I am wearing my Equal Experts hoodie. Often I’ll be found on conference calls with my EE t-shirts, and I even have some socks. So the irony of writing an article about “leaving the badge on the door” is not lost on me. So what do I mean? Contracting Scum I am a contractor. I have been for the best part of 20 years. I’ve worked in a variety of sectors (telecomms, finance, government) in a variety of roles (development, architecture, security) using a variety of methodologies (waterfall - eurgh, faux agile - double eurgh - and lowercase agile).

I am back at home, a few days after my first experience of Agile on the Beach. There were a few problems with it (yes, yes, I’m baiting you, I loved it). There was too much quality, it was really hard to pick which talks to go to. There was too much fun, it was difficult to leave the after-party after the beach party. And it was hard to keep track of all the new faces and names.

It is a couple of weeks after my trip to Leeds to go speak at BSides. Now, if you’ve never been to a BSides - and I had only been to one prior - then hopefully this gives you a bit of a feel as to what to expect. In short, there’s lots of interesting people with great talks and insights and something that feels just right. A bit of community and some weird people.

In this post I am looking at using the mongo aggregation pipeline in non-trivial ways. In fact, once I had done what I wanted to do I looked back at the result and discovered that a bit of an idea of functional programming helped me achieve what I wanted to do. But back to the beginning: I was looking at deployment events which we’d captured in a mongo collection: { "environment" : "production", "serviceName" : "platform-status-frontend", "version" : "0.

As I am sitting at Schipol Airport, contemplating that the airport is so big it has a branch of the Rijksmuseum, I can’t help but thinking about the fabulous conference I’ve just been to. The DevOps Enterprise Summit 2023 has exceeded my expectations. But before I get to there, I’d just like to develop the airport metaphor a little bit. So here I am, looking at culture. Why was it that at Schipol, one of the busiest airports in the world, it was a breeze to get through security, airport security agents were smiling, cracking jokes, I could leave my laptop, toothpaste and deodorant in the bag and they have art in the middle of the airport, goddammit.

As I am sitting on the 16th floor of the Okura Hotel in Amsterdam in my Batman pyjamas and facing a large mirror, just glimpsing the paper crane that was so lovingly put on my pillow, I’m starting to reflect what has happened during the day. I was lucky enough to be a guest at the DevOps Enterprise Summit. There was certainly plenty of things to get excited about. I’d meet Gene Kim, who’s been running this conference for 10 years and who wrote the Phoenix Project.

FADE IN: INT. ABANDONED BUILDING - DAY Opay and Bart are sitting in a dimly lit room, surrounded by stacks of old newspapers and books. OPAY: (sighing) It's not their fault. They don't understand the meaning behind the words. BART: (confused) What do you mean? OPAY: (explaining) The machines were programmed to generate content based on keywords and patterns, not on the actual meaning of the words. BART: (realizing) So they just keep churning out more and more content, without any understanding of what it means.

“Outdated tech stack and metaphorical gaffer tape holding together the code” - sound familiar? How about “We can’t recruit, because nobody wants to touch this legacy stuff”? Yet banks and governments would stop working if mainframes were switched off. Instead of outsourcing to the lowest bidder, maintenance is a job for experienced engineers. Not “the short straw”, brown field development can be more exciting than a feature factory. After all, the shiny code written today is the legacy code of tomorrow…

The question of automatic dependency updates came up in our Slack channel the other day. There was a lot of nodding on how it is a good thing. Tools like Dependabot and Renovate were mentioned. Yet I was a dissenting voice. Why? The case for automatic dependency updates is simple and seductive: A bot would automatically scan your dependencies in your source code and create pull requests to update your libraries to the latest versions, sometimes even automatically merging it in.

From a security point of view, application logs are two-sided. On the one hand, it is really important to have good observability, to find out what is happening and what has happened. On the other hand, we don’t want to leak sensitive information. In this post I am going to look at the kinds of things you might find in your logs. The juicy bits are Personal Identifying Information (PII) or security credentials.