Fork me on GitHub
#ask-the-speaker-track-4
<
2022-05-12
Slackbot08:05:21

Reminder: Get yourself in front of your browser and into #ask-the-speaker-plenary for the opening remarks. Weโ€™re kicking off the final day of the DevOps Enterprise Summit in 15 minutes at 10am BST! https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png

Slackbot09:05:10

Reminder: Remember all those talks you attended the first two days of the Summit? Please submit your feedback for those! Itโ€™s so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here: https://members.itrevolution.com/live/schedule https://devopsenterprise.slack.com/files/UATE4LJ94/F03E48CJRF1/image.png

Slackbot09:05:16

Reminder: The final day is starting now โ€“ opening remarks and then plenary talks! Join the conversation in #ask-the-speaker-plenary.

Elena Sheveleva10:05:11

Hello DOES and lets connect for good! "You might have read The Phoenix Project, or have come across "sooner, safer, happier", a small insight on what it has been like forging new ways of workingโ€ฆ There is rarely a good time for transformation, however, evolving with an agile mindset and using DevOps principles are certainly key for the future of the business. Discovering the joy of "aha!" moments and re-igniting the passion for development have been a wonderful part of the journey. This talk walks through the experience as a "newbie" on the transformation journey and key aspects that stood out! Have you found your Eric? Let me share my experience with you, join my https://doeseurope2022.sched.com/event/11fus "We connect for good" today at 12.50 BST!"

๐Ÿ™Œ 1
Elena Sheveleva10:05:07

@james.moverley @knathadwarawala @mollyc @marjorie @ksetschin @jbede @rnag

Use other profile10:05:13

Canโ€™t wait ๐Ÿ™‚

๐Ÿ‘ 2
๐Ÿคช 1
David Hawes-Johnson (DevOps Enablement - BT)11:05:10

๐Ÿฟ Looking forward ๐Ÿ‘

๐Ÿ‘ 1
Jim Moverley11:05:42

all systems are go! ๐Ÿ˜„

5
1
Jim Moverley11:05:34

hope you enjoy the talk! feel free to ask any questions (naturally!) hecklers will be escorted out of the building chuckle

Slackbot11:05:21

Reminder: The breakout sessions are starting in 5 minutes. Get in front of your browser and start navigating your way to whichever session youโ€™re attending. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png

Molly Coyne (Sponsorship Director / ITREV)11:05:00

๐Ÿ‘:skin-tone-2:A warm welcome to @james.moverley for our next session's Q&A. Thank you Gitlab! ๐ŸŒŸ

๐ŸŽ‰ 2
๐Ÿ’ฏ 1
โค๏ธ 3
Ann Perry - IT Revolution11:05:13

Apologies for the delay โ€“ the video will start shortly!

Jim Moverley11:05:53

@wheeeee

๐Ÿ˜Ž 3
1
Elena Sheveleva11:05:56

You go @james.moverley!๐Ÿฅ‚๐Ÿ˜Ž๐Ÿš€

๐Ÿš€ 2
Use other profile12:05:12

Canโ€™t believe you just worked in a more cowbell reference :rolling_on_the_floor_laughing:

โค๏ธ 1
Jim Moverley12:05:47

ahh man you made my day.. we had our squad laughing about this for months

Jim Moverley12:05:18

specially when an enterprise architect confessed they had spend days trying to find out what "cowbell" technology is

Jim Moverley12:05:59

background: our squad was really "playful" and we had amazing fun and laughs (+ lots of "in" jokes)

Use other profile12:05:25

You can take that back to your team

Jim Moverley12:05:09

already done! ๐Ÿ˜„

Use other profile12:05:11

@jonathansmart1โ€™s C.R.A.P. lightning talk https://videos.itrevolution.com/watch/504289269/

โค๏ธ 1
Jim Moverley12:05:41

Be interested to see if anyone on here are building pipeline delivery mechanisms of OTHER vendor software

โ“ 1
Use other profile12:05:16

I really like the chapter format youโ€™re usingโ€”easy to follow.

