{"id":254,"date":"2021-08-31T14:40:46","date_gmt":"2021-08-31T14:40:46","guid":{"rendered":"https:\/\/fde.cat\/?p=254"},"modified":"2021-08-31T14:40:46","modified_gmt":"2021-08-31T14:40:46","slug":"sre-weekly-issue-253","status":"publish","type":"post","link":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-253\/","title":{"rendered":"SRE Weekly Issue #253"},"content":{"rendered":"

View on sreweekly.com<\/a><\/p>\n

\n

A message from our sponsor, StackHawk:<\/h2>\n

How do you know if your GraphQL API is secure? Watch StackHawk CSO Scott Gerlach walk through how to run application security tests for GraphQL-backed apps.
\nhttp:\/\/sthwk.com\/graphql-webinar<\/a><\/p>\n<\/div>\n

Articles<\/h2>\n
\n
May 30 SSL incident<\/a><\/div>\n
\n

TLS can be such a headache.<\/p>\n

\n

This was an interesting situation. There was a valid path to the USERTrust RSA Certification Authority, and there was also an expired path. The browser was able to find the valid chain, but the curl was not able to find it.<\/p>\n<\/blockquote>\n

Adam Surak \u2014 Algolia<\/small><\/p>\n<\/div>\n<\/div>\n

\n
Shifting Modes: Creating a Program to Support Sustained Resilience <\/a><\/div>\n
\n

A well-researched article on shifting emphasis from incident prevention to learning and resilience.<\/p>\n

\n

Incidents cannot be prevented, because incidents are the inevitable result of success.<\/p>\n<\/blockquote>\n

Alex Elman<\/small><\/p>\n<\/div>\n<\/div>\n

\n
Error budgets and the legacy of Herbert Heinrich<\/a><\/div>\n
\n

This one\u2019s worth reading through twice to let it sink in. It puts me in mind of this article by WIll Gallego<\/a>, which is another thoughtful critique of error budgets.<\/p>\n

\n

Here are the claims I\u2019m going to make:<\/p>\n

    \n
  1. Large incidents are much more costly to organizations than small ones, so we should work to reduce the risk of large incidents.<\/li>\n
  2. Error budgets don\u2019t help reduce risk of large incidents.<\/li>\n<\/ol>\n<\/blockquote>\n

    Lorin Hochstein<\/small><\/p>\n<\/div>\n<\/div>\n

    \n
    97 things every SRE should know \u2013 Part 01<\/a><\/div>\n
    \n

    This is a review of a few of the chapters of the book of the same title by Emil Stolarsky and Jaime Woo.<\/p>\n

    Have you read it too? I\u2019d love to read your take on it!<\/p>\n

    Dean Wilson<\/small><\/p>\n<\/div>\n<\/div>\n

    \n
    Understanding Incidents: Three Analytical Traps<\/a><\/div>\n
    \n

    This one\u2019s worth reading the next time need to do an incident retrospective. The traps are:<\/p>\n

    \n
      \n
    1. Counterfactual reasoning<\/li>\n
    2. Normative language<\/li>\n
    3. Mechanistic reasoning<\/li>\n<\/ol>\n<\/blockquote>\n

      John Allspaw \u2014 Adaptive Capacity Labs<\/small><\/p>\n<\/div>\n<\/div>\n

      \n
      This Is the Most Underappreciated Skill for SREs<\/a><\/div>\n
      \n

      The skill in question is glue work<\/em>, and I sure appreciate a good gluer when I see one.<\/p>\n

      Emily Arnott \u2014 Blameless<\/small><\/p>\n<\/div>\n<\/div>\n

      \n
      Building and Scaling Your SRE Team<\/a><\/div>\n
      \n

      This one starts out by defining SRE, then goes into how to define your team and fill it with people.<\/p>\n

      Julie Gunderson \u2014 PagerDuty<\/small><\/p>\n<\/div>\n<\/div>\n

      Outages<\/h2>\n