After several decades of use, should we consider open source software (OSS) a business model? In short: No! In this conversation, open source evangelist Javier Perez welcomes technology evangelist and CNCF ambassador Dotan Horovits to provide context for the biggest changes happening in OSS, discuss what a sustainable future looks like for open source, and explain what to do when companies choose to go not-so-open with their source code.

Highlights:

• Why open source shouldn’t be considered a business model
• The “disturbing trend” in OSS and why “nothing is written in stone” when it comes to open source
• How tools can differentiate themselves from the ‘open source-ness' of their projects

Speakers:

• Javier Perez, Open Source Evangelist
• Dotan Horovits, Cloud Native Ambassador at the Cloud Native Computing Foundation (CNCF) and host of the OpenObservability Talks podcast

Links:

• Get the new State of Open Source Report from OpenLogic
• Find Dotan on LinkedIn and Twitter
• Read Dotan’s articles on ‘vendor-owned open source’ and ‘When Your Open Source Turns to the Dark Side’
• Read Javier’s articles on the State of Open Source in 2024 and concerns over the future of open source
• Listen to OpenObservability Talks on YouTube and wherever you get podcasts

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn

When Sean Atkinson says that “We’re on a trajectory to have the most vulnerabilities ever identified in a single year, starting this year,” take note: As Chief Information Security Officer for the Center for Internet Security, he knows what he’s talking about.

He’s referring to the ever-increasing tide of weaknesses and flaws that undermine the security of software used every single day by teams around the world. Between a more active threat landscape, demands for development velocity, and the rise of generative AI, the cat in this proverbial game of cat-and-mouse has their work cut out for them.

In this conversation, Robin Tatam, Puppet’s Evangelist and Certified Information Security Manager, talks with Sean about the role of a CISO, what’s behind the unprecedented rise in vulnerabilities, and how smart integrations turn automation into a first-line defense against threats, misconfiguration, errors, and software vulnerabilities.

Highlights:

• What a CISO actually does versus a CIO or a CTO 
• The difference between “security” and “compliance” 
• How compliance helps build the backbone of a long-term security posture 
• Who really owns IT security and where IT operations fits into the security conversation 
• What CIS Benchmarks are, what they do, and how CIS “wizards” keep them up-to-date on the latest vulnerabilities 
• How Puppet’s partnership with CIS puts the power of automation behind CIS’s widely recognized frameworks

Speakers:

• Robin Tatam, Senior Technical Marketer and Evangelist, Puppet by Perforce
• Sean Atkinson, Chief Information Security Officer, Center for Internet Security

Links:

• Learn more about Security Compliance Enforcement, a premium feature for Open Source Puppet and Puppet Enterprise that automates secure configurations hardened against CIS Benchmarks and DISA STIGs
• Listen to Sean’s podcast with CIS, “Cybersecurity Where You Are,” wherever you get podcasts

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn

It’s all good news, we promise! The Forge has always been the go-to spot for Puppet users to find, download, and update content and modules. On this episode, we're revealing a few of the exciting changes that are going to make the Forge even easier and more valuable for all Puppet users, like personalization, filters, and features to track module versions and updates against your Puppet file.

As of today, there are 7,508 modules on the Puppet Forge – some active, some deprecated, some created and supported by Puppet Labs, some by community groups like Vox Pupuli. While it’s become a hub for all Puppet users, we've heard feedback on ways it could be even better. We see a brighter future for the Forge – one built for and shaped by users like you! Join Ben Ford as he talks to Forge Product Manager Saurabh Karwa about what the Forge is today, the subtle changes that are already in the works, the near-term roadmap, and the long-term vision for the Forge.

Speakers:

• Ben Ford, Community Lead at Puppet by Perforce
• Saurabh Karwa, Product Manager at Puppet by Perforce

Highlights:

• Introducing Saurabh, the Product Manager for the Puppet Forge
• What the Forge is today and what it needs to become THE place for Puppet users
• The role of the Puppet Community in shaping the future of the Forge
• Adding personalization, new filters, and features to track module versions and updates
• Why you should join our new Ecosystem Advisory Board

Links:

• Join the Puppet Community Slack
• Tell us what you think of the Forge and PDK with the Ecosystem Advisory Board survey
• Email Saurabh at [email protected]

The 2024 State of DevOps Report: The Evolution of Platform Engineering is live! In this episode, we’re taking you behind the scenes with the authors of the report and one of the people who helped run the survey.

