This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-10-06
Channels
- # ask-the-speaker-track-1 (249)
- # ask-the-speaker-track-2 (114)
- # ask-the-speaker-track-3 (244)
- # ask-the-speaker-track-4 (175)
- # bof-leadership-culture-learning (6)
- # bof-project-to-product (10)
- # bof-sec-audit-compliance-grc (2)
- # demos (9)
- # discussion-main (1290)
- # faq (6)
- # games (20)
- # games-self-tracker (1)
- # gather (22)
- # happy-hour (52)
- # help (44)
- # hiring (19)
- # lean-coffee (12)
- # networking (3)
- # summit-info (122)
- # xpo-adaptavist (7)
- # xpo-anchore-devsecops (9)
- # xpo-aqua-security-k8s (2)
- # xpo-basis-technologies (2)
- # xpo-blameless (2)
- # xpo-bmc-ami-devops (2)
- # xpo-cloudbees (4)
- # xpo-codelogic-code-mapping (2)
- # xpo-dynatrace (1)
- # xpo-gitlab-the-one-devops-platform (1)
- # xpo-granulate-continuous-optimization (2)
- # xpo-infosys-enterprise-agile-devops (2)
- # xpo-instana (4)
- # xpo-itrevolution (3)
- # xpo-launchdarkly (11)
- # xpo-logdna (1)
- # xpo-pagerduty (8)
- # xpo-planview-tasktop (4)
- # xpo-rollbar (2)
- # xpo-servicenow (1)
- # xpo-shoreline (3)
- # xpo-snyk (4)
- # xpo-sonatype (5)
- # xpo-split (10)
- # xpo-splunk_observability (5)
- # xpo-stackhawk (4)
- # xpo-synopsys-sig (2)
- # xpo-weaveworks-the-gitops-pioneers (5)
Reminder: Day 2 is starting now – opening remarks and then plenary talks! Join the conversation in #ask-the-speaker-plenary.
⭐ Please say 'hello' to @m_meenakshee from SAP, presenting DevOps SRE or ITIL – Know Before You Leap! ⭐
@m_meenakshee I’m just getting up to speed, but I gather that you’re talking about how the SAP team thinks about delivering new capabilities to SAP. As opposed to the vendor who’s presenting here, Basis, which is focused on helping users of SAP ease their updates and customizations. Is that true?
I am covering an overview to provide a conceptual understanding of DevOps SRE ITIL implementation, from a generic stand point
I really appreciate the summary. I’m not up to speed on ITIL, so helpful to see the comparison
Thanks a lot!! its really helpful to have a comparative overview to be able to make correct decisions
Very good comparison of the different focal points. Especially for organizations which use all three (because those are the buzz words to chase this year…)
Good to evaluate how to smooth the focal differences in a heterogeneous environment and how expectations from ITIL Problem Management on SRE or DevOps might cause conflict.
Absolutely as most organizations would mostly need to adopt one or more of these methodologies
IT-wide, we use ITIL4. Within my team (monitoring platform), we are decidedly DevOps doing SAFe and/or just Scrum while other peer teams are SRE. In my sub-team, we are the Support and Operations team for my space and we’re decidedly ITIL Incident Management, Problem Management and Kanban focused.
@ffaatuai when you say “decidedly” do you mean that you’re “deciding between” those different possible approaches? Or are you saying that’s what you’ve already settled on?
"Start small", "Nail it before you scale it", "Means to an end, not the end itself": sounds good!
For those of you attending m session today I wanted to make you aware of some projects I have been involved with that a related to the topic at hand. My new Deming podcast... https://www.buzzsprout.com/1758599
Can confirm, @jwillis’s Deming podcast is 💯 !!!!
✨ And now, we welcome back @abd3721 presenting DevOps for Salesforce ✨
Fortunately I pre-recorded the talk and baked the nervousness in at the source
“DevOps for Salesforce Why the business has been bypassing IT for decades but is now in way over their heads and how you can help without going insane.”
Now you’re trapped here and have to listen to my session @jwillis
@jwillis is just trying to reduce the variance in the number of speaker slots
“You can bypass IT who is the root of all delays”
Output, if you're lucky. But not what you asked for. And about 3 years later.
