After several decades of use, should we consider open source software (OSS) a business model? In short: No! In this conversation, open source evangelist Javier Perez welcomes technology evangelist and CNCF ambassador Dotan Horovits to provide context for the biggest changes happening in OSS, discuss what a sustainable future looks like for open source, and explain what to do when companies choose to go not-so-open with their source code.Highlights:Why open source shouldn’t be considered a business modelThe “disturbing trend” in OSS and why “nothing is written in stone” when it comes to open sourceHow tools can differentiate themselves from the ‘open source-ness' of their projectsSpeakers:Javier Perez, Open Source EvangelistDotan Horovits, Cloud Native Ambassador at the Cloud Native Computing Foundation (CNCF) and host of the OpenObservability Talks podcastLinks:Get the new State of Open Source Report from OpenLogicFind Dotan on LinkedIn and TwitterRead Dotan’s articles on ‘vendor-owned open source’ and ‘When Your Open Source Turns to the Dark Side’Read Javier’s articles on the State of Open Source in 2024 and concerns over the future of open sourceListen to OpenObservability Talks on YouTube and wherever you get podcastsFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
When Sean Atkinson says that “We’re on a trajectory to have the most vulnerabilities ever identified in a single year, starting this year,” take note: As Chief Information Security Officer for the Center for Internet Security, he knows what he’s talking about.He’s referring to the ever-increasing tide of weaknesses and flaws that undermine the security of software used every single day by teams around the world. Between a more active threat landscape, demands for development velocity, and the rise of generative AI, the cat in this proverbial game of cat-and-mouse has their work cut out for them.In this conversation, Robin Tatam, Puppet’s Evangelist and Certified Information Security Manager, talks with Sean about the role of a CISO, what’s behind the unprecedented rise in vulnerabilities, and how smart integrations turn automation into a first-line defense against threats, misconfiguration, errors, and software vulnerabilities.Highlights:What a CISO actually does versus a CIO or a CTO The difference between “security” and “compliance” How compliance helps build the backbone of a long-term security posture Who really owns IT security and where IT operations fits into the security conversation What CIS Benchmarks are, what they do, and how CIS “wizards” keep them up-to-date on the latest vulnerabilities How Puppet’s partnership with CIS puts the power of automation behind CIS’s widely recognized frameworksSpeakers:Robin Tatam, Senior Technical Marketer and Evangelist, Puppet by PerforceSean Atkinson, Chief Information Security Officer, Center for Internet SecurityLinks:Learn more about Security Compliance Enforcement, a premium feature for Open Source Puppet and Puppet Enterprise that automates secure configurations hardened against CIS Benchmarks and DISA STIGsListen to Sean’s podcast with CIS, “Cybersecurity Where You Are,” wherever you get podcastsFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
It’s all good news, we promise! The Forge has always been the go-to spot for Puppet users to find, download, and update content and modules. On this episode, we're revealing a few of the exciting changes that are going to make the Forge even easier and more valuable for all Puppet users, like personalization, filters, and features to track module versions and updates against your Puppet file.As of today, there are 7,508 modules on the Puppet Forge – some active, some deprecated, some created and supported by Puppet Labs, some by community groups like Vox Pupuli. While it’s become a hub for all Puppet users, we've heard feedback on ways it could be even better. We see a brighter future for the Forge – one built for and shaped by users like you! Join Ben Ford as he talks to Forge Product Manager Saurabh Karwa about what the Forge is today, the subtle changes that are already in the works, the near-term roadmap, and the long-term vision for the Forge.Speakers:Ben Ford, Community Lead at Puppet by PerforceSaurabh Karwa, Product Manager at Puppet by PerforceHighlights:Introducing Saurabh, the Product Manager for the Puppet ForgeWhat the Forge is today and what it needs to become THE place for Puppet usersThe role of the Puppet Community in shaping the future of the ForgeAdding personalization, new filters, and features to track module versions and updatesWhy you should join our new Ecosystem Advisory BoardLinks:Join the Puppet Community SlackTell us what you think of the Forge and PDK with the Ecosystem Advisory Board surveyEmail Saurabh at skarwa@perforce.com
The 2024 State of DevOps Report: The Evolution of Platform Engineering is live! In this episode, we’re taking you behind the scenes with the authors of the report and one of the people who helped run the survey.Download the 2024 report for free here!On this episode, join us as host Ben Ford, report authors Margaret Lee and David Sandilands, and project manager Stephanie Fairchild pull back the curtain on the 2024 State of DevOps Report.What are the characteristics of successful platforms? Why is the new practice driving a surge in security? Where is platform engineering going next? Learn more in this episode!Highlights:Why the State of DevOps Report pivoted to cover platform engineering last yearWhat we wanted to find out this yearThe big takeaways from the 2024 reportOur predictions for the next year of platform engineeringSpeakers:Ben Ford, Community Lead at Puppet by PerforceMargaret Lee, Manager of Product Management at Puppet by PerforceDavid Sandilands, Principal Solutions Architect at Puppet by PerforceStephanie Fairchild, Senior Manager at ClearPath StrategiesLinks:Download the 2024 State of DevOps Report: The Evolution of Platform EngineeringEmail Margaret at Margaret.Lee@perforce.comFind Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2kFind David on Mastodon and TwitterCheck out another episode with Ben, Margaret, and David about how return-to-office plans are shaping platform strategiesRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
Platform engineering is all about giving devs the tools they need to work independently. Work-from-home policies give people flexibility in where and how they work. It should be a match made in heaven, right? Well... it’s more complicated than that.Research, feedback, and evangelizing are critical to building an internal developer platform (IDP). But WFH can make that communication tough. And that's before you’ve even considered compliance and security (ugh, the 2FA). A human-focused IT strategy was crucial in supporting a shift to remote work during the pandemic, and it's going to be equally as important as we shift to a platform paradigm.In this roundtable discussion, Ben leads a roundtable discussion of how return-to-office plans can impact platform engineering, joined by Margaret Lee and David Sandilands, authors of Puppet's 2024 State of DevOps Report: Platform Engineering Edition.Speakers:Ben Ford, Community Lead at Puppet by PerforceMargaret Lee, Manager of Product Management at Puppet by PerforceDavid Sandilands, Senior Solutions Architect at Puppet by PerforceHighlights:The remote/in-office flexibility your platform needs to considerHardening measures essential to a secure IDP in the hybrid eraWhat we learned about accommodating a workforce during the pandemicEvangelizing a platform without the in-person connectionLinks:Email Margaret at Margaret.Lee@perforce.comFind Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2kDavid Sandilands on TwitterGet the 2023 Platform Engineering Report and sign up to receive 2024’s when it releasesRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
Politics is everywhere in your organization. No, not THAT kind of politics – the kind that happens when you need something and can’t get it, or when you get good at something and people start noticing. Actually, politics happens just about whenever decisions get made. Joshua Zimmerman says that kind of politics is rooted in people, and with the right mindset, you can use politics to make things better in your organization – for you and your entire team.Joshua is a DevOps manager and organizer who thinks you could benefit from understanding and navigating the political landscape of your organization so you can help shape it. In fact, his presentation at DevOpsDays Chicago 2023 was all about that, and we were so impressed, we invited him on the podcast.After listening to this episode, we hope you’ll be able to figure out how decisions get made where you work, define your political structure, and leave with a few tools you can use to gain leverage with your team to make better decisions together.Highlights:Helping unpack the term “politics” in the context of your jobWhy org charts aren’t great for determining the real structure of your orgWhy trust matters more than authority (and how to sniff out both in your org)How to build lasting trust in your team and orgHow to subvert hierarchy to get what you need (without making anyone mad)Speakers:Ben Ford, Developer Relations Director at PuppetJoshua Zimmerman, SRE/DevOps ManagerLinks:Find Josh on LinkedIn, Mastodon, and TwitterWatch Joshua’s talk at DevOpsDays Chicago 2023 (2:26:00 – 2:54:30)Find Ben in the Puppet Community Slack as binford2k and on MastodonFind Us Online:puppet.comPulling the Strings on Apple PodcastsTwitterLinkedInRead the episode transcript
