When /bin/sh Attacks: Revisiting "Automate All the Things"

Wednesday, October 30, 2019 - 4:00 pm4:45 pm

J. Paul Reed, Netflix

Abstract: 

The HBO hit series Westworld tells us of a place where we can "Live without limits!" This promise might remind us of the "magic" with which automation is often spoken about. To be sure, automation is a cornerstone of DevOps, SRE, and modern operations practices, the A in DevOps' venerable CAMS, and the subject of one of its oldest, most famous memes: "Automate ALL the things."

But are there processes we shouldn't automate? What if HOW we automate actively causes us and the systems we're responsible for harm? We'll take a look what human factors have to do with automation as well as at some of the impacts and challenges pervasive automation has presented for systems administrator and SREs, along with some important considerations when automating our complex, living socio-technical systems, and some strategies to cope when the shell scripts strike back!

J. Paul Reed, Netflix

J. Paul Reed has over twenty years experience in the trenches as a build/release and operations engineer, working with such companies as VMware, Mozilla, Postbox, Symantec, and Salesforce.

He's worked across a number of industries, from financial services to cloud-based infrastructure to health care, with teams ranging from 2 to 2,500 on everything from tooling, operational analysis and improvement, cultural transformation, and business value optimization. He's currently a member of Netflix's CORE SRE team, focusing on resilience engineering and human factors in distributed socio-technical systems.

BibTeX
@conference {240872,
author = {J. Paul Reed},
title = {When /bin/sh Attacks: Revisiting "Automate All the Things"},
year = {2019},
address = {Portland, OR},
publisher = {USENIX Association},
month = oct
}

Presentation Video