DevOps Sauna from Eficode

Eficode

Step into the DevOps Sauna with Darren Richardson and Marc Dillon as they dive deep into Agile and DevOps methodologies.

Hear from various industry experts and discover how Agile and DevOps principles can transform any part of your business.

DevOps Sauna makes sure you have all of the latest practices and trends to maintain a competitive edge.

read less
TecnologíaTecnología

Episodios

CrowdStrike root cause analysis
20-08-2024
CrowdStrike root cause analysis
Send us a textMarc and Darren discuss the recent CrowdStrike root cause analysis (RCA) following a significant incident where an update to their Falcon sensor caused around 8 million Windows computers to crash.The incident was traced back to an error in the software update that expected 20 inputs but received 21, leading to widespread blue screen crashes. The importance of thorough testing, including exploratory and canary testing, to catch issues before widespread deployment is covered by Marc and Darren, who also discuss the pressures in security software development. Rapid responses are critical, and this can lead to oversights.One of the key takeaways is the high quality and transparency of CrowdStrike's RCA, which provided a detailed timeline, technical explanations, and a third-party review. Marc and Darren advocate for shifting from traditional "root cause analysis" to a "contributing factors analysis" to avoid placing blame and encourage open communication and learning from mistakes.In this insightful episode, find out why fostering a generative organizational culture that encourages learning and transparency is so important, especially in security-focused development environments.Watch our webinar to see how DevOps practices and tools help you integrate security and compliance into your software development: https://www.eficode.com/events/compliance-and-security-in-the-devops-worldTake our DevSecOps assessment to reveal where you are and how to secure your pipelines, toolchain, and products both now and in the future: https://www.eficode.com/services/devsecops-assessment
AI safety nets: DevOps strategies for risk management
21-05-2024
AI safety nets: DevOps strategies for risk management
Send us a textIn this episode, Marc and Darren are joined by colleagues Henri and Kalle to discuss the proactive role of DevOps in integrating AI into organizations. They emphasize the importance of robust security measures to manage risks and highlight the benefits and challenges of using AI, particularly large language models (LLMs), for apps like customer support and content creation.They address the complexities of data integration and governance and the need for automated solutions to handle the scalability of AI. Its role in improving human-computer interaction and the importance of maintaining data accuracy and security are also discussed. Marc emphasizes clear data governance practices similar to GDPR, advocating for transparency through an AI bill of materials. Henri and Kalle discuss the necessity of advanced DevOps practices, including specification-driven development and CI/CD pipelines for efficient IT processes.The conversation covers integrating requirements early into development value streams and maintaining rigorous verification and validation, particularly in secure environments, underscoring the proactive role of DevOps safety nets in enhancing software engineering.Extend your learning with our blog post on the four guiding principles of a healthy DevOps culture: https://www.eficode.com/blog/the-four-guiding-principles-of-a-healthy-devops-cultureTransform your software development with AI and DevOps using the information on our page: https://www.eficode.com/transforming-software-development-with-ai-and-devops
Open source vs. commercial: The toolchain dilemma
18-03-2024
Open source vs. commercial: The toolchain dilemma
Send us a textIn this episode, Marc and Darren discuss the feasibility and implications of creating a fully open source toolchain for software development. They explore various aspects of the toolchain, including version control, compliance, secure storage, documentation, task management, and more.Specific tools and their suitability for different purposes within the toolchain are explored. Darren evaluates options such as Gitea and GitLab for version control, SonarQube, and Aqua Security tools for compliance, and HashiCorp Vault for secure storage. Challenges in finding suitable replacements for commercial tools like Confluence for documentation and Jira for task management are also touched upon.Throughout the episode, trade-offs between open source and commercial solutions, such as cost, ease of use, and support, are acknowledged. Underestimating the technical investment required to maintain open source toolchains is cautioned against, while software-as-a-service (SaaS) platforms are suggested as a suitable alternative.Darren and Marc advocate for a pragmatic approach to toolchain selection, recognizing the benefits and limitations of both open source and commercial offerings. They emphasize the importance of considering factors such as scalability, support, and ease of integration when making decisions about software development toolchains.Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=PodcastWhether you need a single tool installation or a highly scalable, complete end-to-end toolchain, we can provide it.