Great things – tools, spaces, companies, brands – are supported by great communities. The Vox Pupuli are perhaps the most prominent, active group in the Puppet community. Here’s what they're up to lately, what it’s like being one of them, and what Puppet (the community) means to Puppet (the company).The Vox Pupuli are 200+ strong; they maintain dozens of modules on the Forge; even executive leadership knows their name. On this episode of Pulling the Strings, join Puppet community members Gene Liverman, Tim Meusel, and Ben Ford for a casual discussion on what what Vox Pupuli actually do, the role of community in shaping a company like Puppet, what Vox Pupuli is focused on now, and what drives the highly engaged group. As Tim puts it, “There is no excuse to not participate.”Highlights:How Vox Pupuli worksThe relationship of Puppet (the company) to the Vox PupuliThe power of independenceThe time Vox Pupuli helped Puppet avoid disaster in a new releaseWhat Vox Pupuli is working on nowSpeakers:Gene Liverman, SRE at LTN Global and former SRE at Puppet by PerforceTim Meusel, Vox Pupuli PMC Community MemberBen Ford, Community Lead at Puppet by PerforceLinks:Find out more about the Vox Pupuli at https://voxpupuli.org/Find Tim on Twitter at https://twitter.com/BastelsBlogFind Gene in the Puppet Community Slack as genebean https://puppetcommunity.slack.com/team/U3DCRQQKAFind Ben in the Puppet Community Slack as binford2k and on Mastodon at https://hachyderm.io/@binford2kFollow the Puppet Community Team on Mastodon https://fosstodon.org/@puppetListen to Tim’s previous episode discussing how to build an awesome open source community https://www.puppet.com/resources/podcasts/awesome-open-source-communityFind Us Online:puppet.comPulling the Strings on Apple PodcastsTwitterLinkedInRead the episode transcript
Open source has always moved fast. Today, it moves faster than ever, driven by both community demand and corporate interest. On this episode, Perforce’s Javier Perez and OSI’s Stefano Maffulli discuss the impact of recent license changes and the historical push-and-pull between consumers and providers in the world of open source.Highlights:Reflecting on 25 years of OSI and its widening scopeThe historical changes that set the stage for open sourceWhat’s shaping Linux distributions today (CentOS, RHEL restrictions, HashiCorp’s switch to BSL, and more)The “social contract” between companies and communitiesThe pros and cons of single companies driving open-source communitiesThe commercialized future of open sourceSpeakers:Javier Perez, Chief Open Source Evangelist and Senior Director of Product Management at PerforceStefano Maffulli, Executive Director at the Open Source Initiative (OSI)Links:Learn about Puppet’s commitment to open source projects like Bolt and Open Source Puppet (OSP): https://www.puppet.com/community/open-sourceFind Stefano at https://www.maffulli.net/Follow Javier on Twitter at https://twitter.com/jperezp_bosOSI’s programs (including a new Advocacy and Outreach program) https://opensource.org/programs/“Defining an open source AI for the greater good”: How OSI is approaching AI https://opensource.com/article/22/10/defining-open-source-ai“Friend or Foe? ChatGPT’s Impact on Open Source Software” by Javier Perez for DevOps.com https://devops.com/friend-or-foe-chatgpts-impact-on-open-source-software/Read the episode transcriptFind Us Online:puppet.comPulling the Strings on Apple PodcastsTwitterLinkedIn
In the past few years, developer experience has become one of the biggest concerns at the C-level. Gartner found it’s the top value factor for adopting IDPs, performance engineering, CI/CD, and more core aspects of platform engineering. In 2021, McKinsey said it should be “the cornerstone of talent strategy” – and still, it’s a sticking point for a lot of software orgs. Turnover, burnout, skill gaps – symptoms abound that can often be contributed to bad DevX.Justin Reock is Field CTO at Gradle, makers of Gradle Enterprise and Gradle Build Tool. He’s focused on the developer experience at an intersectional level – where right-brain creativity, left-brain productivity, and ‘joyful activity’ combine to make development better for the people who do it. In conversation with David Sandilands, Senior Solutions Architect at Puppet, Justin shares his perspective on where platform engineering is headed and how the future of platform engineering – up, down, or flat – depends on using tools to engineer the developer experience.Speakers:David Sandilands, Senior Solutions Architect at Puppet by PerforceJustin Roeck, Field CTO at GradleHighlights:Justin’s career to date and starting a year of living out of an RVWhy the future of platform engineering depends on a developer experience focusInstructions for organizations to adopt real practices, not just hypeThe personalities needed to make stuff like platform engineering actually workLinks:Download Puppet’s 2023 State of Platform Engineering ReportOrganizational Physics by Lex SisneyFind your nearest devopsdays eventJustin Reock on TwitterJustin Reock on LinkedInDavid Sandilands on LinkedInDavid Sandilands on TwitterRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
