Happy new year to all the subscribers, new and old. A bit of a different issue this week. I thought I’d take a look back at some of the most interesting posts from the last 3 months of 2022. Some interesting content on incident management, build engineering, the discipline of operations and more.

StackHawk sponsors Devops Weekly

ICYMI: The Deeper GraphQL Security Testing webinar is available on demand! Watch the recording to learn how your team can protect their GraphQL APIs from tricky business logic vulnerabilities with custom test data!
https://sthwk.com/Deeper-GraphQL-OnDemand

News

A new report analysing 50,000 anonymised incidents, with interesting aggregate data and observations around the use of service catalogues and defined incident roles on recovery time.
https://firehydrant.com/reports/incident-benchmarks/

Some OCAML specifics, but a good post on reproducible software tooling and why it’s important for certain use cases.
https://blog.osau.re/articles/reproducible.html

A nice case study of building an SRE team. Notes on people and process as well as the usual SLOs and SLIs.
https://engineering.reputation.com/building-a-resilient-sre-process-42e659714743

Everyone thinks time is relatively simple, until they have to deal with a computer. This post explores the Unix epoch, and the various implications of design decisions and implementation details.
https://www.netmeister.org/blog/epoch.html

Who has access to production? Who should have access to production? This post provides some advice on a method for doing a risk assessment. Some of this is specific to AWS and IAM, but much is applicable to any setup.
https://blog.symops.com/2022/10/20/risk-assessment-aws-iam/

Devops means different things to different folks, but I think everyone wants to improve on the craft of operations. This post discusses the need to build a culture of candour. Getting a “true and honest signal when things are going wrong” applies to the software and people that make up complex systems.
https://www.jasonacox.com/wordpress/archives/1331

A post on the evolution of systems operations, and the emergence of platform engineering as distinct. Some thoughts on the differences between different roles and models, and were we might be heading next.
https://www.honeycomb.io/blog/future-ops-platform-engineering

A discussion of the need for more people-centric operations, with some observations from a recent survey and some concrete suggestions.
https://medium.com/pareture/people-centric-software-operations-culture-933059481af1

Tools

One of the oft-quoted use cases for WebAssembly is plugins. Extism is a framework for implementing a plugin system in your apps, making this much easier to do. Very interesting.
https://github.com/extism/extism

A couple of new open source tools, cnquery and cnspec. The first provide a query tool atop cloud infrastructure, handy for asset inventory. The second provides testing and policy based tools on top of that inventory.
https://blog.mondoo.com/cnquery-cnspec
https://github.com/mondoohq/cnquery
https://github.com/mondoohq/cnspec

Wolfi is a new lightweight GNU software distribution, a Linux (un)distribution intended to solve supply chain security problems in container environments.
https://github.com/chainguard-dev/wolfi-os
https://www.chainguard.dev/unchained/introducing-wolfi-the-first-linux-un-distro