> The problem with customers is they complain
And also I’m here in the chat laughing at my own jokes and quoting myself. #classy
Salesforce sounds like a bunch of DevOps hipsters
Excel is still Salesforce’s #1 competitor
SAP and Oracle are utterly deficient in mascots
And I challenge you to show me someone with an SAP or Oracle tattoo (other than Larry Ellison)
True story: I used to cover up the Salesforce logo on my jacket when walking through the Dreamforce hotel because I was afraid the attendees would mob me for working there!
You need to understand the depth of Passion in the Salesforce community
You’ll know you’ve forged a movement when you start getting SSH tattoos
I’d show you my Gene Kim tattoo but it’s NSFW
Oh Wow - that is a commitment culture 😱
You can write code on the Salesforce platform these days. THey’re providing more mainstream options for tech
@abd3721 is about to announce on-prem Salesforce 🤯
Just requires a Petabyte SSD on your laptop
Curious @abd3721 How does SF make dependencies visible?
There’s a lot of work yet to be done in that area. I really feel it will be gamechanging when there are better solutions for that. There is an early-stage dependency API to show (some) of the internal metadata dependencies. The work I’ve done on that has been to export metadata, process it a bit and show it in Gephi. But this deserves a more robust solution
This is the most lucid / dead-on talk about Salesforce I’ve ever seen. Well done @abd3721! Must-watch for anyone working in Salesforce
puts his DevOps mind tricks back in the drawer
@stephan.stapel please don’t take offense, but that’s a pretty sad substitute for a lightsaber. 😉
“One of their brilliant ideas was that we need more funding”
You’re working on all the things that people used to complain to me about when I worked at SFDC
Very cool. It’s interesting … I didn’t know much about how much communication there is from the dev teams building ON Salesforce with the dev teams that are actually building Salesforce itself
@abd3721 speaking of funding - What is SF funding model? By Project or Product? or?
I’ll assume you mean about how do teams fund buying and configuring Salesforce. I’d say it’s historically been led by sales or marketing teams, and they’ve totally thought about it as a one-time project. As Salesforce has become more critical to the enterprise, IT and CIOs have gotten more involved. But there’s still an extremely strong tendency to just hire an SI and wash your hands of it
Needless to say that doesn’t serve teams so well in the long term
What about scanning for vulnerabilities? Does SAST make sense in a Salesforce world since it is no/low code?
You can write code on Salesforce, so there’s a market for SAST. PMD, Sonarqube
@rob.grant I took a closer look at that periodic table and it doesn’t include any SAST tools, so my slide was accurate, but you make a good point. And you apparently have very fast eyes and brain to have noticed that gap. 🙂
This is an actual merge of Salesforce XML
I have never worked on Salesforce but spent many years w/ SAP ERP - so this song definitely rhymes with some of my past experience
At least SAP is aware that customization needs to be transported from dev to test to prod and offers tools for that.
That’s a learning goal for me - to get familiar with the SAP dev lifecycle
Very good point... unless you z-code your customization layer configs and allow manual configs by environment (at least thats what my friend told me...)
@abd3721 it may be worth connecting with #xpo-basis-technologies. In my previous life we were using their commercial software to bring DevOps principles into our manual SAP deployment processes... Alot has changed Im sure since the early 2019 days when I was looking at it though...
@abd3721 Are you in contact with Salesforce? Are they interested in following a 'Software Engineering' (imho, this very basic term would be a good start) approach for their user base?
Salesforce themselves is working on improving in this area. They neglected it for a long time, so that allowed commercial companies like Copado a market opportunity. Salesforce teams always have to vie for funding against big strategic initiatives, so dev tooling tends to get underfunded because it doesn’t expand their market
cool, thanks. Did they show something on that at Dreamforce (just skipped that conference)?
THey are now openly talking about DevOps, DORA metrics, etc for the first time
"As teams scale up, Lead Time tanks." more dependencies, more conflicting priorities, more neglected & unplanned WIP
Not only scaling the team yields dependencies at Salesforce. It's also style of working. Hacking stuff quickly to generate new forms etc. is the primary problem.