Jim Moverley12:05:05

thanks alex ๐Ÿ˜„ means alot! : actually i realised that its been a while since i've made some presentations like this.. so was good to get back into it! #therewasanattempt

๐Ÿ™Œ 3
Elena Sheveleva12:05:13

@james.moverley you are natural born speaker! Very knowledgeable, interactive and charismatic! Thank you, I really enjoyed the session!

Jim Moverley12:05:33

Thanks @eshevelevasuper kind!

Jack Lagare12:05:51

Definitely!

๐Ÿ‘ 1
โค๏ธ 1
Jim Moverley12:05:11

this summit had HUGE impact to our squad last year...

Jim Moverley12:05:33

the content / interactions where invaluable ๐Ÿ™‚

David Hawes-Johnson (DevOps Enablement - BT)12:05:23

Nice session @james.moverley - I remember the last time we spoke how excited you were about this capability - so it's great to see you tell your story ๐Ÿ‘

๐Ÿ™Œ 5
โค๏ธ 1
Jim Moverley12:05:37

thanks for having me folks, a very bare bones run down of OUR journey ๐Ÿ™‚

๐Ÿ‘ 3
๐Ÿš€ 2
Elena Sheveleva12:05:58

@james.moverley where is the bar? I want to join as well:grin:

Randeep Nag12:05:17

Gather ๐Ÿ™‚

Molly Coyne (Sponsorship Director / ITREV)12:05:26

๐Ÿ’กWelcome to the GitHub team @colinbeales and @rerwinx for answering your questions today about their session, How to Secure Your End-to-end Supply Chain Thank you GitHub! ๐Ÿ’ก

๐Ÿ‘‹ 5
Use other profile12:05:46

whoa 650%โ€ฆ

Erik Greathouse12:05:35

I think that is actually low. That reflects public repos and reporting.

๐Ÿ˜ฌ 1
Use other profile12:05:31

Are all 2FA options equal?

Erik Greathouse12:05:04

No, Not all 2FAs are equal.

Erik Greathouse12:05:47

NIST SP 800-160 vol 1-3 will explain all the different qualities to authenticators.

Erik Greathouse12:05:30

NIST SP 800-63B speaks to MFA guidelines as well. https://pages.nist.gov/800-63-3/sp800-63b.html#sec4

๐Ÿ™Œ 1
Erik Greathouse12:05:58

From a security perspective key if it is more available (A) then need to add more effort to confidentiality (C) and Integrity (I).

โœ… 1
Gene Kim, ITREV, Program Chair12:05:22

Iโ€™m so afraid of keys from Twitter, Slack, GCP, MySQL in my GitHub repos โ€” are you saying those will be automatically detected? That would be amazing!

๐Ÿ‘€ 2
Gene Kim, ITREV, Program Chair12:05:13

@colinbeales @rerwinx It was so exciting to hear how GitHub scans for secrets in reposโ€” is this something I need to specifically enable?

rerwinx12:05:54

@genek, it'll be enabled by default on Public repos

Gene Kim, ITREV, Program Chair12:05:43

That would be amazing โ€” is it enabled now already, or in future? (Iโ€™ve always had anxiety about this, and would love to get some more assurance that my repos are secret-free. Well, you know, within in reason! Thank you!)

rerwinx12:05:25

It will be scanning on Public repos right now. It needs to be enabled for Private repos and forms part of GitHub Advanced Security.

rerwinx12:05:14

If anyone wants to talk more about any security features in GitHub, swing by #xpo-github-for-enterprises

Gene Kim, ITREV, Program Chair12:05:45

This is exciting โ€” I canโ€™t find the โ€œAdvanced Securityโ€ setting? This is for private personal repo. Is this only for Public and Enterprise repos?

Carmen Marced12:05:08

Hey Gene, These features are behind what we call GitHub Advanced Security which require an extra license. https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security

Carmen Marced12:05:40

This license is only available for organisations using GitHub Enterprise.

