It’s been said by a number of smart people that DevOps is largely founded in an organization’s skillful collaboration and communication, and the culture that results. I agree with that idea, and I also think that it’s one of the reasons why the term DevOps is sometimes difficult to explain, because these are ‘soft’ skills we’re talking about. These aren’t things you can graph or alert on, they only manifest in the resulting product and environment.
~ John Allspaw from, DevOps
slip:4uaide2.
ɕ
This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back.
And by we, I mean the engineering community.
Yes, this is primarily a political problem, a policy matter that requires political intervention.
But this is also an engineering problem, and there are several things engineers can — and should — do.
~ Bruce Schneir from, Take Back the Internet
slip:4usebo4.
I’d venture that the vast majority of regular, everyday people working in technology related jobs are not actively trying to do evil. People go to work, make the best decisions they can and then go home. If that’s true, then it’s going to be nigh impossible to change the momentum of how things (e.g., NSA surveillance) are going. Because in order for it to change, we need to start thinking bigger.
ɕ
Especially for complex, multi-purpose systems, the gap between how things are supposed to work and how they actually work can be quite large. (Ask any police sergeant about the difference between policing in theory and policing in practice!) A primary function of operators is to bridge this gap in ways that result in better rather than worse outcomes. The capacity of systems to be operated is what allows operators to perform this valuable function, sometimes called technical work.
~ Richard Cook from, «http://programming.oreilly.com/2013/10/making-systems-operable.html»
slip:4uoema1.
More and more I’ve been getting a lot mileage from this idea: Make things easier TO USE, rather than trying to fully automate (i.e., so I don’t have to use them.) One cornerstone to accomplishing that is creating “affordences“.
ɕ
The Heartbleed OpenSSL problem is big news ( http://heartbleed.com if you’ve been under a rock ). What’s wrong?
In short, Heartbeat allows one endpoint to go “I’m sending you some data, echo it back to me”. It supports up to 64 KiB. You send both a length figure and the data itself. Unfortunately, if you use the length figure to claim “I’m sending 64 KiB of data” (for example) and then only actually send, say, one byte, OpenSSL would send you back your one byte — plus 64 KiB minus one byte of other data from RAM.
Whoops!
~ Matt Nordhoff from, How exactly does the OpenSSL TLS heartbeat (Heartbleed) exploit work?
So this one, tiny-looking problem brings our entire sand-castle Internet kingdom down. “Secure” web sites turn out aren’t necessarily secure. Worse, they haven’t been secure for some uncertain amount of time. So, anything communicated insecurely, during some uncertain time-frame… is, uh, possibly snooped, stolen, etc. The system admins have to patch the fix in, then redo site certificates, then everything everyone has put to/from those sites, (your login and password for example!) has to all be considered stolen/tainted and has to be reentered.
Bonus: it’s even worse than I’m making it sound: Try this on…
ɕ
The Senate Judiciary Committee spent the day looking into recent data thefts at Target and Neiman Marcus. Lawmakers know there is a big problem, but they are struggling with what role the federal government should play is creating new standards to safeguard consumer data.
~ Jim Zarroli from, Senate Steps Into The Data Breach Controversy
slip:4unose2.
Yeah. I said this before.
ɕ
Other people are recognizing that we work in an important intersection of knowledge and responsibility, too. I came across a presentation from this year’s Chaos Communication Congress in Germany. It was a talk by Jacob Appelbaum and Julian Assange, who were introduced by Sarah Harrison. The name of the talk was SysAdmins of the World Unite.
~ Matt Simmons from, «http://www.standalone-sysadmin.com/blog/2013/12/knowledge-workers-as-a-political-class/»
ɕ
If I were in government right now, I would be leery of starting another big software project. I’d also know that big software projects are going to be necessary as our civilization gets more and more complex. So, if I were in government right now, I’d be thinking about laws to regulate the Software Industry. I’d be thinking about what languages and processes we should force them to use, what auditing should be done, what schooling is necessary, etc. etc. I’d be thinking about passing laws to get this unruly and chaotic industry under some kind of control.
If I were the President right now, I might even be thinking about creating a new Czar or Cabinet position: The Secretary of Software Quality. Someone who could regulate this misbehaving industry upon which so much of our future depends.
Maybe that thought hasn’t occurred to them yet. Maybe. But how many more healthcare.gov debacles will it take before it does?
~ Bob Martin from, «http://blog.8thlight.com/uncle-bob/2013/11/12/Healthcare-gov.html»
Most people I’ve talked to, (who write software or do systems and network administration,) are in the “I have work to do” camp. They’ve no time to think about professionalization, or standardization, of their field. To which I say:
That’s cool; I understand. No worries! The government will eventually get around to ramming standardization and licensing down your throat. I’m sure that will work out well for us.
If you work in these fields, you should be paying attention. If you wok in network and systems administration, you should be paying attention to LOPSA and Usenix/LISA.
Feb 2014: Senate Steps Into the Data Breach Controversy
ɕ
Just in case you thought it was fairly new, it’s probably(*) older than you. Here’s a deep link, to a down-the-rabbit-hole discussion. Seems most sources attribute a 1968 conference, while the author of this message from the Software Craftsmanship group has dug up an ACM article from 1966.
* …and probably significantly older than you since the average age of the entire world population is definitely less than Software Engineering’s 47 years (and counting.)
ɕ
They then mapped out the correlations between the various symptoms, creating a network. An increasingly standard tool in network theory these days is cluster detection–the ability to spot parts of a network that are more strongly linked together than others.
~ «http://www.technologyreview.com/view/512986/network-theory-approach-reveals-altitude-sickness-to-be-two-different-diseases/»
Acute mountain sickness (AMS) is a common problem among visitors at high altitude, and may progress to life-threatening pulmonary and cerebral oedema in a minority of cases. … These results challenge the accepted paradigm that AMS is a single disease process and describe at least two distinct syndromes following acute ascent to high altitude. This approach to analysing symptom patterns has potential utility in other clinical syndromes.
~ [1303.6525] Network analysis reveals distinct clinical syndromes underlying acute mountain sickness
ɕ
In fact it is so difficult to argue against simplicity that this post won’t even attempt to. Let’s state emphatically that software should always do only what you need it to do, with the fewest number of steps, and least potential for errors due to complex choices and options.
On the other hand, good luck with that.
~ Steven Sinofsky from, Designing for scale and the tyranny of choice | Learning by Shipping
slip:4ulede1.
ɕ