1 00:00:01,080 --> 00:00:03,000 Speaker 1: How'd you like to listen to dot net rocks with 2 00:00:03,040 --> 00:00:07,879 no ads? Easy? Become a patron for just five dollars 3 00:00:07,919 --> 00:00:10,800 a month. You get access to a private RSS feed 4 00:00:10,839 --> 00:00:14,279 where all the shows have no ads. Twenty dollars a month, 5 00:00:14,279 --> 00:00:16,879 we'll get you that and a special dot net Rocks 6 00:00:16,960 --> 00:00:21,000 patron mug. Sign up now at Patreon dot dot NetRocks 7 00:00:21,120 --> 00:00:36,520 dot com. Hello and welcome back to dot net rocks. 8 00:00:36,880 --> 00:00:39,759 I'm Carl Franklin and I'm Richard Campbell, and we're here 9 00:00:39,799 --> 00:00:44,240 again for your dot net and all things, you know, 10 00:00:44,600 --> 00:00:50,560 geek pleasure. I think so, Uh, Richard, how's it going 11 00:00:50,600 --> 00:00:52,119 over there in Vancouver? 12 00:00:53,359 --> 00:00:56,320 Speaker 2: Well, if we get our time shifting right and nothing 13 00:00:56,359 --> 00:00:58,880 weird happens and the creek don't rise, I should have 14 00:00:58,920 --> 00:01:02,079 published episode one thousand of run As Radio yesterday. 15 00:01:02,240 --> 00:01:06,640 Speaker 1: Congratulations, thanks man, big milestone a lot of shows. Yeah 16 00:01:06,640 --> 00:01:10,200 it is. And do you want to talk about dev intersection? 17 00:01:10,239 --> 00:01:11,879 Can we talk about that now? Yeah? 18 00:01:11,959 --> 00:01:13,680 Speaker 2: Yeah, we can talk about dev intersection and you know, 19 00:01:13,760 --> 00:01:16,319 all all the things come together well, and we're calling 20 00:01:16,359 --> 00:01:18,719 it the we're sort of bouncing between the names because 21 00:01:18,719 --> 00:01:21,799 there's a lot of emphasis on cloud development, so sort 22 00:01:21,799 --> 00:01:25,719 of Azure community development you know stuff as well as 23 00:01:25,719 --> 00:01:27,879 there's two other adjacent shows attached to it. But if 24 00:01:27,879 --> 00:01:29,879 you know dev inter Section, you know what to expect. 25 00:01:30,359 --> 00:01:34,239 The usual troublemakers including you and me, but also the 26 00:01:34,239 --> 00:01:37,239 next Gen AI show, so lots of co piloting and 27 00:01:37,319 --> 00:01:40,640 lots of real jenitor of AI, you know, smart folks, 28 00:01:40,719 --> 00:01:43,959 the science people so forth, building cool things. And our 29 00:01:44,079 --> 00:01:50,000 friend Michelle Busta Monte has started up a cybersecurity conference 30 00:01:50,040 --> 00:01:53,599 adjacent to the other two. So yeah, three shows in one. 31 00:01:53,719 --> 00:01:56,840 I got news about that one. Yeah, I'm doing two 32 00:01:57,400 --> 00:02:01,640 talks at Michelle's security conference. Oh wow. 33 00:02:01,760 --> 00:02:07,560 Speaker 1: One of them is secure your Blazer Server Applications nice important, 34 00:02:07,640 --> 00:02:11,080 and the other one is a live security this week. 35 00:02:11,240 --> 00:02:13,960 Oh cool, I'm gonna do it on stage Channel show. Yeah, 36 00:02:14,000 --> 00:02:16,680 we don't actually have the time yet, but we think 37 00:02:16,680 --> 00:02:19,120 it might be in the evening, you know sometime. 38 00:02:19,240 --> 00:02:21,560 Speaker 2: Yeah, it's a logical time to do it, right. Well, 39 00:02:21,800 --> 00:02:23,800 if you working your butt off that week is aren't 40 00:02:23,840 --> 00:02:26,560 you doing a session with Maddie as well on Yes 41 00:02:26,680 --> 00:02:29,039 Purifying Never Hanks. 42 00:02:28,960 --> 00:02:32,000 Speaker 1: I'm really going to town this week. Crazy, I'm not 43 00:02:32,039 --> 00:02:35,599 only doing a Blazer workshop one day, but yeah, Maddie 44 00:02:35,639 --> 00:02:38,000 Montaguella and I and Jeff Fritz will be there too, 45 00:02:38,439 --> 00:02:42,199 are going to aspirify the dot NetRocks dot com website. 46 00:02:42,280 --> 00:02:43,840 Speaker 2: Cool live in front. 47 00:02:43,599 --> 00:02:44,120 Speaker 1: Of your face. 48 00:02:44,319 --> 00:02:47,039 Speaker 2: There's nothing better than a Brownfield action man like actually 49 00:02:47,080 --> 00:02:50,000 taking existing code and applying new standards to it and 50 00:02:50,039 --> 00:02:51,159 not having a catch fire. 51 00:02:51,240 --> 00:02:54,400 Speaker 1: And honest to god, like, I don't really know what 52 00:02:54,439 --> 00:02:57,960 to expect because this isn't something that's in my wheelhouse, 53 00:02:58,080 --> 00:02:58,800 you know, So. 54 00:02:59,360 --> 00:03:01,400 Speaker 2: It's going to be a no, you're on the ride. 55 00:03:02,080 --> 00:03:03,599 Speaker 1: Yeah, I'm on the ride. It's going to be a 56 00:03:03,680 --> 00:03:06,919 learning experience for me and hopefully, you know, the it 57 00:03:06,960 --> 00:03:07,639 will show. 58 00:03:07,520 --> 00:03:09,039 Speaker 2: Learn experience for everybody who's there. 59 00:03:09,240 --> 00:03:11,879 Speaker 1: It will show in the results. And then a couple 60 00:03:11,960 --> 00:03:14,800 of other talks to Yeah, I'm going to be working 61 00:03:15,199 --> 00:03:19,080 working hard. All right, let's start off with better no framework, 62 00:03:19,159 --> 00:03:29,000 roll the music, all right? What do you got? Do 63 00:03:29,000 --> 00:03:30,759 you know what lotty animations are? 64 00:03:31,120 --> 00:03:31,199 Speaker 2: No? 65 00:03:31,360 --> 00:03:35,919 Speaker 1: I didn't either until today, well until I found this, Yeah, 66 00:03:36,240 --> 00:03:41,479 lottifiles dot com. These are free, lightweight animations, but I 67 00:03:41,520 --> 00:03:45,639 guess they require a player, right, and so they look 68 00:03:45,719 --> 00:03:49,560 like animated gifts to me, and I don't really understand 69 00:03:49,639 --> 00:03:52,599 the difference yet. But However, I did find this Lotty 70 00:03:52,639 --> 00:03:56,479 player which is in a part of the mud Blazer 71 00:03:56,719 --> 00:04:00,960 extra package. So it's a Blazer Lotti player that makes 72 00:04:00,960 --> 00:04:04,240 it easy to integrate high quality Lotty animations into your 73 00:04:04,240 --> 00:04:07,599 Blazer applications. And it's a simple new get package and 74 00:04:07,639 --> 00:04:10,960 it's you know, very easy to do. I just don't 75 00:04:11,000 --> 00:04:14,240 know enough about Lottie to really care about it, but 76 00:04:14,319 --> 00:04:17,920 somebody does, because this is, you know, this is kind 77 00:04:17,959 --> 00:04:20,839 of an up and coming thing that's interesting. Yeah. 78 00:04:20,879 --> 00:04:22,600 Speaker 2: Cool, another format. 79 00:04:22,319 --> 00:04:27,439 Speaker 1: Another format, Yeah, exactly. So that's what I got today. 80 00:04:27,800 --> 00:04:29,399 Know it, learn it, love it. Who's talking to us? 81 00:04:29,480 --> 00:04:32,160 Speaker 2: Richard grabbed a commenta of a show nineteen fifty five 82 00:04:32,199 --> 00:04:36,240 which you did at Build not that long ago, of course, 83 00:04:36,240 --> 00:04:38,240 published in June, somewhat after the show, where we talked 84 00:04:38,240 --> 00:04:40,680 to our friend Nicole Forrestkrenn, who hadn't seen in a while, 85 00:04:41,240 --> 00:04:45,319 one of the you know, Devop's goddesses. She ran Dora 86 00:04:45,439 --> 00:04:48,519 for the longest time and really was the person, I think, 87 00:04:48,560 --> 00:04:52,920 more than anyone, who put the numbers to what it 88 00:04:53,079 --> 00:04:55,319 meant to be a high performing team, like what the 89 00:04:55,399 --> 00:04:59,839 difference was when you organized into rapid iterating ways, integrated 90 00:04:59,879 --> 00:05:03,160 to and so Forth said, here's the performance different differences 91 00:05:03,480 --> 00:05:06,519 that these teams get across the large numbers of organizations. 92 00:05:06,519 --> 00:05:10,360 So she kind of took the you know, anecdotal side 93 00:05:10,360 --> 00:05:13,160 of DevOps away and gave it a real science rigger. 94 00:05:13,800 --> 00:05:17,120 And we've talked about this concept of frictionless development, about 95 00:05:17,120 --> 00:05:20,959 what happens when you can code quickly and have this 96 00:05:21,040 --> 00:05:23,560 infrastructure around you to know what's going on, and that 97 00:05:23,680 --> 00:05:27,800 included using the contemporary AI technologies, although that was you know, 98 00:05:27,879 --> 00:05:31,720 in May, and here we are in August September, where 99 00:05:31,800 --> 00:05:32,800 of course things have. 100 00:05:32,879 --> 00:05:34,480 Speaker 1: Changed again light years away. 101 00:05:34,560 --> 00:05:36,720 Speaker 2: Yeah, it keeps moving so fast. And so this comment 102 00:05:36,759 --> 00:05:39,800 comes from Neil Tiberwalla who says, thanks for the great episode. 