Carmen Marced12:05:06

What company do you work for? I can look up who your Account Manager is and get them to get in touch with you if you are interested ๐Ÿ™‚

Fokko V.12:05:25

@rerwinx Is there something in GitHub Actions to do the build signing?

Colin Beales12:05:59

@fokkov - Plenty of actions for scanning as part of your build https://github.com/marketplace?type=actions&amp;query=sign also you can just execute commands against your tools of choice at the right point in your process to ensure signing is complete. Essentially if you can automate it, actions can run it.

Fokko V.12:05:48

Thanks @colinbeales, makes sense. I thought there would be an out-of-the-box feature to implement this ๐Ÿ˜‰

Colin Beales12:05:59

As the scope for what you can be signing is so large based on different technologies in play it helps to have the community, vendors and GitHub all building actions to make sure we cover as many automation requirements as possible.

๐Ÿ‘ 1
Andrew Salt - Arbor Education12:05:06

Running late? -? 0800-DEVOPS by CROZ is a sociotechnical newsletter and podcast covering topics of technical excellence, organizational improvements, and productivity.

Use other profile13:05:01

โ€œIT Revolution called and said hey, letโ€™s take your 30 pages, and turn it into a short book. Then John Willis said no, letโ€™s turn it into a novel.โ€

Slackbot13:05:10

Reminder: The breakout sessions are starting again in 5 minutes. Get in front of your browser and start navigating your way to whichever session youโ€™re attending. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png

Molly Coyne (Sponsorship Director / ITREV)13:05:00

๐Ÿ“ฃ Welcome @giorgos.ampavis for our next session's Q&A. Thank you Premier Sponsor LaunchDarkly! ๐Ÿ“ฃ

๐Ÿ™ 1
๐Ÿ‘ 1
Quinn Daley13:05:05

Itโ€™s really powerful to conceptualise feature toggles as โ€œmerging incomplete codeโ€ - it feels like thatโ€™s arguably a better sell for developers than โ€œdecoupling deployments and releasesโ€

Giorgos Ampavis14:05:06

I perceive the latter as the objective and the former as the means to achieve it ๐Ÿ™‚

1
Quinn Daley14:05:44

I think the former could also be used as a selling point - feature toggles stop you worrying about long-lived branches and merge conflicts. Iโ€™d never thought of it that way until you said it!

๐Ÿ™ 1
Quinn Daley14:05:08

thank you @giorgos.ampavis!

๐Ÿ‘ 1
๐Ÿ™ 1
Marcelo Pazzinatto14:05:40

very nice @giorgos.ampavis

๐Ÿ™ 1
Giorgos Ampavis14:05:57

Thanks everyone, it was a pleasure! ๐Ÿ™‚

๐Ÿ’– 2
Molly Coyne (Sponsorship Director / ITREV)14:05:00

upvotepartyparrot A big welcome to @ekharchenko and @kvahsen for our next session's Q&A. Thank you StackOverflow! upvotepartyparrot

Ekaterina Kharchenko14:05:00

Thank you! Happy to be here! ๐Ÿ‘‹

Quinn Daley14:05:23

Thank you to Prashanth (and @ekharchenko @kvahsen) - some very interesting stats in there!

Virginia Laurenzano NSA14:05:49

"shouldn't disrupt your flow to learn" - I feel this - anyone else dealing with restricted to no internet access at work? makes access to learning...complicated...

Ekaterina Kharchenko14:05:45

restricted access to internet at work sounds tough! how do you find info?

Virginia Laurenzano NSA14:05:35

depends. most developers have access, but few have unfettered access. plus lots, but weirdly gappy, information internally accessible. I've definitely had to resort to reading up on some thought leader trends on personal time. Just wanted to know if others faced similar struggles

Slackbot16:05:30

Reminder: The final plenary sessions are starting in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png

Slackbot17:05:29

Reminder: Please submit your feedback for the talks you attended. Itโ€™s so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here: https://members.itrevolution.com/live/schedule https://devopsenterprise.slack.com/files/UATE4LJ94/F03E48CJRF1/image.png