Episodes

  • Episode 25: Maintaining OpenFaaS with CNCF Ambassador Alex Ellis

    Episode 25: Maintaining OpenFaaS with CNCF Ambassador Alex Ellis
    Oct 25 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer Guest Alex Ellis Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast by Reblaze where we talk about the confluence of Cloud Native technology and Open Source. Today, we are super excited to have as our guest Alex Ellis, who is the Founder of OpenFaaS, which is one of the most popular open source serverless projects, as well as a CNCF Ambassador. Alex takes us on his journey on how he Founded OpenFaaS. He talks about how important independence is to him, OpenFaaS, and other projects he’s worked on, and shares some influential books that he read that helped him in his journey of setting up a company. We also hear his views on how to build a sustainable open source community. Alex goes in depth about some of his other projects he created, recently being invited to join GitHub Stars program, and three eBooks he self-published that you should check out online! Go ahead and download this episode now! [00:01:47 (https://podcast.curiefense.io/25?t=107)] Alex tells us what OpenFaaS is, how adoption has gone, and how many people have used it and committed to it. [00:04:27 (https://podcast.curiefense.io/25?t=267)] Richard wonders how Alex funds the project, if there’s a business model, and if it’s big enough to have people afford to work on it. [00:07:31 (https://podcast.curiefense.io/25?t=451)] Justin brings up a keynote that Kelsey Hightower did on the benefits of Amazon’s Lambda at KubeCon and wonders if that or just other presentations in the community have an effect on OpenFaaS to become a project of its size now. [00:11:06 (https://podcast.curiefense.io/25?t=666)] How do people react to using OpenFaaS in their organization since it’s not in the CNCF as an incubation project? [00:12:52 (https://podcast.curiefense.io/25?t=772)] Alex talks about independence and how important it is to him, OpenFaaS, and all the other projects he’s worked on. He also talks about a few good books he read that helped him with his journey in setting up a company such as, Million Dollar Consulting. [00:17:22 (https://podcast.curiefense.io/25?t=1042)] We learn from Alex his views on how to build a sustainable open source community and another great book he learned from called, The Right It by Alberto Savoia, who is the Head of Innovation at Google. [00:22:42 (https://podcast.curiefense.io/25?t=1362)] Alex is known for creating other projects which seems to go against the idea of doing something small and seeing if it works, so we find out why he likes to create other projects. [00:27:51 (https://podcast.curiefense.io/25?t=1671)] Alex tells us about being very active on Twitter, he talks about Daniel Vassallo who created a course on how to create a Twitter following, and about writing his blog posts. [00:31:38 (https://podcast.curiefense.io/25?t=1898)] Alex got something from GitHub twenty-three hours ago. Find out what he got and why. [00:36:47 (https://podcast.curiefense.io/25?t=2207)] What is GrowLab? [00:39:07 (https://podcast.curiefense.io/25?t=2347)] Find out where you can follow Alex online and three eBooks he self-published. Quotes [00:04:46 (https://podcast.curiefense.io/25?t=286)] “Yeah, I mean it isn’t big enough to have people afford to work on it. That’s probably the biggest lie of open source is, the bigger something is that the more money is rolling into it.” [00:05:00 (https://podcast.curiefense.io/25?t=300)] “Even community contributions, as lovely as they are, there aren’t people with full-time jobs who said on their CV that says ‘Full-Time OpenFaas Contributor.’ That just isn’t the case with something like this.” [00:05:42 (https://podcast.curiefense.io/25?t=342)] “It basically says something like open source isn’t about you.” [00:06:52 (https://podcast.curiefense.io/25?t=412)] “In marketing framework, you’ll read is that a sustainable business has value exchange or value capture that is equal between all three parties: the consumers of it, the company or the creator behind it, and the community of partners, contributors, and sort of third parties.” [00:08:28 (https://podcast.curiefense.io/25?t=508)] “I actually think that managed Cloud functions are a really smart idea. They’re great to use. The cost cannot be beat in any way.” [00:10:35 (https://podcast.curiefense.io/25?t=635)] “What you don’t want to create, something I’ve really learned, is a commodity. And further than that, you don’t want to create something where there’s no capability for you to capture value from it.” [00:13:00 (https://podcast.curiefense.io/25?t=780)] “I mean, for me, what I mean by independence is not being employed by any one company.” [00:14:17 (https://podcast.curiefense.io/25?t=857)] “I had created some insights in the industry and the only way I could get the job that I wanted was by creating it myself.” [00:25:22 (https://...
