Monday, August 25, 2014

Running BASH Scripts over SSH ? NIST has some guidelines.

If you are running shell scripts as part of your cloud management, NIST has a very useful document (in draft) which summarizes their Best Practice.

http://csrc.nist.gov/publications/drafts/nistir-7966/nistir_7966_draft.pdf

It's also been pointed out that RFC 7076 offers some guidance on security concerns.

Saturday, August 23, 2014

Really ? Stodgy Government IT is Trending in GitHub ?

When I started in Federal consulting (that would be during the previous century) there was a common government mantra: "We work extra hard to be in second place." Innovation and technical currency were not the hallmarks of IT leadership. The primary concern was keeping everything running, 24x7, under slippery congressional budgets.

Now, I'm reading that GitHub is on the up take within DC agencies. There is even a dedicated sub-domain to support government involvement (https://government.github.com/) and the numbers representing their adoption of GitHub are impressive.

Ben Balter, GitHub Government Evangelist, calls out this increase:
It's hard to believe that what started with a single repository just five years ago, has blossomed into a movement where today, more than 10,000 government employees use GitHub to collaborate on code, data, and policy each day.
And, it's not even just having 10k employees accessing open source code that is amazing, there is also a significant rise in project hosting.


Looking at the graph, shows 2011 as the year when government's began to rely on GitHub resources. It might be coincidence, but that's also the year where the Public Contract Law Journal of The George Washington Law School published, "Towards a More Agile Government." The full article is available on Balter's web site: http://ben.balter.com/2011/11/29/towards-a-more-agile-government/

The conclusion summarized a need to embrace the agile methodology that GitHub facilitates:
The federal IT procurement system is outdated. Projects are consistently delivered late, over-budget, and obsolete. Much of this trend can be traced back to flawed legal frameworks that lock agencies and contractors into an outdated development model. Through education, reform, and organization-wide support, federal agility can become a reality. Any computer user knows that as systems age they begin to slow. Today, the federal IT procurement system is running slowly, to the detriment of both agencies and the public, and it is long overdue for a system-wide upgrade.

Well said.

CloudOpen Recognizes Best-of-Breed in Open Source Cloud

Which cloud open source projects are taking off ? Alexandar Williams writes from Linux.com of the most highly regarded initiatives, with few surprises. Openstack, Docker, Openshift, take honors and Eucalyptus continues to lie fallow in the listing. It was interesting to see that Puppet gathered twice the votes as Chef--that was surprising.


These gear-head popularity votes should be measured against specific technical needs, and how well they are being adopted in the mainstream. After all, not many high school popularity contests have been proven as prescient.