PurePerformance

APIs are powering and empowering software innovation as they enable new use cases on top of existing services. Observability into API usage to answer questions like: how APIs are called, what APIs do, where APIs fail, where APIs are slow, where APIs are misused … has to be on top of mind for architects that decide to build or use APIs.In this episode we welcome Sonja Chevre, Group Product Manager at Tyk, who recently gave a captivating talk at KubeCon about using OpenTelemetry to get insights into popular API frameworks such as GraphQL. We are discussing common challenges for SREs such as that APIs often hide the status of a call behind an HTTP 200 or that debugging individual calls is really hard as details of the call are not exposed by default to telemetry data. We also cover topics such as API-led growth, API as a product as well as open standards such as OpenTelemetry and OpenAPI. Here the list of discussed links during the show:KubeCon Talk: https://kccnceu2023.sched.com/event/1HyVc/what-could-go-wrong-with-a-graphql-query-and-can-opentelemetry-help-sonja-chevre-ahmet-soormally-tyk-technologiesAPI Management vs Gateway discussion: https://www.linkedin.com/posts/sonjachevre_apimanagement-apigateway-apisecurity-activity-7061596404854521857-N_cO/API as a Product: https://tyk.io/blog/unlocking-the-potential-of-api-as-a-product/OpenAPI: https://www.openapis.org/OpenTelemetry: https://opentelemetry.io/

Security comes with a price tag, such as additional wait time when going through checks at the airport or when inspection network packages at your firewall.To learn about current approaches to cyber defense and cyber deception we invited back Stefan Achleitner, Lead Researcher Cloud Native Security at Dynatrace. Tune in and learn why it is important to keep changing and using different passwords, why you should monitor all your servers, what zero day vulnerabilities are, the role of eBPF in security and why we have to minimize false positives alarms like the Hawaii Missile Alert! Some of the links we discussed during the podcast can be found here:Our previous episode: https://www.spreaker.com/user/pureperformance/don-t-look-away-from-the-next-cyber-secuHawaii false missile alert: https://en.wikipedia.org/wiki/2018_Hawaii_false_missile_alerteBPF on isitobservable: https://isitobservable.io/search?q=eBPFCheck if you've been compromised: https://haveibeenpwned.com/Stefan’s SolarWinds Article (German): https://intelligente-welt.de/so-funktionierte-der-angriff-auf-solarwinds/Stefan's Problem wiht Passwords Article (German): https://intelligente-welt.de/passwort-manager-und-andere-loesungen-fuers-passwort-chaos/

36 million generated OpenTelemetry spans per hour for GraphQL based queries – that’s just one of the stats we discussed with Justin Scherer, Sr Developer and Consultant, who is leading OTel adoption and Shift-Left observability efforts at NWM. For Justin, OpenTelemetry helps commoditize data gathering in modern cloud native environments so that the backend observability platform of choice can focus on answering higher level business impacting questions.If you are about to roll out OpenTelemetry in your organization then take the advice from Justin such as: Bringing Business Leaders early into the discussion! Engage with the OpenTelemetry community! Understand what your Observability Platform already gives you and focus on the gaps! To learn more about OpenTelemetry check out some of the links we discussed during the podcast:OpenTelemetry Website: https://opentelemetry.io/IsItObservable: https://isitobservable.io/open-telemetryPodcast: https://www.spreaker.com/user/pureperformance/adopting-open-observability-across-your-LinkedIn Profile: https://www.linkedin.com/in/justin-scherer-198126160/

Organizations that experience Monitoring Data Obesity – having too many arbitrary logs or metrics without context – are suffering twice: high cost for storage and not getting the answers they need!OpenTelemetry, the cloud native standard for observability, solves those challenges and therefore sees rapid adoption from both startups and established enterprises.In this episode we have Daniel Gomez Blanco (@dan_gomezblanco), Principal Software Engineer at Skyscanner and author of the recently published book Practical OpenTelemetry.Tune in and learn about the latest status of OpenTelemetry, lessons learned from adopting OpenTelemetry in a large organization, considerations between metrics and traces, the difference between statistical and tail based sampling and much more Here the links we discussed during the episode:Chat I had with M. Hausenblas on his podcast the other day: https://inuse.o11y.engineering/episode/meet-daniel-skyscannerLink to QCon talk (although I believe the video won't be made available till later in the year) https://qconlondon.com/presentation/mar2023/effective-and-efficient-observability-opentelemetryRecent InfoQ interview covering the talk: https://www.infoq.com/news/2023/03/effective-observability-otel/Video on a talk I did with Ted Young a couple years ago during our tracing migration to OpenTelemetry: https://youtu.be/HExcLWA2b8MTalk at o11yfest 2021 on our tracing migration to OTel: https://vi.to/hubs/o11yfest/videos/3143Mastodon: https://mas.to/@dan_gomezblanco

