Jason Crome from Best Practical recently attended the Perl and Raku Conference 2024 in sunny (and hot!) Las Vegas, Nevada. In addition to giving a talk about improving your README on github, Jason attended other presentations and pulled together a list of the most interesting. And the best part is that the conference posts all videos from the conference on YouTube for free, so you can watch too!

Building a Better README

If you watch the Request Tracker repository on GitHub, you may have noticed some big improvements in our README file over the past year. Traditionally the README file was a quick-start guide written in plain text and read in a terminal window. But GitHub has changed that dynamic and the README has become a project’s homepage for developers. A good README not only helps users understand a project but also attracts contributors and builds a stronger community around the code.

Jason shared some of what we learned as we revised our README, like deciding what information to include, how best to structure a README, and how to make it visually appealing and inviting to those unfamiliar with a project.

Modern Browser Automation in Perl Using Playwright

One of the ways we keep RT running correctly as we do new development is running our automated test suite, which includes more than 42,000 automated tests. Testing a web application involves simulating a browser to confirm things work as expected. As you might imagine, this requires some special libraries to run automatically on a server, and these libraries have changed over time.

One of the newer libraries for automated browser testing is called Playwright, and one of the presentations talked about how to manage Playwright from Perl. RT doesn’t use Playwright yet, but this gives us some interesting new ideas.

The Test2 Ecosystem: Next-Level Testing

Perl has a long history of providing a robust environment for automated testing. And like all technology, it’s always changing and improving. The Test2 Ecosystem provides an in-depth look at the Test2 Perl framework and many of the new tools and libraries now available. Updates include options to speed up tests, improved diagnostics, better control over test execution, and the ability to create custom testing tools.

Tips for your Next Las Vegas Vacation

No conference in Vegas would be complete without a nod to the city's iconic gaming scene. Casino Gaming for the Mathematically Inclined is a fascinating dive into the world of probability, statistics, and game theory as applied to casino games. R Geoffrey Avery explores the mathematical principles behind popular casino games like blackjack, poker, and roulette, explaining which games offer the best odds and which games should be avoided. Even if you don’t like the math, it’s a very helpful presentation before your next trip to Vegas.

Many More Presentations

We’ve covered just a tiny sample of the many presentations from the conference this year and you can search and view all of the other sessions on the Perl and Raku Conference YouTube channel. And if you search, you’ll see videos are available for past years as well, so there are many hours of great content to watch and learn from. Thanks to all of the organizers and presenters for another great conference!

In today's rapidly evolving cybersecurity landscape, staying ahead of potential threats requires effective threat intelligence sharing and streamlined incident response processes. The new integration between RTIR (Request Tracker for Incident Response) and the MISP Threat Sharing platform brings together two powerful tools to enhance your organization's security posture.

What is MISP?

MISP is an open-source threat intelligence platform designed to facilitate the sharing, storing, and correlation of structured threat information. It enables organizations to share indicators of compromise (IOCs) and other threat data with trusted partners, improving collective threat detection and response capabilities.

It works like a social network for cyber threats. It's a free, open-source platform that security professionals use to share valuable information about malware, vulnerabilities, and other threats. Imagine a bulletin board where everyone can post details about the latest cyber dangers they've encountered. This shared knowledge helps everyone stay informed and better prepared to defend against attacks.

Integrating with RTIR

Installing the MISP extension with RTIR offers several advantages:

• Seamless Threat Intelligence Sharing: Automatically pull threat data from MISP into RTIR, creating incidents based on the latest threat intelligence.

• Enhanced Incident Context: Access detailed threat information from MISP directly within RTIR incidents, enriching your incident response process.

• Streamlined Incident Management: Create and update MISP events from within RTIR, ensuring that your threat intelligence remains current and comprehensive.

You can see how the integration works in this short video demo.

Key Features

Consume Event Feeds from MISP

After configuring the MISP integration, RTIR's External Feeds page will include a new MISP option. This feed pulls in events from MISP based on the configured number of days. From this feed display, you can create new RTIR tickets with information from the MISP events. If something from the feed impacts a service your team manages, you can then assign the incident for someone to research whether any action is needed for a particular threat.

MISP Portlet on Incident Display

On the Incident Display page in RTIR, if the custom field "MISP Event ID" has a value, a portlet named "MISP Event Details" will display details pulled from the MISP event via the MISP REST API. This provides quick access to valuable threat intelligence directly within RTIR. A link is also provided, so you can easily click to load the full MISP event if you need more details.

Update MISP Event

For incidents with a MISP Event ID, the Actions menu includes an option to "Update MISP Event." Selecting this action updates the existing MISP event with data from the RTIR incident ticket, ensuring that the threat intelligence remains up-to-date.

MISP has a defined RTIR object, and these attributes are automatically populated when you update the MISP event from RTIR.

Create MISP Event

If the MISP Event ID field is empty, the Actions menu shows an option to "Create MISP Event." This creates a new event in MISP with details from the RTIR incident ticket, facilitating the sharing of new threat intelligence.

Benefits of the Integration

Integrating RTIR with MISP provides several key benefits:

• Improved Efficiency: Automate the process of creating and updating incidents based on threat intelligence, reducing manual effort and speeding up response times.

• Enhanced Collaboration: Share threat data seamlessly between organizations, improving collective threat detection and response.

• Comprehensive Threat Management: Access detailed threat intelligence within incident tickets, providing context and aiding in more effective incident response.

Conclusion

The integration of RTIR and MISP offers a powerful combination for enhancing threat intelligence sharing and incident response processes. By automating the flow of threat data and providing detailed context within incident tickets, this integration helps organizations stay ahead of potential threats and respond more effectively.

If you haven't already, we encourage you to set up this integration and experience the benefits for yourself. For more information, visit bestpractical.com or contact our team.

Best Practical has never been much of a marketing-driven company–RT has always grown by word of mouth. One of the things that we’re most proud of here is that RT isn’t a typical “product with customers”, but a product with a community. 

The features we add to RT are driven pretty directly by what our users want and need, and many of our most active community members come to us directly through personal referrals from people like you. Some members of the RT community contribute code. Others contribute documentation, bug reports, feature requests, and enthusiasm. 

If you find RT useful, we’d be grateful if you could help us make RT available to as many people and organizations as possible.

Share on Social Media

Social media posts have a powerful impact, as they help introduce RT to folks who might not find it on their own. 

If you follow us on LinkedIn, just reposting our blog posts when we publish them helps grow RT’s audience. Even if LinkedIn isn't usually your thing, logging in once a month or so to interact with our posts can really help.

The rest of the social media landscape is a bit fractured right now, but sharing anywhere else also helps. Dropping a link to an RT blog post you found interesting on Mastodon, Bluesky, Threads, or Twitter can also help new people discover RT. We also post videos on our YouTube channel and, as the saying goes, “please like and subscribe.” Finally, if you frequent discussion sites like Reddit and Hacker News, when you see a discussion about issue tracking or ticketing software, chime in with your experiences with RT.

Star RT on GitHub

If you have a GitHub account, giving us a star is a quick way to show your support. It helps increase RT’s visibility within the GitHub community, and is a quick and easy way to help show off RT’s vibrant and active community.

Write Reviews and Testimonials

Platforms like Capterra or G2 are popular with professionals looking for software recommendations. Sharing your experiences in a review can guide others in their decision-making process and simultaneously boost our profile.

Engage on our Forum

Our open community forum is a hub for community discussion about RT. Many new users start there looking for advice and guidance. If you have a bit of spare time, sharing your expertise and answering a question for a beginner can help them (and future users) get up to speed with RT.

