Dave Farley and The state of Continuous Delivery

An unpretentious newsletter that started as a personal learning and getting-in-touch project by Ivan Krnic grew into a popular sociotechnical newsletter covering topics of technical excellence, organizational improvements, and productivity.

Although it’s not a new concept, Continuous Delivery is lately picking up a lot of traction. Inspired by the situations where it takes up to six months for certain organizations to release a piece of software, Continuous Delivery is aiming at shortening the time it takes for a code change to be deployed in the production. There are some pretty obvious benefits to this: faster delivery process means that customers can sooner use new features, and an organization can sooner boost its revenue.

But there are also many subtle benefits that are even more important, but rarely mentioned.

For the business: a shorter delivery process means a shorter feedback loop that speeds up learning cycles. More learning cycles means more experimentation. Organizations can place more bets, and sooner figure out real customer needs.

For the tech: to achieve a short delivery process, we must get better in many of the practices, i.e. we need to work in small batches, learn how to slice business value, learn how to work in a team, have automated regression testing, and meticulously automate manual steps. Working in small batches enables us to reduce the blast radius in case of errors and fix them sooner. Just like Accelerate book says: by moving faster, our system is more stable… paradoxically as it may seem.

Dave Farley calls Continuous Delivery a “2nd generation agile practice”. We have mastered the social aspects of working in teams. That problem is solved. Now it is time to get back to engineering practices that support the delivery process. You could say that Kent Beck talks about this for ages, since the Extreme Programming book came out. And you would be right. There are organizations out there that are already exercising these practices. As with many things in our lives: the future is here, it’s just not evenly distributed.

If you made it this far, why don’t you book casual private time with our 0800-DEVOPS team to discuss Continuous Delivery or any other DevOps related topic -> NO strings attached! You just click’n’pick a timeslot that best suits you and we’ll do the rest….let’s figure out how we can help you. Or just have a casual chat on interesting topics!

Snyk published its The State of Open Source Security 2020 report revealing interesting trends in the security domain. There is a clear shift toward DevSecOps culture through shared responsibility for security among development, operations, and security people. This is truly encouraging. New vulnerabilities are generally down by 20% which indicates a greater focus on security. And finally, one warning: be aware that official container images do not guarantee the absence of vulnerabilities! Using an official image is not a replacement for maintaining proper container security hygiene.

If you prefer listening to reading, check out Alyssa Miller talking about the report in the Arrested DevOps episode “State of Open Source Security”.

Card processing friends, do you think that DevOps practices can work in a PCI/DSS compliant environment? Many traditional organizations believe this is impossible due to a famous Section 6.4.2 describing the Separation of Duties. The main concern is that Dev people who have developed a feature will never be allowed to deploy it in production. Therefore, there is a definite need for separate Ops people. And silos are inevitable.

In this paper, Gene Kim sheds light on Section 6.4.2 and describes how DevOps practices can be aligned with it. Additionally, Jez Humble shares how Etsy goes about implementing DevOps practices under PCI/DSS regulation.

Interested in DevOps topics but wondering who to follow to learn more? Apart from 0800-DEVOPS, of course 🙂 TechBeacon compiled a list of 100 DevOps pros.

We understand that DevOps is about cultural philosophies, practices, and tools that increase an organization’s ability to deliver applications and services at high velocity. But how do we know that we’re getting better at it? By visualizing and tracking what matters. Kentaro Wakayama reiterates over critical DevOps metrics and gives practical suggestions on how to track and visualize them.

Immutable containers are a great way to make sure that what worked in the test will also work in production. But how can you test services whose execution depends on specific execution time, for example when service should behave differently during working hours as opposed to weekends? You could of course build this testing logic into services themselves. But there is an alternative way: to leave your services as simple as possible and use specialized libraries that intercept various system calls used to retrieve the current date and time and change results according to library configuration. Our Vedran Vidović did precisely that.

By now you should be well aware of why Continuous Delivery matters and how it supports both business and tech improvements.

Although 10 years old, this book is still THE handbook explaining all the rationale and principles behind CD practice, as well as commonly used patterns. Looking in hindsight, it only confirms that no matter how frequently the technology changes, true patterns are forever.