PC²

For thoughts greater than 280 characters.

Balancing Security and Your On-Call Rotation Using Deputize

14 April 2017

Threat Stack, like many other Software-as-a-Service providers, has an on-call rotation. During any week, two members of our engineering organization are tasked with responding to alerts across the platform they build and maintain. These two engineers are also responsible for a myriad of other services as well that provide support to the infrastructure: services that provide metrics and monitoring, log capture and collection, authentication, etc.

Read More

Five Lessons We Learned on Our Way to Centralized Authentication

25 October 2016

In many startups, centralized authentication is a “future us” problem. Setting up centralized auth is useful for managing your network, but requires time, domain knowledge, and patience to get many of the technical solutions working. Compare this with the ease of user management via configuration management (CM) tools that your DevOps teams are already using - they work well enough (and, did we mention, are already in place?) - so it makes total sense that many organizations “punt” on this issue.

Read More

Protecting Sensitive Credentials by Sharing Secrets in the Cloud

06 October 2016

In the life of many organizations, developers and operations people need credentials that they can use in case of emergency — when, for example, your external authentication services (either your multi-factor service or your internal directory) experience an outage. The existence of these accounts presents a problem, however: one of the best ways for an adversary to ruin your organization is to compromise the login credentials of an account that is on every machine in your infrastructure.

Read More

Software is Eating the Ops World

02 May 2016

One thing I’ve thought a lot about is how the role of the system administrator is changing. This reflection was prompted by a couple of things: one, I’m a co-chair for talks at one of the longest running system administration conferences, so I should probably think about this kind of thing seriously when planning what talks we’ll accept, etc. The other thing, though, is that I’ve read what some peers have had to say about the tone of the Google Site Reliability Engineering (SRE) book. My own interpretation is that the book thinks of traditional system administrators as “button pushers” who solely operate something that someone else gave them; similar to what you see in many large organization IT departments. There’s a heavy emphasis on Engineering™, which isn’t present in large organization IT departments. I haven’t really dug in to the book – so I’m going to leave those thoughts here and circle back in a few.

Read More

Docker and CentOS4

06 July 2014

As much as we would want a world in which all applications were updated regularly and licensed sanely, that is not the world we live in. Some applications cost several hundreds of thousands of dollars (per seat!) and their users expect to be able to use them into the future, even after the vendor has moved on.

Read More