops Weekly

Shifting security left has become a buzzword that is thrown around constantly. But what does it matter for your team? Find out:
https://sthwk.com/why-shift-left

News

An interesting post looking at the architecture of the recently launched James Webb space telescope. Discussion of testing, single points of failure and building reliable systems.
https://flyingbarron.medium.com/the-james-webb-space-telescope-making-300-points-of-failure-reliable-db669810a9d8

A paper exploring a tricky challenge, creating an automated system for performance testing able to run in CI systems.
https://dl.acm.org/doi/pdf/10.1145/3395032.3395323

A look at applying the approaches from the team topology book to machine learning teams.
https://towardsdatascience.com/team-topology-for-machine-learning-45bddba626e3

A short set of recommendations gleaned from the fallout of Log4Shell.
https://www.jetstack.io/blog/log4shell-lessons-to-learn/

Some thoughts on observability tooling consolidation and potential future tooling development.
https://world.hey.com/minglei/observability-in-chaos-88d43d84

Architecture is important, but often misunderstood (or misapplied as top down control). This article talks about why, and how to adopt a more conversational decentralised approach.
https://martinfowler.com/articles/scaling-architecture-conversationally.html

A post on building a more secure pipeline for an application, using GitHub Actions, Cosign and a range of other open source tools.
https://www.cloudnative.quest/posts/security/2022/01/01/improve-supply-chain-security-with-github-actions-and-open-source-tools/

Tools

Sinker is a handy tool that syncs container images from one registry to another. This is useful in cases when you rely on images that exist in a public container registry, but need to pull from a private registry.
https://github.com/plexsystems/sinker

Shellfirm is a handy utility to help avoid running dangerous commands without an extra step of approval.
https://github.com/kaplanelad/shellfirm

Updated: