[ale] shared research server help
Jerald Sheets
questy at gmail.com
Thu Oct 5 11:32:33 EDT 2017
> On Oct 5, 2017, at 11:06 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
> Dev make terrible admins. Devs make terrible security officers. Devs need to be throttled by hardware so they learn how to write efficient code. One faculty gets the cheapest old crap machines for new students to run their code on so they are forced to make improvements in performance. It's mostly a pretty good idea.
This is where we “DevSecOps”-ians come in. I democratize the entire security process so the devs can secure via API calls and document the whole shooting match. Best part is when they go to the CI pipeline and they haven’t written tests nor have they implemented security. If those things aren’t in their code, it gets kicked back out and refuses merge.
They get all mad, call meetings with directors and such… .”Well, your developer neither leveraged the documented security APIs nor did they write tests for their code. We don’t allow that into our CI pipeline, because that mess could make it to production”. “I don’t know a single developer that writes tests the way you’re saying.” I sit back and grin…. “Why not, the sysadmin (me) uses TDD for ALL his automation code. If an ops guy does, why in the heck does a developer NOT?
I love my job sometimes.
—j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://mail.ale.org/pipermail/ale/attachments/20171005/9c7d1eb6/attachment.sig>
More information about the Ale
mailing list