Posts

Showing posts from March, 2022

DNS for Azure Point to Site (P2S) VPN - getting the internal IPs

Image
I wanted to access all my Azure resources without making any of them visible to the Internet.   The easiest give my local machine access to everything on my Azure Virtual Network (VNET) was to connect to it over VPN. It turns out creating Azure VPN gateways and connecting to Azure VPN endpoints is easy.  There are some subtleties in getting DNS name resolution to work that can confuse when first starting out. Setting the Stage There are a few ways to get to Azure endpoints and resources that are blocked from the internet.  We can  Create a Point-to-Site connection from our local machines to Azure Network Gateways Create a Site-to-Site network connection from our local networks to Azure Network Gateways. Use Bastion Hosts Use Cloud Shell Leave everything open to the internet. I chose a Point-to-Site (P2S) VPN connection that connects from my laptop to a VNet Gateway.  That joins my laptop

Wayback - Middle school computer programming with paper tape and only one run per day

Image
My first programming was in middle school where we could create programs that would run at night when the school district mainframe was idle. We created Basic programs on paper tape and left the tapes in a basket on the floor. Someone would feed the paper tapes into the teletype reader overnight and put the tape and the printout result back in the basket. You got one program execution per day.  You always had to wait until the next data to find out if it worked. A single program error meant rekey, patch, and then waiting.  I think we could run our own programs on an occasional weekend but can't be sure. I am pretty sure that it punched the tape as you typed the program.  This meant you wrote down your exact program before you came in. You had to manually fix errors in a tape by generating a fix tape that you spliced the fix into the middle of the original tape. I believe we used scissors and put blank characters at regular intervals to have a place to cut for a patch. We used the 7

Are gifs still cool? - Working across generations

Image
I fought using memes and emoticons in work chats as work inappropriate.  Then I decided that might be a geezer opinion and went with it, on a limited scale. I used one the other day and then asked a question about whether they were still cool.  My team totally had my back on it. 👍 I heard GIFs were cool and then I heard they were for Millenials with a tone that said that Millenials are now considered old. Am I supposed to use GIF? or not? Are Millenials old?  If so compared to what? Do I have to use Generational GIFs like ASCII art👴? Someone put up a comment that we weren't ready for a new programing language because we had enough trouble with the one are already using. I put up GIF along with a comment about how the language we were using was changing so much that it was the same thing.

Why so many software swim lanes and environments

Image
Software moves through different phases on its way to production. It starts as raw software that becomes more refined as it is tested and then moved to production.  Partner teams often need to test their current code against your new code to make sure there were no breaking changes.  Software versions currently in production must be available to other teams so that they can test their changes against your code that will be in production when their new changes are actually deployed.  Some companies can get by with as few as 3 environments. Others can have over 7 or 8. Click to expand The Video Walkthrough The Development Track This is the normal promotion process from development through test and into production. There can be some orchestration through shared environments or through environments that are integrated with other teams.  The development and test groups own the

Creating a No-Patch Security Cadence

Image
A zero-patch environment is one in which we redeploy our applications with updated dependencies as part of our normal Continuous Deployment process.  This is part of You Build It - You Own It We need to create a repeatable cadence for bringing in Operating systems, containers, application patches, and binary updates.  We can reduce some of our work by pushing as much of our workload as possible onto PaaS, serverless, and cloud services. Three Month Cycle Example This is a prototypical 3-month update cycle where an application is redeployed with security and bug fix updates at least every quarter. Click to enlarge The Image team identifies required operating and container image updates.  Application teams identify CVE library updates via automated scanners. The application teams start integrating library updates.  The image team

Mandate zero patching. Drive automation in the cloud.

Image
In-place patching is an anti-pattern for cloud-native applications that originates from the data center with low levels of automation for infrastructure and application management. The shift-left movement pushes ownership to the development teams that are best served by applying all changes via their CI/CD pipelines. This goes for infrastructure, containers, serverless, code, et al. Video Slides used in video The talk did not cover zero-day emergency patching.  Sometimes a mass update must be applied to all like systems.  In that case, patching may be supported with a full redeployment as soon as possible after that. Created 2022 03