The Agility Volume Knob

I like to think I’m an Agile Pragmatist in a world of Agile Fundamentalists. I believe there is no single framework / process that is a panacea to the various issues within a software development organization, and instead processes must be adapted to fit the specific needs of a business…

Read the rest

Denying Destructive Privileges in AWS

I had mentioned in What To Do In Response To Code Spaces the importance of locking down your service-based IAM users to least privilege access. For example, if a service pushes a backup to S3, its IAM privileges should be scoped to write-only for the specified bucket. If a service…

Read the rest

What To Do In Response To Code Spaces

From the first day I was responsible for cloud infrastructure, I couldn’t help but feel the responsibility of the potential downside impact of running a business in the cloud. The most powerful attributes of the cloud - dynamic infrastructure, APIs, automation - make it possible for very bad things…

Read the rest

AWS Reserved Instances & VPCs

Most customers that have been using Amazon for a year or more likely have infrastructure running in both Classic and VPC networks. For these customers, Amazon's documentation is a little vague on the expected behavior of reserved instances across VPC and Classic instances. Here is the summary from their FAQ…

Read the rest

A 14 Year Old’s Tour of the Silicon Valley

When my wife and I started planning our vacation in California, we were both surprised when our oldest son, Jake, said with great enthusiasm he wanted to “see the Silicon Valley.” There are not many things a 14 year old says with enthusiasm, so we knew immediately he must be…

Read the rest

The Cloud’s 99.9%

I was talking with someone at Google a couple weeks ago who commented that “99.9% of infrastructure has not yet moved to the public cloud.” The context of our discussion was their competition with Amazon, with the internal Google opinion clear: why focus on converting the 0.1% to…

Read the rest