    Show more Show less
    41 mins
  • Episode 24: From Disney to AWS with Justin Garrison

    Episode 24: From Disney to AWS with Justin Garrison
    Oct 18 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman Guest Justin Garrison Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast sponsored by Reblaze where we talk about the confluence of Cloud Native technology and Open Source. Today, our guest is Justin Garrison, who is a Developer Advocate at Amazon. He also worked at Disney Animation and Disney Streaming Services, and we found out what he did there before going to Amazon. Justin created bashScheduler, and he tells us why he said, “This is a really bad idea!” We learn more about his book, Cloud Native Infrastructure: Patterns for Scalable Infrastructure and Applications in a Dynamic Environment, a blog post he wrote about “The Economics of Writing a Technical Book,” a talk he did for DevOpsDays Portland 2021 called TikTalk, and his cool “manpage” resume. Also, he shares some insight on how he sees recognition as something we could really bring into the software industry. Go ahead and download this episode now to find out so much more! [00:01:18 (https://podcast.curiefense.io/24?t=78)] Before Amazon, our guest, Justin, worked at Disney and he fills us in on what he did there and what he does now. [00:04:36 (https://podcast.curiefense.io/24?t=276)] Justin tells us more about his book, Cloud Native Infrastructure: Patterns for Scalable Infrastructure and Applications in a Dynamic Environment. [00:08:46 (https://podcast.curiefense.io/24?t=526)] What’s going on with remote conferences and talks? [00:11:17 (https://podcast.curiefense.io/24?t=677)] Find out more about a talk Justin recorded for DevOpsDays Portland 2021 called TikTalk. He also tells us if there is an open source community on TikTok. [00:14:27 (https://podcast.curiefense.io/24?t=867)] Justin created bashScheduler and we find out what it does and why he said, “This is a really bad idea!” [00:20:50 (https://podcast.curiefense.io/24?t=1250)] How did Justin get a Linux.com email address? [00:21:43 (https://podcast.curiefense.io/24?t=1303)] Justin Dorfman is impressed with Justin’s man-page resume and he fills us in on the details and some tips on doing a resume. [00:24:26 (https://podcast.curiefense.io/24?t=1466)] Justin mentions a brag document that he used by Julia Evans and her website called Wizard Zines. [00:26:25 (https://podcast.curiefense.io/24?t=1585)] Will Justin write a follow up book to the Cloud Native Infrastructure? [00:29:12 (https://podcast.curiefense.io/24?t=1752)] Justin tells us about a blog post he wrote three years ago called, “The Economics of Writing a Technical Book.” [00:30:43 (https://podcast.curiefense.io/24?t=1843)] When Justin was at Disney, he got a movie credit for working on Zootopia which won an Oscar, and he talks about recognition being something he could see bringing into the software industry. He also shares something interesting about movie credits and recognition. [00:34:33 (https://podcast.curiefense.io/24?t=2073)] The guys chat about how CNCF has done a great job about having the “Chop Wood Carry Water” Awards at KubeCon and the people behind the scene that have such a huge impact in the foundation. [00:36:46 (https://podcast.curiefense.io/24?t=2206)] All Things Open 2021 is coming up and Justin will be giving a talk called, “Internet Scale, Open Source with Kubernetes,” that you should check out. Links Curiefense (https://www.curiefense.io/) Justin Garrison Twitter (https://twitter.com/rothgar) Justin Garrison Linkedin (https://www.linkedin.com/in/justingarrison/) Justin Garrison Website (https://www.justingarrison.com/) Justin Garrison TikTok (https://www.tiktok.com/@justinleegarrison) Infrastructure for Entertainment-Justin Garrison (YouTube) (https://www.youtube.com/watch?v=VtedIghTPzI) DevOpsDays Portland 2021- Justin Garrison- Ignite- TikTalk (YouTube) (https://www.youtube.com/watch?v=kQJYlZUhBt8) Cloud Native Infrastructure: Patterns for Scalable Infrastructure and Applications in a Dynamic Environment by Justin Garrison (https://www.amazon.com/Cloud-Native-Infrastructure-Applications-Environment/dp/1491984309) The Economics of Writing a Technical Book by Justin Garrison (Medium) (https://rothgar.medium.com/the-economics-of-writing-a-technical-book-689d0c12fe39) bashScheduler-GitHub (https://github.com/rothgar/bashScheduler) Committing to Cloud Native Podcast-Episode 22-Thoughts on Bash Becoming Interplanetary and More with Brian J. Fox (https://podcast.curiefense.io/22) Justin Garrison - man-page resume (https://www.justingarrison.com/resume.html) Wizard Zines (https://wizardzines.com/) Get your work recognized: write a brag document by Julia Evans (https://jvns.ca/blog/brag-documents/) All Things Open 2021 (https://2021.allthingsopen.org/) Credits Executive Produced by Tzury Bar Yochay (https://twitter.com/tzury) Produced by Justin Dorfman (https://www.justindorfman.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by ...
