1 minute read

Several posts this week on the future of devops, and a call for a new generation of tools that don’t just build on what has come before.

StackHawk sponsors Devops Weekly

[September 20] Join StackHawk at gRPC Conf 2023 to learn about API security testing with Protobuf reflection + more great sessions from the customers, project leads, and contributors that make up the gRPC ecosystem. Register here:
https://sthwk.com/grpc-conf-2023

News

A passionate call for a second wave of devops tools to fulfil the promise of the movement. Some good observations here about what’s changed over the last 10+ years, and what hasn’t.
https://www.systeminit.com/blog-second-wave-devops/

A bit of a companion to the above post, a conversation on the same topic of what devops has got right, what we’ve got wrong and where we can go from here.
https://www.arresteddevops.com/the-new-devops/

And another follow on. This post runs with the ideas from the above posts, and highlights several companies and projects that are building in this area.
https://www.opencontext.com/blog/threads-of-the-next-wave-of-devops

A useful new guide to configuring source code management systems securely, with specific recommendations for GitHub and GitLab as well as general guidance.
https://openssf.org/blog/2023/09/14/openssf-releases-source-code-management-best-practices-guide/
https://best.openssf.org/SCM-BestPractices/

A discussion of the adoption of backstage at Spotify, and the challenges of adoption in general of a developer platform.
https://thenewstack.io/how-spotify-achieved-a-voluntary-99-internal-platform-adoption-rate/

A good counter argument to anyone who claims you can’t adopt modern software practices in a heavily regulated environment.
https://speakerdeck.com/charity/compliance-and-regulatory-standards-are-not-incompatible-with-modern-development-best-practices

Interesting visualisations of breach data from large, well known, security breaches. Both the timeline and sensitivity view provide some understanding of the scale of the problem.
https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Events

The AWS Community Summit is a full day, 3-track AWS conference held in the heart of Manchester, at the Victoria Warehouse on Thursday, September 28th. With 28 talks and workshops covering a range of AWS focussed topics, including Serverless, GenAI, ML, FinOps, Security, Developer Tooling, Migrations and App Modernisation. DevOps weekly subscribers can use the code TWENTYOFF to access early bird pricing of just £30.
https://www.comsum.co.uk/manchester-23

Tools

A set of lessons aimed at anyone learning LLM and generative AI concepts, with sections on operations and security, as well as development.
https://github.com/jedi4ever/learning-llms-and-genai-for-dev-sec-ops

Updated: