pburkholder

fly -t fr pipelines | awk '{print $1}' | while read p; do 
  echo ==== $p ===
  fly -t fr get-pipeline -p $p -j | 
    jq '.resources[] | 
      select(.type=="git") | 
      select(.source.branch | test("master|gh-pages") | not)'
  fly -t fr get-pipeline -p $p -j | 
    jq '.resources[] | 
      select(.type=="git") | 
      select(.source.uri | test("github.com/(18f|18F|GSA|fugacious|cloudfoundry|cloudfoundry-community)/") | not )'

pburkholder

event_name="ConsoleLogin"
aws cloudtrail lookup-events --lookup-attributes \
  AttributeKey=EventName,AttributeValue=$event_name --query \
  'Events[*].{Ev:CloudTrailEvent,User:Username}' | 
    jq '.[]| "Username: " + .User, "  " + (.Ev| fromjson | "EventTime: " + .eventTime, "SourceIP: " + .sourceIPAddress) '

for event_name in AuthorizeSecurityGroupEgress AuthorizeSecurityGroupIngress CreatePolicy \
 CreateSecurityGroup DeleteTrail ModifyVpcAttribute PutUserPolicy PutRolePolicy \
 RevokeSecurityGroupEgress RevokeSecurityGroupIngress UpdateTrail; do

pburkholder

#!/bin/bash
#set -e

if [ "$#" -ne 1 ]; then
    echo
    echo "Usage:"
    echo "   jumpbox <environment>"
    exit 1
fi

pburkholder

# Logon to Azure ARM
$Azure = Get-AzureRmEnvironment 'AzureCloud'
$Env = Login-AzureRmAccount -Environment $Azure -Verbose
 
# Select Subscription
Select-AzureRmProfile -Profile $Env
$Subscription = (Get-AzureRmSubscription | Out-GridView -Title "Choose a Source Subscription ..." -PassThru)
 
# Select Subscription Function
Function Subscription {

pburkholder

# Exploring AzureRM json descriptors for testing

# We create a desiredification by running Deploy-DevVnetVA.ps1 and having it stop after writing the template,
# 'desired-DevNetVA.json'
# We determin actual state by exporting the AzureRM Resource group:
# Export-AzureRmResourceGroup -ResourceGroupName DevVnetVA -Path $pwd/actual-DevVnetVA.json


Describe "DevNetVa" {
BeforeEach {

pburkholder

I have to conclude the FIPS-mode enforcement for .NET is broken on Win2016/Win10annivEdition.

The SHA256Managed code, https://referencesource.microsoft.com/#mscorlib/system/security/cryptography/sha256managed.cs,32 reads:

#if FEATURE_CRYPTO
            if (CryptoConfig.AllowOnlyFipsAlgorithms)
                throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NonCompliantFIPSAlgorithm"));
            Contract.EndContractBlock();
#endif // FEATURE_CRYPTO

pburkholder

One of my colleagues at 18F asked in Slack:

I'm having a difficult time conceptualizing the difference between agile, lean, scrum, and kanban. Help! @channel

Leah Bannon jumped in with an excellent precis:

In short,

• agile is a broad term that refers to the general ideas of individuals over interactions, working software over documentation, collaborating with customers, and changing/iterating. it’s more of a philosophy than a methodology.
• lean, scrum, and kanban are methodologies that are guided by the philosophy of agile
• lean is more designy and focuses on developing a hypothesis and then testing/researching to adjust or confirm it https://pages.18f.gov/lean-product-design/

pburkholder

Slide 1 How to be Awesome

• DevOpsDaysDC 2015 -- I've not looked up this talk/speaker, because I'm not critiquiing a colleague's earnest attempt to share his best practices. I just used that title as jumping off point.
• Above Average Fallacy: Most of cognitive biases I reference are discussed in Kahneman, Daniel. Thinking, fast and slow. Macmillan, 2011.

Slide 2 How to be Average

• "Hero mentality" -- "DevOpsDays Boston 2014 - Jennifer Davis - From Hero to Zero" https://vimeo.com/104252736
• "Dunning-Kruger Effect": Kruger, Justin, and David Dunning. "Unskilled and unaware of it: how difficulties in recognizing one's own incompetence lead to inflated self-assessments." Journal of personality and social psychology 77.6 (1999): 1121.
• There's a great segment from This American Life on this: https://www.thisamericanlife.org/radio-archives/episode/585/in-defense-of-ignorance?act=2

pburkholder

     reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.ArchiverProviders,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.CoreProviders,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.MetaProvider.PowerShell,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.MsiProvider,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.MsuProvider,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.NuGetProvider,31bf3856ad364e35"  /f
      reg ADD "HKLM\Software\Microsoft\StrongName\Verification\Microsoft.PackageManagement.Test,31bf3856ad364e35"  /f
      reg ADD "HKLM\So

pburkholder

Original Question:

I had a call this afternoon ... and the question posed was how are we getting around the requirements for Admin level permissions on the Dev Environment to install and run Chef. It was a great question and I am sure we will run into that problem here very shortly. As you may or may not know, the Security requirements don’t allow [our organization's] Developers to have Admin level priv on the computers. Chef requires that to run.

TL;DR:

0. We need to reframe the question from the developer's access to the platform's permissions
1. The chef-client scheduled task on the windows nodes won't be useful unless it runs as an admin user.
2. Your developers will continue to need VMs to effectively do their work.