    Show more Show less
    39 mins
  • Episode 23: Kubernetes and Cloud Security with Andrew Martin

    Episode 23: Kubernetes and Cloud Security with Andrew Martin
    Oct 10 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer Guest Andrew Martin Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast sponsored by Reblaze where we talk about the confluence of Cloud Native technology and Open Source. We have a great guest today, Andrew Martin, joining us from London. He is the CEO of Control Plane, a Cloud Native security consultancy training and pen test firm. We learn more about Andrew’s background, how he got involved in Kubernetes and Cloud security, and more about Cloud Plane. In 2019, Andrew made some Kubernetes predictions, and we find out today if any of them came true. We also find out how he keeps updated on what’s going on with open source in Cloud Native and other things. Since he has such a wealth of knowledge, Andrew fills us in on his book coming out soon called Hacking Kubernetes: Threat-Driven Analysis and Defense, and what chapter he’s most looking forward to people reading and why. We couldn’t let Andrew go without asking him for his “Predictions for 2023!” Go ahead and download this episode now to learn so much more from Andrew! [00:01:34 (https://podcast.curiefense.io/23?t=94)] Andrew tells us what Control Plane is, what does it does, and how many people they have working there. [00:02:13 (https://podcast.curiefense.io/23?t=133)] What is the average size of company in this space and why would someone need extra security on top of Cloud Native? [00:06:58 (https://podcast.curiefense.io/23?t=418)] Andrew tells us how he got involved with Kubernetes, Cloud security, and more about his background. [00:10:22 (https://podcast.curiefense.io/23?t=622)] We find out why Andrew thinks Kubernetes succeeded and Docker Swarm didn’t. [00:11:57 (https://podcast.curiefense.io/23?t=717)] In 2019, Andrew made some predictions and Justin wants to see if any of them came true. First prediction, did hosted services catch up with GKE? [00:12:59 (https://podcast.curiefense.io/23?t=779)] Second prediction, did non-container VM-based isolation improvement happen? [00:16:39 (https://podcast.curiefense.io/23?t=999)] With Andrew’s vast knowledge Richard wonders what he uses to keep updated on how open source works in Cloud Native and if there’s a Medium Blog that he’s subscribes to. Also, he shares which conference he will be attending this year and others he recommends. Justin gives a shout-out to TAG Security and their meetups. [00:20:05 (https://podcast.curiefense.io/23?t=1205)] Andrew’s book he co-wrote with Michael Hausenblas, Hacking Kubernetes, is discussed and he tells us the chapter he’s most looking forward to having people read. [00:23:49 (https://podcast.curiefense.io/23?t=1429)] Justin wonders if any of Andrew’s colleagues reviewed the book or if it’s all done with O’Reilly. [00:25:26 (https://podcast.curiefense.io/23?t=1526)] Andrew explains what he does to make sure that people at Control Plane are actually getting the best of the open source world without which it wouldn’t exist. [00:29:03 (https://podcast.curiefense.io/23?t=1743)] Richard is curious to know what method Andrew uses to find an interesting problem and how does he do security research in a way that makes him feel really excited about doing that sort of work. [00:32:22 (https://podcast.curiefense.io/23?t=1942)] We hear one last 2019 Kubernetes prediction and that is, if the tangle of YAML was going to unravel by 2019? He also talks about image and build metadata security matures which was another prediction. [00:35:53 (https://podcast.curiefense.io/23?t=2153)] Richard asks Andrew if he’s worked with Dan Lorenc in the Sigstore Project and Justin gives a shout-out to Dan and Episode 20 on this podcast to check out. [00:36:14 (https://podcast.curiefense.io/23?t=2174)] Andrew shares his predictions for 2023. [00:39:27 (https://podcast.curiefense.io/23?t=2367)] Find out where you can follow Andrew and the work he does. Quotes [00:03:21 (https://podcast.curiefense.io/23?t=201)] “The shared responsibility model gives us a different level of interaction with our cloud provider based upon what is ultimately platform as a service or infrastructure as a service or software as a service as well.” [00:04:03 (https://podcast.curiefense.io/23?t=243)] “But when it comes to how we behave operationally the cloud provider can make no guarantees that we’re not shipping bad code to production.” [00:10:51 (https://podcast.curiefense.io/23?t=651)] “And service meshes were being shipped by Docker Swarm before they were cool.” [00:11:29 (https://podcast.curiefense.io/23?t=689)] “So, from a networking perspective, Docker Swarm was much better out of the box because it was batteries included, but changeable, and came with its own networking paradigm.” [00:11:40 (https://podcast.curiefense.io/23?t=700)] “However, the inability to run multiple containers in a pod meant that there was no flexibility of application ...
