June 27, 2016

Techno Bits vol 74: Technical Debt


Good morning, and happy Penn State Mac Admins week! This is one of the best weeks of the year, there's nothing quite like the homecoming of getting the PSUMA, and I'm excited for that experience. After my recent sojourn north of the border, I'm out of travel days, so I'll only be about a day's events of the conference. I'm still pretty psyched to see everyone, though. 

Canada was a wonderful experience. The teams at MacDeploy and MacDevOps YVR are consummate pros, and the week's events were nothing short of tremendous. You can watch my talk at MacDevOps YVR thanks to the incredible efforts of Mat and his videography team. My workshop at MacDeploy was not taped, but resources are available and I'm happy to give anyone a synopsis and outline if they're interested. My sincerest thanks to Anthony and Mat for making this possible.


Seriously, Canada was pretty.

The Good Thing About Conferences

Conferences force you to think about what you're doing. And I've been doing a lot of that since February and MacADUK. There are wholesale changes that we need to make to the way we roll out Munki in our organizations. I've been a lot more cautious with my rollout strategy thanks to Elliot Jordan's talk on How Not To Do Bad Things With Autopkg. That talk has only gotten better, and the link above goes to the version at MacDevOps this year. If you use Autopkg and AutoPkgr, you should watch it.

But what's really been getting my ass in gear has been Viktor's post on using Let's Encrypt and SCEP to secure Munki clients, and that's my next project for the venerable-if-insecure Munki-in-a-Box. The goal is clear: can we roll out Munki using scripts, but do so in a way that protect clients and the repository from outside eyes? I know we can build secure environments manually, and with clear manual controls, and that's fine. In some cases, that's even going to be preferable. But what we should be giving the Munki community is an easier path to setting up more secure repositories.

For those places where systems administration is done on the cheap or on the sly, there should be tools for making it a better experience, not a path to exploit.

The Bad Things About Conferences

Conferences also show you exactly how much work you have left to do. And that's okay, work isn't a bad thing. It just sometimes puts that workload in stark relief and that can feel a little bad sometimes. Technical Debt is difficult to overcome because it requires a change in understanding - and often times training - but it serves to make your organization stronger.

We all have a level of Technical Debt that we carry about with us. Something that we've glossed over a bit, something that we've used an easy button to get out of, and that's my goal for the next year: getting technical debt out of my ledger. I'll never get it all - no one ever does - but if I can be a smarter, better sysadmin for it, I'll help my clients grow stronger.

What's Next?

I'm heading to PSU tomorrow after a morning meeting, and I've got a sit-down plotted with Viktor, Chris Dawe, and some others, on how we can make Munki-in-a-Box better, and how to change our deployment path. If you're interested, come find me tomorrow, or let me know via email. It's time to erase that technical debt, and there's no sense doing it alone.

Things I'm Reading:
A Postscript:

On the flight to Calgary, I caught Zootopia for the first time, and then I watched it again on the flight to Vancouver. It's an incredible movie, and it's now available in iTunes for purchase or rental. I bought it yesterday and watched it for a third time in eight days, and it was even better. I'm not going to say Pixar has lost their way, though I feel they aren't putting out as strong a product, but Disney continues to put out amazing work, post-acquisition, and I think that means we're all doing better. Pick it up if you haven't already. It's worth your time and $20.