I’ve been embroiled in so many “What is DevOps” discussions over the course of my career, that I found this one of the best pictural descriptions of what it means to be Development Operations.
Entire books and educational courses have been written to describe what DevOps is and what DevOps do.
DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes. This speed enables organizations to better serve their customers and compete more effectively in the market.
How DevOps Works
Under a DevOps model, development and operations teams are no longer “siloed.” Sometimes, these two teams are merged into a single team where the engineers work across the entire application lifecycle, from development and test to deployment to operations, and develop a range of skills not limited to a single function.
In some DevOps models, quality assurance and security teams may also become more tightly integrated with development and operations and throughout the application lifecycle. When security is the focus of everyone on a DevOps team, this is sometimes referred to as DevSecOps.
These teams use practices to automate processes that historically have been manual and slow. They use a technology stack and tooling which help them operate and evolve applications quickly and reliably. These tools also help engineers independently accomplish tasks (for example, deploying code or provisioning infrastructure) that normally would have required help from other teams, and this further increases a team’s velocity.
The Problem of Trust (“Are You Really Who You Say You Are?”)
So, you got an email or a friend invite from Bill Gates, Neil DeGrasse Tyson, Robert Scoble, Donald Trump, or YOUR MOM… but did you really? How do you know?
Back-alley firms meddle in elections and promote falsehoods on behalf of clients who can claim deniability, escalating our era of unreality.
[There is a] secretive industry that security analysts and American officials say is exploding in scale: disinformation for hire.
Private firms, straddling traditional marketing and the shadow world of geopolitical influence operations, are selling services once conducted principally by intelligence agencies.
They sow discord, meddle in elections, seed false narratives and push viral conspiracies, mostly on social media. And they offer clients something precious: deniability.
Between organized efforts to sow distrust and spread misinformation, and the age-old efforts of con men and hackers to assume the identity of others, we now live in an “Age of Unreality” where we assume that one social media account is real, but if we get a second invite from that same person that they’ve been hacked or that someone is trying to assume their identity.
Unfortunately, we don’t apply this same skepticism to the news we read or the emails we receive. If we do apply such skepticism, it becomes a stressful and paranoid-level of distrust as we try to filter truth from mistaken understandings, deliberate misinformation, or various “bad actors” preying upon the trust and confidence of others.
Proofing your Identity – Driver’s License and REAL ID
Proofing your Identity – Affidavit of Identity
Proofing your Identity – Facebook Verification (1/2)
Proofing your Identity – Facebook Verification (2/2)
The Perils of Mistrust (“Facebook Jail”, Twitter Suspensions)
If I’ve learned anything these past few years, and especially these past few weeks, I’ve discovered it’s far easier to get thrown into “Facebook Jail” than it is to prove my identity despite providing government documentation and notarized affidavits to these companies.
There are numerous articles on the internet about how to apply for Confirmed Identities and Verified Accounts on social media sites like Facebook and Twitter, but as you can see from my linked pictures, that process is not easy, not consistent, not standard, and not consistently reproducible. Social media verification is capricious and arbitrary.
I don’t have an answer or solution yet. I think this is an excellent opportunity for social media companies to unite behind a single standard of identity management, authentication, and verification. I think that Google Identity (Open Authentication, or “OAuth”)is one of the best ways to manage identities online, while Facebook Identity/Privacy/Security and Twitter Identities are two of the worst at self-policing, validating, and verifying.
Identity Authentication, Validation, and Verification are issues I’m trying to solve myself both in my personal use of the Internet and my professional career. Secure Socket Layers (SSL) , Transport Layer Security (TLS), Multi-Factor Authentication (MFA/2FA), and Public/Private Key Encryption are all tools that should be implemented everywhere regardless of users’ perceived need.
The internet equivalent of REAL IDneeds to become a reality. We already have Domain Name Servers (DNS) to map domain names to Internet Protocol (IP) addresses. We need the same for identity management: keyservers that map and verify users allowing us to verify and confirm people are who they say they are.
I’ve run datacenters and enterprise-class servers out of our house before. Using my earlier metrics, I figured a single HP Proliant, Dell PowerEdge, SunFire T1000, or an Apple XServe cost about $35/mo in electricity alone… and this was back in 2005-2006.
Running an enterprise-class home office with bonded gigabit ethernet, fiber, several servers (Apple, Ubuntu, Windows), two NAS, and a 49″ 5K monitor is soaking up 7kWh/week and producing 3.666 kg of CO2.
I’m going to have to budget for electrical bills now, hopefully I can either expense it or write it off as business expenses?
I’ll need to seriously investigate solar panels, a Tesla PowerWall, or buying “carbon credits” to offset my footprint.
Solar as an option is growing in Sterling, Loudoun County, and in Northern Virginia. I know I’ve seen several Solar City installs where our HOA installed panels and PowerWalls on the roof and in the garage.
Since the house is nearly paid off, getting a Line-of-Credit to replace the 22yo 2.5T HVAC with a new 3T HVAC and going solar will very quickly pay for itself.
So this is my new 4.7Ghz 16-core AMD Ryzen 9 3950X with Nvidia RTX 3080 that is going to be my office workstation and gaming rig driving the Samsung CRG9 49″ curved 5K DQHD 120Hz HDR10 monitor, Samsung Odyssey+ 3K VR/HMD, and Dolby Atmos sound.
Hard Drive: 2TB NVMe Solid State Drive + 12TB 7200rpm Hard Disk Drive
Graphics: NVIDIA GeForce RTX 3080 10GB GDDR6X
Motherboard: X570 Chipset
Power Supply: 750W Platinum PSU
Operating System: Windows 10 Professional x64
Features: Dual Side Panel Doors, Addressable RGB Control via Remote
Accessories: Wired LED Backlit USB Gaming Keyboard and Mouse Included
3-Year CUK Limited Warranty
I’m hoping to run all my VMs for hosting Ubuntu, Docker, SaltStack, and Ansible for my daytime/weekday development while playing games during the evenings and weekends.
As much as I like the RGB keyboard and mouse that comes from Computer Upgrade King (CUK), I like my Razer BlackWidow V3 Pro and Razer Gaming Mouse better.
With Victoria and I both having home offices, Vicky has her Mac for school and work set up in one of our guest rooms while I took over a corner of our master bedroom. Over the past decade, both of our home offices have continued to evolve to match our needs and style. With my interests in systems engineering (automated server deployments/administration), programming/scripting, gaming, learning to play the keyboard, and 3D printing, this is how my office looks now.
My cable management has continued to improve since these pictures were taken. I cleaned up and ran the cables through conduits so it looks more organized and less cluttered.
I still need to drastically clean and re-organize our bedroom so that it’s professional/presentable on video conference calls. Right now I’ve been relying on Virtual Backgrounds to mask the mess in the background. Since I don’t want to put a massive 12’x6′ greenscreen in our bedroom, I figure I really need to clean our bedroom this week before I begin my new job in two weeks.
Ken with a Virtual Background (his home office)
Using my home office itself as my virtual background worked really well so far for the purposes of my technical interviews. It allowed directors, managers, and other engineers to look over my office while they interviewed me, and I could use objects in it either as ice-breakers or discussion subjects. I talked about the unicorn and it’s meaning from Peter S. Beagle’s “The Last Unicorn”, how it helped me through cancer and chemo, and how the IT industry is rife with “unicorns” (indispensable magical creatures who make everything possible, and immediately missed when out sick or on vacation). I talked about the Apple XServe that the unicorn sits on, and how I have a 12TB Apple Xserve with 96GB memory for the purpose of hosting VMware ESXi for my virtual servers, development, and orchestration/automation of Infrastructure-as-Code.
