Dashing through the glow [of displays]

I’ve been making dashboards for some stats we track at work.  I don’t want to trust another organisation with our data; too many dragons.

So that leaves an OSS framework.  I’m using Dashing right now to hit API’s for Google Analytics, Pingdom, etc.  I  think Dashing’s widgets will live a long time, even if the server side becomes unfashionable.  Nice to see recent commits on the project.

One issue was that I found the documentation on the widget types a little vague.   So I made myself a demo of all the widgets.  Here’s the source.

linux.conf.au in Auckland

Happy New Year.

I’m speaking about Graphs and Neo4j at linux.conf.au next Friday.  Don’t think I’m the star attraction though, I think that’s Linus.

Toxic Repo

If you can’t dispose of toxic waste (say, by burning it or launching it into space using surplus ICBM’s), then you probably need to contain it: stop innocents from stumbling across it, or stop the malicious from using it for malicious projects.

The same issues apply to your source tree.  If you have Amazon Web Services credentials checked into a project on GitHub, that’s a toxic repo.  You’ll want to contain to protect people from intentionally or unintentionally damaging the resources that can be accessed from the credentials.

One of the problems of having your own toxic waste dump, is that it’s very easy to add more waste to the pile.  So that repo with a private key checked in might easily get an AWS credential, and a couple of months later, a raw database password.

Another is that sometimes, you might give the wrong people access.

What can you do about it?

  • Amazon’s IAM is incredibly useful at containing the material inside Amazon itself.  Use things like that.
  • Be prepared to burn credentials if they are compromised.
  • Rotating any toxic credentials stored in a repo also helps.

Cleaning up some toxic waste yesterday was pretty good.  That’s one less dirty secret.

Upcoming Auckland Neo4j Events

So, I return to New Zealand. Spend most of a year hiding in a cabin and then fail to organise any events. And now they’ve all come at once:

  • James Rowlands is doing a talk on Neo4j for Python Devs at the Auckland Python Meetup. Tomorrow, February 19. James organised this, I’m appearing for moral support.
  • Neo Technology is a sponsor for CITCON Auckland 2014, and I’ll be giving away a few paper copies of the Graph Databases book.
  • We’re kicking off the Graph Database Auckland meetup on March 3.
  • The second Graph Database Auckland meetup features our Chief Scientist Jim Webber, on April 3. He’ll be showing off the awesome new features of Neo4j 2.0.
  • Jim is keynoting Codemania the next day. You will laugh. I guarantee it.

Happy 2014

2013 was busy.  It’s hard to work remotely with people who are literally on the other side of the planet.  Remote helps explain why: there’s no overlap, apart from what overlap I make myself.

To make things more busy, we ended up buying a new Build Doctor HQ and moving from the country to the suburbs.  Moving from a cabin back to the spare room has it’s comforts.  Like plumbing.  There’s a lot of work to do on the HQ, but it’s nice to have a new long term project.

This blog is a long term project, too.  The last couple of years have seen it slide as I worked on other things and moved country.  It’s no longer sponsored, and pursuing sponsorship doesn’t work when I haven’t been posting.  I almost ported to Ghost, but decided that I’d take the simplest option of moving it to wordpress.com and letting the content speak for itself.

A benefit of the move is saying goodbye to the  www in the blog URL, which fixes a mistake made in 2007.  That and never having to do another plugin update.

Now I just need to find something to write about.

Happy 2014.  Have a happy and productive year, wherever you are.


News, August 12

  • Resharper 8 is out, making Visual Studio usable [link]
  • Also YouTrack 5, I’ve never had the pleasure of that particular issue manager [link]
  • I’d love to go to FutureStack, New Relic’s user conference [link]
  • Heroku have announced a lab of their pipeline support.  At Neo we have several apps deployed on Heroku, so I road tested it this morning.  Does what it says on the tin, and shows what commit went where.  There’s a challenge for some of the addon providers who offer a similar service.  [link]

The Benefits of Fail-Safe Application Deployments

(A guest post by Dan Gordon of Electric Cloud)

Enterprises are building, testing, and deploying software faster and more frequently now than at any point in the past. Faced with unprecedented demands, many of these software development organizations are realizing their rollout processes are haphazard, at best. These improvised procedures lead directly to heightened numbers of costly, time-consuming errors that degrade their business agility. Production deployments remain the last mile hurdle in the agile world due to the disconnect between the Dev and Ops teams.

Fortunately, there is a well-regarded, proven collection of best practices and supporting technologies that can go a long way towards making the software deployment process more streamlined, safer and more robust. These fail-safe software deployment techniques deliver an impressive array of business and technological advantages.

