Episodes
-
Send us a Text Message.
In this episode of DevOps Sauna season 4, Darren and Marc delve into key DevOps and security updates, focusing on GitHub's potential new standard for SBOMs and its collaboration with JFrog. They joke about their reliance on ChatGPT, given its recent outage, and discuss the concerning frequency of cyber attacks, referencing significant breaches such as Ticketmaster's.
Among the several topics covered in this episode are Microsoft's AI integration in DevOps workflows, GitLab's new AI tools, OpenTofu's recent security-enhanced release, JetBrains' new Aqua IDE for test automation, and GitHub's artifact attestations for supply chain security.
With all this talk of security, Marc and Darren address the recent PyTailor malware threat before wrapping up with GDPR and data protection issues in the UK, underscoring the importance of robust security measures.
Get the latest on GitLab, GitHub Enterprise Server, Jenkins, Artifactory, Xray, and SonarQube LTS in our Root release blog post: https://www.eficode.com/blog/root-whats-new-june-2024
Watch our webinar and learn how to maximize your software development with GitLab's AI-powered DevSecOps platform: https://www.eficode.com/events/gitlab-ai-platform-devsecops-event -
Send us a Text Message.
Dan Plumbley, Eficode's first GitLab champion, joins hosts Marc and Darren for an episode exploring GitLab. The discussion highlights GitLab's holistic approach, incorporating project management, CICD pipelines, and security features within a single platform.
Dan covers the integration of open-source tools that provide a seamless user experience with minimal context switching. The introduction of GitLab's AI offering, Duo, is also explored, showcasing its capabilities in code suggestions, security assessments, and refactoring, which enhance code quality and maintainability.
The trio touches on GitLab's evolution from an underdog to a leader in the DevOps space, with notable adoption by major global entities.
Our webinar will help you maximize your software development with GitLab's AI-powered DevSecOps platform: https://www.eficode.com/events/gitlab-ai-platform-devsecops-event
No matter your experience with DevOps tooling, we can enhance your experience and capabilities: https://www.eficode.com/root/gitlab -
Missing episodes?
-
Send us a Text Message.
In this episode, Marc's anecdote about resolving a stuck bike axle underscores the importance of having diverse tools and approaches when tackling problems—a principle that extends to security where relying solely on one method can lead to vulnerabilities.
Exploring the value of diverse strategies, redundancy, and rapid feedback loops in both mechanical problem-solving and security practices, our hosts emphasize the necessity of layered security, likening it to an onion with multiple defensive layers to deter threats like the Akira ransomware.
Darren and Marc advocate for frequent testing across multiple levels to ensure the early detection of issues. They highlight the importance of addressing internal vulnerabilities caused by human error and draw parallels between security practices and mechanical problem-solving methodologies.
Whether you're an IT professional, software developer, or anyone interested in improving project security, this discussion offers valuable strategies and perspectives to mitigate risks effectively.
Gain a better understanding of how DevOps and cultural practices intertwine: https://www.eficode.com/guides/devops-for-executives
For DevOps and cultural practices, information on driving successful DevOps transformations, and more, head to our page: https://www.eficode.com/devops-transformation -
Send us a Text Message.
In this episode, Marc and Darren are joined by Sven Peters, Developer Advocate at Atlassian, discussing enhancing developer joy and productivity. Sven emphasizes that developers often understand their own problems, and management should listen to them. He discusses the increased cognitive load from responsibilities like observability and being on duty for microservices. Introducing "developer joy," Sven describes it as the balance of progress, quality, and value. He stresses reducing wait times and addressing unique team challenges.
Sven highlights bridging the gap between developers and product managers through techniques like project kickoffs and feature leads to ensure developers understand the problems they are solving. He also underscores the necessity of contextualizing metrics for assessing productivity. The conversation explores the creative aspect of software development, differentiating it from mechanical processes.
AI's impact on development is also covered with predictions into how it will change team dynamics, reduce traditional sprint planning, and alter team roles.