But it’s a nice looking treacherous spiderweb of doom which makes it “less bad”
But then you’ll never get a Salesforce tattoo!
I shouldn’t be too hard on the platform. The tools for building apps are very easy and cool.
@bryce: it's not really growing expontially. It's more the regular re-engineering that needs to be conducted to get rid of old customizing and to refactor dependencies and persistence. So far (5 years since starting) they are still accepting it...
The Salesforce world is maturing in terms of their appreciation of the importance of real software engineering approaches.
But the number of devs is growing very fast so the average skill level is modest
Yeah, Salesforce saves a ton of time on the actual app building process
Even though the in-between parts can be hard and the tooling is less developed than other languages
My company, Copado, is filling in a lot of the gaps in the developer experience
@bryce there’s a saying that any system can survive one order of magnitude of growth before needing to be redesigned. Too many low code apps with no thoughtful architecture will require redesign when you grow. Same with code, same with microservices.
But low code allows you to move very fast to create things and roll them out to business. Which means that you then have lots of dependent customers who don’t want you breaking the apps they use as you struggle to refactor.
So all software systems can fall into nightmare complexity traps. I happened to focus on some of the roughest parts of the Salesforce dev experience.
Hmm yes my small amount of code on Lambda does make me worry that I am setting myself up for pain in the future.
@abd3721 your point is well taken. I suppose the lesson here is that long-term agility depends on intentional effort to avoid these pitfalls, regardless of tech stack.
I feel like this DOES community holds a massive collection of scars and war stories about limited or regrettable decisions, or just how they tackled the next generation of challenges.
If good architecture were easy, it wouldn't be notable. And we wouldn't need this conference.
@abd3721 very interesting stuff. How broadly do you think this is applicable to the low/no-code platform market generally, including ERP platforms?
I think there are very similar challenges for other low code platforms. Those tools require a higher level of abstraction for managing the dev lifecycle, so on all of those platforms there’s an opening for tools that go beyond just scripting
We did something similar and it took 1.5 years to complete. Complete code refactoring, extraction of modules, build pipelines. The biggest cost not quantified at the start was the amount of work required to create the new build pipelines, as well as the automated test pipelines needed to be extracted from the monolith. One other note - one team did this refactoring, but the goal was to move ownership of that module back to the team who developed it. Ownership was a bit of an issue as each team had to learn how to use the new piplelines and test framework
Well done. I’d be really interested to learn more about your team’s journey. DM me if you all want to set up time to share what you did
If you all want to keep in touch, sign up for my newsletter https://inside-out.work/
Or LInkedIn https://www.linkedin.com/in/andrewdavis-io/
Already connected. Maybe we should follow each other on Insta. (I don’t have an Insta)
I’m still setting up my TikTok and OnlyFans accounts
@abd3721 / others - when refactoring a large complex org, how have people found success in choosing the seams for DX packages? What about introducing other software engineering practices like information hiding (i.e., finding ways to limit direct data / SOQL access)?
This is chapter 5 of my book which is still to the best of my knowledge up to date on techniques for decoupling. https://drive.google.com/file/d/1lIrBYv8sDPQ7MdZp6EVCjeCv1QOxOAF0/view?usp=sharing
But it requires some sophisticated software engineering\
This is so helpful! I’m trying to help build some groundswell to take on this challenge - start aligning teams to business capabilities we realize on-platform and use that to help DX package scoping, etc. Going to spend time absorbing this, but I really appreciate the follow up and sharing the chapter!
great stuff @abd3721 - Im not a salesforce guy but it was a great talk. Come for the salesforce, stay for the salesforce tattoos!
DM me if you want a discount at TattooForce
For those of you attending m session today I wanted to make you aware of some projects I have been involved with that a related to the topic at hand. My new Deming podcast... https://www.buzzsprout.com/1758599
📣 Please welcome our dear friend, @jwillis, here to share DevSecOps - The Broken or Blurred Lines of Defense 📣
The Profound episode with @ckissler was 💥
“because it sounds cool” <- Anything John says
One thing I forgot to mention about Conway's law but might be obvious... the 3LOD might give you the org design/security implementation you don't really want.