Download the 2024 report for free here!

On this episode, join us as host Ben Ford, report authors Margaret Lee and David Sandilands, and project manager Stephanie Fairchild pull back the curtain on the 2024 State of DevOps Report.

What are the characteristics of successful platforms? Why is the new practice driving a surge in security? Where is platform engineering going next? Learn more in this episode!

Highlights:

• Why the State of DevOps Report pivoted to cover platform engineering last year
• What we wanted to find out this year
• The big takeaways from the 2024 report
• Our predictions for the next year of platform engineering

Speakers:

• Ben Ford, Community Lead at Puppet by Perforce
• Margaret Lee, Manager of Product Management at Puppet by Perforce
• David Sandilands, Principal Solutions Architect at Puppet by Perforce
• Stephanie Fairchild, Senior Manager at ClearPath Strategies

Links:

• Download the 2024 State of DevOps Report: The Evolution of Platform Engineering
• Email Margaret at [email protected]
• Find Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2k
• Find David on Mastodon and Twitter

Check out another episode with Ben, Margaret, and David about how return-to-office plans are shaping platform strategies

Read the episode transcript

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn

Platform engineering is all about giving devs the tools they need to work independently. Work-from-home policies give people flexibility in where and how they work. It should be a match made in heaven, right? Well... it’s more complicated than that.

Research, feedback, and evangelizing are critical to building an internal developer platform (IDP). But WFH can make that communication tough. And that's before you’ve even considered compliance and security (ugh, the 2FA). A human-focused IT strategy was crucial in supporting a shift to remote work during the pandemic, and it's going to be equally as important as we shift to a platform paradigm.

In this roundtable discussion, Ben leads a roundtable discussion of how return-to-office plans can impact platform engineering, joined by Margaret Lee and David Sandilands, authors of Puppet's 2024 State of DevOps Report: Platform Engineering Edition.

Speakers:

• Ben Ford, Community Lead at Puppet by Perforce
• Margaret Lee, Manager of Product Management at Puppet by Perforce
• David Sandilands, Senior Solutions Architect at Puppet by Perforce

Highlights:

• The remote/in-office flexibility your platform needs to consider
• Hardening measures essential to a secure IDP in the hybrid era
• What we learned about accommodating a workforce during the pandemic
• Evangelizing a platform without the in-person connection

Links:

• Email Margaret at [email protected]
• Find Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2k
• David Sandilands on Twitter
• Get the 2023 Platform Engineering Report and sign up to receive 2024’s when it releases
• Read the episode transcript

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn 

Politics is everywhere in your organization. No, not THAT kind of politics – the kind that happens when you need something and can’t get it, or when you get good at something and people start noticing. Actually, politics happens just about whenever decisions get made. Joshua Zimmerman says that kind of politics is rooted in people, and with the right mindset, you can use politics to make things better in your organization – for you and your entire team.

Joshua is a DevOps manager and organizer who thinks you could benefit from understanding and navigating the political landscape of your organization so you can help shape it. In fact, his presentation at DevOpsDays Chicago 2023 was all about that, and we were so impressed, we invited him on the podcast.

After listening to this episode, we hope you’ll be able to figure out how decisions get made where you work, define your political structure, and leave with a few tools you can use to gain leverage with your team to make better decisions together.

