Adventures in DevOps

Share Episode ⸺ Episode Sponsor: Rootly AI - https://dev0ps.fyi/rootlyai Paul Conroy, CTO at Square1, joins the show to prove that the best defense against malicious bots isn't always a firewall—sometimes, it’s creative data poisoning. Paul recounts a legendary story from the Irish property market where a well-funded competitor attempted to solve their "chicken and egg" problem by scraping his company's listings. Instead of waiting years for lawyers, Paul’s team fed the scrapers "Project Yellow Brick Road": fake listings that placed the British Prime Minister at 10 Downing Street in Dublin and the White House in County Cork. The result? The competitor’s site went viral for all the wrong reasons, forcing them to burn resources manually filtering junk until they eventually gave up and targeted someone else. >We also dive into the high-stakes world of election coverage, where Paul had three weeks to build a "coalition builder" tool for a national election. The solution wasn't a complex microservice architecture, but a humble Google Sheet wrapped in a Cloudflare Worker. Paul explains how they mitigated Google's rate limits and cold start times by putting a heavy cache in front of the sheet, leading to a crucial lesson in pragmatism: data that is "one minute stale" is perfectly acceptable if it saves the engineering team from building a complex invalidation strategy. Practically wins. >Finally, the conversation turns to the one thing that causes more sleepless nights than malicious scrapers: caching layers. Paul and the host commiserate over the "turtles all the way down" nature of modern caching, where a single misconfiguration can lead to a news site accidentally attaching a marathon runner’s photo to a crime story. They wrap up with picks, including a history of cryptography that features the Pope breaking Spanish codes and a defense of North Face hiking boots that might just be "glamping" gear in disguise. >🎯 Picks: Warren - The North Face Hedgehog Gore-tex Hiking ShoesPaul - The Code Book

Share Episode "Those memes are not going to make themselves." >Dorota, CEO of Authress, joins us to roast the 2025 DORA Report, which she argues has replaced hard data with an AI-generated narrative. From the confusing disconnect between feeling productive and actually shipping code to the grim reality of a 30% acceptance rate, Warren and Dorota break down why this year's report smells a lot like manure. >We dissect the massive 142-page 2025 DORA Report. Dorota argues that the report, which is now rebranded as the "State of AI-Assisted Software Development", feels less like a scientific study of DevOps performance and more like a narrative written by an intern using an LLM prompt. The duo investigates the "stubborn results" where AI apparently makes everyone feel like a 10x developer, where the hard results tell a different story. AI actually increases software and product instability — failing to improve. >The conversation gets spicy as they debate the "pit of failure" that is feature flags (often used as a crutch for untested code) and the embarrassing reality that GitHub celebrates a mere 30% code acceptance rate as a "success." Dorota suggests that while AI raises the floor for average work, it completely fails when you need to solve complex problems or, you know, actually collaborate with another human being. >In a vivid analogy, Dorota compares reading this year's report to the Swiss Spring phenomenon — the time of year when farmers spray manure, leaving the beautiful landscape smelling...unique. The episode wraps up with a reality check on the physical limits of LLM context windows (more tokens, more problems) and a strong recommendation to ignore the AI hype cycle in favor of a much faster-growing organism: a kitchen countertop oyster mushroom kit. >💡 Notable Links: AI as an amplifier truism fallacyDORA 2025 ReportDevOps Episode: VS Code & GitHub CopilotWhere is the deluge of new software - Impact of AI on software productsImpact of AI on Critical Thinking🎯 Picks: Warren - The Maximum Effective Context WindowDorota - Mushroom Grow Kit