    Show more Show less
    41 mins
  • Episode 22: Thoughts on Bash Becoming Interplanetary and More with Brian J. Fox

    Episode 22: Thoughts on Bash Becoming Interplanetary and More with Brian J. Fox
    Aug 23 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer Guest Brian J. Fox Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast by Reblaze where we talk about the confluence of Cloud Native and Open Source. Today, we have an amazing guest with a long history of open source in the space and that is the legendary Brian J. Fox, who is the Co-Founder of Orchid, a blockchain company that started in 2017. Also, he created the Bash Shell and he was the first employee of the Free Software Foundation. Brian shares the story of how he ended up at FSF, his thoughts on the success of Bash after all these years, which includes running on Mars currently. We learn everything he did before he Co-Founded Orchid, he tells us all about Orchid and how it works, his thoughts on the open source movement and where he sees it going, and more about the value of cloud companies. We also find out Brian is a bassist in a band, so if you want to find out more go ahead and download this episode now! [00:01:51 (https://podcast.curiefense.io/22?t=111)] Brian tells us how he ended up at the FSF. [00:05:08 (https://podcast.curiefense.io/22?t=308)] Justin wonders if Brian thought Bash would still be around and he tells us it’s running on Mars in the helicopter. [00:07:08 (https://podcast.curiefense.io/22?t=428)] Richard brings up that Bash is on Windows and asks Brian to talk about how that happened and what his reaction was. [00:09:00 (https://podcast.curiefense.io/22?t=540)] At some point Brian left FSF and went to Orchid, and Richard wonders how that started. Brian fills us in on all the things he did in between FSF and Orchid. [00:14:01 (https://podcast.curiefense.io/22?t=841)] We learn how Orchid works and its physical infrastructure. [00:18:51 (https://podcast.curiefense.io/22?t=1131)] Brian tells us about the protocol being strictly peer to peer, and he explains more about the Orchid network and the bandwidth. [00:22:11 (https://podcast.curiefense.io/22?t=1331)] Justin asks if Brian still seeds or if he has enough users where it’s just kind of self-sustaining. Brian mentions OXT which is the name of the Orchid cryptocurrency. [00:23:36 (https://podcast.curiefense.io/22?t=1416)] Richard is curious and wants to know what Brian thinks about open source as a movement in the last two or three years, where does he think it’s going, and how does he think he’s leveraging that in Orchid in as best a way possible to make sure the success of the system that he’s building. [00:27:57 (https://podcast.curiefense.io/22?t=1677)] We find out from Brian that he’s all about problem solving and the architecture that goes into the problem solving and it’s about the expression. [00:29:40 (https://podcast.curiefense.io/22?t=1780)] How does Brian thread the line between being an open source diehard and I run a capitalist firm. [00:32:33 (https://podcast.curiefense.io/22?t=1953)] Justin does a U-turn to the conversation and goes back to the VPN industry and wants to know Brian’s thoughts on the current market of traditional VPN’s that are not crypto powered. [00:33:33 (https://podcast.curiefense.io/22?t=2013)] Brian tells us how he deals with requests from law enforcement agencies. [00:35:54 (https://podcast.curiefense.io/22?t=2154)] We end with Brian telling us where you can find him online, he tells us about his band Chillpoint that you should checkout, and he leaves us with thoughts on cloud companies not going away. Links Curiefense (https://www.curiefense.io/) Curiefense Twitter (https://twitter.com/curiefense?lang=en) Curiefense Blog (https://www.curiefense.io/blog) Cloud Native Community Groups-Curifense (https://community.cncf.io/curiefense/) community@curiefense.io (mailto:community@curiefense.io) Reblaze (https://www.reblaze.com/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) jdorfman@curiefense.io (mailto:jdorfman@curiefense.io) podcast@curiefense.io (mailto:podcast@curiefense.io) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Tzury Bar Yochay Twitter (https://twitter.com/tzury?lang=en) Brian J. Fox Linkedin (https://www.linkedin.com/in/brianjhanfox/) Brian J. Fox Twitter (https://twitter.com/brianjfox) Chillpoint Band (https://chillpointband.com/) Bash (https://en.wikipedia.org/wiki/Bash_(Unix_shell)) GNU Bash (https://www.gnu.org/software/bash/) Free Software Foundation (https://www.fsf.org/) Orchid (https://www.orchid.com/) Orchid OXT (https://www.coindesk.com/price/orchid) nixCraft (https://bash.cyberciti.biz/) Credits Executive Produced by Tzury Bar Yochay (https://twitter.com/tzury) Produced by Justin Dorfman (https://www.justindorfman.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Transcript by Layten Pryce (https://www.fiverr.com/misstranscript) Transcript [00:01...