Highlights:

• Helping unpack the term “politics” in the context of your job
• Why org charts aren’t great for determining the real structure of your org
• Why trust matters more than authority (and how to sniff out both in your org)
• How to build lasting trust in your team and org
• How to subvert hierarchy to get what you need (without making anyone mad)

Speakers:

• Ben Ford, Developer Relations Director at Puppet
• Joshua Zimmerman, SRE/DevOps Manager

Links:

• Find Josh on LinkedIn, Mastodon, and Twitter
• Watch Joshua’s talk at DevOpsDays Chicago 2023 (2:26:00 – 2:54:30)
• Find Ben in the Puppet Community Slack as binford2k and on Mastodon

Find Us Online:

• puppet.com
• Pulling the Strings on Apple Podcasts
• Twitter
• LinkedIn
• Read the episode transcript

Great things – tools, spaces, companies, brands – are supported by great communities. The Vox Pupuli are perhaps the most prominent, active group in the Puppet community. Here’s what they're up to lately, what it’s like being one of them, and what Puppet (the community) means to Puppet (the company).

The Vox Pupuli are 200+ strong; they maintain dozens of modules on the Forge; even executive leadership knows their name. On this episode of Pulling the Strings, join Puppet community members Gene Liverman, Tim Meusel, and Ben Ford for a casual discussion on what what Vox Pupuli actually do, the role of community in shaping a company like Puppet, what Vox Pupuli is focused on now, and what drives the highly engaged group. As Tim puts it, “There is no excuse to not participate.”

Highlights:

• How Vox Pupuli works
• The relationship of Puppet (the company) to the Vox Pupuli
• The power of independence
• The time Vox Pupuli helped Puppet avoid disaster in a new release
• What Vox Pupuli is working on now

Speakers:

• Gene Liverman, SRE at LTN Global and former SRE at Puppet by Perforce
• Tim Meusel, Vox Pupuli PMC Community Member
• Ben Ford, Community Lead at Puppet by Perforce

Links:

• Find out more about the Vox Pupuli at https://voxpupuli.org/
• Find Tim on Twitter at https://twitter.com/BastelsBlog
• Find Gene in the Puppet Community Slack as genebean https://puppetcommunity.slack.com/team/U3DCRQQKA
• Find Ben in the Puppet Community Slack as binford2k and on Mastodon at https://hachyderm.io/@binford2k
• Follow the Puppet Community Team on Mastodon https://fosstodon.org/@puppet
• Listen to Tim’s previous episode discussing how to build an awesome open source community https://www.puppet.com/resources/podcasts/awesome-open-source-community

Find Us Online:

• puppet.com
• Pulling the Strings on Apple Podcasts
• Twitter
• LinkedIn
• Read the episode transcript

Open source has always moved fast. Today, it moves faster than ever, driven by both community demand and corporate interest. On this episode, Perforce’s Javier Perez and OSI’s Stefano Maffulli discuss the impact of recent license changes and the historical push-and-pull between consumers and providers in the world of open source.

Highlights:

• Reflecting on 25 years of OSI and its widening scope
• The historical changes that set the stage for open source
• What’s shaping Linux distributions today (CentOS, RHEL restrictions, HashiCorp’s switch to BSL, and more)
• The “social contract” between companies and communities
• The pros and cons of single companies driving open-source communities
• The commercialized future of open source

Speakers:

• Javier Perez, Chief Open Source Evangelist and Senior Director of Product Management at Perforce
• Stefano Maffulli, Executive Director at the Open Source Initiative (OSI)

Links:

• Learn about Puppet’s commitment to open source projects like Bolt and Open Source Puppet (OSP): https://www.puppet.com/community/open-source
• Find Stefano at https://www.maffulli.net/
• Follow Javier on Twitter at https://twitter.com/jperezp_bos
• OSI’s programs (including a new Advocacy and Outreach program) https://opensource.org/programs/
• “Defining an open source AI for the greater good”: How OSI is approaching AI https://opensource.com/article/22/10/defining-open-source-ai
• “Friend or Foe? ChatGPT’s Impact on Open Source Software” by Javier Perez for DevOps.com https://devops.com/friend-or-foe-chatgpts-impact-on-open-source-software/
• Read the episode transcript

Find Us Online:

• puppet.com
• Pulling the Strings on Apple Podcasts
• Twitter
• LinkedIn

In the past few years, developer experience has become one of the biggest concerns at the C-level. Gartner found it’s the top value factor for adopting IDPs, performance engineering, CI/CD, and more core aspects of platform engineering. In 2021, McKinsey said it should be “the cornerstone of talent strategy” – and still, it’s a sticking point for a lot of software orgs. Turnover, burnout, skill gaps – symptoms abound that can often be contributed to bad DevX.

