Puppet training is absolutely vital for any team that wants to use IT as a competitive advantage. For individual people, gaining Puppet skills is a great way to make yourself more hireable and promotable.


For simple use cases, putting data into Hiera isn't necessary. But once you reach a certain level of complexity, Hiera becomes extremely useful. Gary Larizza defines those "certain levels of complexity" explicitly in this blog post, along with the pros and the cons for each method of expressing data within your profiles.


The term "digital transformation" is everywhere these days, from boardrooms to standup meetings, not to mention technology and business publications. And for achieving whatever digital transformation your particular business needs to provide a better customer experience, DevOps is now widely understood to howy you get there.

While there's plenty of advice for how to create DevOps processes within an organization, executives really shouldn't be poking around in the weeds of processes like continuous integration and continuous delivery. There's so much more a leader can do to move digital transformation forward — but it's not always obvious what that "more" is.

That's why we've published our new report, 2017 State of DevOps: What Every CIO Should Know. Drawing from our most recent DevOps survey, we've found that leaders play a critical role in the success of any DevOps initiative, and that organizations with the most transformational leaders also have high-performing IT teams. These teams have:

- 46 times more frequent code deployments.
- 440 times faster lead time from commit to deploy.
- 96 times faster mean time to recover from downtime.
- 5 times lower change failure rate (changes are 1/5 as likely to fail).
- Significantly more of their work automated, and much less of it is done manually.

All that adds up to much faster delivery of higher-quality software that business depends on.


+Eric Sorenson writes: The just-released Puppet 5 Platform offers awesome performance and scalability boosts, unified versioning, and cool new features. Puppet 5 standardizes version numbering for all the major Puppet components (Puppet Agent, PuppetDB, Puppet Server) to 5, as a first step towards delivering these components as a unified platform. It also includes Hiera 5 with eyaml as a built-in capability; provides clean UTF-8 support; and moves network communications to fast, interoperable JSON. 

We've distilled the new DevOps report findings that matter most to CIOs and IT leaders in our new report, 2017 State of DevOps: What Every CIO Should Know. Find out:

How (and why) the success of any DevOps or digital transformation initiative depends on transformational leadership.

The impact DevOps practices have on recruiting and employee retention.
Which practices enable high-performing teams to spend more of their valuable time developing new features and services.

How DevOps practices drive better throughput and stability.

Which questions every CIO should be able to answer about how your teams are working, how things can be improved — and how you can help.

If you're managing Windows systems, you'll love the updated, performance-enhanced and more convenient new module for IIS. But wait, there's more: we had 34 new module releases on the Puppet Forge in May & June.


We're thrilled to have Tanya Webb leading our diversity and inclusion efforts!


Kevin Henner writes: The previous version of the Learning VM focused on writing Puppet code. All the code was demonstrated by applying it directly on the Learning VM itself. The new version also teaches you how to write Puppet code, but it offers a much more complete context to help you understand how your Puppet infrastructure fits together.


Jeff Schmied writes: According to the U.S. Department of Justice, ransomware is the fastest growing malware threat, with an average of more than 4,000 ransomware attacks occurring daily since 1 January 2016. This represents a 300 percent increase over the approximately 1,000 attacks seen daily in 2015.

As we saw earlier this year, WannaCry ransomware was unleashed on a Friday, and spread rapidly to machines across the globe. Four days later, WannaCry had crippled an estimated 300,000 computers in more than 150 countries. While the reported ransom per incident was relatively low (U.S. $300-$600), Reuters reported that the nonprofit research institute U.S. Cyber Consequences Unit estimated total losses, as a result of business disruption, would range in the hundreds of millions of dollars.

According to +FireEye, Inc. (https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html), existing threats (e.g., Backdoor.Nitol and Trojan Gh0st RAT) are now being distributed, taking advantage of the same vulnerability exploited by WannaCry. On networks with +Microsoft Server Message Block (SMB) protocol enabled, machines running older versions of Windows are vulnerable to these threats — unless the machines are patched. Microsoft had released a patch (MS17-010 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx) to remediate the vulnerability exploited by WannaCry almost two months before the attack.

Unpatched systems are attackers’ favorite targets. In its June 2017 security update (https://technet.microsoft.com/en-us/library/security/4025685.aspx), Microsoft continues to address vulnerabilities that leave the door open for attackers who exploit SMB and other flaws on systems missing critical updates. In this update, Microsoft states, “WannaCry malware is fully addressed by installing the security updates Microsoft released in (the previous update) Microsoft Security Bulletin MS17-010.” Yet the June security update contains patches to address 94 vulnerabilities that are “at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures.”

Depending on the nature of the attack, the impact of ransomware is often negated by the existence of a comprehensive data backup and recovery strategy. According to the chief economist at the U.S. Cyber Consequences Unit, most victims of WannaCry were able to quickly recover infected systems with backups. But the tasks of eradication and restoration cost businesses unplanned time and resources. So the old adage, “an ounce of prevention is worth a pound of cure,” is still relevant.

While there is no silver bullet for preventing ransomware attacks, WannaCry would not have been a global epidemic if the MS17-010 patch had been applied to critical infrastructure running Windows. Intrusion detection and prevention, anti-malware solutions, and phishing awareness are all important contributors to a risk-based approach to cyber security. But consistent application of system updates and patches remains a critical discipline in the war against cybercrime.