And so it goes… this is my office, and lately the entirety of my world… since I can’t leave the house between the Coronavirus Pandemic and my own immunocompromised health due to my cancer treatment for Mantle Cell Lymphoma.
Hiring managers, recruiters, and “possible co-workers” have all been asking about the unicorn on my desk.
The unicorn kept me company at Johns Hopkins and Seattle during my cancer treatment and bone marrow transplant, so it’s sticking with me. 💕It’s “The Last Unicorn” from Peter S. Beagle’s novel and film.😆🦄
Since being diagnosed with cancer in January 2018, my reality has been “Wear an N95 mask when outside-the-house, and work-from-home whenever possible.”
It took some time to get used to this new reality. When Sophos laid off ~3% of their workforce, my reality got thrown for another loop. Using our savings and severance, I’ve been cleaning up, re-arranging, and turning part of our master bedroom into an organized home office.
Now two weeks into serious job hunting, daily technical interviews, and initial discussions with a couple of possible employers, I’m back into a routine and feeling more comfortable again. Having a routine and a sense of security certainly cuts down significantly on my anxiety.
With the bleat of continuous bad news about the pandemic, the economy, unemployment, social unrest, social change, and world events… it’s nice to find some comfort and respite.
Sometimes technical interviews are “fun”, other times they are grueling and punishing. I meet all types of systems engineers during my long career in both the corporate and government space.
Yesterday was truly nice. I enjoy meeting with IT Directors, Site Reliability Engineers (SRE), and DevOps Engineers who are not out to either grill you or prove their superiority over you, but to genuinely probe your knowledge, logic, experience, and temperament to see if you will be a good fit for their team (and vice-versa).
There may be “safety” in large corporations and government agencies, but there is a sense of comfort, comradery, and technical brilliance in startups. Working for a 50-person company might take me out of my traditional comfort zone, but I enjoy working alongside engineers who possess a clear sense of quality, ethics, conscience, and comradery.
I continue to be VERY impressed by the speed, performance, and security of the ZyXEL ZyWall USG110 as an edge firewall and security gateway.
Victoria and I have been hitting it hard with multiple 4K video streams, multiple HTTPS secure sessions, videoconferencing (Facetime, Zoom), manga/anime, 4K gaming/streaming, work, and education.
It’s consistently allowing 860-920Mbps on our gigabit fiber connection despite running five services (Intrusion Detection & Prevention [IDP], Antivirus, Antispam, Content Filters, Anomaly Protection & Protection [ADP], and Security Policies) with an IPsec VPN and SSL VPN both available to allow secure virtual private networks to our home network.
ZyXEL ZyWall USG110 with MicroPC and 8TB SSD
With heavy filtering and traffic inspection, I’m still seeing sustained 860-880Mbps throughput, which is about 4-6x better than what we had with Sophos UTM and the Sophos SG firewall.
It’s impressive how much junk there is out there between trackers, malware, adware, spam, and botnets scanning for open ports and known vulnerabilities. Reading the logs and seeing the graphs has been fun each day, but it’s earned my trust and I don’t think I’ll be reading them unless a CRITICAL or ERROR screams for my attention.
Even Facebook ads raise WARNINGS as Facebook attempts to track users across their site and across other sites that use Facebook for authentication, sharing, or advertising.
In January 2018, I was hired by Invincea in Fairfax, VA, just as they were being bought by Sophos. Later that same year, they moved from Fairfax to Reston, VA.
In October 2019, Thoma Bravo made an offer to acquire Sophos which was accepted by the management team and approved by the EU.
On Wednesday, June 3rd, 2020, Thoma Bravo and Sophos made the joint management decision to reduce costs and expenses by severing engineering and management at several locations… one of which was our engineering team.
This morning feels surreal as I clean up, box up, update my resume, and prep for job hunting again. I am extremely thankful and honored for the wonderful team members I met while at Invincea/Sophos, and our friendships that endure.