Share your customizations on The RT Wiki

If you haven’t discovered it yet, check out the RT wiki at https://wiki.bestpractical.com. The wiki is filled with RT documentation, including customizations and code for interesting use cases for RT. If you have built something useful for your RT instance, odds are that many other users would find incredibly useful, too. It’s quick and easy to share your customizations and extensions on the wiki.

RT Community MVP

If you really love RT and have extra time, you could think about some bigger projects.

Contribute a Case Study

We're starting the process of publishing selected case studies on https://bestpractical.com to help new users understand the many different ways RT is used across a large number of industries. If you'd like us to feature your organization’s use of RT, we'd love to chat. Get started by reaching out to feedback@bestpractical.com.

Give a Talk on RT

Put together a presentation inside your organization to help your users learn more about the RT system they have available to them. It's amazing how a few tips and tricks can unlock features for people who are already regular users of RT.

Talks on RT also make great sessions for conferences or professional organization meetings. You might give a talk on how your organization uses RT or even a talk on getting started with a ticketing system using RT. We’d be delighted to help support you as you put together your talk. Additionally, we’d be happy to provide a demo RT instance for your presentation. If your presentation is recorded and publicly accessible, let us know and we can link to it.

Your Impact

Your help has a profound impact. By supporting Request Tracker, you are not just advocating for a tool you use, but you are also contributing to the spirit of open source—collaboration and freedom. Our success is not just measured by the functionality of our software, but by the strength and enthusiasm of our community.

Thank you for being an integral part of what makes Request Tracker amazing. We wouldn’t be where we are today without your involvement and together we’re going to continue to make RT even better for many years to come!

In the high-octane world of Formula 1 racing, every detail counts. From aerodynamics to engine performance, teams strive for perfection in every aspect of their cars' design and construction. But Ars Technica tells the story of a Formula 1 team reaching the limits of MS Excel as a system to track their massive parts inventory.

This story got us thinking, RT's asset tracking system could help handle their challenges, and the process shouldn't be "viciously expensive".

The Excel Challenge

As described in the article, the Formula 1 team's massive parts list (over 20,000 rows!) pushed past the limitations of Excel when it came to tracking and managing their assets. With thousands of parts to monitor and coordinate, Excel workbooks can quickly become cumbersome and inefficient. Even simple details like the current state of a part (backordered, inspected, etc.) could not be easily determined.

How RT Could Rev Up the System

By transitioning from Excel to Request Tracker for asset tracking, Formula 1 teams could unlock a wealth of benefits, including:

• Using configurable asset lifecycles, asset status and availability are immediately available

• Multiple Catalogs can be used to track different categories of parts, each with its own lifecycle and metadata

• Work and tasks associated with parts can be tracked on linked tickets

• Enhanced collaboration and communication among team members as everyone can work in the system at the same time

• Gaining insights using asset search, reporting, and dashboards

• Improved decision-making through data-driven insights

Plus, all changes are tracked and audited so you know what updates have been made, when, and by which logged in user.

Seamless Data Migration with the RT Asset Importer

One of the key concerns when transitioning from Excel to a new asset tracking system like Request Tracker (RT) is the seamless transfer of existing data. Fortunately, RT offers a powerful solution for this challenge: the RT-Extension-Assets-Import-CSV extension.

The RT-Extension-Assets-Import-CSV extension enables teams to effortlessly import asset data from Excel spreadsheets into RT's centralized platform. You export your Excel spreadsheet in the CSV format, set up your RT assets with all of the fields you want to capture from the spreadsheet, then configure the extension to map the Excel columns to asset fields. Then you run the utility and all of your data is imported into RT.

Benefits of Automated Import

Automating the import process offers several benefits:

• Time Savings: By eliminating manual data entry tasks, teams can save valuable time and resources during the transition process.

• Accuracy: The automated import process reduces the risk of human error associated with manual data entry, ensuring that asset information is transferred accurately.

• Efficiency: Teams can quickly onboard existing asset data into RT, allowing them to leverage the platform's features and functionalities without delay.