John’s Chrome notifications on the top of the screen ❤️
1Do you think all 3 feel that they aren't getting what they want? Or might it be that only 1 of the 3 feel the pain?
That’s what I’m wondering as well - is the pain / challenge focused on one group over others?
https://profound.buzzsprout.com in case anyone didn’t know yet
I would say that that structure of silo'd org design for risk gives us low efficacy communication when it comes to risk. So I would answer all.
you may have paid for the full seat but when listening to John you only use the edge... love the suspense building
I haven't been hearing the other parts of the org cry out from the pain and its viewed as so noble its immovable. Trying to think back if I have been ignoring or hidden from the pain.
@jwillis, CIA -> DIE (confidentiality, integrity, availability -> distributed, immutable, ephemeral). Are you going to cover that? Or if not, thoughts?
@dave This presentation is more meta.. like how do we do the big things differently. (Risk, Defense, and Trust).
@dacahill7 remind me via an email and I'll send you the long version of this presentation (slides).
Quote of the presentation: Think blockchain, don't use blockchain
Love the Chef story, we always said that cfgmgmt was a compliance engine
We have been playing with Merkle Tree implications based on Google's Trillion for attestation data store as opposed to blockchain. YOu get most of the benefits of Blockchain without the overhead.
I'm gonna run out of time for Defense.. Here's something we are cooking up next week based on the work I have been doing with ONUG... If you are interested in the follow on work related to the Defense primitive. We are having a media day next week about the open-source project we are introducing. Here's the invite verb.. ONUG Fall 2021, the premier cloud event of the year, is quickly approaching. But first, an exclusive preview of the groundbreaking https://vimeo.com/544834251, spearheaded by ONUG Collaborative members, will be held virtually on Thursday, October 14, 2021, from 2-3:30 pm EST. Spending on cloud computing infrastructures increased by 32% worldwide last year, and is expected to reach $106.8 billion in 2022, according to Gartner Inc. With this growth in spending comes talks of open-source technology that allows customers more control over their cloud usage. But cloud consumers and providers have yet to come together to demonstrate a solution––until now. I’d like to invite you to attend this exclusive preview event that I will be moderating along with Nick Lippis, co-founder of ONUG, and presented by ONUG Automated Cloud Governance Working Group members from Microsoft, IBM, Google, Oracle, FedEx, Cigna, Intuit, Adobe, Fidelity and Raytheon Technologies. This will be a demonstration of a new open source project for multi-cloud security notifications for the first time that is extendable to many other areas of hybrid/multi-cloud infrastructure. . RSVP to the virtual ONUG Fall 2021 Briefing Day https://hopin.com/events/onug-fall-2021?code=RgyLtE9UmBxLofhT83hv677jc. Please let us know if you have any questions. We look forward to seeing you there!
I feel like the Josh Corman SBOM episode stuff is relevant here
Yeah I have some thoughts about sBOM as being defined by the industry versus Automated Governance.
I think the DOES sponsor Anchore does some of that
The only company that I know that is doing exactly what I am talking about in this presentation is PNC.
In case I didn't make the point .. doing this after it gets into the data lake the correlation and efficacy will be lower. The ONUG Decorator concept is to decorate at the source. Where a decorator is an array construct on the normalized event. I also didn't mention that not only can a decorator be a content and meta entity. We also have plans for adding NIST and MITRE decorators. Imagine a security event that is normalized with all of this from the start.
<mailto:botchagalupe@gmail.com|botchagalupe@gmail.com> for non redhat stuff. jwillis@redhat stuff.
I think we know what John’s been working on at RedHat!
Thinking about what you said with if we are still talking about GitOps in 2025, we missed the point. My current org Im not sure if they will even be ready for gitops by then. Wonder what that means about them getting left behind or if it will be significantly easier to catch up as better tools come along.
Wow - that was a lot to take in. Great stuff @jwillis It looks like I have some reading ahead of me…
Was there an estimate of when next year that book might come out?
Reminder: The plenary sessions are starting again in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png
