The CTO of a company I have worked for used to say that services should be loosely coupled but tightly integrated. I didn’t realize until a lot later how true that statement is as you’re building out microservices. How those microservices communicate with each other has also changed quite a bit. More often than not, they send messages using asynchronous protocols. As an industry, we decided that this new way of building apps should be called “Event-Driven Architecture (EDA).”
As a developer, I always thought that security, like documentation, would be done by someone else. While that might have been true in the past, in today’s world that model no longer works. As a developer you’re responsible for the security of your app. Security in this case should be seen in the broadest sense of the word, ranging from licenses to software packages. A chef creating cheesecake has similar challenges. The ingredients of a cheesecake are similar to the software packages a developer uses. The preparation is similar to the DevOps pipeline, and recipe is similar to the licenses for developers. Messing up any of those means you have a messy kitchen, or a data breach!
Imagine this, it’s 5pm on a Friday afternoon and while you really want to go enjoy the weekend, you also need to deploy a new version of your app to production. Using AWS CloudFormation (CF), you add a new instance to your fleet of EC2 instances to run your app.
Trusting Your Ingredients - What Building Go Apps And Cheesecake Have In Common.
In this lightning session at GopherCon 2019, I got the chance to talk about two things I love. Cheesecake and Golang! As a developer, I’ve written code and built apps, and I realized that building apps and creating a cheesecake have a lot in common. In both cases you need to have the right ingredients, you need to trust your suppliers and have transparency in your production process. In this talk, we’ll look at how you can, and why you should, know what is in the app you deploy.
As a developer, I’ve written code and built apps, and I realized that building apps and creating a cheesecake have a lot in common. In both cases you need to have the right ingredients, you need to trust your suppliers and have transparency in your production process. I got to go to Atlanta and meet with the Docker Meetup Group there, where we got to talk about In this talk, how you can, and why you should, know what is in the app you deploy.
Sometimes you need to get data from cloud-based systems into an environment that doesn’t expose APIs or ports to the outside world. Webhooks help, but you still need something that accepts them and gets them across your firewall. That’s exactly where Solace PubSub+ Cloud comes in. I built a small webhook forwarder app that receives data from Solace and sends it onward without any of my systems being exposed to the internet.
At the Twistlock Cloud-Native Security Day, a co-located event at KubeCon 2019, I got to talk about what cheesecake and building apps have in common. As a developer you’re responsible for the security of your app. Security in this case should be seen in the broadest sense of the word, ranging from licenses to software packages. A chef creating cheesecake has similar challenges. The ingredients of a cheesecake are similar to the software packages a developer uses. The preparation is similar to the DevOps pipeline, and recipe is similar to the licenses for developers. Messing up any of those means you have a messy kitchen, or a data breach! In this talk we’ll look at:
Why do we care about licenses? How does Sec get into the early stages of DevSecOps? What can chefs and devs learn from each other?
Developers love Docker containers for managing software, but apps also need data and configuration. Those live on Docker volumes, and the question becomes: how do you reuse them?
I’ve been playing with OpenFaas ever since I learned about Minikube a few years ago, so when one of my colleagues mentioned Google’s Distroless project I obviously needed to see if my Go projects could work using those images too.
