ISSUE 206: Everyone Loses with Sexism

“Playing the guitar is really complicated. Once you learn how to do it, you can make beautiful music, but getting there is more challenging than most people realize.”

The concept of DevSecOps is getting a lot of play these days — and for good reason. As organizations’ DevOps seek to boost their rates of deployments and updates at cadences unheard of just a few years ago, the risk of vulnerabilities can often increase at the same rate, in theory. While it doesn’t have to be this way, of course, some organizations struggle with remediating vulnerabilities long after the software has been deployed, not only causing major potential headaches when breaches occur (think Equifax), but causing additional pain when developers must reconfigure code again, and in extreme cases, reinvent the wheel.

The solution, of course, is for security teams to become vested in code development at the very beginning of the production cycle. This is what agile DevOps teams are supposed to do anyway, but many organizations have not implemented the necessary culture, tools and processes to do this. After years of existing as a concept, DevSecOps formalizes the often missing security links in development processes today.

In this edition of The New Stack Makers podcast, we discuss DevSecOps evolution and why it is so vital today. The guests were selected for there first-hand experience and experience with DevSecOps were:

• Rohit Gupta, global segment leader, security, for Amazon Web Services (AWS).
• Cindy Blake, security advocate, for GitLab.
• Shaan Mulchandani, AWS security practice, for Accenture.

The New Stack Publisher Alex Williams hosted this episode.

Everyone Loses with Sexism

Last month saw the release of Susan Fowler’s "Whistleblower: My Journey to Silicon Valley and Fight for Justice at Uber." You might remember Fowler during her time at Uber, where she worked as a software engineer, where she gave a number of useful talks on microservices.  

In early 2017, she penned a blog post that laid bare the rampant sexism and sexual harassment she experienced while at Uber. One her first day at work, she was propositioned by her supervisor, “Jake,” over chat. When she brought the issue to HR, they deflected it, claiming that Jake was a valued asset to the company, and that this was his first infraction anyway. 

This turned out not to be the case. In fact, HR for the ride-sharing service had defended Jake from multiple claims of harassment. Jake did not get punished, and Fowler, according to her own retelling of events, was reassigned to another department and was retaliatorily gaslit in subsequent performance reviews. Naturally, she left the company the first chance she got.

But Jake was not just an isolated case of inappropriate behavior. In fact, his attitude towards those he supervised was symptomatic of the entire Uber culture itself. As Fowler pointed out in the book, “Disregarding laws, rules and regulations was so entrenched in Uber's culture that managers within the company seemed to believe that various rules, including employment law and basic human decency, no longer applied to them."

Through the long string of negative press the company subsequently received, one can see this toxic ethos in action.

Only after Fowler’s post went viral, and the world was exposed to the ride-sharing service’s dirty laundry, did the company take her complaint seriously. It hired Eric Holder, former U.S. Attorney General, and Tammy Albarrán to conduct an independent review regarding the specific issues raised by Fowler, as well as provide an assessment of the diversity and inclusion at Uber. Resultantly, 20 employees were fired, right on track, and the company CEO Travis Kalanick took a leave of absence.

But, aside from lost goodwill, the real loss to Uber was not only of Fowler’s engineering talent, but her early-warning signal that something with the company culture was not right. Sexism is everyone’s problem.

Why Observability Needs to Stay Weird

Observability isn’t about three pillars, or dashboards or a particular product. It’s about how we think about change, and how we manage the effects of that change. An observability mindset eschews blind monitoring and alerting; rather, it puts people in the center of the process of running reliable software, and asks them “how can I help?” rather than “do this now.” Check out this provocative sponsored post by LightStep’s Austin Parker.

GitOps Made Simple with Flux

With Git you push your code changes to the repository. With GitOps, those changes can be done to the configuration of an infrastructure. But what is on the other side, pulling the changes and incorporating them into operation? Meet Container Solutions’ Flux, Kubernetes-native GitOps operator. In an infrastructure managed by Git, Flux connects to your Git repository and watches for all changes on a specific branch and folder. When a commit occurs, Flux will operate on the cluster in order to deploy those changes. Using Flux means that no external tool or script, granted with a cluster access, needs to be triggered in the repository pipeline in order for new or changed code to be deployed in the environment.

CNCF Reschedules KubeCon+CloudNativeCon Europe 2020 Amid Coronavirus Concerns

Due to the growing concerns around the rapid spread of Coronavirus Disease, the Cloud Native Computing Foundation (CNCF) has decided to officially cancel and reschedule its upcoming 2020 KubeCon+CloudNativeCon in Amsterdam next month, originally scheduled for March 30 - April 2. The event is currently expected to be rescheduled to a yet-to-be-determined date in July or August 2020, with the North America event in Boston next November expected to occur as planned. The CNCF will also completely cancel KubeCon + CloudNativeCon + Open Source Summit Shanghai in July 2020.