DevOps Enterprise Summit - airport culture
As I am sitting at Schipol Airport, contemplating that the airport is so big it has a branch of the Rijksmuseum, I can’t help but thinking about the fabulous conference I’ve just been to. The DevOps Enterprise Summit 2023 has exceeded my expectations. But before I get to there, I’d just like to develop the airport metaphor a little bit. So here I am, looking at culture. Why was it that at Schipol, one of the busiest airports in the world, it was a breeze to get through security, airport security agents were smiling, cracking jokes, I could leave my laptop, toothpaste and deodorant in the bag and they have art in the middle of the airport, goddammit.
DevOps Enterprise Summit - simple paper cranes
As I am sitting on the 16th floor of the Okura Hotel in Amsterdam in my Batman pyjamas and facing a large mirror, just glimpsing the paper crane that was so lovingly put on my pillow, I’m starting to reflect what has happened during the day. I was lucky enough to be a guest at the DevOps Enterprise Summit. There was certainly plenty of things to get excited about. I’d meet Gene Kim, who’s been running this conference for 10 years and who wrote the Phoenix Project.
ApocalypsAI: Skynet not needed
FADE IN: INT. ABANDONED BUILDING - DAY Opay and Bart are sitting in a dimly lit room, surrounded by stacks of old newspapers and books. OPAY: (sighing) It's not their fault. They don't understand the meaning behind the words. BART: (confused) What do you mean? OPAY: (explaining) The machines were programmed to generate content based on keywords and patterns, not on the actual meaning of the words. BART: (realizing) So they just keep churning out more and more content, without any understanding of what it means.
Your Best Engineers Should Look After the Worst Systems
“Outdated tech stack and metaphorical gaffer tape holding together the code” - sound familiar? How about “We can’t recruit, because nobody wants to touch this legacy stuff”? Yet banks and governments would stop working if mainframes were switched off. Instead of outsourcing to the lowest bidder, maintenance is a job for experienced engineers. Not “the short straw”, brown field development can be more exciting than a feature factory. After all, the shiny code written today is the legacy code of tomorrow…
The Case Against Automatic Dependency Updates
The question of automatic dependency updates came up in our Slack channel the other day. There was a lot of nodding on how it is a good thing. Tools like Dependabot and Renovate were mentioned. Yet I was a dissenting voice. Why? The case for automatic dependency updates is simple and seductive: A bot would automatically scan your dependencies in your source code and create pull requests to update your libraries to the latest versions, sometimes even automatically merging it in.
Harvesting Logs for Fun and Profit
From a security point of view, application logs are two-sided. On the one hand, it is really important to have good observability, to find out what is happening and what has happened. On the other hand, we don’t want to leak sensitive information. In this post I am going to look at the kinds of things you might find in your logs. The juicy bits are Personal Identifying Information (PII) or security credentials.
Why AppSec fails
Let me tell you a story about Application Security (AppSec). It contains heroes and villains, and I’m not necessarily thinking about the defenders and attackers here. It contains lots of interesting technology that is often overemphasised. We’ve got whole industries that work on letting us know how scary it is out there, vulnerabilities that are marketed like rock stars and terminology that makes you quiver in your boots: who would want to fall victim to an Advanced Persistent Threat (APT)?
Precision Munitions for Denial of Service
There’s a metaphor about the fight between attackers and defenders in the Denial of Service cybersecurity game. It’s an “arms race” between ever bigger attacks throwing huge amounts of traffic at ever more sophisticated defenses (e.g. AWS shield). Incidentally, I’ve just demonstrated an easy mistake: I’m not describing a Denial of Service (DoS) attack, it’s a Distributed Denial of Service (DDoS) attack. The aim is to overwhelm the infrastructure, either the networking infrastructure or the application by sending more requests than can be handled.
The agile power of saying no
I am sitting on the train as I type this coming back from my first IRL conference. Lean Agile Scotland 2022 was brilliant. I met so many people with ideas that just chime with my thinking on agile, I feel energised and full of ideas No Bugs No Decisions No Deadlines No Fear What follows are some thoughts that I took away from some of sessions the conference. There were lots of exciting talks and workshops and it was a pity that I couldn’t clone myself to go to more of them (I was gutted to miss sessions that coincided with my own talk).
What do you think are the most exciting developments in software product engineering today?
This is part of my series of interview questions for Agile India 2022. Thinking about exciting developments in software development as a developer immediately brings magpies to mind. What is the latest technology that can grab our attention. What’s the latest shiny? Could it be some crypto tech? Some no-code development? Or programming in the metaverse maybe? No, no, and NO! Crypto is a scourge that wastes energy, kills the planet and destroys lives, no-code and low code will mean some actual software engineers will have to pick up the pieces when it inevitably will go wrong and the metaverse (second second life) looks to be a great way to make the web as tedious to use than going to an actual shop where you can’t find anything because the items have moved to another shelf yet again.