The opportunity to write a Puppet 8 book landed in David Sandilands’s lap when he had just started at Puppet and with a child on the way. About a year and a half later in mid-2023, “Puppet 8 for DevOps Engineers” launched via Packt. This is the story of everything that happened in the middle.Speakers:Ben Ford, Community Lead at Puppet by PerforceDavid Sandilands, Senior Solutions Architect at Puppet by Perforce Learn More About Puppet + DevOps[10+ YEARS OF DEVOPS REPORTS] Highlights:What other Puppet books didn’t haveThe joy of creating a book that doesn’t have to cater to one audience or anotherWhat it's like to work with a publisherLearning to lean on your community for supportHard-learned tips for writing your own bookLinks:Check out David's book, “Puppet 8 for DevOps Engineers,” via Packt“Puppet Best Practices” by Chris Barbour and Jo RhettBen Ford on TwitterDavid Sandilands on Twitter
So your organization failed a compliance audit and got slapped with fines and penalties. Bummer! You pay the fine, spend a few days fixing your configurations, run a scan, and get ready to do it again come the next audit. But that approach doesn’t work anymore: The risks are too high, and fixing months of configuration drift at the drop of a hat (let alone hunting down all the paperwork for auditors) certainly isn’t your team’s favorite thing to do.Demo Puppet Comply + CEM for cross-department visibility and automated complianceThe broad scope of today’s compliance management requires a coordinated effort from more than just the security team. In this episode of Pulling the Strings, two Puppet compliance experts make the case for cooperation among security, compliance, ops, and just about everyone else in your organization. They discuss the crumbling walls between security, compliance, and ops, as well as tools organizations use to ensure continuous compliance.Highlights:Why organizations always wait until something goes wrong to pay attention to compliance + securityThe simple micro-adjustments that prevent massive corrections come audit timeWorking toward better alignment between teams so that they’re making compliance easierThe point and benefits of continuous compliance – and why ‘cowboy compliance’ isn’t enoughWhy compliance frameworks matter across security, compliance, and opsSpeakers:Ben Ford, Community Lead at Puppet by PerforceClaire McDyre, Senior Product Manager at Puppet by PerforceRobin Tatam, Senior Director of Product Marketing, Puppet by PerforceLinks:Try Puppet Comply + CEM to give your whole team the power to tackle complianceRead Claire’s content on the Puppet blogRead Robin’s content on the Puppet blogRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
Modules are the basic building blocks of Puppet. They're made to solve common challenges, extend functionality, and optimize your use of Puppet. They're also reusable and shareable – you can find thousands on the Puppet Forge – and best of all, anyone can make them. But what does that really mean?On this episode of Pulling the Strings, Ben Ford sits down with Yeshua Hall to talk about Yeshua’s experience building the Puppet module known as zend_common, initially released in December 2022.Highlights:How to build a Puppet moduleWhat zend_common doesWhat to know before you start buildingHighlights:How to build a Puppet moduleWhat zend_common doesWhat to know before you start buildingSpeakers:Ben Ford, Community Lead at Puppet by PerforceYeshua Hall, Senior Solutions Architect at PerforceLinks:Download the free guide, “How to Start Automating in a Few Steps with Bolt”Download zend_common on the Puppet ForgeFollow Yeshua Hall on TwitterFollow Ben Ford on TwitterRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
Supposedly, Albert Einstein once said, “If you can't explain it to a six-year-old, then you don't understand it yourself.” That might be a bit harsh, but it holds true for teaching just about anything: You’ve got to meet learners where they are. That’s why Puppet recently launched new on-demand training courses and more. There’s a new, engaging way to learn how to do things with Puppet without going down too many rabbit holes.On this episode of Pulling the Strings, Ben Ford interviews Principal Training Solutions Engineers Jain Waldrip and Tom Chisholm about designing training with “highly calibrated visuals,” the exciting new avenues for Puppet learners, and much more.Highlights:What’s led Jain and Tom to their roles in Puppet trainingWhat you can expect from Puppet’s new on-demand training courses Introducing Puppet Console Overview, an interactive, guided tour of the Puppet ConsoleSpeakers:Ben Ford, Community Lead at Puppet by PerforceJain Waldrip, Principal Training Solutions Engineer at Puppet by PerforceTom Chisholm, Principal Training Solutions Engineer at Puppet by PerforceLinks:Take new on-demand Puppet training coursesCheck out the PE Console OverviewGet in touch with the Puppet education team at education@puppet.comJoin Jain and Tom in the Puppet Community SlackRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
