Operations to Development Journey Episode 1

I am an operations guy making my way to understand the intricate nature of development and of course the whole craze about Devops and Site Reliability Engineering. Before one can jump into Devops, one has to start off with this steps in mind from being operations only.
Operations —> Developer —> Devops —> SRE
SRE would be considered as supercharged Devops, as performance becomes the quintessential criteria in running an environment already practising Devops.
Where do I start? I am an support/operations technician. I would probably deep dive into Lambda, and Cloudformation. It would probably be a mine-field at first, as everything in the world of AWS is very developer-centric.  This is part 1 of my journey.
Lambda has been the toast of AWS for the past few months and the whole buzz about serverless came about starting with Lambda being a classical FaaS. What is FaaS? It is function as a service, which means we can write up functions without the need to worry about the technicalities of managing a server and running server-side tweaks to get your code deployed in a jiffy.
As the Serverless buzz is taking place at the moment, I am two steps behind, trying to convert some of the manual tasks to Lambda driven activity. The problem with that is, when an environment fails inevitably, we will not be able to access the service within the region. Hence the deployment of Lambda encapsulated in Cloudformation. To top it up with an icing, ive added cloudwatch events as well on Cloudformation.
To counter this, I have been working on converting some of my little manual Lambda scripts to Cloudformation templates. Believe me, it’s not an easy task for an operations guy to put on a developer’s cap, and convert functional scripts to proper coded templates. Having that in place, with a standard, having to deploy lambda functions in another region without having to spend time doing it again, would be done in an instant.  

My current project, were to convert all activity to be done a monthly event to a proper CFN template with inbuilt Lambda functions and Cloudwatch events. Once that’s complete, it would definitely be my first step into the developer’s world, as an operations-only technician.

My rant of day: secure payments online. fail 101

Lately i have been paying my bills online. I have great belief and trust for the state of security that modern giants have especially when online payments are done. But, lately i have become wary about the tardiness of some companies to take web security for granted.

The last payment i did, was one i did for family and this is a top-up for the mobile. The general assumption, is that it is all secure to run payments online. Wait, no. Make sure, you “watch” your surroundings on a website.

When there is a payment page generally, you would not want to have anything on that page. This only increases the attack surface for a hacker. You would want a separate page, that only has HTTPS transaction, and does what is necessary.

However, this spectacular vendor, failed security 101. It is definitely dense to have a “search bar” and other non-secure Artefacts on a secure payments page. Even Chrome said its a site worthy of snooping or an attack. Hell no, i am not going to put PII on a page and make payments like that.

What saddens me however, is how ignorant or less-savvy tech of this vendor is about the secure payments page. I wonder how long would it take till someone actually makes use of this terrible coding mishap.

I wont disclose the vendor here, but if you do your top ups online, please be aware of your surroundings on a website before making a payment.