A vulnerability was recently announced by Google, named POODLE, which targets SSLv3 connections. SSLv3 is an older encryption protocol in the SSL/TLS family. Most modern browsers default to newer versions of TLS instead of SSL, e.g., TLSv1.2.
I have a confession to make. My first job in IT wasn't as a rails developer in a hot startup. It wasn't managing cloud infrastructure. It didn't involve cool open source projects or cutting edge technology. Quite the opposite in fact. My first job was a graduate trainee analyst programmer at an Australian Funds Manager. What was I trained on? ADABAS NATURAL. Yep, I was a mainframe developer.
Anyone who has been following what we're doing at UpGuard knows that we like to keep things simple. With this in mind, we like to look at DevOps through the lenses of Collaboration and Automation. Almost all vendors in this space focus on the latter. Why is this? Well, automation tool vendors do it by definition. In reality the collaboration angle is avoided by vendors because it is hard. If you're looking to the market for assistance in "doing" DevOps then you'll be drowning in offers for help with automation. Help with collaboration? Not so much.
Automation. If you're somewhere on the DevOps spectrum then it's surely good for what ails ya. The answer to all your problems. For many it defines their DevOps journey, its destination representing the promised land of stable environments, consistent builds and silent pagers.
We've been working with a lot of Windows shops recently and IIS configuration seems to be a big pain point for many enterprises. Other than a brief stint in mainframe purgatory after university, I started life as a .Net developer and these conversations reminded me of my fun with IIS back in the day. In reflecting on this, I realized that the developer/operations interaction around IIS configuration is a near perfect example of the type of conflict that gave birth to the DevOps movement.
Wow! 2013 is over, done, kaput. It's hard to believe. Time flies when you're having fun (or building a business). Now is the time to look back though and reflect on what 2013 meant for DevOps, myself and UpGuard. This post will by no means be exhaustive. It's written through my eyes and based on my experience, and my head has been down working for large chunks of the year. I'll add an additional warning that it will be a little tongue in cheek. I make no apologies for that ;)
There's a certain something in the air within the DevOps community right now. The movement is, to a certain extent, becoming a victim of its own success. For where there is buzz in tech, there is money. And where there is money, there are recruiters, there is marketing, there are misinformed and over-simplified tech articles and, let's face it, there are carpetbaggers galore.
Whether you've just registered for UpGuard, our cloud-based configuration monitoring platform, or are simply interested in checking out some of the things that are possible, this is a great place to start. Each video gives a quick introduction to a major capability.
OK, it's Labor Day weekend. I don't suppose any of you want to read about application configuration. Time to bring a bit of culture into matters then. Arts and culture are very important to us here at UpGuard. OK, so that's a stretch. We may not be brogrammers but we have a lot of Australians working here. Art appreciation often only extends as far as stubby holder (koozie) design. Having said that, and contrary to some rumors that are currently doing the rounds, we can read. I'm a bit of a Cormac McCarthy fan myself (insert disclaimer here that I was into his stuff before Oprah tarnished his cool), and my favorite book of his is Blood Meridian. I won't go into too much detail other than to say if you're into epic tales of debauchery you should check it out.
What is Quality Assurance? Well in time honoured fashion I shall quote directly from wikipedia: Quality assurance (QA) refers to the engineering activities implemented in a quality system so that requirements for a product or service will be fulfilled What does this mean for DevOps though? Well the end product is the software or application being provided so most people focus on its requirements when talking QA and DevOps.
When I attended the DevOpsDays event in Mountain View (well, Santa Clara really) a couple of months ago I started writing a blog post on my impressions. I was a bit distracted at the time though after having had a minor twitter spat with a well known DevOps proponent on the first morning. I won't go into any detail here other than to say that it was sparked after I made a comment that I felt "DevOps" vendors need to be doing more to ease the transition for large Enterprises.
There is no doubt that the DevOps movement has gone mainstream. When even IBM and HP are dedicating sites to it there is no longer any question. If we were to place it on the Gartner Hype Cycle even the most devoted proponents would have to admit that it’s rapidly approaching the “Peak of Inflated Expectations”. What does this mean for you as a CIO? Should you steer clear of the movement entirely until things calm down a bit? Not at all. Should you be cautious in your approach to “implementing” DevOps though? Absolutely.