Justin Reock is Field CTO at Gradle, makers of Gradle Enterprise and Gradle Build Tool. He’s focused on the developer experience at an intersectional level – where right-brain creativity, left-brain productivity, and ‘joyful activity’ combine to make development better for the people who do it. In conversation with David Sandilands, Senior Solutions Architect at Puppet, Justin shares his perspective on where platform engineering is headed and how the future of platform engineering – up, down, or flat – depends on using tools to engineer the developer experience.

Speakers:

• David Sandilands, Senior Solutions Architect at Puppet by Perforce
• Justin Roeck, Field CTO at Gradle

Highlights:

• Justin’s career to date and starting a year of living out of an RV
• Why the future of platform engineering depends on a developer experience focus
• Instructions for organizations to adopt real practices, not just hype
• The personalities needed to make stuff like platform engineering actually work

Links:

• Download Puppet’s 2023 State of Platform Engineering Report
• Organizational Physics by Lex Sisney
• Find your nearest devopsdays event
• Justin Reock on Twitter
• Justin Reock on LinkedIn
• David Sandilands on LinkedIn
• David Sandilands on Twitter
• Read the episode transcript

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn

The opportunity to write a Puppet 8 book landed in David Sandilands’s lap when he had just started at Puppet and with a child on the way. About a year and a half later in mid-2023, “Puppet 8 for DevOps Engineers” launched via Packt. This is the story of everything that happened in the middle.

Speakers:

• Ben Ford, Community Lead at Puppet by Perforce
• David Sandilands, Senior Solutions Architect at Puppet by Perforce

Learn More About Puppet + DevOps

[10+ YEARS OF DEVOPS REPORTS]

Highlights:

• What other Puppet books didn’t have
• The joy of creating a book that doesn’t have to cater to one audience or another
• What it's like to work with a publisher
• Learning to lean on your community for support
• Hard-learned tips for writing your own book

Links:

• Check out David's book, “Puppet 8 for DevOps Engineers,” via Packt
• “Puppet Best Practices” by Chris Barbour and Jo Rhett
• Ben Ford on Twitter
• David Sandilands on Twitter

So your organization failed a compliance audit and got slapped with fines and penalties. Bummer! You pay the fine, spend a few days fixing your configurations, run a scan, and get ready to do it again come the next audit. But that approach doesn’t work anymore: The risks are too high, and fixing months of configuration drift at the drop of a hat (let alone hunting down all the paperwork for auditors) certainly isn’t your team’s favorite thing to do.

Demo Puppet Comply + CEM for cross-department visibility and automated compliance

The broad scope of today’s compliance management requires a coordinated effort from more than just the security team. In this episode of Pulling the Strings, two Puppet compliance experts make the case for cooperation among security, compliance, ops, and just about everyone else in your organization. They discuss the crumbling walls between security, compliance, and ops, as well as tools organizations use to ensure continuous compliance.

Highlights:

• Why organizations always wait until something goes wrong to pay attention to compliance + security
• The simple micro-adjustments that prevent massive corrections come audit time
• Working toward better alignment between teams so that they’re making compliance easier
• The point and benefits of continuous compliance – and why ‘cowboy compliance’ isn’t enough
• Why compliance frameworks matter across security, compliance, and ops

Speakers:

• Ben Ford, Community Lead at Puppet by Perforce
• Claire McDyre, Senior Product Manager at Puppet by Perforce
• Robin Tatam, Senior Director of Product Marketing, Puppet by Perforce

Links:

• Try Puppet Comply + CEM to give your whole team the power to tackle compliance
• Read Claire’s content on the Puppet blog
• Read Robin’s content on the Puppet blog
• Read the episode transcript

Find Us Online:

• puppet.com
• Apple Podcasts
• Twitter
• LinkedIn