103 00:05:39,920 --> 00:05:42,319 On one of the projects I'm working on, we are 104 00:05:42,319 --> 00:05:46,000 also struggling to see how llms fit into DevOps. However, 105 00:05:46,040 --> 00:05:48,319 are surprised to hear you all talking about multiple agents 106 00:05:48,480 --> 00:05:51,399 merge conflicts. It seems like this is really a non 107 00:05:51,439 --> 00:05:53,800 issue since the AI could just delete their work and 108 00:05:53,920 --> 00:05:57,480 start over and redo the whole task. It's just some 109 00:05:57,600 --> 00:06:02,279 computation not but otherwise not lost human programmer time. That 110 00:06:02,399 --> 00:06:05,120 is the motivation for a merged process. Yeah, there's also 111 00:06:05,160 --> 00:06:07,680 a cost in tokens. But I'm with you. Yeah, And 112 00:06:07,720 --> 00:06:10,560 as you said on the show, a new paradigm requires 113 00:06:10,839 --> 00:06:14,759 new ways of thinking. Definitely, software che all that is 114 00:06:14,839 --> 00:06:19,160 changing again, and I'm not unhappy about it. It's interesting 115 00:06:19,319 --> 00:06:23,079 to talk to folks and to experience all the different approaches. 116 00:06:23,480 --> 00:06:25,000 So Neil, thank you so much for your comment. And 117 00:06:25,040 --> 00:06:26,639 a copy of music Coby is on its way to you. 118 00:06:26,680 --> 00:06:28,199 And if you'd like a copy of music Koba, I 119 00:06:28,240 --> 00:06:30,920 write a comment on the website at don Arocks dot 120 00:06:30,920 --> 00:06:33,000 com or on the facebooks. We publish every show there, 121 00:06:33,000 --> 00:06:34,240 and if you comment there and I read it on 122 00:06:34,240 --> 00:06:35,800 the show, I'll send you a copy of music Goba. 123 00:06:35,959 --> 00:06:38,079 Speaker 1: Music to code by I remember that, Yeah, that thing 124 00:06:38,120 --> 00:06:40,680 I started a long time ago to help you focus 125 00:06:41,199 --> 00:06:44,399 during development. Well now there's twenty two tracks, and if 126 00:06:44,439 --> 00:06:46,800 you don't want to send in a comment and get 127 00:06:46,839 --> 00:06:48,759 a free copy of it, you can go to music 128 00:06:48,759 --> 00:06:51,399 too coode by dot net and you can download the 129 00:06:51,560 --> 00:06:55,600 entire collection in MP three, flack or wave format. 130 00:06:55,800 --> 00:06:56,079 Speaker 2: Nice. 131 00:06:56,160 --> 00:07:00,759 Speaker 1: All right, So this being showed nineteen one hundred and sixty, 132 00:07:01,240 --> 00:07:05,639 let's talk about what happened in nineteen sixty six. There's 133 00:07:05,839 --> 00:07:08,439 you know this is one of those years, right that 134 00:07:08,600 --> 00:07:14,160 people remember space exploration, Soviet Lunar nine spacecraft, and I'm 135 00:07:14,160 --> 00:07:18,600 sure we'll talk more about that. The nineteen sixty six 136 00:07:18,720 --> 00:07:22,360 FIFA World Cup held in England. The host nation won 137 00:07:22,399 --> 00:07:25,319 its first championship by defeating West Germany in the final. 138 00:07:26,199 --> 00:07:33,079 The Cultural Revolution in China Mao Jeidong right, so significant 139 00:07:33,120 --> 00:07:37,680 social and political upheaval. The Vietnam War. The US announced 140 00:07:37,720 --> 00:07:43,079 a substantial increase in troops in Vietnam. Civil rights Sammy Young, 141 00:07:43,160 --> 00:07:46,439 junior civil rights activist, was murdered in Alabama, highlighting the 142 00:07:46,560 --> 00:07:50,319 ongoing struggle for civil rights. The New York City Transits Strike, 143 00:07:50,839 --> 00:07:55,399 a wildcat strike by public transportation workers, began January second 144 00:07:56,000 --> 00:08:00,839 and lasted until January thirteenth. But my favorite category, music 145 00:08:00,879 --> 00:08:05,079 and culture. The Beach Boys Pet Sounds was released, which 146 00:08:05,240 --> 00:08:10,000 totally reshaped pop music. John Lennon sparked outrage with his 147 00:08:10,079 --> 00:08:12,720 comment that the band was more popular than Jesus. 148 00:08:12,920 --> 00:08:13,800 Speaker 2: Yeah not smart. 149 00:08:13,879 --> 00:08:17,639 Speaker 1: I shouldn't have said it, and I'm sorry. And The 150 00:08:17,680 --> 00:08:22,240 flint Stones aired its series finale on April first, And 151 00:08:22,279 --> 00:08:23,959 there's of course a lot more of it. What do 152 00:08:24,000 --> 00:08:25,439 you want to tell us about technology? 153 00:08:25,439 --> 00:08:28,560 Speaker 2: In space Richard, You know, ninety six six is not 154 00:08:28,600 --> 00:08:31,600 a huge here on the space side, just because it's 155 00:08:31,639 --> 00:08:34,120 the end of the Gemini program and just before the 156 00:08:34,240 --> 00:08:38,759 Apollo program really ramps up. Although there's lots of Cold 157 00:08:38,759 --> 00:08:41,720 War stuff going on, lots of reconnaissance satellites and so forth. 158 00:08:42,399 --> 00:08:47,200 But I would point out that Surveyor won launches and 159 00:08:47,320 --> 00:08:49,679 lands on the Moon successfully for the first time, one 160 00:08:49,679 --> 00:08:51,879 of the very first soft landings on the Moon ever. 161 00:08:52,120 --> 00:08:52,480 Speaker 1: Wow. 162 00:08:52,639 --> 00:08:57,360 Speaker 2: And also they start doing mapping of the Moon with 163 00:08:57,440 --> 00:08:59,960 the prospect for landing with an orbit called the lou 164 00:09:00,120 --> 00:09:02,879 Or orbiter. And it's a time before CCDs and so forth, 165 00:09:02,919 --> 00:09:06,480 so taking pictures and sending them back is not a 166 00:09:06,639 --> 00:09:10,600 simple thing in nineteen sixty six, So yeah, it's not 167 00:09:10,759 --> 00:09:13,519 the most exciting year sings. They'll get hairy from here 168 00:09:13,559 --> 00:09:16,679 as the Apollo program really gets rocking along. But at 169 00:09:16,679 --> 00:09:18,799 this but on that year they still did a few 170 00:09:18,879 --> 00:09:22,960 important things and it wouldn't be You're not wrong that 171 00:09:23,440 --> 00:09:26,039 the Soviets had the Luna twelve mission, which also took 172 00:09:26,039 --> 00:09:30,840 photos of the Moon, although admittedly after the Americans got them. 173 00:09:31,159 --> 00:09:34,240 But let's talk about important stuff, like nineteen sixty six 174 00:09:34,279 --> 00:09:37,000 is the year the cool whip is invented, all right, 175 00:09:37,399 --> 00:09:39,120 nothing like an edible oil product. 176 00:09:39,360 --> 00:09:43,159 Speaker 1: Yeah, edible oil. Cardiovascular dream come true. 177 00:09:43,919 --> 00:09:46,399 Speaker 2: Listen, palm oil is well, let's be clear, not your friend. 178 00:09:46,440 --> 00:09:47,080 Speaker 1: Not your friend. 179 00:09:48,360 --> 00:09:51,960 Speaker 2: On the computer side, Helid Packard's very first computer, the 180 00:09:52,320 --> 00:09:55,960 HP twenty one sixteen A, which is a funny number 181 00:09:55,960 --> 00:09:59,440 for your first one. It was actually an acquired computer. 182 00:09:59,440 --> 00:10:01,600 They bought a comp called Data Systems who made a 183 00:10:01,600 --> 00:10:04,279 thing called the DSi one thousand, although they had never shipped. 184 00:10:04,320 --> 00:10:06,840 They bought the company back in sixty four finished it up. 185 00:10:06,840 --> 00:10:09,080 It was all integrated circuits, which is very novel of 186 00:10:09,080 --> 00:10:11,799 the time, and magnetic core memory because they're still a 187 00:10:11,799 --> 00:10:14,840 couple of years away from digital ram being a thing. 188 00:10:15,480 --> 00:10:17,480 This is a sixteen bit mini computer with a ten 189 00:10:17,519 --> 00:10:21,360 megahertz clock. It comes with four K words sixteen bit words, 190 00:10:21,600 --> 00:10:24,919 but you could externally expand it that's more coarse up 191 00:10:25,000 --> 00:10:26,840 to eight k and if you wanted to go to 192 00:10:26,840 --> 00:10:30,399 a big old sixteen you need an external box for it. 193 00:10:30,600 --> 00:10:30,960 Speaker 1: Wow. 194 00:10:31,399 --> 00:10:33,919 Speaker 2: Weighed about two hundred and thirty pounds and cost about 195 00:10:33,960 --> 00:10:37,720 twenty thousand dollars when it first shipped in nineteen sixty six. 196 00:10:39,080 --> 00:10:42,879 And finally, yeah, very relevant for the time. In nineteen 197 00:10:42,919 --> 00:10:45,840 sixty six, a scientist be the name of Joseph Wisenbaum 198 00:10:45,960 --> 00:10:50,759 working at MIT, released a piece of software called Eliza. 199 00:10:50,519 --> 00:10:52,399 Speaker 1: That was so fascinating to me. 200 00:10:52,480 --> 00:10:56,759 Speaker 2: There Rogerian chatter bought, as they called it at the time, 201 00:10:56,919 --> 00:11:01,440 ran on an IBM seventy foot ninety four. Whisenbaum talked 202 00:11:01,440 --> 00:11:06,000 about it doing language transformations, which is interesting to think 203 00:11:06,039 --> 00:11:07,519 about sixty years later. 