• Scalability: The extension supports the import of large volumes of asset data, making it suitable for teams of all sizes and asset inventories.

RT is Ready to Join the Pit Crew

In the fast-paced world of Formula 1 racing, every advantage counts. With Request Tracker, we think teams could accelerate their journey towards efficiency and performance excellence. By harnessing the power of RT's asset tracking system and the RT-Extension-Assets-Import-CSV extension, Formula 1 teams can seamlessly migrate their asset data, streamline workflows, and drive towards victory on the track.

If anyone at the Williams team is still looking for a solution, we'd be happy to give you a test drive.

Following up on Star Wars Day and Cinco de Mayo, we thought May 6th needed something special, so we're happy to release RT 5.0.6 today (5/6). If you use assets with RT, you're going to like this release. If you don't, what are you waiting for? Go check out this new intro to assets video to see what you're missing.

This release includes some updates, new features, and fixes. Some notable updates are described here. Full details and release notes are linked in the forum post below.

• RT 5.0.6 Released

Assets Improvements

If you’re not familiar with RT’s asset tracking, it’s a built-in feature that allows you to track pretty much anything you want. It was originally designed for IT assets, like computers and printers, or cloud assets like servers and databases. But it can be used to track any sort of inventory, from office supplies to medical devices to car parts.

This new release adds features to assets to catch up with existing ticket features, including inline edit on asset pages and improved autocomplete on asset links. Asset search results in the query builder also now support filtering from the headers like tickets.

Charts

Asset and transaction query builder searches both now support charts, so you can visualize your asset information or transaction details. You can save charts and add them to dashboards just like tickets (see the screenshot at the top of the post for an example).

Charts also have a new feature allowing you to manage the x-axis in your charts. If your x-axis displays a count, like the number of tickets created per Requestor, you can now sort the results by that count rather than alphabetically by Requestor name. And if you have a large number of results with many smaller values, you can limit the chart to showing just the top results. So in the previous example, you might want to see just the top 10 Requestors by ticket count and not show all of the Requestors who created only 1 ticket.

Lifecycles

Now that the graphical lifecycle editor has been out for a while, we took some time to improve lifecycle management based on feedback from users. We implemented several changes to make it easier to manage lifecycles, including automatically removing statuses from various places in the lifecycle when it is deleted from the graph. We also added a button to automatically populate mappings when the statuses are the same. So if you have two lifecycles that are very similar, you can now click on the maps page to automatically set the "new" <-> "new", "open" <-> "open", etc. There are a few other small fixes that should improve lifecycle management or just make it a little easier.

Upgrading

We include everything you need to upgrade RT in each release, and staying up-to-date gives you great new features. Also, the upgrade process is simpler when you only need to move one minor version. If you just don’t have time to manage new versions, we also offer a fully managed cloud RT and we’ll take care of the upgrades for you. However you manage your RT, we hope you enjoy the new version!

Want to use AWS reservations to save money, but have trouble matching your reservations to your EC2 servers? Or maybe you want to spread out your reservations, but need an easy way to get a list of servers that currently don't have a reservation? AWS reporting doesn't currently make this possible, but Request Tracker’s asset system can.

Understanding AWS Reservations

If you run services like EC2 and RDS on AWS, you probably know that there are several levels of pricing based on how long you can commit to using the services. On-demand is the most flexible because you can deprovision it at any time, so it's also the most expensive. If you can commit to a longer term, like a year or more, you can sign up for "reserved instances" and get a lower price.

When you sign up for these reservations, AWS asks for a bunch of information about the servers you are committing to. These are details like the region, the type of server (t3.medium, etc.), and the platform (Linux, etc.). For the reservation to get credited on your bill correctly, all of the reservation information must match up with your running servers.

