Giving developers the tools to do security checks

Synk and other cloud security vendors have focuses on container image registries as a weak link in the cloud-native application development workflow. Aqua Security, the Boston-based infrastructure security specialist, released a similar scanner earlier this year targeting Docker container images and Harbor, an open source container image registry project backed by the Cloud Native Computing Foundation.

In the never ending quest to bundle up all the steps in software development into the developer phase. It started by pulling in QA and product management with XP, project management with Scrum; operations, configuration management, release management, and monitoring with DevOps and then cloud native; security here. Sometime it’ll need to be compliance.

Original source: DevSecOps Emerges as a Cash Magnet

What is a Tanzu servicemesh?

A service mesh decouples services from having to know about the network and helps developers to focus on business logic. A typical service mesh can provide: Service discovery; Weighted routing (for A/B deployments); Mutual TLS based authentication (including certificate rotation); Advanced telemetry for in-depth observability; Fault injection and retries; Circuit breakers

Original source: VMware Tanzu Service Mesh from a Developer’s Perspective

All things are not fair and just

But all things are not fair and just. The capitalist pays you for the cost of your labor-power, not for the value of the goods you produce. Thus your paycheck is worth the value of your labor-power. But your labor-power is set to work to produce commodities of greater value.

Let’s say you work for Starbucks and they pay you $120 for an eight-hour shift. But you can probably make $120 worth of fancy coffee in an hour, or probably in a half hour at a busy store.

Even once you subtract the cost of materials and use of the equipment, Starbucks doesn’t pay you anywhere near the value you’ve created (hundreds of dollars a day). They buy your labor-power from you, not the actual fruits of your labor. And you make that value back for them in an hour. The rest of your shift, you’re basically working for free!

Original source: Under Capitalism, There’s No Such Thing as a “Fair Day’s Wage for a Fair Day’s Work”

Questions for a panel about managing managers

A moderated a panel about managing managers during digital transformation stuff (organizations getting better at software, doing the DevOps, etc.). Here’s my vision for the panel and the questions we churned over. We didn’t directly answer all of them, of course. The panel was great! The recording should be up soon (it says September 10th 2020).

The idea/point/premise of the panel

In larger organizations, there are layers of managers, in a good way: teams aggregate to a manager, that layer of manager aggregates to another, then somewhere there’s executives, and, I don’t know, the mythical shareholder. Everyone has a boss. I want to discuss what it’s like to be the boss of all those managers and help them transform into all the existing, new fangled agile and digital transformation stuff. Most of the discussion I encounter is about individual staff and the product teams (those working on software or running it), but I don’t hear much about the management structures above those teams. Also, it’d be interesting to talk a little about what exactly things like “servant leadership” mean and how one manages their career (gets promotions, more compensation, etc.) when they’ve moved from being The Boss to a servant (to be tongue in cheek about it).

Questions

  1. We’ve heard the notion of servant leadership, which sounds, you know, helpful. Can you give me an example of what that looks like though, like an actual one that happened?
  2. I was watching a webinar that Jana did recently on her white paper. In the Q&A, they asked attendees something along the lines of “do you ever think of your organization’s vision and strategy, does it ever determine what you work on and how?” As I recall, almost zero percent of people responded yes. This seems like a critical tool for managers to use if they’re setting up autonomous teams that need to make decisions on their own – they need to know the principals, the goals. How should managers be moving beyond facile vision and strategy?
  3. For years, I’ve heard about “the frozen middle,” managers who don’t want to change despite the urging and permission of executives (“above” them) and enthusem of staff (“below”). Is this cliche real? If so, what causes that frozen-ness?
  4. (Following on from that), when you’re managing managers, what are you doing in this new, agile, world? Are you a servant to the servants?
  5. There are occasionally “accidental managers” who sort of ended up there. But most of them have been pursing a career of going “up” the meatware stack. They want to grow their career, which usually means responsibilities, the glory and power that goes with it, and the rewards. So, if you’re a servant to people below you, how do you end up managing your career?
  6. As you push responsibility down to teams, what are safety nets you put in place as they figure it out?
  7. What are some the first things you delegate?