204 00:11:07,919 --> 00:11:11,080 Speaker 1: All right, so the real story is that the term 205 00:11:11,200 --> 00:11:14,320 artificial intelligence was being bounced around, and he knew that 206 00:11:14,360 --> 00:11:18,279 these were just programs, and to prove it, he wanted 207 00:11:18,360 --> 00:11:24,320 to say, you know, this might seem like a human, 208 00:11:24,639 --> 00:11:27,919 but it's just looking for keywords and spinning out wrote 209 00:11:28,000 --> 00:11:31,919 answers and actually not even answers, answering questions with. 210 00:11:32,000 --> 00:11:34,000 Speaker 2: Questions questions, the Rogerian approach. 211 00:11:34,039 --> 00:11:37,080 Speaker 1: Yeah, yeah, so if you say, you know, I hate 212 00:11:37,120 --> 00:11:39,200 my brother or whatever, it would say, tell me more 213 00:11:39,200 --> 00:11:42,559 about your family. But he did it as a goof really, yes, 214 00:11:42,600 --> 00:11:44,759 he did. He did it to show how ridiculous it was, 215 00:11:44,919 --> 00:11:46,360 how ridiculous. 216 00:11:45,919 --> 00:11:48,240 Speaker 2: And people spent hours with it. 217 00:11:48,240 --> 00:11:51,200 Speaker 1: It's true. Yeah, I have witnessed it. 218 00:11:51,279 --> 00:11:53,720 Speaker 2: Yeah, they did run it through a Turing test. And 219 00:11:53,799 --> 00:11:56,240 it failed. Of course, not that the Turing test is 220 00:11:56,240 --> 00:12:00,159 particularly meaningful, but this is in the early days of it, 221 00:12:00,200 --> 00:12:02,559 but it was one of the they later on to 222 00:12:02,559 --> 00:12:04,840 come on to define this idea called the Eliza effect, 223 00:12:04,840 --> 00:12:09,799 which is this a tendency for humans to overvalue language 224 00:12:09,840 --> 00:12:15,240 interactions as especially intelligent answer promatively. You know, language is 225 00:12:15,240 --> 00:12:18,399 a pretty profound thing in this sort of sentient space, right, 226 00:12:18,480 --> 00:12:21,120 so we're kind of wired to respond to that for 227 00:12:21,159 --> 00:12:24,360 better or worse. But hi, golly, aren't we battling these 228 00:12:24,360 --> 00:12:25,480 same problems right now? 229 00:12:25,759 --> 00:12:28,039 Speaker 1: Oh, one hundred thousand times more. 230 00:12:28,240 --> 00:12:31,399 Speaker 2: Yeah. Now we call it chat GPT psychosis. 231 00:12:31,879 --> 00:12:34,720 Speaker 1: It really is too, isn't it. I mean, it's very serious. 232 00:12:34,840 --> 00:12:37,440 I'm not going to say who it is, but somebody 233 00:12:37,480 --> 00:12:40,480 that you and I both know what. You know. He 234 00:12:40,600 --> 00:12:43,799 was trying to talk to his mother about AI or whatever, 235 00:12:43,919 --> 00:12:48,000 and to impress her he basically spit out a document. 236 00:12:48,039 --> 00:12:50,360 He went to chat GPT and spit out a document, 237 00:12:51,039 --> 00:12:54,440 you know, in minutes, and she was amazed by it. 238 00:12:54,480 --> 00:12:57,279 And I said to him, I said, did you check 239 00:12:57,360 --> 00:13:00,720 the facts? Heause, no, no, I didn't. It was actually 240 00:13:00,759 --> 00:13:04,080 an application. It was like something that you would send 241 00:13:04,360 --> 00:13:09,000 to somebody to apply for something, right, and it had 242 00:13:09,039 --> 00:13:10,840 all sorts of facts and did you check it? Because 243 00:13:10,879 --> 00:13:13,720 you know, the thing does get stuff wrong. He goes 244 00:13:13,759 --> 00:13:15,120 fabricate stuff whole cloth. 245 00:13:15,200 --> 00:13:15,759 Speaker 2: Yeah, and he. 246 00:13:15,720 --> 00:13:16,759 Speaker 1: Didn't even think about it. 247 00:13:16,919 --> 00:13:17,080 Speaker 2: Right. 248 00:13:17,159 --> 00:13:19,519 Speaker 1: It's like, you know, and this is an intelligent because 249 00:13:19,559 --> 00:13:22,600 the computer is always right, right. This is an intelligent 250 00:13:22,639 --> 00:13:25,720 person that you and I both know, and you know, 251 00:13:26,240 --> 00:13:30,759 just forgetting to fact check. Yeah, yeah, yep, scary all right. 252 00:13:31,039 --> 00:13:35,080 End of Soapbox nineteen sixty six, you know, sixty years ago. 253 00:13:35,519 --> 00:13:42,840 All right, Shall we introduce our guest, Michael Levan. Michael 254 00:13:42,879 --> 00:13:49,799 translates technical complexity into practical value. He's a seasoned engineer, consultant, trainer, 255 00:13:49,879 --> 00:13:53,679 and content creator in the Kubernetes, security, DevOps and platform 256 00:13:53,759 --> 00:13:57,519 engineering space, spending his time working with startups and enterprises 257 00:13:57,519 --> 00:14:01,360 around the globe. Michael is also a Microsoft MVP in 258 00:14:01,399 --> 00:14:06,559 the Azure space, in AWS community builder three times, a 259 00:14:06,600 --> 00:14:11,440 four times published author, a podcast host, an international public speaker, 260 00:14:11,919 --> 00:14:15,960 CNCF ambassador, and he was part of the Kubernetes version 261 00:14:16,000 --> 00:14:18,720 one point two eight and version one point three to 262 00:14:18,799 --> 00:14:20,840 one release team. Welcome to the. 263 00:14:20,799 --> 00:14:23,600 Speaker 3: Show, Michael, Thank you so much for having me now, 264 00:14:23,600 --> 00:14:25,559 I have the friendly reminder that I need to cut 265 00:14:25,600 --> 00:14:26,679 down my bio a little bit. 266 00:14:28,360 --> 00:14:30,840 Speaker 1: Actually it's quite impressive and I wouldn't leave anything out. 267 00:14:31,120 --> 00:14:33,279 Speaker 2: And he's knocked out a couple of run answers with 268 00:14:33,320 --> 00:14:34,240 me over the years too. 269 00:14:35,039 --> 00:14:37,120 Speaker 1: Yep. Yeah, but your first time on this show. 270 00:14:37,519 --> 00:14:39,440 Speaker 3: Yeah, yeah, thank you guys so much for having me 271 00:14:39,440 --> 00:14:40,519 really appreciate it and worries. 272 00:14:40,559 --> 00:14:44,120 Speaker 1: Well, you know, part of DevOps is dev so oddly enough, 273 00:14:44,159 --> 00:14:46,440 you do you do have your hand in that space 274 00:14:46,480 --> 00:14:46,879 as well? 275 00:14:47,120 --> 00:14:49,879 Speaker 3: Yeah, no, absolutely, I mean, ironically enough, I feel like 276 00:14:49,919 --> 00:14:52,279 I kind of live in two worlds. I do a 277 00:14:52,320 --> 00:14:55,360 lot of you know, the devopsy cloud based stuff, but 278 00:14:56,039 --> 00:14:59,799 I would say probably as a consultant, half of my 279 00:15:00,000 --> 00:15:02,480 a year or so is spent doing a lot of 280 00:15:02,519 --> 00:15:05,200 back end software engineering. So I've been doing a lot 281 00:15:05,240 --> 00:15:08,360 of Python lately. Before that, I was doing a lot 282 00:15:08,360 --> 00:15:11,360 of Go in my free time, you know, outside of 283 00:15:11,480 --> 00:15:15,159 client work. I'm diving deeper and deeper into Rust. So 284 00:15:15,360 --> 00:15:19,159 I'm definitely in all the worlds ironically enough, so. 285 00:15:19,480 --> 00:15:23,039 Speaker 2: All the worlds. Yeah, it's good to be a polyglot, right, 286 00:15:23,080 --> 00:15:26,080 to exercise the different languages and sort of see how 287 00:15:26,120 --> 00:15:29,720 the various sides live, although I just went through a 288 00:15:29,759 --> 00:15:32,320 process where we took a sample ap of an MVP 289 00:15:33,000 --> 00:15:35,960 and regenerated in six languages in a matter of days. 290 00:15:36,039 --> 00:15:38,240 It's like, here's what it looks like in Swift, Here's 291 00:15:38,240 --> 00:15:40,679 what it looks like in Rust. Like, I mean, you're 292 00:15:40,679 --> 00:15:42,840 don't even wonder what language even means anymore. 293 00:15:43,840 --> 00:15:46,159 Speaker 3: The irony of it is, I've been thinking about this 294 00:15:46,240 --> 00:15:49,120 a lot, is that I wonder if we'll reach a 295 00:15:49,200 --> 00:15:52,720 point where like natural language will be the language. 296 00:15:52,799 --> 00:15:53,320 Speaker 1: Yeah, you know. 297 00:15:54,200 --> 00:15:57,120 Speaker 3: I wonder if we'll hit a time where it's like, yeah, 298 00:15:57,240 --> 00:16:00,960 you know, I want to write a memory, you know, 299 00:16:01,240 --> 00:16:05,399 sensitive application, and then you have two choices. You say, well, 300 00:16:05,440 --> 00:16:07,720 you can go with you know, this language, which is 301 00:16:07,759 --> 00:16:09,759 maybe Go, or you go with this language, which is 302 00:16:09,799 --> 00:16:11,879 maybe you Russ. And then you say, okay, this is 303 00:16:11,879 --> 00:16:13,320 what I wanted to do, and then it goes and 304 00:16:13,360 --> 00:16:15,159 it does it. I don't know, maybe we reach a 305 00:16:15,159 --> 00:16:17,720 point where it's like, you know, everything's just bytecode and 306 00:16:17,720 --> 00:16:20,120 we just kind of don't see it. It's all natural language. 