“It doesn't matter how small the contribution is – I think everyone benefits from the different environment, the different culture, of open source communities.” From ‘free software’ to the Mars Rover, the scope of open source is expansive, growing, and offering new challenges to organizations and practitioners alike. Now, Perforce Director of Product Management Javier Perez is excited to share the latest findings from the 2023 State of Open Source Report with the context of his 26+ years in the software industry. Look into the past and peer into the future with this exciting discussion between two open source evangelists.Join Javier and host Ben Ford, Developer Relations Director at Puppet by Perforce, as they discuss the history of open source, examples of open source software dating back to the 1950s, the communities that have formed around open source, where open source software is headed, and highlights from the highly anticipated 2023 State of Open Source Report, which asked ~900 global respondents about their use of open source software.Highlights:AI and machine learning took the number one spot as a technology that most survey respondents were interested in.The number-one reason organizations use open source software is access to innovation — not cost savings.How initiatives intra-organization methodologies like InnerSource are breaking down silos between companies.Why AI and Web3 are trends worth watching in the open source space.Speakers:Ben Ford, Developer Relations Director at Puppet by PerforceJavier Perez, Director of Product Management at PerforceLinks:Get the 2023 State of Open Source ReportFollow Javier on TwitterRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn
In this episode, join special guests Nigel Kersten, KasparvonGrünberg, Fatih Degirmenci, and Ronan Keenan as they discuss the recent surge in popularity of platform engineering and how these teams are fast becoming vital to enterprise success. In this panel discussion they explore: The history and advent of platform engineeringWhat platform engineering looks like todayWhere to get started in platform teams3 key fallacies to avoid to ensure success
Creating and maintaining community is hard, especially when you don't bump into each other in the hallways on the regular. And community is vital, especially when it advocates for you and helps create a safe space to bring your whole self to work. Todd and Melissa share their experiences with Puppet's Pride ERG and how they're using it to work towards systemic change.Learn More:Join our community at https://slack.puppet.comFind Melissa on Twitter as @mcasburn or on LinkedInFind Todd on Twitter as @ShawnTErvin or on LinkedIn
Managing the configuration of an entire ecosystem is not an easy thing to do, and bootstrapping the system that manages that configuration is even more challenging. Edwin from Puppet’s Solutions Architects team shows us a tool they've built that aims to simplify that task.Learn more:Join our community at https://slack.puppet.com and chat with Edwin.Try out the module from its Forge page and file any issues on the linked source repository.Using Process Mapping to target your automation efforts.Find Edwin on Twitter here.
CentOS has become the de facto standard operating system for many organizations since it’s basically the same thing as RHEL, rebranded and without commercial support.CentOS was originally a community project, but over time Red Hat has become more influential in its direction and has shifted it to a "Stream" model, effectively moving CentOS 8 from being a downstream release (built after RHEL) to an upstream release (built before RHEL). This isn't exactly suitable for production use and thus many users are looking for alternatives.Paul joins us today to share insights and give some advice on how you can evaluate your options and migrate your infrastructure as painlessly as possible.Learn more:Join our community at https://slack.puppet.com.Read the blog post this podcast references.Try out Paul's module.
Cortez worked his way up through the ranks as a cloud security and compliance engineer, managing hundreds of production applications. Now he's taking those grueling lessons and teaching the team at Relay how to automate away tedium and toil. Join us as Cortez shares stories from the field and some of the motivation behind Relay's cloud compliance enforcement capabilities.Learn more: Join our community at https://slack.puppet.comFind more about Relay at https://relay.shLet us know about new integration ideas at https://pup.pt/ideasFind Cortez on LinkedIn
The recent log4j fiasco reminded us that not only is it important to stay updated and current with security news, but it's also critical to have safe ways to deploy configuration updates or orchestrate reporting/remediation scripts across your infrastructure as quickly as possible. Jeremy and Nick join us today to share best practices and automation suggestions.Learn more:Join our community at https://slack.puppet.comContribute to the module at https://github.com/puppetlabs/log4jscannerDownload the module from its Forge page: http://forge.puppet.com/puppetlabs/log4jscannerRead about Puppet's security response policies https://puppet.com/security/Reach Jeremy Mill on Twitter at @living_synUpdate: the GI Joe quote our hapless host massacred was – "Now you know; and knowing is half the battle."