Forrester on developers, custom apps, and COVID – Notebook

The report goes over how software development needs and programs should adapt to the urgency that COVID brings. Highlights:

  • Obviously, teams are working from home more now. This exposes all of the face-to-face, undocumented processes that were happening (“manual processes address handoffs across departmental boundaries”). If there were too many, work can’t happen as well anymore when everyone is working from home.
  • “The trend catapulted use of Zoom, a videoconference service, from 10 million average daily users to 200 million during March 2020 and introduced us to our coworkers’ tastes in home décor.1 But it also separated millions of workers from the paper files they require to complete their missions, breaking millions of business processes. Paper files are an obvious point of failure, but manual processes based on desktop tools like excel and email lack visibility and tracking that are vital to remote workers.”
  • Paperless efforts are really on the front-burner now: “any enterprise relying on paper to advance its processes needs to automate just to continue to function.”
  • Also: “Topping the list for most now are tracking and tracing applications: tracking of employees, people entering hospitals and other sensitive buildings, equipment, facilities, patients, tests, research results, and on and on. These applications are not throwaways; they’re business-critical. and in the public sector, throw in new apps to manage new support, recovery, and stimulus programs or support existing programs straining under unprecedented volumes. Then in financial services, you have new servicing apps: servicing debt, defaults, new rescue programs, moratoriums, etc. (rather than new customers and new products and services). and any enterprise relying on paper to advance its processes needs to automate just to continue to function.”
  • And, more app types:
  • This urgency is driving business people to (finally) start getting involved more in IT/software: “as organizations scramble to fix processes and rapidly automate to keep them running, it becomes clear that businesspeople are the primary source of operations insight…. Bringing businesspeople closer to the development process through iterative, rapid prototyping and sometimes allowing them to develop solutions on their own offers promise for much faster and more agile responses to business needs.”
  • With apps being used remotely (as a SaaS, over the internet), organizations will likely discover new scaling needs – when the apps run outside the corporate network, and are home grown. “Scale becomes a vital focus. Many development teams are getting their first glimpse at what massive scaling looks like for their applications.”
  • Companies are overworking staff: “a us hospital network made Java developers scramble 24×7 for 20 days to create a visitor registration application to extend its hospital administration system.” [This isn’t sustainable and if done too much will leave a bad taste in staff’s mouth about “agile” and “digital transformation.”]
  • The authors really like and recommend low-code stuff. This probably makes sense to get a lot of line-of-business people to start putting together wizards and UI-driven workflows around databases, Excel/CSV, and APIs to ERP systems.

Source: May 20th, 2020 report “The Coronavirus Crisis Increases The Demands On Software And Developers.”

Re-training your urge to distract and procrastinate

As often as not, distraction is your brain ducking challenging feelings such as boredom, loneliness, insecurity, fatigue and uncertainty. These are the internal triggers – the root causes – that prompt you to find the comfort of distraction and open a browser tab, Twitter or email, instead of focusing on the matter at hand. Once you identify these internal triggers, you can decide to respond in a more advantageous manner. You won’t always be able to control how you feel – but you can learn to control how you react to the way you feel. A trigger that once sent you to Twitter can perhaps lead instead to 10 deep breaths.

Original source: How to be indistractable | Psyche Guides

VMware Tanzu strategy

Spring helps developers build cloud native applications without learning new tools. Tanzu then becomes the best place to run those applications. It’s putting power back into the hands of the developer to do things that were previously done in standalone products.

And more commentary, including some missteps.

Original source: VMware’s app modernization chief: ‘We’ve put to bed the debate about containers versus virtual machines’

The weekly review is critical

If you don’t do this, there is a good chance that some important outstanding task gets lost in the older and dusty parts of your system. When that happens, your mind is going to realise that it can’t trust the system, and it will take back the responsibility for remembering all outstanding work.

Without the weekly revision, you also don’t know whether the next actions you work on are the most important work you could be doing. Maybe the note that you created a few weeks ago is now more important.