307 00:16:20,480 --> 00:16:22,320 Speaker 2: Yeah, well, if you never look at the code, what 308 00:16:22,360 --> 00:16:23,519 do you care what it was generated? 309 00:16:23,600 --> 00:16:27,519 Speaker 1: Unless it's job ASCRIPT, then I would protest, Yeah, do care? Hardily. 310 00:16:30,600 --> 00:16:33,080 Speaker 2: You know, mostly it's about understanding what's going on. I 311 00:16:33,080 --> 00:16:35,600 was thinking about cucumber the other day. Remember this testing 312 00:16:35,840 --> 00:16:38,919 lie where you're supposed to sort of write natural language tests, 313 00:16:39,120 --> 00:16:43,039 and it's kind of you know, we've always tried, you know, 314 00:16:43,159 --> 00:16:47,919 what is specifications or requirements, but natural language that describes code, 315 00:16:47,919 --> 00:16:50,399 that is ultimately our measure for how we provided a 316 00:16:50,480 --> 00:16:53,639 solution which it seemed to be moving further up there. 317 00:16:53,879 --> 00:16:56,639 And it's not like any of this stuff doesn't take 318 00:16:56,639 --> 00:16:57,559 a lot of skill to do. 319 00:16:57,679 --> 00:16:57,919 Speaker 1: Well. 320 00:16:58,240 --> 00:17:01,320 Speaker 2: Yeah, you know, it's you know, this is not a 321 00:17:01,360 --> 00:17:05,519 trivial practice, but certainly evolving without it. 322 00:17:05,599 --> 00:17:09,599 Speaker 1: So Michael has DevOps I don't know changed in the 323 00:17:09,680 --> 00:17:15,599 last three years. For you, what's been the most significant 324 00:17:15,680 --> 00:17:20,319 change in DevOps in the last few years. 325 00:17:20,640 --> 00:17:24,559 Speaker 3: I think, you know, the obvious answer is AI, right, 326 00:17:24,720 --> 00:17:27,279 But I think conceptually, like I always look at it 327 00:17:27,319 --> 00:17:29,759 in two different ways. I look at it in the 328 00:17:30,240 --> 00:17:33,279 positions and like what you're doing in your day to 329 00:17:33,359 --> 00:17:36,279 day at your job. And then I also look at 330 00:17:36,319 --> 00:17:40,480 it from a like underlying technology perspective. And I always 331 00:17:40,519 --> 00:17:45,039 say this to everybody, like, if you have good fundamental knowledge, 332 00:17:45,039 --> 00:17:47,680 like you know, if you have a decent fundamental knowledge 333 00:17:47,680 --> 00:17:49,880 and you know, the computer science and stuff, right, so 334 00:17:50,000 --> 00:17:53,720 like data structures, standard algorithms, all that fun stuff. And 335 00:17:53,759 --> 00:17:56,160 then if you have a good base of you know, 336 00:17:56,240 --> 00:18:02,279 standard IT networking systems, how all that works. The irony 337 00:18:02,440 --> 00:18:04,839 is ninety percent of what you're doing is kind of 338 00:18:04,880 --> 00:18:09,160 staying the same, and you're just sprinkling different abstractions and 339 00:18:09,200 --> 00:18:12,680 different tools on top of it. I often think about 340 00:18:12,720 --> 00:18:15,319 like service measures as well in the realm of kubernetes. 341 00:18:15,559 --> 00:18:18,720 You know, they bring your network observability, your traffic routing, 342 00:18:18,880 --> 00:18:22,799 your MTLs, encryption between service and service, all that stuff 343 00:18:22,799 --> 00:18:26,160 we had already. We just now have this layer of 344 00:18:26,200 --> 00:18:29,200 abstraction that this program that sits on top of a 345 00:18:29,279 --> 00:18:33,559 service versus embedding you know, TLS code within your application code. 346 00:18:33,599 --> 00:18:36,240 So point being is I think a lot of it 347 00:18:36,279 --> 00:18:39,240 is still the same. I think what's just changing is 348 00:18:39,319 --> 00:18:42,200 like the different tools that we're putting top on top 349 00:18:42,240 --> 00:18:45,119 of Okay, cloud based environment systems all that. 350 00:18:45,640 --> 00:18:49,359 Speaker 1: Certainly the human aspect of DevOps, which is you know, people, 351 00:18:50,599 --> 00:18:53,400 processes and tools. I guess the thing that Richard likes 352 00:18:53,440 --> 00:18:56,400 to talk about all the time, the people stuff. Has 353 00:18:56,440 --> 00:19:01,240 that changed because of AI or are the people skills 354 00:19:01,279 --> 00:19:04,119 still there and required. 355 00:19:03,839 --> 00:19:08,000 Speaker 3: Oh one hundred percent still required? Totally, totally. I think 356 00:19:08,039 --> 00:19:11,720 that with bringing an AI into DevOps and anything right 357 00:19:11,759 --> 00:19:15,759 like software engineering, maybe we could say security as well, 358 00:19:15,799 --> 00:19:17,599 but I don't think it's it's there yet, but a 359 00:19:17,640 --> 00:19:20,319 lot of it is around, like DevOps and software engineering. 360 00:19:20,359 --> 00:19:24,039 And in my opinion, I think I need to work 361 00:19:24,079 --> 00:19:29,319 harder now using an LLM uh than I did before, 362 00:19:29,720 --> 00:19:32,559 and I think that the level of effort is just 363 00:19:32,759 --> 00:19:35,640 changed a little bit as the human operator. So like before, 364 00:19:35,720 --> 00:19:38,799 for example, maybe I'm sitting there looking at a line 365 00:19:38,839 --> 00:19:41,480 of code for an hour saying to myself, like what 366 00:19:41,759 --> 00:19:43,960 is going on here? And then I finally found it 367 00:19:44,000 --> 00:19:47,480 and I say, hooray, I have fixed all my life's problems. 368 00:19:48,000 --> 00:19:50,400 Now now I'm. 369 00:19:51,319 --> 00:19:56,119 Speaker 2: Where can I get me some of that? 370 00:19:57,680 --> 00:20:01,319 Speaker 3: Now I'm generating, you know, this part of my application 371 00:20:01,480 --> 00:20:04,039 with an LM. But now I'm looking through the whole 372 00:20:04,039 --> 00:20:05,640 thing and I'm saying, this isn't right. I'm going to 373 00:20:05,759 --> 00:20:08,640 change this, this isn't right. I had a scenario the 374 00:20:08,680 --> 00:20:11,200 other day where I wanted to build on an MVP 375 00:20:11,319 --> 00:20:15,279 of something and I built it and I used claud 376 00:20:15,279 --> 00:20:18,720 code and I was running it, and I'm like, why 377 00:20:18,720 --> 00:20:23,119 am I result? Why are my results the same across 378 00:20:23,119 --> 00:20:25,440 every system that I test this on? And I looked 379 00:20:25,440 --> 00:20:28,440 at it turns out Claude cod I didn't ask it 380 00:20:28,519 --> 00:20:31,640 to do this. By the way, claud Code created a 381 00:20:31,640 --> 00:20:34,000 bunch of mock data within it and with a bunch 382 00:20:34,039 --> 00:20:36,519 of print statements, so like I literally had to go 383 00:20:36,559 --> 00:20:39,079 in and refactor everything because it was just all fake 384 00:20:39,160 --> 00:20:41,920 data that was getting printed out to me on the terminal. 385 00:20:42,559 --> 00:20:46,759 So like I had to spend probably more time fixing 386 00:20:46,799 --> 00:20:48,799 that than I would if I just wrote it myself. 387 00:20:49,440 --> 00:20:52,920 So yes, I think the Humanator, the Humanator, the human. 388 00:20:53,440 --> 00:20:55,000 Speaker 1: That was my nickname in high school. 389 00:20:55,119 --> 00:20:57,000 Speaker 2: It's nice. 390 00:20:57,680 --> 00:21:01,200 Speaker 3: I think that piece is actually probably more important now 391 00:21:01,240 --> 00:21:02,279 than ever, to be honest. 392 00:21:03,519 --> 00:21:08,119 Speaker 1: Yeah, And unfortunately this is another one of those shows 393 00:21:08,119 --> 00:21:11,119 where we're talking about AI. But you know that we 394 00:21:11,559 --> 00:21:14,119 catch some flak for that and our listeners like it 395 00:21:14,160 --> 00:21:16,759 when we just get back to real development. But but 396 00:21:16,880 --> 00:21:20,960 you can't deny that. You know things are changing, and 397 00:21:21,119 --> 00:21:24,279 this is one of those things we've been saying this 398 00:21:24,960 --> 00:21:28,240 a bunch that you have to you now have to 399 00:21:28,240 --> 00:21:30,519 think of yourself if you're going to embrace these tools. 400 00:21:30,799 --> 00:21:32,839 You have to think of yourself as sort of a 401 00:21:32,880 --> 00:21:38,599 manager of lower level engineers and fact checker, right or 402 00:21:38,839 --> 00:21:43,039 or code checker, you know, code reviewer. If that's the 403 00:21:43,119 --> 00:21:46,720 role that you're taking, you know, and hearing we have 404 00:21:46,759 --> 00:21:49,319 a situation where it's even taking longer because of that 405 00:21:49,759 --> 00:21:50,880 than if you did it yourself. 