they usually work in kernel extensions or use https://developer.apple.com/documentation/endpointsecurity - which gives them pretty good coverage of all the processes running, and arguments etc

Yes, they kill your velocity. However, the velocity of a team can be massively increased by shipping small things a lot more often.

Stable branches that sit around for weeks are the real velocity killer, and make things a lot more risky on deployment.

Places do? a lot of opensource projects have the concept of dual reviews, and a lot of code bases have CODEOWNERS to ensure the people with the context review the code, so you could have 5-10 reviewers if you do a large PR

In general, the cloud/systems operator, in conjunction with the launch customer will build a dedicated facility for the classified stuff, and for the controlled stuff may have a dedicated facility, or have segments of the DCs in the US with extra security. for the classified stuff, there is a pretty rigorous list of requirements for the DC, and for any NOC that operates the service.

> To what degree is the federal government subsidizing Amazon's retail dominance?

A fair bit, but they are just like any big customer - just with higher margins. I think that was part of the reasoning for breaking up JEDI after AWS got it - the administration at the time hated the AMZN leadership, so wanted to remove money firehose from them and give it to others.

AWS, Azure, Oracle, SUSE (via Rancher) and I am sure GCP all have confidential & classified (C/S/TS) clouds, as well as lower FedRAMP clouds to get that sweet sweet federal money.

Not sure what questions it raises, it has been a thing for decades.

In some cases, waaayyy too much about little things, but a lot of the time about the right thing to do for the product and for the open source community around it.

I think the main thing I will miss is sitting down on a Friday afternoon and reading the dev list (devel@ I think?), it was a thing of beauty.

it is a wierd dichotomy I have seem, and it is getting worse. We let teams have access to argo manifiests, and helm charts, and even let them do custom in repo charts.

not one team in the last year has actually gone and looked at k8s docs to figure out how to do basic shit, they just dump questions into channels, and soak up time from people explaining the basics of the system their software runs on.

> How do you handle application lifecycle concerns like database backup/restore, migrations/upgrades?

were even touched.

I always liked the octant UI autogeneration for CRDs and the way it just parsed things correctly from the beginning, if they had an edit mode that would be perfect

> DevOps went from something you did when standing up or deploying an application, to an industry-wide jobs program. It’s the TSA of the software world.

DevOps was never a job title, or process, it was a way of working, that went beyond yeeting to prod, and ignoring it.

From that one line, you never did devops - you did dev, with some deployment tools (that someone else wrote?)

Abstractions are useful to stop 100000s lines of boiler plate code. Same reason we have terraform providers, Ansible modules, and well, the same concepts in programming ...

Can even run containers using kubelet :D

https://github.com/sonic-net/SONiC/blob/sonic_image_md_updat...

Works for the ISP too, one off cost for them to drop there side of the bill down

Every company has this as standard, but a lot have waived it for redundancies, so let's not let stripe off the hook.