Original source: Three principles distilled from Getting Things Done

Alone by pen

If you consider at what pains men are to be alone: how they climb mountains, enter prisons, profess monastic vows, put on eccentric daily habits, and seclude themselves in the garrets of a great town, you will see that this moment of taking up the pen is not least happy in the fact that then, by a mere association of ideas, the writer is alone.

Original source: “On the pleasure of taking up one’s pen” by Hilaire Belloc

The stagnation of continuous integration and continuous delivery

I like to track CI/CD* surveys as an indication of far along organizations are doing at getting better at software: “digital transformation” where the main focus is using software to improve how you do business.

If you’re not doing CI, you’ll have a hard time getting better at doing software, or, really, doing good software at all. I

f you’re not doing CD, you won’t be able to deliver weekly so that you can get the feedback cycle in place to do hypothesis-driven development. You’ll be doing waterfall, etc.

Anyhow, here’s one chart I put together based on the State of Agile surveys:

Source: State of Agile Surveys, 3rd through 14th, VersionOne/CollabNet/digital.ai. CI/CD not tracked in 5th/2009. Over the years, definitions change, “delivery” and “deployment” are added; but, these numbers are close enough to other surveys to be useful. See more CI/CD surveys: Forrester survey (2019), DZone CD reports (2014, 2015, 2016, 2017, 2019).

The data isn’t perfect, scientific, or whatever. But it’s a good rhetorical device. Also, it matches up with other surveys on this topic (from the likes of Gartner and Forrester).

The general take is: CI has plateaued, but it’s high; CD has been slow to catch on and still has only minor growth in adoption year over year.

So, if you think you’re doing agile, there’s a good chance you’re not. Go do a walk-about and see what’s actually happening and make putting CI/CD in place a priority if you’re not doing it. Otherwise, all your other efforts to get better at software will fail and be a waste.

(* Delivery vs. deployment – I don’t know man – I don’t care…? ¯\_(ツ)_/¯ )

(Also, as noted by Jon, if you don’t have testing in place, then start there. Also: version control. Yes, it’s worth mentioning that. You’d be shit-your-pants surprised.)

“Culture is a Lie,” Paul Czarkowski – Highlights

A good, and fun talk from Paul. He tries to refocus DevOps-y energy from “culture change” to more practical things for individuals to do.

Highlights:

  • You can’t change culture from the bottom. Leaders change the culture, they define it.
  • Culture is behavior.
  • If you want to change culture, you need to change your leadership.
  • Culture: as a practitioner, you can’t change it. And if you’re in a leadership position, you’re incentivized not to change it.
  • “If you choose to die on a hill, you’re gonna die on that fucking hill.”
  • Corollary: “If you don’t decide to die on a hill, you won’t die on that hill.”
  • Generative orgs can create microservices.
  • Others will make monoliths.
  • Most people spend more time justifying not working than working.
  • People who do good work will be pulled down.
  • Most people around you aren’t bad people, they’re just a product of their surroundings.
  • As soon as you start fighting the organization, it’ll start fighting back harder than you.
  • Often said: if your company is acquired by a larger company, leave.
  • Then, some examples of automating governance.

Putting together your application modernization strategy

A two part video/podcast, with white-boarding and stuff. Rohit Kelapure knows his stuff from years of first-hand work. If you’re working in an enterprise on software, and especially if you’re an enterprise architect, you should check these out. The real work of application is modernization isn’t rewriting and re-platforming, but it’s the analysis that goes into finding and ordering what to modernize and then the process that runs your program over the next few years. Rohit boot-straps you into that.

  1. Eating elephants one bite at a time, large scale application modernization with Rohit Kelapure, podcast version, show notes.
  2. You can’t do everything at once, very quickly, large scale application modernizing, podcast version, show notes.

Right-wing people use Facebook as a major rallying space, in the US

Brad Parscale — the digital director of Mr. Trump’s 2016 campaign — told “60 Minutes” that of everything Mr. Trump did that year, the thing that actually moved the needle was Facebook.

“Facebook was the method,” Mr. Parscale said. “It was the highway which his car drove on.”

That highway is still open. And right now, the fastest cars on it have M.A.G.A. bumper stickers.

The street finds its own uses for The Cluetrain.

Original source: What if Facebook Is the Real ‘Silent Majority’?