DevOps Security Means Moving Fast, Securely

In this world of lightning-fast development cycles, MVPs, and DevOps, it may intuitively feel like security gets left behind. You might be thinking, “Aren’t the security guys the ones who want to stop everything and look at our code to tell us how broken it is right before we try to deliver it?” Many feel that DevOps security is a pipe dream.

Is it possible to be fast and secure? Lately, I’ve been drooling over a sports car—namely, the Alfa Romeo Giulia Quadrifoglio. Long name, fast car. It holds some impressive racing records and sports 505 horsepower but also is a Motor Trend Car of the Year and an IIHS Top Safety Pick. These awards are due to automatic braking technology, forward-collision warning, lane-keeping assistance, blind-spot monitoring, and rear cross-traffic alert. It is possible to be fast and safe.

The key to DevOps security is to move forward with development. Security teams need to understand why DevOps practices are so effective and learn to adopt them.

Man Running Fast with Scalyr Colors

Read More

Scalyr Platform Dashboard

Scalyr Platform Update: Dashboards and Performance

We are excited about our Scalyr platform releases over the past month, which largely focused on dashboard improvements and optimizing our performance.

Scalyr Platform Dashboards

You can now take advantage of the following improvements to our dashboards:

  • Simplified dashboard creation and editing
  • More granular time intervals for dashboards walls
  • Improved dashboard look-and-feel, with legends at the bottom for readability

Read More

Verbose Logging: Your Magnifying Glass for Bad Application Behavior

You probably don’t think of verbose logging as the stuff that hackathons and startups are made of.  Nor would most programmers consider it an especially advanced technique.  But it is important, and enough people ask about it that it’s worth covering.

Part of the reason that so many people inquire about the subject of verbose logging is that it’s kind of general in the same way that searching for “logging” is general.  So let’s start by at least getting more specific with a definition.

Chat bubbles with Scalyr colors

Read More

DevOps Engineer: What Does It Take to Land the Job?

Every day, more and more companies are looking for people with DevOps knowledge. As I’m writing this post, there are 49,000 results on LinkedIn for DevOps jobs. That’s a lot of job openings.

The high demand for DevOps engineers must be for a reason, right? Well, according to devops.com’s “The State of DevOps Adoption and Trends in 2017” report, DevOps adoption has increased in the last couple of years, especially since 2016, and it won’t stop. The problem is that some organizations are finding it hard to start the journey.

Although starting a DevOps initiative is not an easy task, looking for people that have the necessary skills is even harder. It doesn’t matter what your background is; developer or sysadmin, you’ll need to improve or acquire some new skills and knowledge to succeed in your day-to-day job.

Let’s explore what you need to land a DevOps job.

Microscope over resume with Scalyr colors

Read More

Growing a High-Performance DevOps Culture

Culture is one of those things where we all know what it is but can’t explain it. Well, according to Wikipedia, culture is “the social behavior and norms found in human societies.” But in simple words, it’s all about people: how they interact, how they behave, how they talk, and what they practice. And culture is the foundation of a successful implementation of DevOps.

John Willis, an established speaker and writer on the subject of DevOps, coined the term CAMS (culture, automation, measurement, sharing) at a talk where he explained that DevOps culture is about breaking down silos. But what I find most striking about his discussion of culture, as summarized in the DevOps Dictionary, is the observation that “fostering a safe environment for innovation and productivity is a key challenge for leadership and directly opposes our tribal managerial instincts.” So the starting point for your DevOps journey is good leadership. After that, it’s just about how to grow your team to become a high-performing one.

A high-performing team in DevOps, according to recent research, is one that

  • Does deployments often, meaning several times a day.
  • Delivers a change with a fast lead time (minutes) after it’s been pushed to a shared repository.
  • Has a short (again, minutes) mean time to recover (MTTR).
  • Has a small change failure rate (described here).

So how do you grow a high-performance DevOps culture? You create a culture that will produce a team that delivers on time with confidence in a predictable manner. Here are the things that will help you get there.

High performance gauge with Scalyr colors

Read More

Java Exceptions and How to Log Them Securely

As a security consultant, I perform assessments across a wide variety of applications. Throughout the applications I’ve tested, I’ve found it’s common for them to suffer from some form of inadequate exception handling and logging. Logging and monitoring are often-overlooked areas, and due to increased threats against web applications, they’ve been added to the OWASP Top 10 as the new number ten issue, under the name “Insufficient Logging and Monitoring.”

So what’s the problem here? Well, let’s take a look.

Java Exceptions alert sign
Read More

Getting Started Quickly with Ruby Logging

Time for us to continue with our ongoing series, in which we teach you how to get started logging quickly in a variety of programming languages. We started out the series with C#, we proceeded to cover Java, and then we wrote about Python.

So, what about tipping the scale to the side of dynamically-typed interpreted languages? That’s exactly what we’re doing today by teaching you how to get up and running with logging, using the Ruby programming language.

Today’s post will follow the basic structure that’s been used in the previous articles. It will cover

  • How to implement a very rudimentary logger.
  • A discussion on the fundamentals of logging: why bother logging, which data to log, and where to log.
  • Finally, a very simple yet realistic example of proper logging, with help from the Ruby “Logger” class.

Like the previous installments of the series, we’ll create a very simple toy app in order to demonstrate how to log. As we’ve just said, we’re going to start with a very primitive—though functional—approach, and we’ll then evolve it toward a more sophisticated and realistic solution.

Ruby With Scalyr Colors

Read More

But I’m a Dev, Not a DevOps!

My experience with DevOps began before I even knew there was a name for the approach, when my boss asked me for some help in operations. The company I worked for was small at that time, so I always had the opportunity to get my hands dirty in the release automation process. I knew a few things about servers and Linux, so I was up for the challenge. To my surprise, I loved it. I knew it wasn’t the classic way of doing operations by manually managing physical servers, firewalls, virtual machines, and the like. We were using a cloud vendor. This meant that to spin up a new server, it wasn’t necessary to know which buttons to click.

The cloud vendor had his own API and SDKs for several languages, so I never really felt like I stopped programming. Of course, that was just the tip of the iceberg because systems administration is not just about spinning up new servers, adding more storage or rebooting servers. I had to take care of the architecture and which cloud services were needed for the job. But I was sure I could apply some development skills to operations, and I did. I created some scripts that launched a new environment from scratch, made backups, and restored databases.

Then, I found out about DevOps and all its practices. And because my background was in development, I was able to work with developers and explaining in their language how they could be destroying our log files and why it was important.

So if you’re a developer new to this DevOps world, trust me. You’ll like this new way of working.

Developer with a tie considering DevOps

 

Read More

HTTP Monitor: What It Is and Why You Need It

One day, one of our main web APIs was down, and the first person that knew it was my boss. We were so worried about bringing the API up that we never paid attention to how he was able to be one step ahead of us. There were times when we even thought he had nothing else to do than constantly refresh the web page. But the truth is that he wasn’t doing that at all. He was using an HTTP monitor that emailed him every time the API was down, slow, or unresponsive.

It was actually lucky for us that he had that monitor: it helped everyone fix things before our clients could notice. But what is an HTTP monitor, anyway? And why else would you need it?

 

Illustration of Person Using HTTP Monitoring

 

Read More