Signet Ring = Early 2 Factor Authentication

Photo: A. Reinkober / pixelio.de
I recently met somebody who had a signet ring and suddenly realized that this is a very early form of 2-factor-authentication (2FA):

Signet Ring2FA
Difficult to copySupposedly impossible to copy
Seal proves personal involvement of bearer2FA token proves personal interaction of owner

The main difference is of course that 2FA is commonly available to everybody who needs it while signet rings where and remain a special feature. But it is still nice to know that the basic idea is several thousands years old.


Cloud Exit Strategy

As ImmobilienScout24 moves to the cloud a recurring topic is the question about the exit strategy. An exit strategy is a plan for migrating away from the cloud, or at least from the chosen cloud vendor.

Opinions range from "why would I need one?" to "how can we not have one?" with a heavy impact on our cloud strategy and how we do things in the cloud.

When talking about exit scenarios it is worth to distinguish between a forced and a voluntary exit. A forced exit happens due to external factors that don't leave you any choice when to go. A voluntary exit happens at your own choice, both when and how.

Why would one be force to have an exit strategy? Simple because running a business on cloud services carries other types of risks compared to running a business in your own data center:
  • Cloud accounts can be disabled for alleged violation of terms
  • Cloud accounts can be terminated
  • There are no guaranteed prices. Running costs can explode as a result of a new pricing model
  • The cloud vendor can discontinue a service that you are based on
  • Lost cloud credentials combined with weak security can be desastrous (learn from Codespaces)
  • If the cloud vendor is down you can either hope and wait or start your website somewhere else, if you where prepared. In the data center you can try all sorts of workarounds and fixes - but you must do that all yourself.
  • ... fill in your own fear and bias against the cloud ...
A voluntary exit can easily happen after some time because:
  • Another cloud vendor is cheaper, better or solves problems that your current vendor doesn’t care about
  • You are bought by another company and they run everything in another cloud, forcing you to migrate
  • ... who knows what the future will bring?
Probably there is no perfect answer that fits everybody. Besides just ignoring the question I personally see two major options:
  1. Use only IaaS (e.g. servers, storage, network) or PaaS (fancy services) from the cloud so that it is easy to migrate to another cloud vendor or to a private cloud. The big disadvantage is that you won't be able to benefit from all the cool managed services that make the cloud an interesting place to be.
  2. Use many cloud providers or accounts (e.g. matching your larger organisational units) to reduce the "blast radius" and keep the communication between them vendor independant. If something happens to one of them the damage is limited in scope and everything else keeps working. The disadvantage is that you add complexity and other troubles by dealing with a widely distributed platform.
I prefer the second option because it lays the ground for a voluntary exit while still keeping most of the advantages of the cloud as an environment and ecosystem. In case of a forced exit there is a big problem, but that could be solved with lots of resources. A forced exit for a single account can be handled without harming the other accounts and their products. As another benefit there is not much premature optimization for the exit case.

Whatever you do - I believe that having some plan is better than not having any plan.


DevOps Berlin Meetup 2015-07

Is Amazon good for DevOps? Maybe yes, maybe no. But for sure the new Berlin office is good for a Berlin DevOps Meetup.

Jonathan Weiss gave a short overview over the engineering departments found here: AWS OpsWorks, AWS Solution Architects, Amazon EC2, Machine Learning.

Michael Ducy (Global Partner Evangelist at Chef Software) talks about DevOps and tells the usual story. Michael uses goats and silos as a metaphor and builds his talk from the famous goat and silo problem. He sees the "IT manufacturing process" as silos (read History of Silos for more about that) and DevOps minded people as goats: Multi-purpose, versatile, smart and stubborn at reaching their goals.
The attendees of the DevOps event probably did not need much convincing, but the talk was nevertheless very entertaining. Michael has an MBA and also gave some useful insights into how organisations evolve into silos and how organisational "kingdoms" develop.