DevOps didn’t die when the world started raving about SRE. And while some proclaim that platform engineering finally kills DevOps it is more an evolutionary process to bring DevOps practices to a new audience that is building and running apps on a new technology stack.But what about ChatGPT? Can it be the best DevOps engineer you ever had? Will it be able to build and optimize our delivery pipelines? Will it tell us which products to build and how? Which architecture to choose and how to best design it for operations?Tune in and hear from Stephen Thair, DevOps Thought Leader and Founder of DevOpsGroup, on what he has seen over the past decade working in the DevOps space and why he thinks that while ChatGPT will be disrupting many jobs it is a great opportunity to boost creativity and efficiency for many DevOps and non DevOps folksAlso don’t miss to read Stephen’s 2023 predictions we mentioned in our discussion

The famous tagline from Werner Vogel in 2006 is still used in many presentations promoting DevOps and the autonomy of development teams. But how long does and did this really scale?Based on our guest Luca Galante, Head of Product at Humanitec, organizations that reach 50-100 engineers start experiencing the first bottlenecks. After initial workarounds sometimes leading to Shadow Ops it’s the time where organizations look into building Internal Development Platforms (IDP). This is where Platform Engineering is born by providing “Golden Paths around DevOps & SRE” as a self-service to engineering teams.Tune in an learn more about the emerging practice of platform engineering, why it already attracted more than 11000 global community members, has an annual dedicated conference and why global analysts are putting Platform Engineering in the Top Trends of 2023! We referenced a lot of material in our discussion. Here all the promised links:What is Platform Engineering: https://platformengineering.org/blog/what-is-platform-engineeringPlatform Engineering Community: https://platformengineering.orgPlatformCon: https://platformcon.com/Platform Weekly: https://platformweekly.com/Follow Luca on Twitter: https://twitter.com/luca_cloudConnect with Luca on LinkedIn: https://www.linkedin.com/in/luca-galante/

While Spring4Shell, Ransomware and attacks on critical infrastructure were the most severe attacks in 2022 the evolving trends in 2023 are around the rising power of AIs, complexity and therefore misconfiguration of cloud native stacks as well as social engineering challenges as part of the post-pandemic shift back towards the office.Tune in and learn from Stefan Achleitner, Lead Researcher Cloud Native Security at Dynatrace, about getting better in securing software supply chain, understanding the impact of attacks and vulnerabilities and why nobody should look away when it comes to detecting and preventing cyber security threats

How do you prepare yourself for the next incident? Not at all? Are you running game days where you simulate incidents? Or are you following the steps of good musicians who are constantly practicing with their band members to always be best prepared for the next big gig!Tune in and hear from Matt Davis, Specialist in Learning from Incidents, how he runs weekly continuous practice and learning sessions with DevOps, SREs, Developers, Marketers or Technical Writers and what the outcomes are.Matt is a regular presenter at conferences. You can meet him at SRECon Americas 2023 where he talks about “Human Observability of Incident Response” Here the other links we discussed during the podcast:Practice of PracticeRivers of OppositesVarieties of WorkFollow Matt on TwitterConnect on LinkedIn

Did you know that almost 60 years after IBM presented the mainframe 92 of the worlds top 100 banks run mainframes handling 90% of all credit card transactions? We didn’t either until we recorded this episode with Christian Schram, Solutions Engineer at Dynatrace, who has spent the last 20+ years helping organizations optimizing their mainframe environments. Tune in and learn about the mainframe, how the cloud native project OpenTelemetry has made it to the mainframe and what the most common performance patterns are on the mainframe.As discussed check out the following links in case you want to learn more:A Brief History of the Mainframe World (Blog)Modernizing the Mainframe (YouTube)Eliminating inefficiencies on IBM Z (Blog)End-2-End IBM Z transactional visibility (Blog)

Do you know that 53% of security related issues on Kubernetes are caused by misconfiguration? Me neither!To raise the awareness of how to protect your Kubernetes cluster and workloads from being hijacked we invited Nico Meisenzahl, Microsoft MVP and GitLab Hero, to walk us through a set of best practices that everyone in cloud native should know to contribute to a more secure cloud native environment. In our conversation we cover a lot of what Nico has shown in his recent talks at different container, cloud native and security related conferences.Make sure you check out the slides, github tutorials and recordings from Nico through those links:Nico’s Website: https://meisenzahl.org/Hijack a Kubernetes Cluster YouTube: https://www.youtube.com/watch?v=9wc34MozKokHijack a Kubernetes Cluster Slides: https://www.slideshare.net/nmeisenzahl/containerconf-2022-hijack-kubernetesHijack a Kubernetes Cluster GitHub Tutorial: https://github.com/nmeisenzahl/hijack-kubernetesConnect with him on LinkedIn: https://www.linkedin.com/in/nicomeisenzahl/Follow him on Twitter: https://twitter.com/nmeisenzahl If you want to hear more from Nico listen until the end and pick from one of the suggested topics