406 00:21:51,160 --> 00:21:54,160 Speaker 3: Yeah, I mean, and we aren't you know, like having 407 00:21:54,200 --> 00:21:57,440 these layer of layers of abstraction isn't new, right, Like 408 00:21:57,880 --> 00:22:01,240 in the beginning, if you wanted to test something out, 409 00:22:01,279 --> 00:22:03,200 you had to write your own compiler and you had 410 00:22:03,200 --> 00:22:05,680 to write your own editor just to run this thing. 411 00:22:06,079 --> 00:22:08,440 And now I pop open VS code and you know, 412 00:22:08,480 --> 00:22:11,160 I run my high level programming language and I and 413 00:22:11,200 --> 00:22:13,640 it's good to go. So like there was a time 414 00:22:13,720 --> 00:22:17,559 I'm sure where everybody was like, oh, we're gonna humans 415 00:22:17,559 --> 00:22:18,920 are going to go away, and we're going to lose 416 00:22:18,920 --> 00:22:21,440 all of our knowledge because you know, we're not writing 417 00:22:21,480 --> 00:22:23,960 our own editors to run this application anymore. So it's 418 00:22:24,200 --> 00:22:26,759 we've seen this countless at times, you know, through the 419 00:22:26,839 --> 00:22:29,160 last sixty five years of software engineer. 420 00:22:29,640 --> 00:22:34,279 Speaker 1: Also, I think that there's a an expertise that gradually 421 00:22:34,319 --> 00:22:37,000 grows when you're interacting with these things so that you 422 00:22:37,119 --> 00:22:39,640 know how to interact with them. The problem is that 423 00:22:39,680 --> 00:22:42,480 they change so quickly and change so often that it's 424 00:22:42,519 --> 00:22:46,759 hard to know. You know. We we live with a 425 00:22:46,799 --> 00:22:50,640 single compiler, a single ide for years and we finally 426 00:22:50,680 --> 00:22:52,720 get it figured out, and then they make a switch, 427 00:22:52,839 --> 00:22:54,680 and then we have to figure something out. But it 428 00:22:54,720 --> 00:22:59,200 takes years. Now these things, who knows, they could have 429 00:22:59,279 --> 00:23:01,319 changed in the back while you were taking a nap 430 00:23:01,720 --> 00:23:05,759 or drinking coffee, and and the way that you interact 431 00:23:05,799 --> 00:23:08,799 with it to be most productive has changed. Totally awesome. 432 00:23:09,039 --> 00:23:11,000 Speaker 2: Yeah, yeah, but you know, it's all part of the 433 00:23:11,119 --> 00:23:12,240 evolution of things too. 434 00:23:12,400 --> 00:23:12,519 Speaker 1: Right. 435 00:23:13,119 --> 00:23:17,319 Speaker 2: I'm I got concerns. I do have problems with the 436 00:23:17,359 --> 00:23:22,000 hype cycle. But what I like about DevOps is it 437 00:23:22,039 --> 00:23:24,319 is in the product, right. It is a set of 438 00:23:24,359 --> 00:23:27,319 disciplines that make a better team. It's another one of 439 00:23:27,359 --> 00:23:29,720 those terms that's kind of fading away in the sense 440 00:23:29,799 --> 00:23:32,880 that this is just what a high functioning team looks like. 441 00:23:33,160 --> 00:23:36,279 That everybody's pulling towards the same goal of delivering solutions 442 00:23:36,319 --> 00:23:39,720 to customers that we care about, both its creation and 443 00:23:39,759 --> 00:23:42,799 its deployment and its operations and the telemetry and how 444 00:23:42,799 --> 00:23:45,319 that feeds back to making a better product. The fact 445 00:23:45,319 --> 00:23:48,799 that the tooling shuffles around underneath us par for the course, right, 446 00:23:48,839 --> 00:23:51,279 you could hope these things are only going to get better. 447 00:23:51,440 --> 00:23:53,440 Speaker 3: Yeah, And I think you know to that point, a 448 00:23:53,480 --> 00:23:56,440 couple of years ago, five six years ago, maybe if 449 00:23:56,440 --> 00:23:58,240 you went and you wanted to do a talk on 450 00:23:58,319 --> 00:24:01,119 DevOps at a conference, I mean, that was the thing, right, 451 00:24:01,200 --> 00:24:05,480 like every conference shows, right, Yeah, that was it. 452 00:24:05,640 --> 00:24:06,200 Speaker 1: That was it. 453 00:24:06,680 --> 00:24:09,799 Speaker 3: Now you know it's different because to your point, Richard, 454 00:24:09,920 --> 00:24:12,759 it's just all kind of there in the background. It's 455 00:24:12,759 --> 00:24:14,880 just everybody's just kind of doing the thing. 456 00:24:15,359 --> 00:24:15,480 Speaker 1: Uh. 457 00:24:15,519 --> 00:24:18,759 Speaker 3: You know, we we're we're seeing it very similar with Kubernetes. 458 00:24:18,799 --> 00:24:22,680 Like Kubernetes from a container orchestration perspective, that's just the 459 00:24:22,799 --> 00:24:24,440 thing that you run it on. It's not it's not 460 00:24:24,519 --> 00:24:27,519 the hot sexy topic anymore, but the stuff that you're 461 00:24:27,519 --> 00:24:28,680 building on top of it is. 462 00:24:29,119 --> 00:24:29,279 Speaker 1: Uh. 463 00:24:29,319 --> 00:24:31,680 Speaker 3: And I'm sure you know I will go through that 464 00:24:32,279 --> 00:24:35,720 same thing. The one thing that I will say though, 465 00:24:36,119 --> 00:24:42,759 is when you're not programming day to day, you get 466 00:24:42,839 --> 00:24:43,640 rusty quick. 467 00:24:44,000 --> 00:24:44,519 Speaker 2: Oh sure. 468 00:24:45,119 --> 00:24:48,880 Speaker 3: So if you're constantly using you know, whatever your favorite 469 00:24:49,319 --> 00:24:51,720 m is to generate your code for you, you may 470 00:24:51,759 --> 00:24:54,279 be able to like, of course, still look at it, 471 00:24:54,839 --> 00:24:57,319 you know, figure figure out this is breaking here. I 472 00:24:57,359 --> 00:25:00,000 got to put some air handling over there. Blah blah blah. 473 00:25:00,119 --> 00:25:03,240 But like if you're just staring at a blank ide, 474 00:25:04,279 --> 00:25:07,720 you may have some trouble after a while, like getting 475 00:25:07,759 --> 00:25:09,400 something out on paper, so to speak. 476 00:25:09,559 --> 00:25:12,039 Speaker 2: Sure humans are better at editing than they are to 477 00:25:12,119 --> 00:25:15,799 creating out a whole cloth anyway, yea, And Heaven help 478 00:25:15,839 --> 00:25:18,319 you if you try and build a CICD pipeline from 479 00:25:18,400 --> 00:25:21,039 scratch and YAML on a blank screen. I'm sorry. I 480 00:25:21,200 --> 00:25:24,200 cut and paste it all and then I go through 481 00:25:24,240 --> 00:25:26,200 it and try and understand what I just paste it 482 00:25:26,240 --> 00:25:29,960 in and make the tweaks accordingly, like we build on 483 00:25:30,000 --> 00:25:31,160 the shoulders of giants. 484 00:25:31,319 --> 00:25:33,559 Speaker 1: It's the same for writing pros or poetry. Is that 485 00:25:33,720 --> 00:25:38,519 totally You don't write, you brainstorm and then edit. Writing 486 00:25:38,559 --> 00:25:39,960 isn't about writing, it's about editing. 487 00:25:41,039 --> 00:25:43,680 Speaker 2: Yea, and all these things are the same. I'm just 488 00:25:43,720 --> 00:25:47,240 realizing we talked about in the earlier versions of Visual 489 00:25:47,240 --> 00:25:50,039 Studio how hard it was to build out the tooling, 490 00:25:50,119 --> 00:25:52,880 all the bits and pieces you need to actually automate 491 00:25:52,880 --> 00:25:55,880 the deployment pipeline. Today it's almost like we have an 492 00:25:55,880 --> 00:25:59,160 abundance of riches, like you're gonna get hub action this 493 00:26:00,160 --> 00:26:03,880 as you're devopsing this, yes or terrorforming this, like you 494 00:26:03,880 --> 00:26:04,960 have a lot of choices. 495 00:26:05,119 --> 00:26:07,559 Speaker 1: I remember when customers would hire app Phenex to create 496 00:26:07,599 --> 00:26:11,359 a CICD pipeline as a you know, a consultancy because 497 00:26:11,400 --> 00:26:12,880 they didn't really know how to do it. And now 498 00:26:12,920 --> 00:26:14,359 it's just click click click boom boom. 499 00:26:14,400 --> 00:26:16,240 Speaker 2: Well, and it was kind of a one off thing too, 500 00:26:16,359 --> 00:26:18,279 Like why would you want to get good at this? 501 00:26:18,440 --> 00:26:23,519 Although let's be clear you should, although today, like you said, 502 00:26:23,559 --> 00:26:25,920 it's just a set of checkboxes, Like the real crazy 503 00:26:25,920 --> 00:26:28,079 part is that you didn't. I still feel like the 504 00:26:28,160 --> 00:26:32,039 automated tests aren't great, although I gotta say looking at 505 00:26:32,039 --> 00:26:34,640 the prompt magicians, the guys that are really good at 506 00:26:34,680 --> 00:26:40,160 using these tools, they they are generating tests as part 507 00:26:40,200 --> 00:26:43,559 of the code and iterating on the test, passing with 508 00:26:43,720 --> 00:26:47,839 the code using the tools. Like arguably, if you do 509 00:26:47,880 --> 00:26:50,160 a good job with this, like you're doing that, you're 510 00:26:50,200 --> 00:26:53,279 you're insisting that these tools do the ideal case you 511 00:26:53,400 --> 00:26:55,079 never even measured up to yourself. 