A discussion of the importance of communication between people in different teams or working in different disciplines, with lots of examples from my time introducing devops practices to the UK Government.
Report
Share
Report
Share
1 of 83
Download to read offline
More Related Content
Communications Between Tribes
1. (without introducing more risk)
Communication between Tribes
Puppet
Gareth Rushgrove
A story of silos, Devops and Government
21. the language and speech,
especially the jargon, slang or
argot, of a particular field, group
or individual
Gareth Rushgrove
lingo
noun
plural noun: lingoes
22. Language acts as a barrier to
entry to different communities
Gareth Rushgrove
33. Will the release really work?
Gareth Rushgrove
Paraphrasing one of my colleagues from 2012
”
“
34. Yes. We’ve done it more than
1000 times. I’m confident it
works now
Gareth Rushgrove
Paraphrasing me
”
“
35. Early members of GDS were
mainly from media, startup and
technology backgrounds
Gareth Rushgrove
36. The formal language of
Service Management* was
unfamiliar to most
Gareth Rushgrove
*Ironically, ITIL was a creation of CCTA, a UK Government agency
37. But practices like automation,
developers on-call, configuration
management, continuous
deployment, and automated
testing were second nature
Gareth Rushgrove
39. We cancelled one configuration
management effort because we
couldn’t keep the spreadsheet
up to date
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
40. The recommendation was to move
from quarterly releases to one
release every 6 months
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
41. Oh, we use an open source
configuration management tool
which reports state every
30 minutes for every device
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
42. Overlapping words from different
tribes are often a great place to
start collaborating
Gareth Rushgrove
Tip
44. A lack of personal relationships,
sometimes caused by the
inability to communicate,
leads to stereotypes
Gareth Rushgrove
45. a widely held but fixed and
oversimplified image or idea of a
particular type of person or thing.
Gareth Rushgrove
stereotype
noun
plural noun: stereotypes
53. a fictional rogue systems
administrator who takes out his
anger on users and others who
pester him with computer problems
Gareth Rushgrove
BOFH
Bastard Operator from Hell
58. Making use of stacks of paper
policy often involves middlemen
Gareth Rushgrove
59. Having direct access to real
domain experts* is awesome
Gareth Rushgrove
*Unfairly in my case that mean
60. I think you’ll find you can’t do that
because of my interpretation of this
wording in GPG13
Gareth Rushgrove
Unfairly paraphrasing countless conversations with intermediaries”
“
61. Let’s just ring Richard from
GCHQ and see what he thinks
Gareth Rushgrove
”
“
Unfairly paraphrasing countless conversations with intermediaries
69. (without introducing more risk)
Feature: Search
@high
Scenario: check search results on unified search
Given I am testing through the full stack
And I force a varnish cache miss
When I search for "tax" using unified search
Then I should see some search results
@normal
Scenario: check organisation filtering on unified search
Given I am testing through the full stack
And I force a varnish cache miss
When I search for "policy" using unified search
Then I should see organisations in the unified organisation filter
@normal
Scenario: check sitemap
Given I am testing through the full stack
And I force a varnish cache miss
When I get the sitemap index
Then It should contain a link to at least one sitemap file
And I should be able to get all the referenced sitemap files
GOV.UK Smoke Tests
70. (without introducing more risk)
Feature: Search
@high
Scenario: check search resul
Given I am testing through
And I force a varnish cach
When I search for "tax" us
73. (without introducing more risk)
// Should cache responses for the period defined in a `Cache-Control:
// max-age=n` response header.
func TestCacheCacheControlMaxAge(t *testing.T) {
ResetBackends(backendsByPriority)
const cacheDuration = time.Duration(5 * time.Second)
headerValue := fmt.Sprintf("max-age=%.0f", cacheDuration.Seconds())
handler := func(w http.ResponseWriter) {
w.Header().Set("Cache-Control", headerValue)
}
req := NewUniqueEdgeGET(t)
testRequestsCachedDuration(t, req, handler, cacheDuration)
}
CDN Acceptance Tests
74. (without introducing more risk)
Scenario: The application should not contain SQL injection vulnerabilities
Meta: @id scan_sql_injection @cwe-89
Given a scanner with all policies disabled
And the SQL-Injection policy is enabled
And the attack strength is set to High
And the alert threshold is set to Low
When the scanner is run
And the XML report is written to the file sql_injection.xml
Then no Medium or higher risk vulnerabilities should be present
BDD Security