Copy
To judge from its Summit event earlier in New York, AWS is making sure the pace of enterprise security equals that of enterprise development overall. View in browser »
The New Stack Update

ISSUE 79: Security and DevOps Go Better Together

Talk Talk Talk

“The integration landscape is enormous, and like the universe, it has no actual center. It’s impossible to find something that does everything in the integration space.”

___
James Markarian, chief technology officer of SnapLogic.
Add It Up
47% of Surveyed Companies' Employees Are Open Source Contributors
Comparing Corporate OSS Contributions With GitHub Organizations
Do you remember reading that Microsoft and Facebook had more contributors than any other organization on GitHub? That stat has limited value because a significant amount of development works happens outside of an employer’s GitHub organizations. For example, Red Hat employees represent a significant number of contributors across a wide range of cloud and container-related projects, but may not get recognized for this because it occurs in non-corporate organizations. Furthermore, it is common for a company to create a separate organization for popular projects. Thus, using this methodology, Google does not get recognized for its Angular project, but Facebook gets to bask in React’s glow.
 
Another way to evaluate GitHub organizations is based on their activity. Open Hub data indicates that 61 percent of the most active organizations on GitHub organizations are commercial enterprises. Most of these companies are working on projects where almost all of the contributors are also employees. Non-profit organizations, like those supporting Linux and Kubernetes, on average have the highest number of commits. Education organizations have the fewest because many of the projects they maintain are just ways to manage syllabi and homework assignments.
 
Looking forward, we want to evaluate corporate OSS based on the percentage of a developer’s time that goes towards corporate-controlled OSS projects, other open source efforts as well as proprietary endeavors. How would you measure the open involvement without using crass vanity metrics?
What's Happening

The “eco-” part of the term “ecosystem” has the same root as both “ecology” and “economy.” It’s hard to build anything that’s designed to be economically self-sustaining, around a core product that’s essentially free. You’ve heard Apcera CEO Derek Collison sound such warnings before. As readers of The New Stack will recall, Apcera produces a premium container management platform that lets customers deploy applications across clouds.

In an InfoWorld interview published last month, Collison turned up the heat, suggesting to Matt Asay that Kubernetes may have value as an ecosystem core only to companies with a direct interest in it, such as Google. But Google will inevitably improve its Cloud Platform business model around APIs, Collison said, creating efficiencies that steer the customer around Kubernetes. And when that happens, the lifeline to the Kubernetes ecosystem could get pinched.

In this podcast of The New Stack Analysts, Collison offered a more in-depth explanation of his viewpoint.

A Skeptical Look at Kubernetes

Security and DevOps Go Better Together

To judge from its Summit event earlier in New York, AWS is making sure the pace of enterprise security equals that of enterprise development overall. One new security service introduced at the show called Macie, for instance, automatically discovers and classifies data in your Simple Storage Service buckets using natural language machine learning. It does this to determine what data may be sensitive and so it can block unnecessary access of that data. It’s a security done with scalability in mind.

Macie is, in fact, a good example of DevSecOps, in which security is practiced at the same pace of the rapid development ways of CI/CD. This is a requirement from AWS enterprise customers, it turns out.

“We are having as many conversations now about our security services as we are about as we are about our developer productivity suite,” said Bill Shinn, AWS principle security solutions architect, in a conversation we had at the event. Security teams are now looking to become as agile as the engineering teams, and in many cases, they can even use the same set of DevOps tools. “Engineering teams are shipping code 10 to 20 times a day, and security teams need to keep up. They need to understand how the developers work.”

Node.js Forked Again Over Complaints of Unresponsive Leadership

Node.js being forked again will not come as good news to technology executives who make long-term decisions about which technologies to include on their technology roadmaps. Will the server-side JavaScript runtime be around in five years? Or will it be io.js (a 2015 fork of Node.js)? Or will it be “Ayo,” the newest fork proposed by a number of people closely involved in the project, who are uncomfortable with the presence of one member in particular on the Node.js technical steering committee and, just as importantly, the Node board’s supposed refusal to adequately address their concerns?

Aporeto’s Vision for a Shared Orchestration and Security Platform

Aporeto may not be a company you have heard of yet, but if you are considering the use of containers in your enterprise, you should take a close look at least the ideas of Aporeto CEO Dimitri Stiliadis. In this interview, Stiliadis argues that some significant architectural changes need to be made to the entire microservices environment, including to the orchestrator, in order for large-scale container operations to be compliant with an organization’s security policies.

Geek Glamor: Or, the Girl in the Glowing Gown

Claire Smith’s prom dress had everything a girl dreams of in her first fancy formal gown: diaphanous layers of shimmery pink fabric, a spangly strapless satin bustier top, and softly glowing LED lights controlled by a wearable electronics platform.

Party On

Bill Shinn, AWS principle security solutions architect.

On The Road
Event: PagerDuty Summit, Sept. 7 Pier 27 @ The Embarcadero, San Francisco, CA

SEPTEMBER 7, 2017 // PIER 27 @ THE EMBARCADERO, SAN FRANCISCO, CA

PagerDuty Summit
How do we imagine what operations looks like in the future? At PagerDutySummit, we’ll explore this question and how infrastructure teams will have to adapt to a world where artificial intelligence is just part of the reality. 30% off PagerDuty University training with code: PDU!NEWSTACKRegister Now!
Event: Microbrews & Microservices Docker Meetup. Feb 17th, 2016 from 6-8pm @ Dynatrace/Keynote Office

SEPTEMBER 7-8, 2017 // AMSTERDAM, NETHERLANDS

Software Circus
Come on out for the greatest livestream on earth from the {code} Escape Room at Software Circus in Amsterdam. Watch the stream as we provide clues to answers about containers, cloud-native technologies and the mysteries of portability and storage.
FREE EBOOK: Learn about patterns and deployment use cases for Kubernetes.
Kubernetes is a container management platform designed to run enterprise-class, cloud-enabled and web-scalable IT workloads. For both new users and recent adopters, it’s important to highlight how Kubernetes is being utilized by teams and organizations.

This ebook begins with an overview of the Kubernetes platform and how it functions, then covers the usage patterns and key deployment scenarios of customers using Kubernetes in production. We’ll also take a look at the projects and companies, such as CoreOS, Intel and Red Hat, working to push Kubernetes forward for the entire ecosystem.
Download The Ebook
Upcoming ebook series: Kubernetes, Node.js, Serverless
Copyright © 2017 The New Stack, All rights reserved.


Want to change how you receive these emails?
You can unsubscribe from this newsletter