DevOpsDays DC 2015

Posted on by Rich Sharples

Making the most of the calm before the storm that is Red Hat Summit, I raced up to Alexandria, VA for a few days to attend DevOpsDays DC 2015, hosted at the pretty stunning USPTO offices. I heard from the organizers they reached capacity 400+ and sold out within a few days.

IMG_2469

Interesting mix of neck beards and suits. And there were some very senior suits – eg. Mark Schwarz (CIO of USCIS) – he had a keynote but sat through pretty much *every* talk over the two days – he clearly thought that was a good investment. and I’m sure he’s a very busy guy. Very unscientific poll – 2/3rds of the people I spoke with were Ops (not Dev background) and about 50% were public sector (vs private).

The Public Sector companies / individuals who spoke at the show (or who I spoke with) were all bought into agile and DevOps (self selected group I guess) – huge possible gains for organizations working with / for the Gov. – huge challenges as well. On taht note, I recently came across this Wired article that provides some good insight into how Public Sector IT is changing.

Red Hat was probably the biggest company sponsoring – others were Ansible, Chef, Elastic, Puppet, Sonatype and a bunch of smaller companies (mostly public sector tech consulting)

Aside from Shawn Wells (Red Hat) co-preso. on OpenSCAP, the best talk was Joshua Corman (CTO at Sonatype) “Continuous Acceleration with a Software Supply Chain Approach”

tl;dr – open source usage is booming, becoming a higher priority target for hackers so more high severity CVEs than ever. Projects are often slow to react and release fixes, vendors are even slower and customers are even slower. Basically we’re all doing a bad job. Treat the software supply chain like Toyota do – fewer, better managed suppliers, higher velocity delivery pipeline (ie. DevOps). Ergo – use Maven to at least understand your dependencies.

Second best talk – Ken Johnson and Chris Gates “Devoops and how I hacked you”. tl;dr – don’t download and run random stuff from the internet unless you expect to get seriously pwned. Ran through popular OSS tools and outlined the most common exploits – pretty eye opening. You could have heard a pin drop if it weren’t for the noise of people txting their colleagues to check wether  X, Y and Z were patched and updated. Basic stuff – default , unencrypted passwords. Old versions with known, well advertised but fixed exploits. Adopt devops so it doesn’t have to take 6 months to roll out a new (secure) version of Jenkins, WordPress, Drupal, etc.

Schedule : http://devopsdaysdc2015.busyconf.com/schedule

Recordings : DevOps Day 2015 on Livestream

Breakouts :

I joined a couple of the Open Space breakouts but was more interested in seeing what was popular. Here are the top four :

  1. Docker overview – 50ppl – poll – who’s using in prod – just 2 – it was actually only 1 – the other was a pre launch startup
  2. CI / CD – 100% about Jenkins. Most of the questions about scaling and performance or resilience.
  3. Secure automation
  4. Burnout and suicide prevention (sadly)

All in a all a good value show – will definitely make the time next year – though I suspect they’ll need a bigger venue.