Super Compact, DevOps-ish Pending Reboot Test for The Rebootiest Operating System in The Cloud

Windows and reboots - more than a few candles have been burned on both ends in understanding and resolving this relationship. Like it or not and despite Microsoft’s efforts - Windows is the most rebootiest operating system around.

There has to be a ton of code written around this - is it possible add a new contribution of real value?

I think it is - by being concise around my specific context of software deployment automation for DevOps in the cloud with a brutal eye to compactness.


Read more

Share Comments

No 7zip Allowed: Extracting Oracle's Gzipped Java Tarball On Windows to Create an Isolated, Zero Footprint Java Install for CIS CAT Pro

I had a project to package the CIS CAT Pro benchmark auditing tool for Windows and Linux. The unique Windows challenges I experienced are applicable anytime you either need to extract Java for Windows or extract any gzipped or tar archive on Windows - without using 7zip. CIS CAT Pro requires Java and I wanted to create a zero footprint Java install that could be cleanly wiped out by deleting a folder. This allows the automation to be more readily used on production systems because it won’t force a Java install, nor compete with an existing version of Java. (I find it ironic that CIS CAT requires Java - and then frequently flags the copy of Java it is using as a problem)

7zip has had a fair share of security vulnerabilities - consequently installing or using it can set off more than a few security bells where I work - so it was required to have a solution that was 7zip-less.

While it is more than a little frustrating that Java is only provided by Oracle as a gzipped tarball for Windows, this method will work fine for anything else that is only provided for Windows as a gzipped tarball.


Read more

Share Comments

Time Is Not Your Most Precious Resource

I used to feel that Time was the most valuable commodity I possessed. The reasoning is simple, seductive and often repeated. When this idea is tossed around in popular culture, it really seems to mean “Time is the most unchangable resource used for moving toward your goals.” It makes sense right?, because you can’t control your spend rate - it goes out the door at 60 seconds to the minute, 24 hours to the day.

One morning I woke up and realized my sleep time is not available to me to apply to my goals. (Yeah, self-evidential Eurekas are that sort of paradox) This got me wondering whether there were other natural limits to my usable time that I wasn’t immediate grasping?

To this day, I am a personal productivity geek who enjoys books on time perception and tracks every minute of my professional work activities, yet I have come to believe that time itself is NOT my most precious resource…


Read more

Share Comments

Automators Paradox - Never Put Your Career Management on Autopilot

My mind does little cartwheels when it experiences the confluence of two independent streams of thought into a larger, faster flow.

I have been listening to Stanley McChrystal’s “Team of Teams” which bursts with interesting insights. Recently someone forwarded a blog post by a colleague, Forrest Brazeal, titled “Cloud Irregular: The Creeping IT Apocalypse”.

The combination seems to be both delicious and nutritious.


Read more

Share Comments

Three Amazon Linux 2 Containers for Testing

I frequently have to test code on Amazon Linux 2 - both for work and for the PowerShell Core universal install script install-powershell.sh that I help maintain on the PowerShell Open Source project.

Spinning up an instance on Amazon is not a hassle, unless of course, you compare it to spinning up a container. Amazon Linux 2 container images are necessarily super-optimized to run as a container host for applications - so they have many packages removed compared to an Amazon Linux 2 EC2 AMI build.

But when I am testing something that will run on the full EC2 build, I’d still like to use a container.


Read more

Share Comments

Validated Learning via Retrospective Wardley Value Chain Mapping

When I changed roles to a DevOps tooling team lead, I inherited a bunch of tools that essentially amount to ready-to-use deployment automation artifacts. They were managed as shared source. Similar to open source, features and fixes to the tooling could be implemented by anyone in the group. As my team started working with the code, we kept finding woefully out-of-date code. We also discovered improvements and features in some tools that were not in others of the exact same kind. Most this tooling was built for both Linux and Windows. We were also finding significant differences in functionality between the Linux and Windows versions of the same tools.

Read more

Share Comments

Undo-WinRMConfig Version 1.2.0 is Generally Available

Back in June I kicked off the open source project for reverting WinRM to its pristine state (or as close as possible). There has not been a lot of community feedback, so I’m going to take that as a sign that the approach is sound and the initial operating support is sufficient.

The GA release version is 1.2.0 and we have a new icon: Undo-WinRmConfigIcon


Read more

Share Comments

WinRM For Provisioning - Close The Door On The Way Out Eh!

Growing up in Northern Canada I heard “Don’t forget to close the door on your way out!” many times a day for about 9 months of the year. Leaving a door open on your home wastes energy - leaving a door open in your computing environment can lead to downright mayhem. Many windows remote orchestration tools (e.g. Packer) instruct you to open up winrm permissions in a way that is not safe for (nor intended for) use in production. (e.g. https://www.packer.io/docs/builders/ncloud.html#requirements-for-creating-windows-images)

Generally there is no guidance on how to re-secure it nor even a reminder to do so. The assumption most likely being that you would handle proper winrm re-configuration as a part of provisioning a machine from the template image your making. However, in many organizations, system image preparation may be the only use of WinRM - so it is forgotten. Or maybe whatever is used to re-configure WinRM on first boot does not actively reset one or more of the permissive settings used during machine provisioning.


Read more

Share Comments

Webinar - Securing DevOps - Advice from the Frontlines

I will be participating in an expert panel to discuss how to effectively bridge the infosec/DevOps divide. Learn how you can too, 2pm ET, June 20, 2018. Tenable Webinar Playback

Read more

Share Comments

Accelerate Software Deployment Automation With Chocolatey NuGet Essentials For Automation Pros

After my session “Setting Up Your Own Private, Secured Package Repository” at the PowerShell DevOps Summit, there has been more interest in the PluralSight course I built to help automation developers get started with Chocolately. Chocolatey NuGet Essentials for Automation Pros unpacks the Chocolatey technology set and helps you understand what role it plays in deployment automation, and how it can deliver critical value to your software deployment automation tool chain whether you live in a DevOps world or a Traditional Ops world.

Read more

Share Comments