Platform engineering is a valuable practice in simplifying development and creating a conducive environment for innovation and enjoyment. Check out our page to learn more: https://www.eficode.com/platform-engineering
Adapt for the future of AI-powered software development using our guide: https://www.eficode.com/guides/devops-trends-2024 -
Send us a Text Message.
In this episode, Marc and Darren are joined by colleagues Henri and Kalle to discuss the proactive role of DevOps in integrating AI into organizations. They emphasize the importance of robust security measures to manage risks and highlight the benefits and challenges of using AI, particularly large language models (LLMs), for apps like customer support and content creation.
They address the complexities of data integration and governance and the need for automated solutions to handle the scalability of AI. Its role in improving human-computer interaction and the importance of maintaining data accuracy and security are also discussed. Marc emphasizes clear data governance practices similar to GDPR, advocating for transparency through an AI bill of materials. Henri and Kalle discuss the necessity of advanced DevOps practices, including specification-driven development and CI/CD pipelines for efficient IT processes.
The conversation covers integrating requirements early into development value streams and maintaining rigorous verification and validation, particularly in secure environments, underscoring the proactive role of DevOps safety nets in enhancing software engineering.
Extend your learning with our blog post on the four guiding principles of a healthy DevOps culture: https://www.eficode.com/blog/the-four-guiding-principles-of-a-healthy-devops-culture
Transform your software development with AI and DevOps using the information on our page: https://www.eficode.com/transforming-software-development-with-ai-and-devops -
Send us a Text Message.
Darren and Marc discuss the EU AI Act, the world's first regulation on artificial intelligence development. The Act, aimed at controlling and putting guardrails on AI development, is seen as a step towards addressing potential risks associated with AI, such as manipulation, bias, and exploitation. While acknowledging the Act's spirit of protecting against AI misuse, they express concerns about its potential impact on innovation, particularly for small and medium-sized enterprises (SMEs) in the AI space. They anticipate challenges in interpretation and enforcement, as well as potential lawsuits shaping the Act's implementation and effectiveness. Additionally, they ponder how the Act might affect marketing practices, emphasizing the need for transparency in AI systems and their interactions with people. The discussion also touches on the complexities of regulating AI and the implications for various industries and use cases.
Learn more about AI in software development on our page: https://www.eficode.com/transforming-software-development-with-ai-and-devops
Get the key DevOps and machine learning trends for your software development processes from our guide: https://www.eficode.com/transforming-software-development-with-ai-and-devops -
Send us a Text Message.
In this episode of DevOps Sauna, Marc and Darren are joined by Eficode UX and Accessibility Lead Annika, who emphasizes the importance of considering accessibility requirements and various user needs from the outset of any project. She shares her journey into accessibility work, highlighting its significance and intersection with user experience (UX). Annika discusses the technical aspects of accessibility, the importance of meeting minimum standards, and the necessity of manual testing alongside automated tools. The conversation delves into the impact of accessibility on users with impairments, the prevalence of accessibility needs, and upcoming legislation mandating accessibility in various sectors. Eficode's efforts in promoting accessibility are mentioned, along with practical tips to improve accessibility in your digital services.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Learn about our monthly Unicorn Stable sessions—open to all employees with an idea to pitch—and the innovations that have come from it. -
Send us a Text Message.
Marc and Darren discuss various topics, including the implications of edge computing on DevOps, the emergence of AI-generated code, controversies surrounding open-source licenses, the rise of start-ups focused on automating DevOps tasks, the widespread use of AI among developers, and the need for responsible innovation with Generative AI. They also touch on challenges in DevOps leadership and the importance of fostering a supportive environment for talent. Ultimately, while there are complexities and challenges in these areas, there's also optimism about the potential for positive change and innovation.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Prepare for the future of AI-powered software development with our DevOps Trends 2024 guide. -
Send us a Text Message.