512 00:26:56,160 --> 00:26:56,960 Speaker 3: It is very true. 513 00:26:57,319 --> 00:26:59,839 Speaker 2: There's nothing like nothing like one hundred percent code coverage 514 00:27:00,119 --> 00:27:01,440 when you don't have to do. 515 00:27:01,400 --> 00:27:05,279 Speaker 3: It and it's all about the templates, right. It's like, 516 00:27:05,400 --> 00:27:07,640 you know, do I have to write my one hundred 517 00:27:07,720 --> 00:27:10,920 thousandth unit test or mock test or integration test or 518 00:27:10,960 --> 00:27:13,960 functional test. No, it would be really great if I 519 00:27:13,960 --> 00:27:17,039 could just offload that to my AI friend, whichever one 520 00:27:17,079 --> 00:27:17,880 I decided to go with. 521 00:27:18,079 --> 00:27:19,640 Speaker 2: You know, the one that I really struggle with is 522 00:27:19,640 --> 00:27:22,240 good telemetry. It's easy to collect a lot of data, 523 00:27:22,559 --> 00:27:24,759 it's hard to collect the data that really tells you 524 00:27:25,000 --> 00:27:27,240 what's going right and what's going wrong m hm. 525 00:27:27,400 --> 00:27:29,880 Speaker 1: And particularly know how to make sense of it. 526 00:27:30,119 --> 00:27:33,960 Speaker 2: Yeah, we're clearly getting some sense of messages coming back here. 527 00:27:34,119 --> 00:27:35,839 We have reams and reams of data coming in and 528 00:27:35,839 --> 00:27:38,640 we're paying for all that. But are we learning anything 529 00:27:38,720 --> 00:27:41,200 about how people are using our app or are they 530 00:27:41,440 --> 00:27:42,960 what their frustrations are? 531 00:27:43,039 --> 00:27:43,119 Speaker 1: Like? 532 00:27:43,240 --> 00:27:45,200 Speaker 2: I think this takes a lot of thought. 533 00:27:45,759 --> 00:27:47,920 Speaker 1: Yeah. Are you still seeing the same problems in twenty 534 00:27:47,960 --> 00:27:50,960 twenty five with DevOps that you were three or four 535 00:27:51,039 --> 00:27:51,799 years ago? Yeah? 536 00:27:51,799 --> 00:27:53,680 Speaker 3: I mean I feel like I'm seeing the same problems 537 00:27:53,680 --> 00:27:58,680 that I saw, you know, fifteen years ago. I think 538 00:27:59,160 --> 00:28:02,880 so many of the the fundamental problems don't change all 539 00:28:02,920 --> 00:28:07,319 that much because the fundamental problems are honestly typically people problems, 540 00:28:07,599 --> 00:28:10,119 right It's you know, I think that's just how it 541 00:28:10,160 --> 00:28:12,519 always is, which is why I you know, a lot 542 00:28:12,519 --> 00:28:14,920 of people are nervous right now because you know, they think, hey, 543 00:28:15,000 --> 00:28:17,079 I'm going to take jobs in this now, blah blah blah. 544 00:28:17,079 --> 00:28:22,319 But that fundamental thing doesn't change, you know, until the 545 00:28:23,559 --> 00:28:27,039 terminator like universe is fully in play here. I think 546 00:28:27,079 --> 00:28:29,960 we're all all right. But you know, in terms of 547 00:28:30,000 --> 00:28:33,200 like DevOps as a whole, I think the biggest things 548 00:28:33,240 --> 00:28:38,079 honestly right now, phinops is a huge one that everybody's 549 00:28:38,079 --> 00:28:40,000 trying to figure out, like the whole idea around cost 550 00:28:40,079 --> 00:28:45,599 optimization and with that performance optimization and resource optimization. Things 551 00:28:45,599 --> 00:28:48,240 are moving, I mean, and I know we always say this, right, 552 00:28:48,279 --> 00:28:51,079 but it feels more so now that things are moving, 553 00:28:51,079 --> 00:28:55,480 you know, quote faster than ever. And with that, there's 554 00:28:55,599 --> 00:28:59,119 just four more resources being used. And now we're seeing 555 00:28:59,599 --> 00:29:02,440 a lot of of like actual like cost optimization or 556 00:29:02,480 --> 00:29:06,240 finops engineers or whatever the title is getting hired in 557 00:29:06,400 --> 00:29:10,599 organizations specifically to do this job. And that's very interesting. 558 00:29:10,640 --> 00:29:12,960 So I'm definitely seeing a lot of that. But in 559 00:29:13,039 --> 00:29:16,200 terms of you know, the general what DevOps is doing. 560 00:29:17,680 --> 00:29:20,119 I don't think much of it has changed recently. I 561 00:29:20,200 --> 00:29:22,440 think the I don't know if you would call this 562 00:29:22,559 --> 00:29:24,960 a DevOps change per se, but the whole idea around 563 00:29:25,039 --> 00:29:28,200 platform engineering, I think really what they're trying to do 564 00:29:28,240 --> 00:29:32,480 with that is, say, I have engineers that are managing 565 00:29:32,519 --> 00:29:37,240 and building and maintaining this particular tool that we're utilizing 566 00:29:37,359 --> 00:29:41,119 internally like a product. Right, So they're putting their customer 567 00:29:41,160 --> 00:29:44,720 service hats on because you know, their internal engineers are 568 00:29:44,799 --> 00:29:49,079 the customers of the platform. You know, they're building it 569 00:29:49,119 --> 00:29:52,359 in a way where they're thinking more about architecture than 570 00:29:52,400 --> 00:29:54,920 they are about let me go write the code, and 571 00:29:54,920 --> 00:29:56,799 then they're building this thing for use to be able 572 00:29:56,839 --> 00:30:00,640 to move faster inside. Now, we've always kind of had 573 00:30:00,680 --> 00:30:03,839 tools like that, or you know, rather engineers that would 574 00:30:03,839 --> 00:30:06,279 build stuff like that. You know, when I had a 575 00:30:06,400 --> 00:30:09,640 senior Principal Infrastructure engineer title years ago, when I was 576 00:30:09,680 --> 00:30:13,839 building out little automation tools in Python, which would maybe 577 00:30:13,920 --> 00:30:17,480 look like you know, platform engineering today. But I would 578 00:30:17,480 --> 00:30:20,960 say that's probably the biggest shift that I've seen recently 579 00:30:21,000 --> 00:30:22,000 in this space overall. 580 00:30:22,279 --> 00:30:24,400 Speaker 1: Sure, it seems like a good place to take a break, 581 00:30:24,480 --> 00:30:27,000 So we'll be right back after these very important messages 582 00:30:27,039 --> 00:30:31,039 stick around. Did you know that you can work with 583 00:30:31,200 --> 00:30:37,039 AWS directly from your ide AWS provides toolkits for visual studio, 584 00:30:37,359 --> 00:30:41,319 visual Studio, code, and jet brains rider Learn more at 585 00:30:41,359 --> 00:30:50,519 AWS dot Amazon dot com, slash net slash tools. Now 586 00:30:50,519 --> 00:30:52,960 we're back. It's dot NetRocks. I'm Carl Franklin. That's my 587 00:30:53,000 --> 00:30:56,519 friend Richard Campbell, Hey, and this is our friend Michael Levan, 588 00:30:56,839 --> 00:31:01,160 And we're talking about DevOps in twenty twenty five. Because 589 00:31:01,200 --> 00:31:03,680 you know, some things have changed, but some things have not. 590 00:31:05,279 --> 00:31:09,400 Speaker 2: Uh. Security, I'm just going to drop that bomb out there, 591 00:31:09,440 --> 00:31:13,440 because yeah, you know it's the battle a. It's way 592 00:31:13,480 --> 00:31:15,880 more difficult these days. The black hat's gotten way smarter. 593 00:31:16,039 --> 00:31:18,279 Oh god, it's got to be part of the equation. 594 00:31:18,759 --> 00:31:21,119 A lot of this generated software people are not putting 595 00:31:21,200 --> 00:31:23,720 enough consideration in. They're much less. Not that they did 596 00:31:23,880 --> 00:31:26,000 but when they were writing it all by hand. But 597 00:31:26,200 --> 00:31:27,920 how do you see a fitting in the pipeline, Like 598 00:31:27,960 --> 00:31:30,400 what's the culture like when to make this work? Well, 599 00:31:30,640 --> 00:31:31,160 I like to. 600 00:31:31,119 --> 00:31:34,519 Speaker 3: Look at it from the software side and then from 601 00:31:34,599 --> 00:31:39,119 the networking side. So from a software from an application perspective, 602 00:31:40,000 --> 00:31:42,960 how you're securing your application, whether you're going with you know, 603 00:31:43,480 --> 00:31:46,039 your standard app set stuff like your SaaS stuff and 604 00:31:46,079 --> 00:31:50,000 your SCA stuff, what libraries you're using, you know, are 605 00:31:50,039 --> 00:31:53,440 you encrypting traffic? What does the code quality actually look like? 606 00:31:53,799 --> 00:31:57,000 So that's one piece of it. But from a DevOps perspective, 607 00:31:57,279 --> 00:32:01,640 ironically enough, I feel like the majority of security issues 608 00:32:01,720 --> 00:32:05,119 are around networking. So you know, if there are any 609 00:32:05,279 --> 00:32:09,200 network admins or network engineers listening, you know, the whole 610 00:32:09,240 --> 00:32:12,200 