    Show more Show less
    39 mins
  • Episode 21: Maintaining Envoy Proxy with Snow Petterson

    Episode 21: Maintaining Envoy Proxy with Snow Petterson
    Aug 18 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Tzury Bar Yochay Guest Snow Pettersen Envoy Proxy Senior Maintainer Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast by Reblaze where we talk about the confluence of Cloud Native and Open Source. Today, our special guest is Snow Pettersen, who is an Envoy Proxy Senior Maintainer working at Lyft on the Resilience team. Snow has done Cloud Native at Square, Netflix, Lyft, and he tells us how it’s changed over the years and a particular challenge he had recently. He also shares with us about problems with the release and rollout with sidecars in Envoy. Speaking of Envoy, Snow explains exactly what it is and what it does. We also learn the architecture of Envoy, the new contrib folder proposal, extensions coming out, and the “golden rules” to follow when reviewing a code. Go ahead and download this episode now to hear more and thank you for joining us today! [00:02:06 (https://podcast.curiefense.io/21?t=126)] Snow has done Cloud Native at Square, Netflix, and Lyft. Find out how it’s changed over the years. He also tells us about a recent challenge he had. [00:03:47 (https://podcast.curiefense.io/21?t=227)] We learn from Snow that the biggest headache he’s seeing with people using Envoy has been the release and rollout problem with sidecars. [00:06:47 (https://podcast.curiefense.io/21?t=407)] Tzury wonders how Snow would explain Envoy to someone. He also tells us how it switches to the new set of configurations while processing and Envoy’s scalability on a single machine. [00:13:16 (https://podcast.curiefense.io/21?t=796)] Snow goes more in depth about the architecture of Envoy and the new contrib folder proposal. [00:20:24 (https://podcast.curiefense.io/21?t=1224)] Find out how many people are actually maintaining, monitoring, and moderating the process. [00:24:02 (https://podcast.curiefense.io/21?t=1442)] Justin asks what Snow anticipates on extensions that will be coming out that can’t make it to core and what is it that people want that they can’t get right now. [00:26:43 (https://podcast.curiefense.io/21?t=1603)] Tzury wonders what the most obscure, unexpected use of Envoy was in production that Snow came across. [00:28:17 (https://podcast.curiefense.io/21?t=1697)] Over the years that Snow has been at Envoy, he tells us how much of his time he spends writing new code versus reviewing others versus answering emails and file or responding to issues on GitHub. Justin shares some stats from Snow’s GitHub profile. [00:29:54 (https://podcast.curiefense.io/21?t=1794)] Snow shares the “golden rules” when you review a code. [00:33:04 (https://podcast.curiefense.io/21?t=1984)] Find out where you can follow Snow online, and he gives a shout-out to the entire Envoy community! Links Curiefense (https://www.curiefense.io/) Curiefense Twitter (https://twitter.com/curiefense?lang=en) Curiefense Blog (https://www.curiefense.io/blog) Cloud Native Community Groups-Curifense (https://community.cncf.io/curiefense/) community@curiefense.io (mailto:community@curiefense.io) Reblaze (https://www.reblaze.com/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) jdorfman@curiefense.io (mailto:jdorfman@curiefense.io) podcast@curiefense.io (mailto:podcast@curiefense.io) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Tzury Bar Yochay Twitter (https://twitter.com/tzury?lang=en) Snow Pettersen Twitter (https://twitter.com/snowypeas) Snow Pettersen GitHub (https://github.com/snowp) Lyft (https://www.lyft.com/) Envoy (https://www.envoyproxy.io/) Episode #17: “99.99999% Uptime with Anna Berenberg” (https://podcast.curiefense.io/17) Credits Executive Produced by Tzury Bar Yochay (https://twitter.com/tzury) Produced by Justin Dorfman (https://www.justindorfman.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Transcript by Layten Pryce (https://www.fiverr.com/misstranscript) Transcript [00:00] Snow Petterson:There was a period of time around this time when I started being a maintainer and a bit before when I was writing a lot of code, just because again, I think it aligned very well with what my company needed at the time. Now, over time I've just gotten review ownership over more and more codes and being brought into more and more like, hey, you know how this works, so can you chime in? So I've definitely like drifted away more towards the side of communication. It's always nice to get some code written every now and then, but there's so much other stuff that happens that I always have to be careful about making myself the blocker for the code landing. [00:42] Intro: Hello, and welcome to Committing to Cloud Native, the podcast where we talk about the interface between open source and cloud native. We're super excited about...