In this episode, Marc and Darren host Cheryl Hung, Senior Director of Infrastructure Ecosystem at Arm and founder of Cloud Native London. They discuss Arm's expanding role beyond mobile devices into data centers and infrastructure, highlighting increased software support for Arm processors. The conversation touches on trends like GitOps, WebAssembly (Wasm), and the shifting landscape of open-source licensing models. Cheryl also encourages community engagement and sharing knowledge through meetups and speaking opportunities. Overall, the episode offers insights into the evolving tech landscape and the importance of collaboration and open discourse.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
If you’re interested in getting new ideas for products with rapid time-to-market, check out our blog post. -
Send us a Text Message.
In this episode of the DevOps Sauna podcast, Amanda Brock, CEO of OpenUK, explores the impact of AI-generated code on open source software. She addresses licensing complexities, ownership issues, and maintainer responsibilities. The discussion also covers the misuse of open source in AI contexts and concerns about regulations like the Cyber Resilience Act and the EU AI Act. Amanda emphasizes community engagement in setting standards to ensure fair regulation. She highlights the necessity of users complying with laws over licenses and the trend of shifting liability onto commercializers. Legal complexities around Generative AI and managing security vulnerabilities in sectors like government, finance, and healthcare are also discussed. Darren, Marc, and Amanda reflect on AI's broader implications for job displacement and the importance of expertise and discernment but remain optimistic about the positive impacts, such as more informed decision-making.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Discover the power of GitHub Copilot for transforming your software development with AI pair programming. -
Send us a Text Message.
Darren and Marc discuss the concept of repatriation in DevOps in this episode of DevOps Sauna, advocating for a return to manual deployment and bare metal servers. They discuss the importance of treating servers like pets rather than cattle, emphasizing hands-on care and control over automated processes. They also touch on topics such as maintaining server room temperature, manual cable management, the value of monoliths in software development, and the idea of allowing servers to "work from home" rather than relying on cloud-based solutions.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Check out our DevOps training. -
Send us a Text Message.
In this episode, Marc and Darren explore stress in IT, covering the signs, types, and management strategies. They share personal experiences and offer practical tools like the three and four-panel methods for addressing stress-inducing situations. They advocate for seeking professional help, breaking the stigma around mental health conversations, and promoting psychological safety in the workplace. Overall, their conversation underscores the importance of recognizing and addressing stress to foster well-being in both personal and professional spheres.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Learn how to foster a healthy and balanced DevOps culture with the help of blameless postmortems. -
Send us a Text Message.
In this episode, Marc and Darren discuss the feasibility and implications of creating a fully open source toolchain for software development. They explore various aspects of the toolchain, including version control, compliance, secure storage, documentation, task management, and more.
Specific tools and their suitability for different purposes within the toolchain are explored. Darren evaluates options such as Gitea and GitLab for version control, SonarQube, and Aqua Security tools for compliance, and HashiCorp Vault for secure storage. Challenges in finding suitable replacements for commercial tools like Confluence for documentation and Jira for task management are also touched upon.
Throughout the episode, trade-offs between open source and commercial solutions, such as cost, ease of use, and support, are acknowledged. Underestimating the technical investment required to maintain open source toolchains is cautioned against, while software-as-a-service (SaaS) platforms are suggested as a suitable alternative.
Darren and Marc advocate for a pragmatic approach to toolchain selection, recognizing the benefits and limitations of both open source and commercial offerings. They emphasize the importance of considering factors such as scalability, support, and ease of integration when making decisions about software development toolchains.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Whether you need a single tool installation or a highly scalable, complete end-to-end toolchain, we can provide it. -
Send us a Text Message.
This episode explores the concept of value stream mapping, emphasizing transparency, prioritization, and continuous improvement to optimize value creation within organizations. Through discussions on feedback loops and breaking down silos, Marc and Darren empower listeners with insights to enhance their software development processes and foster a culture of innovation and collaboration.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast -
Send us a Text Message.