There's a hidden killer lurking below the surface of every Enterprise IT project. No, it's not Kevin, that sysadmin who spends a disturbing amount of time in the bathroom each day. It's not even that 400 page requirements document, although from a conservationist's point of view the PM's insistence on reprinting it every few days can't be doing the world too much good. So what is it? Well, let me give you a clue:
Most Enterprise CMDB offerings are a joke. They've always been a joke. Just another white elephant system sucking time and money out of IT Budgets. What most, if not all, become are simply inventory systems. They're not even good for that half the time.
As there's a lot of interest out there in the various IT automation tools on offer I thought I'd do a series of blogs covering getting started on each. In particular I wanted to put them to the test regarding how simple it is to go from zero to "Hello World" *. This way I get to play the truly dumb user (not much of a stretch, I know), which is kinda fun too.
You're never safe in Enterprise IT. Just when you feel you've gotten a handle on the last hot topic you're hit with another. SOA, BPM, Agile, ITIL; You feel like screaming "Enough!" but you know resistance is futile. Gartner have said it's important so you know full well that you'll be asked to "do" it by management.
Designing and building a race car using the typical lifecycle process used within an Enterprise IT department. Sounds like a good idea, no? No. It's a terrible idea, but it's fun to paint a picture of how it may work out to illustrate what goes wrong today in so many Enterprises. For this exercise I'm going to assume that there are four main groups. The design team (analogous to IT Architects), the manufacturing team (development), the safety team (security) and the mechanics (operations). Here is how things may turn out.
It's been really interesting to watch the dramatic uptick in activity around the automation space the last year or two. I don't need to go into too much detail on the benefits that automation offers here; consistency and scalability are two of the more prominent that come to mind. What has struck me, though, is that it feels like the way that companies are going about it is missing a key step.
Those of us who haven't worked in the Enterprise probably don't know a lot about ITIL (Information Technology Infrastructure Library). ITIL may even be a source of amusement for them. C'mon, they would say, how much practical use can you get from a methodology that is defined through a set of books that is actually referred to as a "library"?
OK, so I probably just closed out 100 games of Bulls**t Bingo in the title of this blog post but I'll stand by it. You want actual agility in what you do? You need a safety net. That safety net is automated testing.
We've made some additions to the platform that we're pretty excited about and would like to share. An even easier way to add tests, service/daemon support for the application and job scheduling for those of you that like to know that your configuration is gold even when you're not watching.
OK, so I was supposed to be blogging this weekend but I was bored of blogging so I instead decided to combine two things I'm terrible at, illustration and comedy, and do a comic instead. I deserve to be punished for this so please, flame away :)
So I was stumbling around the web this morning and I found myself in the LinkedIn DevOps group. Browsing around I came across several discussions on "DevOps" tools. Now a lot of companies and projects out there use the DevOps keyword but not many of them would label themselves a "DevOps Tool". For good reason too. It doesn't take much googling to be assured that DevOps, like Agile, is not about tools. DevOps is about principles, methods and practices.
This is a pretty common response we get from people we're explaining our product to. There is logic to it but we don't believe it's necessarily reasonable. To illustrate our viewpoint on this we thought we'd paraphrase a conversation we had with a prospective client recently.
OK. Time to take a deep breath. Time to reflect on what has been a crazy six months and an even crazier week. As you may have heard, we got funded. Funded to the tune of $1.2M, and by a list of investors we wouldn't have dared to dream having on board when we started our journey with Startmate at the beginning of the year. One name in particular has been hard to miss in the coverage we've received and we are truly proud to have Peter Thiel involved through Valar's investment in UpGuard, but one investment did not the round make. Also on board are:
You've used Chef/Puppet to automate your infrastructure, you can provision your virtual environment from scratch and deploy all your applications in minute. It’s magical. You've achieved Configuration Management Nirvana. What you've built is repeatable, saves time, increases efficiency and removes human error.
Exciting times for us here at UpGuard as we've just launched and are now set up for people to request early access to our platform. We should be live for this purpose in the next couple of weeks so there is not much time to get your name on the list.