The talk is available as video: 15min from Jan 2015 and 24min from Dec 2013. The slides are available on Slideshare.

As a funny side note it turns out that Amazon even rents out goats: Amazon Hire a Goat Grazer. However it seems that this offer is about real goats and not DevOps engineers.


ImmobilienScout24 Social Day at the GRIPS Theater

Today I went to the GRIPS Theater (English) instead of the office. Once a year ImmobilienScout24 donates the work force to social projects, called Social Day. I used the opportunity to catch a glimpse behinde the stage. The theater in turn got a workshop from us about their web site and social media channels.

But first we watched a very nice children show (Ein Fest bei Baba Dengiz) about a German guy who learned respect for foreigners - from another German with Turkish background. The show was well adapted to the school-age audience.

The theater follows a somewhat unusual concept and places the stage in the middle of the audience:
Foto mit freundlicher Genehmigung des GRIPS Theaters
This was my first visit to the GRIPS Theater, but not the last. Besides a rich children programme the theater also offers shows for adults and is most famously known for the show Linie 1.


Meetup Marathon

This week was my Meetup Marathon:

Software Memories and Simulated Machines was above my head. Scaling Logstash made me wonder how many engineers you actually need to run that "properly". Nix is something we hopefully don't need, Rok actually said that if you package everything you don't need it.

STUPS is the "Cloud Ops" stack from Zalando, nicely published on GitHub:

The STUPS platform is a set of tools and components to provide a convenient and audit-compliant Platform-as-a-Service (PaaS) for multiple autonomous teams on top of Amazon Web Services (AWS).

It contains a lot of tools that work together to solve a lot of the challanges related to running a large company on AWS. For me that was most definitively the highlight of this week.

Hennig explaining STUPS at the AWS User Group.


OpenTechSummit 2015

Yesterday was the first OpenTechSummit in Berlin, a new conference that came partially in place of the LinuxTag. The conference squeezed a large amount of talks into a single day. The talks where either 10 or 20 minutes long and covered many non-technical topics related to open knowledge or open technology.

One thing impressed me especially: All day long there where workshops for children and youth. While some kids took their first steps in coding, others came to work together on advanced programming or hardware projects.
The date (a German state holiday) made sure that children had time to attend, many IT people came together with their children. The organizers where actually surprised by the large amount of children who registered for a free kids ticket.

I gave my "DevOps, Agile and Open Source at ImmobilienScout24" talk and put up some ImmobilienScout24 posters for our sponsoring.


Better Package Than Copy

Today I realized that for me it easier to create a small package than to copy a single file.

The example is glabels-schlomo, a Debian package I created just now to store extra gLabels templates for the label sheets that I use at home. The motivation was that I spend half an hour looking through old backups to find a template definition that I had not copied over when I reinstalled my Desktop.

Creating the package took another half an hour and now I can be sure that I won't forget to copy that file again. And I will also have the template definition at work in case I need to print a sheet of labels there.

If you also feel that packaging is better than copying then feel free to use this package as a template for you own stuff. It contains a Makefile and uses git-dch to automatically build a DEB release from the git commits.


WARNING is a waste of my time

How many log levels do you know? How many log levels are actually useful? At Relax and Recover we had an interesting discussion about the use of the WARNING log level.

I suddenly realized that in a world of automation, I need only two log levels:

ERROR and everthing else.

ERROR means that I as a human should take action. Everything else is irrelevant for me.

So far for the user side. As a programmer the choice of log level is sometimes much more difficult. As a programmer I might not want to decide for the user if some problem is an ERROR or not. The obvious solution is to issue a WARNING in an attempt to shed the responsibility of making a decision.

But in an automated world that does not help me as an admin to run the software better. WARNINGS for most cases only create extra manual work because somebody needs to go and check some log file and decide if there actually is a problem. I would rather have the software make that decision and I would be happy to fix or readjust the software if that decision was wrong. So, please no WARNINGs.