Both at NOAA and at Sophos, we run much larger and more expensive virtual environments (“Clouds”) than what most people can afford for home use. In order to experiment and learn on sandboxes prior to the DEV/QA/PROD environments of my office, I was running AWS Lightsail and Google Compute Platform. Unfortunately, I quickly learned that AWS Lightsail was running me $53/week for my usage; far too expensive for hosted virtualization.
So I built a new VMware vSphere ESXi 7.0.0 Hypervisor for home use and began virtualizing all of the Infrastructure-as-Code efforts I’ve been using for my job. There really isn’t much need for running physical servers particularly when so much of our code is Docker Containers and Microservices. While I still use VMware Fusion on each of my Macs and VMware Workstation Pro on each of my Windows machines, I’m building virtual servers using Terraform, Ansible, Docker, and doing deployments using Jenkins. The virtual servers themselves are cloneable and portable, allowing me to run them on my ESXi server or on my laptops.
Using LibreNMS for Operations Monitoring
With these efforts, I’ll be documenting far more to the Tayledras Wiki starting with Infrastructure as Code at Home. It’s been a rapid brain dump so far as I build out virtual servers at home mirroring my AWS efforts elsewhere, but as I work on components, develop better configurations/scripts/playbooks, I expect my documentation will improve dramatically.
So if you’re interested, feel free to watch or read my articles on Tayledras Wiki. I suspect it’ll improve quite rapidly over the coming weeks and months.
As I’m watching what appears to be network issues in Colorado Springs, CO, I’m getting incredibly annoyed with the intermittent connection to my server and the periodic lost of data.
I *REALLY* need to “work locally, keep everything local, and only save/backup to the cloud.”
The cloud is NOT some magic that Google and Amazon manifest that is devoid of all issues. The old saying “the cloud is just someone else’s computer” is entirely true, they just may have a very different or more expensive computer than you do.
After losing my content twice, I need to do a remote->local backup and a build a local virtual machine that mirrors my server in Colorado. I should work on my local server, and just deploy content to my public server rather than “working in production.”
As part of my “Tayledras Project“, I’m working on doing monitoring, metrics, log analysis and alerting using Graylog, Kibana, ElasticSearch, and Grafana. As of today, I have metrics working for the personal domains and servers I manage. While I already do this for the corporate servers I manage, having all these features and capabilities outside of the office is new. I’m looking at doing automated deployments of monitoring and metrics servers using Ansible and Terraform, with more Ansible Playbooks to follow shortly.
With all of my syslogs now being aggregated, and now sysstats & metrics, I should have centralized monitoring and alerting working shortly…
Screenshots:
log analysis , metrics, and queries using Graylog, Kibana, Grafana, and ElasticSearchlog analysis , metrics, and queries using Graylog, Kibana, Grafana, and ElasticSearchGoogle Analytics – GeolocationGoogle Analytics – Geolocation
This last year has been a roller coaster of interesting health issues (my Stage 4 Cancer of Mantle Cell Lymphoma) and interesting technologies (joining the Invincea and Sophos DevOps team). While I’ve been fairly active on Facebook and less active on Twitter, I’ve been meaning to collect all of my pictures, knowledge, and sharing of interesting things/events/technologies/thoughts on a single website.
With Tayledras, I’m hoping to bring my ideas to fruition, to share with others and see what new things they make. This is a dedicated webserver where I intend to use Ansible, Terraform, Git, Jenkins, Grafana, MySQL, MediaWiki, WordPress, and more to use, demonstrate, and advanced the technologies that I use as part of my job but less so at home or my personal web.
In addition to the cool technologies that make this possible, I’m also hoping to document and share my adventures in trying to overcome Mantle Cell Lymphoma, my love of family and our two Shetland Sheepdogs (Kiyomi and Toshiro), my efforts to practice and learn proficiency on the piano keyboard, my efforts to be a licensed Ham Radio Technician, and more! I truly do hope this to be a lively and interesting website.