    Show more Show less
    34 mins
  • Episode 20: Taking Open Source Supply Chain Security Seriously with Dan Lorenc

    Episode 20: Taking Open Source Supply Chain Security Seriously with Dan Lorenc
    Aug 9 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer Guest Dan Lorenc Software Engineering Lead, Google Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast by Reblaze where we talk about the confluence of Cloud Native and Open Source. Today, we are very excited to have as our guest, Dan Lorenc, who is a Staff Software Engineer and the lead for Google’s Open Source Security Team. Also, he founded projects like Minikube, Skaffold, TektonCD, and Sigstore. Dan will take us back to how he got into open source, Google, Cloud, and how he ended up being a lead for Google’s Open Source Security Team. We learn more about one of the bigger attacks that happened when Codecov Bash Unloader got compromised, what SGET is, what Google is doing to stop dependency nightmares, zombie dependencies, vectors, and why people should not sign Git Commits. Dan has written several blog posts and he talks more about some of them, and he shares some tips on the easiest way to get your security up if you are using cloud providers for working on open source projects. Download this episode now to find out much more from Dan! [00:01:53 (https://podcast.curiefense.io/20?t=113)] Dan tells us how he got into open source, Google, Cloud, and how he ended up being a lead for the Open Source Security Team. He tells us about his first open source project called Minikube. [00:05:07 (https://podcast.curiefense.io/20?t=307)] Justin brings up the safer curl URL pipe to bash which has been a topic on Hacker News. We learn more about the attack that happened earlier this year when Codecov bash installer got compromised and Dan explains more about that. Dan goes in-depth about what SGET is. [00:11:04 (https://podcast.curiefense.io/20?t=664)] Richard asks Dan if he thinks it’s important that people sign their Git commits and he talks about a blog post he wrote a couple of weeks ago about this. [00:12:40 (https://podcast.curiefense.io/20?t=724)] Dan explains how we can deal with security with stuff in the cloud and he tells us one of the biggest concerns he has right now. [00:15:12 (https://podcast.curiefense.io/20?t=912)] Find out more about the security leads across Google, and he tells us about an amazing paper that he recommends reading called “Reflections on Trusting Trust” by Ken Thompson. [00:17:23 (https://podcast.curiefense.io/20?t=1043)] Some people at the PSF got a $300,000 grant for supply chain security and Justin asks Dan if he had a role in that. Also, Justin mentions the reports going to Congress and the powerful XKCD graphic. [00:19:57 (https://podcast.curiefense.io/20?t=1197)] Learn what Google is doing to stop dependency nightmares, zombie dependencies, and vectors hitting that area. Also, Richard wonders if you can know as a cloud user what the dependencies actually are that you’re able to be exploited by. [00:26:54 (https://podcast.curiefense.io/20?t=1614)] Richard wonders how Dan stays sane, and how does he decide what to work on next. Also, Dan wrote a blog post called, “Procrastination Driven Development” and he describes how this all works in his brain. [00:31:07 (https://podcast.curiefense.io/20?t=1867)] One thing Justin wants to know is what repository or what package manager keeps Dan up at night. He wonders if there are any out there that need attention, or are they getting the attention that they need. [00:33:30 (https://podcast.curiefense.io/20?t=2010)] Find out where you can follow Dan on the internet and also some great tips to get your security up if you are using cloud providers at the moment for working on open source projects. Links Curiefense (https://www.curiefense.io/) Curiefense Twitter (https://twitter.com/curiefense?lang=en) Curiefense Blog (https://www.curiefense.io/blog) Cloud Native Community Groups-Curifense (https://community.cncf.io/curiefense/) community@curiefense.io (mailto:community@curiefense.io) Reblaze (https://www.reblaze.com/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) jdorfman@curiefense.io (mailto:jdorfman@curiefense.io) podcast@curiefense.io (mailto:podcast@curiefense.io) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Tzury Bar Yochay Twitter (https://twitter.com/tzury?lang=en) Dan Lorenc Twitter (https://twitter.com/lorenc_dan) Dan Lorenc Website (https://dlorenc.medium.com/) “Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack” By Ryan Naraine (Security Week) (https://www.securityweek.com/codecov-bash-uploader-dev-tool-compromised-supply-chain-hack) SGET (https://sget.org/) “Should You Sign Git Commits?” By Dan Lorenc (https://dlorenc.medium.com/should-you-sign-git-commits-f068b07e1b1f) “Reflections on Trusting Trust” By Ken Thompson (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf) “Securing Open Source Software at the Source” By Ashwin Ramaswami (https:/...
