Skip to content

Commit 84988c4

Browse files
vlajosvlajos
committed
Issue #693
1 parent 9caa8b8 commit 84988c4

File tree

2 files changed

+236
-0
lines changed

2 files changed

+236
-0
lines changed

_posts/2024-04-14-693.md

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
---
2+
title: DEVOPS WEEKLY ISSUE \#693 - 14th April 2024
3+
date: 2024-04-14T09:06:32+01:00
4+
---
5+
6+
I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts from January, February and March was in order.
7+
8+
9+
StackHawk sponsors Devops Weekly
10+
============================
11+
12+
[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API security Testing webinar is now available on YouTube. Watch on-demand here.
13+
<br>[https://sthwk.com/long-live-dast-webinar](https://sthwk.com/long-live-dast-webinar)
14+
15+
16+
News
17+
====
18+
19+
A good opinion piece on security not being special, when compared to other disciplines - and the problems caused by security teams assuming it is.
20+
<br>[https://kellyshortridge.com/blog/posts/cybersecurity-isnt-special/](https://kellyshortridge.com/blog/posts/cybersecurity-isnt-special/)
21+
22+
23+
If you’ve ever run into a problem that’s come down to time in computer systems then this is a good post for you.
24+
<br>[https://brooker.co.za/blog/2023/11/27/about-time.html](https://brooker.co.za/blog/2023/11/27/about-time.html)
25+
26+
27+
A detailed, technical, post on embracing eBPF for monitoring at the network layer and providing better control of a large microservice and infrastructure platform.
28+
<br>[https://doordash.engineering/2023/08/15/bpfagent-ebpf-for-monitoring-at-doordash/](https://doordash.engineering/2023/08/15/bpfagent-ebpf-for-monitoring-at-doordash/)
29+
30+
31+
A great post with tips for being on-call. Covering why on-call is hard, and what you and your team can do to make it suck less.
32+
<br>[https://hart-michael.medium.com/how-to-be-on-call-034e3a202729](https://hart-michael.medium.com/how-to-be-on-call-034e3a202729)
33+
34+
35+
There is quite a bit of cross-over between how a central security team needs to interact with a larger development team, and what’s needed for cost-control in self-service platform teams. A good post on this topic.
36+
<br>[https://stateofsecurity.com/how-information-security-and-risk-management-teams-can-support-finops/](https://stateofsecurity.com/how-information-security-and-risk-management-teams-can-support-finops/)
37+
38+
39+
Alert fatigue quickly becomes a problem as systems grow, and monitoring software does its thing. This next post talks about how to prevent it.
40+
<br>[https://www.datadoghq.com/blog/best-practices-to-prevent-alert-fatigue/](https://www.datadoghq.com/blog/best-practices-to-prevent-alert-fatigue/)
41+
42+
43+
An epic post that’s well worth the long read. A look at each of the 14 points from Deming’s System of Profound Knowledge with modern cyber security examples.
44+
<br>[https://itrevolution.com/articles/out-of-the-cyber-crisis-deming-in-the-world-of-cybersecurity/](https://itrevolution.com/articles/out-of-the-cyber-crisis-deming-in-the-world-of-cybersecurity/)