idea around what does ingress look like, what does egress 611 00:32:12,240 --> 00:32:15,640 look like? How are services talking to each other? So like, 612 00:32:15,680 --> 00:32:19,559 for example, in the realm of Kubernetes, are you using 613 00:32:19,559 --> 00:32:22,119 a service mesh? Are you encrypting the traffic going back 614 00:32:22,160 --> 00:32:24,759 and forth at the L seven layer? Are you doing 615 00:32:25,039 --> 00:32:27,440 pod to pod encryption? Are you, you know, encrypting at 616 00:32:27,440 --> 00:32:30,839 the L three and the L four layer within your cluster? So, 617 00:32:30,920 --> 00:32:33,559 and that's just an example, of course, but like I 618 00:32:33,559 --> 00:32:36,960 think that's honestly, in my opinion, the biggest part of 619 00:32:36,960 --> 00:32:41,240 it is what traffic is coming in, what traffic is leaving, 620 00:32:41,599 --> 00:32:46,799 and perhaps even most importantly in the world of containerization, 621 00:32:47,720 --> 00:32:51,279 how are these containers, are these pods talking to each other, 622 00:32:51,759 --> 00:32:54,440 and how does the traffic look. Is this pods supposed 623 00:32:54,440 --> 00:32:57,160 to be talking to that pod or that container? Are 624 00:32:57,200 --> 00:32:59,960 these services supposed to be calling out to this database? 625 00:33:00,359 --> 00:33:03,519 And I would say, honestly, that's a majority of the 626 00:33:03,559 --> 00:33:06,720 security issues in the realm of debops and platform engineering. 627 00:33:07,240 --> 00:33:09,039 The other big thing is and this is I think 628 00:33:09,079 --> 00:33:12,640 just across any realm of it. I think one of 629 00:33:12,680 --> 00:33:15,400 the red hat reports that I read maybe last year 630 00:33:15,480 --> 00:33:18,480 or the year before, it was like seventy four seventy 631 00:33:18,480 --> 00:33:21,680 six percent of security issues are due to misconfigurations. Yea, 632 00:33:22,160 --> 00:33:23,599 and that's just everywhere. 633 00:33:23,720 --> 00:33:26,440 Speaker 2: And then I'm patch servers, you know, throwing on my 634 00:33:26,519 --> 00:33:29,119 run ass hat, like for honest the goodness, I think 635 00:33:29,160 --> 00:33:33,759 we're actually making headway on on SQL injection these days, 636 00:33:34,279 --> 00:33:36,240 so that it's I think it's a third now. It 637 00:33:36,319 --> 00:33:41,559 used to be first forever. But it's like, you know, misconfiguration. 638 00:33:41,720 --> 00:33:43,720 You haven't secured the thing properly in the first place, 639 00:33:44,200 --> 00:33:46,519 and you didn't get the patch donet a time. Like 640 00:33:46,519 --> 00:33:50,519 we've had huge discussions on run ass about what's higher risk, 641 00:33:50,640 --> 00:33:54,039 deploying a bad patch or not deploying the patch as 642 00:33:54,119 --> 00:33:56,759 quickly as possible. And it seems like that sort of 643 00:33:56,759 --> 00:33:59,279 flip that I'd rather the outage because I deployed the 644 00:33:59,279 --> 00:34:03,119 patch fat than the exploit that comes from not getting 645 00:34:03,119 --> 00:34:05,319 that patch out there quickly, which is crazy, but it 646 00:34:05,319 --> 00:34:06,559 seems to be the new reality. 647 00:34:06,640 --> 00:34:09,639 Speaker 1: So it seems to me that you've got two sort 648 00:34:09,639 --> 00:34:12,280 of realms of security when it comes to DevOps. You 649 00:34:12,320 --> 00:34:16,440 have the configuration of the topography itself, and once that's 650 00:34:16,480 --> 00:34:19,360 done and everything is secure and working, now you have 651 00:34:19,440 --> 00:34:22,599 a continuous job, which is you need a software bill 652 00:34:22,639 --> 00:34:24,760 of materials. You need to know what devices you have, 653 00:34:24,880 --> 00:34:28,679 what their versions are, and update them every chance you get. 654 00:34:28,960 --> 00:34:30,920 So you need to keep on top of that, and 655 00:34:30,960 --> 00:34:34,280 on top of that the software, the libraries and dependencies 656 00:34:34,320 --> 00:34:37,719 that you're on. You need the graph of dependencies so 657 00:34:37,760 --> 00:34:41,039 that and you have to watch the news. So if 658 00:34:41,079 --> 00:34:43,119 there's an exploit in one of those things, you need 659 00:34:43,159 --> 00:34:45,920 to know that, and you need to you know, if 660 00:34:45,960 --> 00:34:48,920 it's hardware, you either have to patch it right away. 661 00:34:49,400 --> 00:34:52,440 Sometimes the only thing you can do is take it 662 00:34:52,480 --> 00:34:56,400 off the network because there's no patch available and you're vulnerable. 663 00:34:56,519 --> 00:34:59,519 Speaker 2: Worst case scenario. Yeah yeah, but hopefully you're going to 664 00:34:59,559 --> 00:35:03,400 security Microsoft and you're watching the CVE stream, like exactly, 665 00:35:03,400 --> 00:35:07,239 that's probably the first place to look, Michael, are you 666 00:35:07,280 --> 00:35:09,760 big on things like the actual API management? Like that 667 00:35:09,920 --> 00:35:12,239 saved my bacon a couple of times now just using 668 00:35:12,280 --> 00:35:15,880 those tools, Yeah, to show I know who uses my APIs, 669 00:35:15,960 --> 00:35:19,320 I can set thresholds per user. So when somebody got 670 00:35:19,360 --> 00:35:24,239 exploited and started doing mass extraction of data, the API 671 00:35:24,320 --> 00:35:27,159 limits kicked in and kicked up a bunch of warnings. 672 00:35:27,400 --> 00:35:29,599 You know, they had legit credentials. Everything looked fun. It's 673 00:35:29,599 --> 00:35:31,679 just the traffic was out of shape because it was 674 00:35:31,920 --> 00:35:32,559 an exploit. 675 00:35:32,639 --> 00:35:34,599 Speaker 3: Yeah, one hundred percent. And I think tools like that 676 00:35:35,280 --> 00:35:38,559 we all need to be looking at constantly because the 677 00:35:38,920 --> 00:35:41,760 problem is, well it's not even a problem, it's just 678 00:35:41,760 --> 00:35:44,119 something that maybe we all still have to get used to, 679 00:35:44,320 --> 00:35:48,639 is that there are way more endpoints now and way 680 00:35:48,639 --> 00:35:52,840 more layers to networking than there were before. You know, 681 00:35:52,920 --> 00:35:55,400 to take because we're talking about DevOps, right, take the 682 00:35:55,639 --> 00:35:58,719 Kubernetes example again, Like there was a time where you 683 00:35:58,800 --> 00:36:01,800 just had this monolithic app and like there was a 684 00:36:02,159 --> 00:36:05,719 server and there was one entry point, right, and everything 685 00:36:05,840 --> 00:36:09,280 was there and it was all good. Now they're just 686 00:36:09,400 --> 00:36:13,280 multiple layers, like you know, you're looking at the Kubernetes cluster. 687 00:36:13,400 --> 00:36:16,079 You have your host networking layers like your virtual machines 688 00:36:16,079 --> 00:36:18,800 and stuff and everything running it. And then you have 689 00:36:19,079 --> 00:36:22,159 the container networks, the pod networks. That's another layer that 690 00:36:22,199 --> 00:36:25,000 you have to manage. Then you have your Kubernetes services, 691 00:36:25,280 --> 00:36:27,880 which are another networking layer, and that's where you know 692 00:36:28,199 --> 00:36:31,320 your security centric cni's and your service match like histio 693 00:36:31,360 --> 00:36:32,079 and stuff will come. 694 00:36:32,039 --> 00:36:35,320 Speaker 2: To Gee, I wonder why we have configurations problem, Michael, 695 00:36:35,360 --> 00:36:39,239 I'm confused. I'm on my seventeenth layer and I feel 696 00:36:39,280 --> 00:36:40,000 really good. 697 00:36:40,239 --> 00:36:45,159 Speaker 3: Well, and that's that's honestly the Again, it's not a problem. 698 00:36:45,199 --> 00:36:48,519 It's just something that we all have to really get 699 00:36:48,599 --> 00:36:52,199 used to because as where you can call it decoupled 700 00:36:52,199 --> 00:36:55,920 applications or your micro services or whatever whatever phrasing you 701 00:36:55,960 --> 00:36:59,199 want to call it, everything is split up now and 702 00:36:59,280 --> 00:37:01,199 everything is taught to each other. It's not just in 703 00:37:01,239 --> 00:37:05,199 one box anymore. And because of that, you now have 704 00:37:05,440 --> 00:37:09,159 not only multiple layers, but a lot of east west traffic, 705 00:37:09,239 --> 00:37:12,000 a lot of north south traffic. Like everything is talking 706 00:37:12,039 --> 00:37:15,920 to everything inside of a cluster, but then also outside. 707 00:37:15,960 --> 00:37:19,119 Maybe it's hitting a public endpoint, maybe it's hitting a database. 