1 minute read

Distributed systems design, new programming languages, software supply chain maturity models, eBPF, on-call compensation. A range of different topics this week.

StackHawk sponsors Devops Weekly

Upcoming Webinar: Deeper API Security Test Coverage. Learn how to configure API security testing using existing resources like Postman Collections, Cypress Test Scripts, and other DevTools to test your API endpoints. No API specs required!
https://sthwk.com/Deeper-API-Security-Testing

News

The Open Source Software (OSS) Secure Supply Chain (SSC) Framework provides a useful maturity model for consuming open source software securely.
https://github.com/microsoft/oss-ssc-framework/blob/main/specification/framework.md

Designing distributed systems involves lots of aspects. This handy mindmap of system design concerns could be handy.
https://medium.com/vedcraft/system-design-mind-map-for-building-distributed-systems-b20a4f6943d0

A good example of the complexities inherent in modern software supply chains. A small number of packages built with a dangerous compiler flag cause a potentially huge impact downstream.
https://moyix.blogspot.com/2022/09/someones-been-messing-with-my-subnormals.html

A post on establishing a culture of performance, by implementing continuous load testing. Good discussion of tools and people challenges, as well as the safety concerns of automating load testing.
https://slack.engineering/continuous-load-testing/

eBPF is starting to power more and more interesting technologies. This post is a a quick eBPF primer and set of links to learn more.
https://redmonk.com/rstephens/2022/09/08/ebpf/

A look at connecting Hashicorp Vault and Google CloudSQL using a custom Vault plugin.
https://expel.com/blog/connect-hashicorp-vault-and-googles-cloudsql-databases-new-plugin/

Events

CloudNativeCon US is coming up in Detroit in October, and this year there will be a dedicated Cloud Native Policy Day for all things Open Policy Agent. October 25th. Expect talks from end users and core maintainers.
https://www.styra.com/cloud-native-policy-day-with-opa-2022/

Tools

Unison is a new programming language, with what looks like some interesting ideas.
https://www.unison-lang.org/

Another language, Malloy, this time intended as a modern replacement for SQL, introducing a semantic modelling layer atop the data. It also compiles to SQL to make early adoption easier.
https://carlineng.com/?postid=malloy-intro
https://github.com/looker-open-source/malloy

A handy free tool to help better surface on-call compensation information. Integrates with Pagerduty and Slack.
https://incident.io/on-call/

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...

DEVOPS WEEKLY ISSUE #690 - 24th March 2024

1 minute read

Unreliable platform engineering, scaling databases, configuration management, software supply chain security and more this week. A good mix of interesting to...