Darren and Marc discuss incident response in cybersecurity in this episode, with a focus on the importance of disconnecting rather than shutting down during security incidents.
They cover the four phases of incident response: Discovery, analysis, action, and postmortem, highlighting the shift in cybersecurity from prevention to effective response due to the inevitability of breaches.
They look at the complexity of achieving a perfectly secure system and stress the importance of continuous improvement and preparation in cybersecurity practices.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Want to know how your teams can get a grip on their service incidents? Read our blog post. -
Send us a Text Message.
Marc and Darren address the resistance to change within organizations when it comes to adopting new technology. They cover the challenges of traditional command and control hierarchies in modern workplaces, emphasizing the importance of involving knowledge workers in the change process for successful adoption.
Also highlighted is the need for flexibility in selecting tools. They caution against tooling bias and stress the importance of management and developer buy-in for effective change management.
The role of platform ownership and the importance of security considerations in change management is also covered.
Marc and Darren conclude the episode with a reminder of the ongoing need for adaptation and growth in today's rapidly evolving landscape.
Join us at The DEVOPS Conference Global
Find out how we helped Nokia define operational models, processes, and system changes. -
Send us a Text Message.
In this podcast episode, Marc and Darren discuss platform engineering, with a focus on how to start building an effective platform from scratch in 2024. They emphasize the importance of erasing past mistakes, standardizing tooling, and gaining management buy-in.
Marc and Darren advocate a balanced approach that prioritizes getting software running quickly in a production-like environment to facilitate rapid feedback loops, and touch on investment, resistance to change, and the need for software to be adaptable to new platforms.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Check out our ultimate guide to platform engineering. -
Send us a Text Message.
Darren and Marc highlight the importance of going all in on a platform transformation, emphasizing the need for commitment and investment.
They discuss the shift towards internal developer platforms and the challenges of overcoming ill-defined areas in platform engineering.
The conversation touches on common pitfalls, including the delay in considering security, tooling bias, and the tendency to try to build a perfect system instead of focusing on iteration.Find out how to address these pitfalls by considering security early on, cultivating a DevOps culture centered around user feedback and positive reinforcement, abandoning the pursuit of a perfect system in favor of iterative development, and adopting all-in-one platforms like GitLab and GitHub.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Check out our ultimate guide to platform engineering. -
Send us a Text Message.
Marc and Darren are joined by Andrew Martin, founder and CEO of control-plane.io, to discuss the challenges of securing Kubernetes for different user levels and the evolution of security practices in DevOps.
They emphasize collaboration between development and security teams and the importance of tools like OSCAL for automating security testing. Andrew addresses solutions for securing Kubernetes, such as network policies, RBAC, and container security management. He highlights the significance of log integration for security incident management and tools like Kubesec and bad robots for analysis. He also touches on configuring Linux security modules and the role of security monitoring in container security.
Join in the conversation at The DEVOPS Conference with a fantastic group of speakers, an engaging worldwide online audience, and a live audience in London of practitioners and decision-makers.
With our advanced Kubernetes application deployment cloud training, you can extend your team's application packaging and deployment skills using cloud-native tooling. -
Send us a Text Message.
In this episode, Marc and Andy are joined by the VP of Engineering at Showpad, Patrick Debois. They discuss GenAI and the metaverse, emphasizing their significance in the industry.
Patrick reflects on his famous quote about DevOps breaking silos and how the industry has evolved from large to smaller, more collaborative teams. They delve into DevOps with security, the evolution of collaboration among teams, and the challenges of working with external SAS vendors.
Patrick shares his thoughts on the future of AI, the metaverse, and the concept of "reality as code," as well as collaboration, understanding different perspectives, and the continuous evolution of technology.
Join in the conversation at The DEVOPS Conference in Copenhagen and Stockholm and experience a fantastic group of speakers: www.thedevopsconference.com/?utm_campai…rce=Podcast
Discover how integrating DevOps and AI can lead to transformative outcomes. - Show more