When you start running more than a few services, tracking all of this information to make sure your reservations are being used can become a challenge. AWS has a utilization report that will tell you in aggregate if your reservations are being used or not. But this report doesn't connect specific EC2 or RDS instances with a reservation. This can be good if you remove an instance and then create a new one because the reservation will transfer. But if you want to review all active services and figure out which reservations are being used where, the AWS reporting doesn't provide that.

RT Asset Tracking

RT's asset tracking system is designed to record this kind of information, so we decided to start tracking our AWS resources and reservations in RT to help us match the two together.

To start, we needed to get the AWS assets created in RT. AWS has extensive APIs to access information about your resources, so we created a utility to fetch data about EC2 and RDS instances and create an asset record for each. We put all of these in one catalog called "AWS Resources".

Next we wanted to track our purchased reservations. We created a new catalog called "AWS Reserved Instances" to track those, since they aren't really the same thing as an EC2 or RDS instance. We also wanted to track different asset details on reservations, like start and end dates. Reservations also have "states" in AWS, so we were able to map that to the asset status and create a custom asset lifecycle with all of the AWS state values like "pending payment", "active", and "retired".

Once we had all of the information sync'd from AWS, we could start making sense of it. We started by creating some categories of assets using a few saved searches. We put them all in a dashboard like the one below so we could see what we had.

Assigning Existing Reservations

The first thing we wanted to do is connect reservations with a matching resource. This mapping is very useful for tracking what we have purchased, but it just doesn't exist in the AWS interface.

Assets have links, similar to tickets, so we decided to link each resource asset with a reservation asset. To make that easy, we created a saved asset search called "Unlinked AWS Reservations", which is the third search above. This is all reservations without a linked asset, which at first was all of them.

In the search results, we added a custom column called "Link to Resource". Each reservation in the results then had a link to a new page that showed all AWS assets (EC2s, RDSs) that matched the details of that reservation. So a reservation for an EC2 t3.medium in us-east-1 would show all matching EC2 assets that also were not linked yet. This is important, because we need to make sure our linking aligns with the AWS rules for counting reservations in our bill.

To link them, we pick one from the list and click Link. We worked through all of our existing reservations until all were linked and our "Unlinked AWS Reservations" was empty.

Buying New Reservations

In our case, we didn't have a reservation for every AWS asset, so when we were done linking, our "EC2 Instances without Reservations" and "RDS Instances without Reservations" still had some assets. These two lists now became our shopping list for new reservations.

The tricky part about reservations is you need to manually fill out all of the fields in the AWS interface. If you get any fields wrong, your reservation won't match an existing resource and you'll end up paying for the unused reservation.

Previously we would keep an EC2 or RDS AWS console page open in one browser window, then open another browser window with the “buy” form, and carefully check every value. This was tricky because the values are at different locations all over the EC2 and RDS pages.

With our new asset searches, we modified the search layout to show all of the information needed to buy a reservation, and we put the values in the same order as the reservation form. This makes it much easier to buy new reservations with less stress.

We used this process to buy some new reservations now that we could easily see what was needed. Then we re-ran our import utility and the new reservations showed up in "Unlinked AWS Reservations". We followed the previous process and got them all linked until we had the coverage level we wanted.

Expiring Reservations

When you buy a reservation, you commit to some term, like 1, 2, or 3 years. Based on what you picked, the reservation record will have a duration. We use that duration to figure out the reservation end date and store that on the asset. This information helps populate the top two searches on our dashboard, "Recently Retired AWS Reservations" and "Expiring AWS Reservations".

The first is reservations that are now retired, so assets that previously had a reservation are no longer covered. That means our bill just went up and we need to buy a new reservation to get savings for another year.

To help plan ahead, "Expiring AWS Reservations" looks ahead 60 days to let us know which ones will be expiring soon.

Using these two searches, we can plan to buy new reservations at regular intervals. We can also watch the EC2 and RDS searches to see any new instances that might be added.