    Show more Show less
    35 mins
  • Episode 19: Telcos, Edge Clouds, Service Meshes, and more with Prajakta Joshi

    Episode 19: Telcos, Edge Clouds, Service Meshes, and more with Prajakta Joshi
    Aug 2 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer | Tzury Bar Yochay Guest Prajakta Joshi Group Product Manager, Edge Cloud for Enterprise and Telecom Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast by Reblaze where we talk about open source maintainers, contributors, sustainers, and their experiences in the Cloud Native space. Today we have as our guest, Prajakta Joshi, who is a Group Product Manager at Google driving Edge Cloud for Enterprise and Telecom. She joined Google in 2015, has been working with Tzury since 2016, and really knows all about the history of Cloud Native and how it really started. Prajakta tells us about her background and how she ended up in the Edge Cloud space. We also find out where open source fits in, revenue streams going towards the open source ecosystem to make it more sustainable and more useful to Enterprise and Telco users, and more on the evolution of server less gRPC service mesh. We also hear Tzury’s really interesting idea of the future Cloud, and Prajakta shares her perspective on how she handles the good and the bad and where the focus should be. Download this episode now to learn much more! [00:02:10 (https://podcast.curiefense.io/19?t=130)] Prajakta tells us about her background and how she keyed into Telcos. [00:04:27 (https://podcast.curiefense.io/19?t=267)] We learn more about the Edge Cloud product, how Prajakta ended up there, and how she manages consistency. [00:10:37 (https://podcast.curiefense.io/19?t=637)] Prajakta mentions Kubernetes and Richard asks where open source fits in. [00:15:12 (https://podcast.curiefense.io/19?t=912)] Richard asks Prajakta if she has any thoughts about revenue streams going towards the open source ecosystem and how that would work. [00:20:33 (https://podcast.curiefense.io/19?t=1233)] Prajakta explains more about how we have revenue streams going from Enterprise and Telcos back into the open source projects to make the entire system more sustainable and ultimately more useful to Enterprise and Telco users. [00:25:27 (https://podcast.curiefense.io/19?t=1527)] Tzury wonders instead of having so much manual labor, he thinks the real future Cloud would be fully automated cloud, bottom up from the infrastructure level itself and Prajakta tells us what she thinks about this. [00:28:31 (https://podcast.curiefense.io/19?t=1711)] Prajakta elaborates more on the evolution of server less gRPC service mesh. [00:34:51 (https://podcast.curiefense.io/19?t=2091)] Tzury wonders what the oldest service is in Google that Prajakta knows of that is still running the same way it was running at the beginning, and it was not migrated to any fancy schmancy new tech that she can share with us. [00:38:06 (https://podcast.curiefense.io/19?t=2286)] Find out about the two parts of service mesh and what the traffic director does. [00:39:08 (https://podcast.curiefense.io/19?t=2348)] Tzury asks how Prajakta how it feels being the greatest on one end and still the underdog on another. Also, how does she deal with this frustration or excitement and affect her day to day. [00:44:27 (https://podcast.curiefense.io/19?t=2667)] Find out where you can follow Prajakta on the web. Links Curiefense (https://www.curiefense.io/) Curiefense Twitter (https://twitter.com/curiefense?lang=en) Curiefense Blog (https://www.curiefense.io/blog) Cloud Native Community Groups-Curifense (https://community.cncf.io/curiefense/) community@curiefense.io (mailto:community@curiefense.io) Reblaze (https://www.reblaze.com/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) jdorfman@curiefense.io (mailto:jdorfman@curiefense.io) podcast@curiefense.io (mailto:podcast@curiefense.io) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Tzury Bar Yochay Twitter (https://twitter.com/tzury?lang=en) Prajakta Joshi Linkedin (https://www.linkedin.com/in/prajaktasjoshi/) Prajakta Joshi Twitter (https://twitter.com/prajaktaplus) Credits Executive Produced by Tzury Bar Yochay (https://twitter.com/tzury) Produced by Justin Dorfman (https://www.justindorfman.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr at Peachtree Sound (https://www.peachtreesound.com/) Transcript by Layten Pryce (https://www.fiverr.com/misstranscript) Transcript [00:00] Justin: Hey, it's Justin co-host of this podcast. We just released Curiefence version 1.4, which includes support for NGINX. It has UI improvements, security improvements, and much, much more. So just go to curiefence.io/blog to see what else we improved. Now enjoy the show. [00:21] Prajakta:  When I started off as well. Like a lot of the focus was on, okay, what's the next cool tech we built. And slowly as you start building it, you start realizing like for example, service mesh, it doesn't solve all problems for customers. You really need to bring other bits ...