Apparently others see that different and prefer to get a large amount of WARNINGs. The only way out is that software should be written so that the user can configure the behaviour of WARNINGs. If neccessary, it should be even possible to configure the behaviour for different events.

So why are there so many logging levels? I think that the main reason is that it is simpler and less work for software developers to use many log levels than to implement a sophisticated configuration scheme for which events should be considered an ERROR and which not.

Together with a Zero-Bug-Policy, eliminating WARNINGs goes a long way towards beeing more productive.

DevOpsDays 2015 Presentation:


Exploring Academia

Last week I attended the Multikonferenz Software Engineering & Management 2015 in Dresden hosted by the Gesellschaft für Informatik:

My topic was Test Driven Development, but I had to rework my original talk to fit into 20 minutes and to be much less technical. As a result I created a completely new fast paced talk which draws a story line from DevOps over Test Driven Infrastructure Development into Risk Mitigation:

The conference is very different from the tech conferences I usually attend. First, I really was the only person in a T-Shirt :-/. Second, I apparently was invited as the "practitioner" while everybody else was there to talk about academic research, mostly in the form of a bachelor or master thesis.

As much as the topics where interesting, as little was there anything even remotely related to my "practical" work :-(

I still find it interesting to better combine the different worlds (academic and practical), this conference still has some way to go if it wants to achieve this goal. Maybe it would help to team up with an established tech conference and simply hold two conferences at the same time and place to allow people to freely wander between the worlds.

I also had some spare time and visited the Gläserne Manufaktur where VW assembles Phaeton and Bentley cars. They take pride in the fact that 95% of the work is done manually, but sadly nobody asked me about my T-Shirt:
I am squinting so much because that days had a really bright sun. In the background is a XL1, a car that consumes less than 1ℓ of fuel per 100km.


A Nice Day at CeBIT 2015

After many years of abstinence I went back to visit the CeBIT today. And actually enjoyed it a lot. It is funny to see how everything is new but nothing changed. From the oversized booths of the big players like IBM and Microsoft to the tiny stalls of Asian bank note counting machine vendors. From the large and somewhat empty government-IT-oriented booths to meeting old acquaintances and friends.
But there are also several notably new things to see: For example Huawei shows itself being an important global player with a huge booth next to IBM.
I managed only to visit a third of the exhibition but it was more than I could absorb in a single day. Nevertheless, my missing was accomplished with giving a talk about “Open Source, Agile and DevOps at ImmobilienScout24”. The talk is much more high-level than my usual talks and tries to give a walk through overview. There were about 60-80 people attending my talk and the questions showed that the topic was relevant for the audience. So maybe giving management-level talks is the right thing to do for CeBIT.
Meeting people is the other thing that still works really well at the CeBIT. Without a prior appointment I was able to meet with Jürgen Seeger from iX magazine about my next ideas for articles and with people from SEP about better integrating their backup tool SESAM and Relax-and-Recover.
The new CeBIT concept of focusing on the professional audience seems to work, I noticed much less bag-toting swag-hunting people than last time. All in all I think that attending for one day is worth the trouble and enough to cover the important meetings.

Random Impressions

IBMs Watson wants to be a physician.

Video conferencing with life-sized counterparts. 4K really does make a difference!

Why buy 4 screens if you can buy 1 (QM85D)? Samsung has a lot more to offer than just phones.

Definitively my next TV (QM105D). 105", 21:9 ratio and 2.5 meters wide.

Another multimedia vendor? WRONG! This is "just" a storage box!

Though is seems like storage is no longer the main focus for QNAP.

Cyber crime is big - cyber police still small

Virtual rollercoaster at Heise - barf bags not included.

Deutsche Telekom always has a big booth and represents the top of German IT development. To underline the "Internet of Things" a bunch of robot arms was dancing with magenta umbrellas.

Dropbox comes to CeBIT in an attempt to win business customers. The data is still hosted in the USA, but the coffee was great.

And finally, even the weather was nice today.