Connecting AWS with Your Business

The visibility we gained from linking the reservations was a huge win for us and saved a bunch of time we previously spent trying to understand what systems had reservations and where more were needed. But now that we have AWS asset records in RT, we can do even more. We can link them to customer tickets, link them to change management activity, and link them to sales and contract activity which is also tracked on tickets. Our AWS resources are now integrated into all of our other processes, which is a huge win given how important AWS is in our hosting business.

Does any of the above sound familiar? If you are trying to manage AWS resources via the AWS console, but having a hard time linking that to your other business processes, drop us a line. We'd love to share our experience and talk about how Request Tracker can bring some organization to your AWS infrastructure.

Managing change in a hosting environment is a complex task that can involve adding new services, software updates, and configuration changes. Request Tracker (RT) provides all of the tools to schedule and track these changes, especially using the Change Management extension we showed recently. But this scheduling and tracking can only happen if the change management tickets are created and all of the fields are set, and this can be a challenge for a busy team.

We had exactly this case in our hosted RT environment. Customers write in to support with various requests and sometimes these require a change on their hosted RT system. We want to track those changes and it was taking extra time for our support team to create and fill out these change management requests. So we created a small extension to make this easier.

Goals for the new Extension

Before we got to work, we identified our main goals for the new extension.

1. Create a Link on Support Tickets

To make change management easy, we wanted a single link on support tickets that would take the user to a create ticket page with the Change Management queue selected.

2. Link Location

We could have created a single link, possibly in the Actions menu on the ticket. But looking at past tickets, we realized we often wanted to quote a specific transaction, usually the reply that explained the requested change. Based on that, we decided to put a link on each transaction in the ticket history which allowed us to quote the text in that reply.

3. Pre-filled Fields

When our staff clicked the link, we wanted to automatically fill out as much information as possible on the new change management ticket. This would make creating the ticket much easier, and reduce the risk of human error.

4. Ticket Linking

To make it easy to trace every change, we wanted the new change management ticket be linked to the support request that asked for the change. We also wanted the change to show up in a list of all changes for that customer.

Building the Extension

Adding a single link is a small change, made easy using callbacks and other tools RT makes available for building extensions. When we started to add more details, like all of the fields we wanted to set automatically, it got a little more involved, but not much. Luckily our team has some experience building RT extensions.

Our Updated Change Flow

Our new extension adds a wrench icon on each transaction for support tickets that fits right in with the existing reply and comment icons. We included some logic to look up information on the customer's support contract and only add the wrench if the customer uses our hosting.

The main fields on the change management ticket are automatically filled out based on our most common changes.

• The Owner is the current user.

• The Status defaults to deployed and the Change Type is Standard, since most changes are standard and done right away as we handle the request.

• The Change Completed date defaults to when the ticket is created, assuming the change has been done.

• The Customer custom role is automatically set to the customer's group, which will make the change ticket show up in the list of changes for that customer.

• The text of the reply in the support ticket is included in the content box.

• The new Change Management ticket is linked to the support request.

All of these fields can be changed by the user before the ticket is created. We set the defaults based on the most common case, but it still supports other situations, like scheduling a change for a few days later.

Change Management Best Practices

Implementing this small extension helped our process in several ways:

• Efficiency: Support staff can initiate change management tickets with a single click, saving time and reducing the chance of errors.

• Consistency: The pre-filled fields ensure that all necessary information is captured consistently, following best practices.

• Transparency: The linkage between support and change management tickets provides transparency into why changes were initiated and their impact.

• Auditability: All changes are documented and can be audited for compliance and accountability purposes.

RT gives you the flexibility and freedom to customize your system to make routine tasks fast and easy for your staff. While implementing custom solutions can take some time, this is offset by the day-to-day savings once it's up and running for your users.

Ready to get started with some changes of your own? Check our documentation to start building your own extension. You might even see if you can get some help from one of the AI tools out there now available, many of which know how to write RT code.

If you’re looking for some hands-on help with extending RT to meet your specific needs and business goals, reach out to us to explore what you can achieve!