Share Episode ⸺ Episode Sponsor: Incident.io - https://dev0ps.fyi/incidentio "My biggest legacy at Google is the amount of systems I broke." — Sam Goto joins the show with a name that strikes fear into engineering systems everywhere. As a Senior Staff Engineer on the Chrome team, Sam shares the hilarious reality of having the last name "Goto," which once took down Google's internal URL shortener for four hours simply because he plugged in a new computer. >Sam gets us up to speed with Federated Credentials Management (FedCM), as we dive deep into why authentication has been built despite the browser rather than with it, and why it’s time to move identity from "user-land" to "kernel-land". This shift allows for critical UX improvements for logging in all users irrespective of what login providers you use, finally addressing the "NASCAR flag" problem of infinite login lists. >Most importantly, he shares why you don't need to change your technology stack to get all the benefits of FedCM. Finally, Sam details the "self-sustaining flame" strategy (as opposed to an ecosystem "flamethrower"), revealing how they utilized JavaScript SDKs to migrate massive platforms like Shopify and 50% of the web's login traffic without requiring application developers to rewrite their code. >💡 Notable Links: HSMs + TPM in production environmentsGet involved: FedCM W3C WGThe FedCM spec GitHub repoTPAC Browser Conference🎯 Picks: Warren - Book: The Platform RevolutionSam - The 7 Laws of Identity and Short Story: The Egg By Andy Weir

Share Episode ⸺ Episode Sponsor: Incident.io - https://dev0ps.fyi/incidentio Elise, VP and Head of UX at Unleash, joins us to talk all about UX. Self identifying as probably "The annoying lady in the room" and a career spanning nearly 30 years—starting before "UX" was even a job title — joins us to dismantle the idea that User Experience is just about moving pixels around. Here we debate the friction between engineering, sales, and the customer. We get to the bottom of whether or avoiding end-user interaction, understand, and research is a career-limiting move for staff+ engineers. Or should you avoid forcing a world-class developer to facilitate a call with a non-technical user if it makes them uncomfortable? >Warren calls out the "Pit of Failure" often faced by teams as they seek to introduce feature flags. They can become a crutch, leading teams to push untested code into production simply because they can toggle it off—a scenario he calls the "pit of failure". >And Elise dives into a great story recounting her consulting days where a company spent a fortune on a branding agency that demanded conflicting "primary colors" for a mainframe application used 8 hours a day. Her low-tech solution to prove them wrong? Listen and find out, this episode is all about bringing UX to Engineering. >💡 Notable Links: Ladder of Leadership - Book: Turn the Ship Around!🎯 Picks: Warren - Growth.Design Case StudiesElise - Paper on Generative UI: LLMs are Effective UI Generators

Share Episode ⸺ Episode Sponsor: Incident.io - https://dev0ps.fyi/incidentioWarren is joined by Olga Kundzich, Co-founder and CTO of Moderne, to discuss the reality of technical debt in modern software engineering. Olga reveals a shocking statistic: without maintenance, cloud-native applications often cease to function within just six months. And from our experience, that's actually optimistic. The rapid decay isn't always due to bad code choices, but rather the shifting sands of third-party dependencies, which make up 80 to 90% of cloud-native environments.We review the limitations of traditional Abstract Syntax Trees (ASTs) and the introduction of OpenRewrite's Lossless Semantic Trees (LSTs). Unlike standard tools, LSTs preserve formatting and style, allowing for automated, horizontal scaling of code maintenance across millions of lines of code. This fits perfectly in to the toolchain that is the LLMs and open source ecosystem. Olga explains how this technology enables enterprises to migrate frameworks—like moving from Spring Boot 1 to 2 — without dedicating entire years to manual updates.Finally, they explore the intersection of AI and code maintenance, noting that while LLMs are great at generating code, they often struggle with refactoring and optimizing existing codebases. We highlight that agents are not yet fully autonomous and will always require "right-sized" data to function effectively. Will is absent for this episode, leaving Warren to navigate the complexities of mass-scale code remediation solo.💡 Notable Links:DevOps Episode: We read codeDevOps Episode: Dynamic PRs from incidentsOpenRewriteLarger Context Windows are not better🎯 Picks:Warren - Dell XPS 13 9380Olga - Claude Code