Over the course of my professional career I have witnessed the transition from free and open source software being something useful engineers do, to a multi-billion dollar industry with companies jumping into the frenzy. During this time I have also gone from an open source user, to contributor, to a board member. Helping to steward a few small projects, but mainly focusing on the Jenkins project. Along the way I have interacted with businesses in each role, forming opinions of their businesses. Getting a sense of their cultural values by watching and listening as their employees interact with the project, or their executives make public statements about Jenkins or open source software in general. By night I am open source contributor, but by day I am now what enterprise sales people refer to as the “buyer.” One with opinions formed by years of interactions with these companies whose products we evaluate.

Running untrusted CI/CD workloads in Jenkins is perhaps my favorite security discussion. Throwing Docker into the mix makes things even interesting, and in some cases less secure. Today I implemented a pattern which I have discussed with colleagues but hadn’t yet had the opportunity to try: a multi-Kubernetes cluster for Jenkins. In short, running a Jenkins master in a cluster which acts as the control pane for it and many other services, while running all of its workloads in an entirely separate Kubernetes cluster. For those who know the joy of managing Kubernetes this may seem like madness, but it does offer a number of security benefits which I would like to outline.

My favorite part of the stack is the netherworld between the underlying infrastructure and the app. That fuzzy grey area where data goes from databases to object-relational mappers (ORMs), web servers to request libraries (e.g. Rack/WSGI), and so on. In many cases a technology roadmap where one considers infrastructure, but not the application, or vice-versa, is doomed from the start. At Scribd, I have been given permission to hire more people that love this layer of the stack, and I have taken to calling it “Ruby Infrastructure.” A phrase which is fairly unique, that I wanted to define in greater detail.

One of the harder parts about building new platform infrastructure at a company which has been around a while is figuring out exactly where to begin. At Scribd the company has built a good product and curated a large corpus of written content, but where next? As I alluded to in my previous post about the Platform Engineering organization, our “platform” components should help scale out, accelerate, or open up entirely new avenues of development. In this article, I want to describe one such project we have been working on and share some of the thought process behind its inception and prioritization: the Real-time Data Platform.

The team that I joined Scribd to build, Core Platform is now up and running with five incredibly talented people. I could not be more pleased with the very friendly and highly functional group of people we have been able to assemble. With that team’s projects underway, my focus has been shifting, zooming out to “Platform Engineering” as a comprehensive part of the engineering group. In this post, I want to expand on what Platform Engineering is planned to be and discuss some of the teams and their responsibilities.

Yesterday we rebuilt and re-deployed one of the Jenkins containers we use at work, and much to my chagrin the Jenkins environment no longer wanted to boot. We use Jenkins on top of Kubernetes, integrated with Hashicorp Vault, configured with the Configuration as Code plugin and the Job DSL plugin. While I am pleased with this stack of tools, it is not a “simple” set up. It had been three weeks since the last rebuild and redeploy, and the name of the game was: what of the dozen changes that have happened in one of these tools over the last three weeks was the culprit.

The tech industry is filled with all sorts of silly jargon and acronyms. Our overuse of jargon not only makes us very easy to identify in a crowded restaurant but also helps make things confusing for new-comers and veterans alike. In my current role, I find myself spending a lot of time with vendors who also seem to delight in barraging prospects with unpleasant jargon. My least favorite word among it all is performant.

I spend more time than I wish to admit thinking about how continuous delivery (CD) processes should be modeled. The problem domain is one that affects every single organization which distributes software, yet the approach each organization takes is almost as unique as the software they develop. From my perspective Jenkins Pipeline, especially its declarative syntax, is the best available option for most organizations to model their continuous delivery processes. That does not mean however that I believe Jenkins Pipeline is the best possible option.

San Francisco, Santa Cruz, King City, Paso Robles, Santa Maria, Lompoc, Ventura, Los Angeles. For the better part of seven days, I sat on a bicycle with over 2,200 cyclists and 650 volunteers riding from one part of California to another to raise money for HIV/AIDS services as part of AIDS/LifeCycle. For perspective, 545 miles is further than the distance from Boston to Washington D.C., further than Brussels to Berlin, further than Tokyo to Hiroshima. It is countless hills, steep descents, farm fields, supportive on-lookers, packets of chamois butter, potholes, water bottles, and sliced bananas. Based on this, my first year’s experience, it is also six inner tubes, one bike tire, and an entire bike frame long.

Offlineimap has been a major part of my desktop computing environment for many years, indulging my use of mutt for all work and personal email. My work email has unfortunately been stored in Gmail, which does support IMAP but tends to do a few wacky things with files and folders.