  • Design for manufacturability – Transform your software design and implementation procedures into a more mechanized, repeatable series of steps. This help make test results from earlier phases in the delivery cycle relevant for later stages, and lets you perform consistent test in many scenarios over time.
  • Leverage the power of automaton for your software delivery process – Eliminate the unrefined, often manual deployment processes that plaque so many software development organizations. Comprehensive automation technology can have a meaningful impact on productivity and accuracy, just as it has for many other sophisticated businesses practices.
  • Design with failure in mind – The bottom line is failures will occur despite your best efforts, so prepare for inevitable breakdowns. Determine what is an acceptable failure, and by acceptable, we mean a failure that doesn’t need to halt the entire deployment process. Define success and failure thresholds by tier, and allow for partial deployments to complete successfully.
  • Test early and test often – Build a consistent deployment model and test it throughout the entire software deployment lifecycle. Your software deployment platform should reside at the heart of your testing efforts. Taking this approach uncovers any issues well before a crisis develops and lets you evolve the process so your production deployments are smooth and fail-safe.
  • Zero in on defects efficiently – Identifying and correction defects tends to be laborious and inadequate, but fortunately, specialized automation solutions are great for isolating and resolving these problems. This makes troubleshooting complex deployments much more efficient, and results in faster time-to-market.

These techniques can make your software deployment experience faster, smoother and more reliable. By transforming complex software delivery processes into fail-safe production deployments, you will benefit from increased DevOps collaboration, reduced cost and a higher quality of delivered software.

Dan Gordon is a Product Manager at Electric Cloud. Dan brings over 20 years of experience in the IT software industry. At Electric Cloud, Dan is responsible for product strategy, product marketing, tactical alignment and execution with product development, sales and pre-sales enablement and support. Previously, Dan was a product manager and systems architect for the enterprise IT automation software business within HP Software. Dan has also held managing and systems engineering roles at Opsware and Sun Microsystems. Dan holds a bachelor of science in information and computer science from the University of California, Irvine. 

News, 17 July 2013

Happy summer, Northern Hemisphere dwellers.  There’s a break in the rain at Build Doctor South HQ, have some news:

  • IBM acquired UrbanCode.  I guess Build Forge wasn’t addressing the DevOps market the way UrbanCode had.  Top marks to Maciej, Eric, and the guys for a) building multi-stage CI in 2006, and b) pivoting and responding to DevOps.  One consequence of the deal is, they are no longer blog sponsor for The Build Doctor.  Thanks for your support over the years, guys! [Link]
  • Team City 8 is out, and it’s more affordable.  It looks like they focussed on making it a load more usable and faster.  [Link]
  • Sonatype just launched Nexus Pro CLM edition, which allows you to set per-environment policies for artifact promotion.  They are still banging the security drum.  It makes me wonder about the viability of an attack via the M2 repository.  In other news, would you like to use my new meta logging library that delegates to every other logger in the world? It doesn’t phone home, honest. [Link]
  • Electric Deploy now integrates with PTC Integrity.  I have to admit that I’d never heard of the latter tool. [Link]
  • Atlassian have release Bamboo 5, with better support for Release Candiates, deploy jobs,  and features (authorization and communication) about those.  Looks useful.  I’m going to investigate further.  [Link]
  • Speaking of Bamboo, there’s a security advisory, get your upgrades in. [Link]
  • Sauce Labs have announced multi user accounts, and a round of funding – congratulations!  [Link]
  • CloudBees have a new LTS release of Jenkins, with an emphasis on availablity, including the ability to restart aborted builds [Link]

Conference appearances, 2013

My blogging break has been so long, I feel like a vampire emerging from the grave in a Hammer Horror film.

I’m interrupting my relentless working day to announce that I’ll be at:

Back to flogging Ruby code.

Update: for various reasons, both the struck out appearances are cancelled.  Back to flogging ruby code.  (I do actually use flog).

News, February 19

  • Bamboo 4.4 includes loads of performance tuning, and virtual private cloud support for build agents.
  • If you haven’t upgraded Go and Mingle this year, go and do it right now.  Go has had 2 vulnerabilities via Rails, so go make sure.
  • James Turnbull of Puppet Labs just released his book on logstash.  I don’t think he sleeps much. [link]
  • DevOps Down Under is on July 12, 2013 in Sydney.  I hope to be there. The call for proposals is out. [link]
  • DevOpsDays Auckland is on March 8. I will be there. [link]
  • Congrats to Luke and the crew at Puppet Labs on a massive investment from Vmware. [link]
  • Amazon continue to reduce price and make badass instances. Long may they continue.
  • Kohsuke is doing a useful webinar today: [link]
  • Urbancode (who sponsor this blog) are doing a webinar on how to avoid evil DevOps teams [link]
  • RubyMine 5 got released, with Puppet support.  Now you can raise more feature requests.
  • We’re still looking for someone to work on our Cloud team. [link]


Get every new post delivered to your Inbox.

Join 3,423 other followers