45+
46+
47+
An interesting post on the perils of productivity metrics for software development, in particular considering the impact of generative AI developer tools.
48+
<br>[https://isthisit.nz/posts/2024/engineering-productivity-metrics-genai/](https://isthisit.nz/posts/2024/engineering-productivity-metrics-genai/)
49+
50+
51+
A couple of posts on evolving incident management practices, looking at the need to introduce gradual changes, standardising severity levels, the importance of training and more.
52+
<br>[https://medium.com/dyninno/dyninnos-incident-management-an-introduction-a4516b910269](https://medium.com/dyninno/dyninnos-incident-management-an-introduction-a4516b910269)
53+
<br>[https://medium.com/dyninno/streamlining-and-implementing-incident-management-at-dyninno-c8ea06327f3a](https://medium.com/dyninno/streamlining-and-implementing-incident-management-at-dyninno-c8ea06327f3a)
54+
55+
56+
A look at Platform Engineering, and introducing a layered model of platform, with the oft-missing platform orchestration layer binding together the application and infrastructure.
57+
<br>[https://www.syntasso.io/post/platform-engineering-orchestrating-applications-platforms-and-infrastructure](https://www.syntasso.io/post/platform-engineering-orchestrating-applications-platforms-and-infrastructure)
58+
59+
60+
A look at how one team used gamedays as a tool to test and improve performance and resilience.
61+
<br>[https://firehydrant.com/blog/improving-signals-speed-and-resilience-through-pressure-testing/](https://firehydrant.com/blog/improving-signals-speed-and-resilience-through-pressure-testing/)
62+
63+
A post on some of the pitfalls of platform engineering teams, including the ability for central teams to generate work for everyone else, and lose sight of their internal customers' needs.
64+
<br>[https://www.srepath.com/danger-of-unreliable-platform-engineering/](https://www.srepath.com/danger-of-unreliable-platform-engineering/)
65+
66+
67+
Tools
68+
=====
69+
70+
Pgxman is a package manager for PostgreSQL extensions, along with a repository of packages. It integrates with native build systems for installation.
71+
<br>[https://pgxman.com/](https://pgxman.com/)
72+
73+
74+
Chalk is a new tool that captures metadata at build time, and can add a small 'chalk mark' with that information to any artefacts (like compiled binaries or container images).
75+
76+
<br>[https://github.com/crashappsec/chalk](https://github.com/crashappsec/chalk)
77+
78+
79+
testkube is a Kubernetes-native testing framework for test execution and orchestration. Store tests from any testing tool as CRDs and run them on the cluster.
80+
<br>[https://testkube.io/](https://testkube.io/)
81+
<br>[https://github.com/kubeshop/testkube](https://github.com/kubeshop/testkube)
82+
83+
84+
Daytona is a new tool for managing a development environment. It supports both local and remote environments as well as integration with various Git services and IDEs.
85+
<br>[https://github.com/daytonaio/daytona](https://github.com/daytonaio/daytona)
86+
87+
88+