    Show more Show less
    45 mins
  • Episode 18: The Best of CTCN: Volume 1

    Episode 18: The Best of CTCN: Volume 1
    Jul 19 2021
    Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer | Tzury Bar Yochay Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast by Reblaze where we talk about open source maintainers, contributors, sustainers, and their experiences in the Cloud Native space. This episode is a little different than others because we decided after publishing seventeen episodes this year, we want to take a trip down memory lane and look back at our most popular ones. Today, you will hear clips from our “Top Five” episodes which include the following guests, Kelsey Hightower, Les Jackson, Sergio Méndez, Chris Ferreira, and Richard Li. Sit back, relax, and enjoy! Oh, and go ahead and download this episode now! [00:01:05 (https://podcast.curiefense.io/18?t=65)] We start with Episode #8 which was our most popular downloaded episode. Our guest was Kelsey Hightower, who is Principal Engineer and Principal Staff Advocate at Google in the Google Cloud Platform Division. We learn how he ended up in the Cloud Native space, joining Google, and his job offer at NASA. Kelsey shares an abundance of information and we find out the amazing story behind “No Code.” [00:04:58 (https://podcast.curiefense.io/18?t=298)] Our next top episode was Episode #9 with Les Jackson, who is Developer Advocate at Marketplacer. Les explains his creative process and why he was interested in using Envoy to begin with to make microservices. We also hear his cool experience with writing his book, The Complete ASP.NET Core 3 API Tutorial, which he self-published versus going with a publisher. [00:09:41 (https://podcast.curiefense.io/18?t=581)] Episode #4 brought us a super fun guest, Sergio Méndez, who is an SRE, Professor, and CNCF Ambassador to Guatemala, as well as the organizer of the Cloud Native Guatemala Community Group and is working to get students and people from Central America involved into the CNCF ecosystem. Sergio is a “Linkerd Hero” and he is working on two contributions for Curiefense, which are Linkerd and Rancher, which we learn more about. [00:14:26 (https://podcast.curiefense.io/18?t=866)] Kubernetes is the topic of Episode #10, and we brought in Chris Ferreira, who is the Principal Engineer and Architect for the WebEx Platform at Cisco. Chris shares how he started out in culinary school and ended up in the IT world, working in startups on the front end and the back end, working for Microsoft, and now Cisco. He tells us about getting introduced into Kubernetes and becoming a code contributor to Istio in a pretty big way. [00:20:33 (https://podcast.curiefense.io/18?t=1233)] We end with Episode #7, with our guest Richard Li, who is the Co-Founder and CEO of Ambassador Labs, which builds popular open source tools for Kubernetes. We learn about the “Golden Rules” to building a successful open source company or project, and things you must do from the very beginning to keep the project interesting to the community and to get it out and reach out to those achievements. Links Curiefense (https://www.curiefense.io/) Curiefense Twitter (https://twitter.com/curiefense?lang=en) Cloud Native Community Groups-Curifense (https://community.cncf.io/curiefense/) community@curiefense.io (mailto:community@curiefense.io) Reblaze (https://www.reblaze.com/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) jdorfman@curiefense.io (mailto:jdorfman@curiefense.io) podcast@curiefense.io (mailto:podcast@curiefense.io) Richard Littauer Twitter (https://twitter.com/richlitt?lang=en) Tzury Bar Yochay Twitter (https://twitter.com/tzury?lang=en) Committing To Cloud Native Podcast-Episode 8-Learning in Public with Kelsey Hightower (https://podcast.curiefense.io/8) Kelsey Hightower Twitter (https://twitter.com/kelseyhightower?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Committing To Cloud Native Podcast-Episode 9-Microservices are Interesting with Les Jackson (https://podcast.curiefense.io/9) Les Jackson Twitter (https://twitter.com/binarythistle?lang=en) The Complete ASP.NET Core 3 API Tutorial: Hands-On Building, Testing, and Deploying by Les Jackson (https://www.amazon.com/Complete-ASP-NET-Core-Tutorial-Hands-dp-1484262549/dp/1484262549/ref=mt_other?_encoding=UTF8&me=&qid=) Committing To Cloud Native Podcast-Episode 4-Sergio Méndez: SRE, Professor & CNCF Ambassador to Guatemala (https://podcast.curiefense.io/4) Sergio Méndez Twitter (https://twitter.com/sergioarmgpl) Committing To Cloud Native Podcast-Episode 10-Kubernetes, (Almost) Love at First Sight with Chris Ferreira (https://podcast.curiefense.io/10) Chris Ferreira Linkedin (https://www.linkedin.com/in/chferrei) Committing To Cloud Native Podcast-Episode 7-Building a Business Around Popular Open Source Tools for Kubernetes with Richard Li (https://podcast.curiefense.io/7) Richard Li Twitter (https://twitter.com/rdli) Credits Executive Produced by Tzury Bar ...
    Show more Show less
    23 mins