originals/693.mail.txt

Lines changed: 148 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,148 @@
1+
Subject: =?utf-8?Q?Devops=20Weekly=20#693?=
2+
Date: Sun, 14 Apr 2024 08:06:32 +0000
3+
4+
DEVOPS WEEKLY
5+
ISSUE #693 - 14th April 2024
6+
7+
I=E2=80=99ve been crazy busy this week and travelling today=2C and with it=
8+
being the start of a new quarter I thought a highlights issue=2C with som=
9+
e of the top posts from January=2C February and March was in order.
10+
11+
12+
StackHawk sponsors Devops Weekly
13+
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
14+
=3D=3D=3D=3D
15+
16+
[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API securi=
17+
ty Testing webinar is now available on YouTube. Watch on-demand here.
18+
19+
https://sthwk.com/long-live-dast-webinar
20+
21+
22+
News
23+
=3D=3D=3D=3D
24+
25+
A good opinion piece on security not being special=2C when compared to oth=
26+
er disciplines - and the problems caused by security teams assuming it is.
27+
28+
https://kellyshortridge.com/blog/posts/cybersecurity-isnt-special/
29+
30+
31+
If you=E2=80=99ve ever run into a problem that=E2=80=99s come down to time=
32+
in computer systems then this is a good post for you.
33+
34+
https://brooker.co.za/blog/2023/11/27/about-time.html
35+
36+
37+
A detailed=2C technical=2C post on embracing eBPF for monitoring at the ne=
38+
twork layer and providing better control of a large microservice and infra=
39+
structure platform.
40+
41+
https://doordash.engineering/2023/08/15/bpfagent-ebpf-for-monitoring-at-do=
42+
ordash/
43+
44+
45+
A great post with tips for being on-call. Covering why on-call is hard=2C=
46+
and what you and your team can do to make it suck less.
47+
48+
https://hart-michael.medium.com/how-to-be-on-call-034e3a202729
49+
50+
51+
There is quite a bit of cross-over between how a central security team nee=
52+
ds to interact with a larger development team=2C and what=E2=80=99s needed=
53+
for cost-control in self-service platform teams. A good post on this topi=
54+
c.
55+
56+
https://stateofsecurity.com/how-information-security-and-risk-management-t=
57+
eams-can-support-finops/
58+
59+
60+
Alert fatigue quickly becomes a problem as systems grow=2C and monitoring=
61+
software does its thing. This next post talks about how to prevent it.
62+
63+
https://www.datadoghq.com/blog/best-practices-to-prevent-alert-fatigue/
64+
65+
66+
An epic post that=E2=80=99s well worth the long read. A look at each of th=
67+
e 14 points from Deming=E2=80=99s System of Profound Knowledge with modern=
68+
cyber security examples.
69+
70+
https://itrevolution.com/articles/out-of-the-cyber-crisis-deming-in-the-wo=
71+
rld-of-cybersecurity/
72+
73+
74+
An interesting post on the perils of productivity metrics for software dev=
75+
elopment=2C in particular considering the impact of generative AI develope=
76+
r tools.
77+
78+
https://isthisit.nz/posts/2024/engineering-productivity-metrics-genai/
79+
80+
81+
A couple of posts on evolving incident management practices=2C looking at=
82+
the need to introduce gradual changes=2C standardising severity levels=2C=
83+
the importance of training and more.
84+
85+
https://medium.com/dyninno/dyninnos-incident-management-an-introduction-a4=
86+
516b910269
87+
https://medium.com/dyninno/streamlining-and-implementing-incident-manageme=
88+
nt-at-dyninno-c8ea06327f3a
89+
90+
91+
A look at Platform Engineering=2C and introducing a layered model of platf=
92+
orm=2C with the oft-missing platform orchestration layer binding together=
93+
the application and infrastructure.
94+
95+
https://www.syntasso.io/post/platform-engineering-orchestrating-applicatio=
96+
ns-platforms-and-infrastructure
97+
98+
99+
A look at how one team used gamedays as a tool to test and improve perform=
100+
ance and resilience.
101+
102+
https://firehydrant.com/blog/improving-signals-speed-and-resilience-throug=
103+
h-pressure-testing/
104+
105+
A post on some of the pitfalls of platform engineering teams=2C including=
106+
the ability for central teams to generate work for everyone else=2C and l=
107+
ose sight of their internal customers' needs.
108+
109+
https://www.srepath.com/danger-of-unreliable-platform-engineering/
110+
111+
112+
Tools
113+
=3D=3D=3D=3D=3D
114+
115+
Pgxman is a package manager for PostgreSQL extensions=2C along with a repo=
116+
sitory of packages. It integrates with native build systems for installati=
117+
on.
118+
119+
https://pgxman.com/
120+
121+
122+
Chalk is a new tool that captures metadata at build time=2C and can add a=
123+
small 'chalk mark' with that information to any artefacts (like compiled=
124+
binaries or container images).
125+
126+
127+
https://github.com/crashappsec/chalk
128+
129+
130+
testkube is a Kubernetes-native testing framework for test execution and o=
131+
rchestration. Store tests from any testing tool as CRDs and run them on th=
132+
e cluster.
133+
134+
https://testkube.io/
135+
https://github.com/kubeshop/testkube
136+
137+
138+
Daytona is a new tool for managing a development environment. It supports=
139+
both local and remote environments as well as integration with various Gi=
140+
t services and IDEs.
141+
142+
https://github.com/daytonaio/daytona
143+
144+
145+
If you received this email directly then you're already signed up=2C thank=
146+
s! If however someone forwarded this email to you and you'd like to get it=
147+
each week then you can subscribe at http://devopsweekly.com
148+

0 commit comments

Comments
 (0)