708 00:37:19,559 --> 00:37:22,760 There's a lot of traffic going back and forth, and 709 00:37:22,800 --> 00:37:26,000 that's why I think, you know, outside of the software 710 00:37:26,000 --> 00:37:29,719 engineering security stuff, I certainly hope AppSec gets more and 711 00:37:29,719 --> 00:37:32,239 more popular, especially with AI right now. It needs to. 712 00:37:32,960 --> 00:37:36,159 But aside from that, from a purely DevOps perspective, and 713 00:37:36,360 --> 00:37:39,800 I think the majority of it is networking. Like you 714 00:37:39,840 --> 00:37:42,039 have your patches, of course, and you want to be 715 00:37:42,039 --> 00:37:45,360 able to update your APIs like from a you know, 716 00:37:45,440 --> 00:37:48,199 let's say like you're utilizing a specific API within an 717 00:37:48,199 --> 00:37:51,480 application running. You're not managing that application, but you want 718 00:37:51,519 --> 00:37:53,800 to be able to upgrade those versions. That's one thing. 719 00:37:53,840 --> 00:37:56,960 But yeah, I mean I'm going off on a tangent here, 720 00:37:57,000 --> 00:37:58,920 but a big part of it is networking, honestly. 721 00:37:59,079 --> 00:38:01,599 Speaker 2: Yeah, I arties like why haven't I set up an 722 00:38:01,599 --> 00:38:05,440 agent that's watching the CVE stream from Microsoft and just 723 00:38:05,519 --> 00:38:08,800 evaluating against every project that I've got they exist, Yeah, 724 00:38:08,840 --> 00:38:11,440 I appresume they do. It's this is non dirigional line idea. 725 00:38:11,559 --> 00:38:13,519 Speaker 3: Well, the MCP stuff, but it's. 726 00:38:13,400 --> 00:38:16,039 Speaker 1: A great idea. M M Yeah, you don't necessarily want 727 00:38:16,039 --> 00:38:18,960 to give it the ability to update your firmware, but no, 728 00:38:19,360 --> 00:38:22,039 but certainly I just want to heads up right a 729 00:38:22,159 --> 00:38:24,840 heads up because would be good. Yeah, just reading all 730 00:38:24,880 --> 00:38:27,719 those things like reading a CVE is painful. What right, 731 00:38:28,719 --> 00:38:32,119 They're not fun to read. But before you can get 732 00:38:32,119 --> 00:38:34,719 that list effectively, you need to have software building. 733 00:38:34,480 --> 00:38:37,239 Speaker 2: Materials are at the other side of this, right, Yeah. 734 00:38:37,280 --> 00:38:41,000 Speaker 1: So are you seeing s BOMs slowly creeping into the 735 00:38:41,039 --> 00:38:45,320 culture or still no? I mean last time I checked 736 00:38:45,400 --> 00:38:49,320 that there's not not everybody's doing those. Yeah. 737 00:38:49,519 --> 00:38:53,599 Speaker 3: I don't think as much like it. It hasn't grown 738 00:38:54,039 --> 00:38:57,559 in the same way as like your general security practices, 739 00:38:57,639 --> 00:39:00,559 like for example, like policy as code, you know, making 740 00:39:00,639 --> 00:39:03,880 sure that you're following all the best practices and you're 741 00:39:03,960 --> 00:39:07,679 using something like open Policy Agent or or you know, 742 00:39:07,840 --> 00:39:10,960 Kaiburno or one of the other policy as code tools. 743 00:39:11,320 --> 00:39:13,760 I think stuff like that we're seeing more so, but 744 00:39:14,920 --> 00:39:17,239 things like s BOM, things like you know, your your 745 00:39:17,360 --> 00:39:21,719 overarching cybersecurity pieces. I don't you know what it is. 746 00:39:21,760 --> 00:39:23,679 I just don't think it's like it's not like a 747 00:39:23,719 --> 00:39:25,280 hot topic, you know what I mean. 748 00:39:25,320 --> 00:39:27,559 Speaker 2: It is it's very preventative, but like it. 749 00:39:27,519 --> 00:39:29,519 Speaker 3: Doesn't sound good, you know what I mean, And people 750 00:39:29,559 --> 00:39:31,000 are like, ah, you know, we don't have to worry 751 00:39:31,039 --> 00:39:33,400 about that. Because it's not you know, a top five 752 00:39:33,519 --> 00:39:35,719 thing in the realm of cloud native or whatever, and 753 00:39:36,199 --> 00:39:38,800 that's just that those are the hype cycles and all 754 00:39:38,840 --> 00:39:39,559 that fun stuff. 755 00:39:39,599 --> 00:39:43,039 Speaker 2: So well, sbom got more love when log for Jay 756 00:39:43,159 --> 00:39:46,519 got exploited. How bit exposed are we? Right? Like how 757 00:39:46,519 --> 00:39:49,079 many of these things only get dealt with after something's 758 00:39:49,079 --> 00:39:49,679 on fire? 759 00:39:50,000 --> 00:39:53,880 Speaker 3: Right, And that's the general security unfortunately, is that it's 760 00:39:54,000 --> 00:39:58,000 really important when things go bad and richer to your 761 00:39:58,000 --> 00:40:00,159 point of like you know, hey, I want to set 762 00:40:00,199 --> 00:40:02,079 up an agent to be able to listen for, you know, 763 00:40:02,119 --> 00:40:04,920 any TVs that are coming in or whatever. Then you 764 00:40:05,840 --> 00:40:08,840 then you got another security issue, right, is what the 765 00:40:08,920 --> 00:40:10,679 agent telling you accurate? 766 00:40:10,800 --> 00:40:10,880 Speaker 1: Right? 767 00:40:11,000 --> 00:40:11,800 Speaker 2: Yeah? Even correct? 768 00:40:11,840 --> 00:40:12,239 Speaker 1: And then. 769 00:40:13,639 --> 00:40:17,039 Speaker 2: Yeah, around and around. Well, but this is you know, 770 00:40:17,840 --> 00:40:20,119 who puts on the tinfoil hat in your organization? 771 00:40:20,320 --> 00:40:20,480 Speaker 1: Right? 772 00:40:20,639 --> 00:40:22,800 Speaker 2: Like where We're lucky, there's somebody wears it all the 773 00:40:22,800 --> 00:40:25,360 time and they like it, which is rare. Uh, And 774 00:40:25,400 --> 00:40:28,920 that's a strange person. And I you know, I'm very 775 00:40:28,960 --> 00:40:32,000 aware that there in a few places like Okay, one 776 00:40:32,159 --> 00:40:34,199 some month, I'm going to put the hat on and 777 00:40:34,239 --> 00:40:36,880 like today I'm the security guy, I look a little 778 00:40:36,960 --> 00:40:39,840 more nervous and I'm angry all the time, you know, 779 00:40:39,920 --> 00:40:42,440 but you know, and you put your foot often you 780 00:40:42,480 --> 00:40:45,360 find yourself focusing on preventative work, right, and maybe that's 781 00:40:45,400 --> 00:40:46,519 the time when you build that thing. 782 00:40:46,639 --> 00:40:50,280 Speaker 1: The tinfoil hat guys are generally focused on conspiracies, but 783 00:40:50,400 --> 00:40:54,960 fortunately for them, you know, hacks and exploits are conspiracies 784 00:40:54,960 --> 00:40:55,480 against you. 785 00:40:57,039 --> 00:41:01,639 Speaker 2: Is it still a conspiracy if it's really happening, Because 786 00:41:01,639 --> 00:41:03,880 you're looking at the logs and just watching them hammer 787 00:41:03,920 --> 00:41:06,039 away at you, it's like, is this a conspiracy or 788 00:41:06,039 --> 00:41:07,079 it's just a log file? 789 00:41:07,280 --> 00:41:10,440 Speaker 1: Like, I'm pretty sure the tinfoil hat guys think people 790 00:41:10,440 --> 00:41:12,880 are inherently evil and then they get proof of it 791 00:41:12,960 --> 00:41:15,880 and it makes them happy to reinforces their tinfoil hatness. 792 00:41:16,159 --> 00:41:19,280 Speaker 2: Yeah, it just but if nobody's looking, then you find 793 00:41:19,280 --> 00:41:19,960 out the hard way. 794 00:41:20,119 --> 00:41:23,480 Speaker 1: Yeah sure, yeah, Like I'm greeing with you, Richard. I 795 00:41:23,480 --> 00:41:25,480 think you got to put those guys to work. 796 00:41:25,519 --> 00:41:28,199 Speaker 2: And I've included a link to the gethup repository of 797 00:41:28,199 --> 00:41:30,079 the s bomb tools that Microsoft put together. 798 00:41:30,280 --> 00:41:30,519 Speaker 1: Cool. 799 00:41:30,800 --> 00:41:34,320 Speaker 2: Oddly enough, I think it was around the time of CrowdStrike. 800 00:41:34,440 --> 00:41:39,000 I don't know one of those you know, conspiracy another 801 00:41:39,039 --> 00:41:43,400 one gees, how could that have happened. It was earlier 802 00:41:43,400 --> 00:41:45,239 than that. Maybe it was it was one of the 803 00:41:45,280 --> 00:41:48,000 other like supply chain acts, like there's been a few. 804 00:41:48,679 --> 00:41:52,320 It's just you know, it's frightening. But it's of course 805 00:41:52,440 --> 00:41:54,320 this is not actually a security show. This is just 806 00:41:54,320 --> 00:41:57,119 how do we include this in our overall life cycle 807 00:41:57,159 --> 00:42:00,639 of making software that it does get going And you know, 808 00:42:00,719 --> 00:42:02,480 again it's in some ways it's like we're going to 809 00:42:02,519 --> 00:42:04,559 be the better version of ourselves because we're writing this 810 00:42:04,599 --> 00:42:07,360 as a prompt for tools, for these tools to actually 811 00:42:07,440 --> 00:42:10,840 try and implement it right up until it gets hard 812 00:42:11,119 --> 00:42:13,000 and it's like, no, you actually now have to work 813 00:42:13,000 --> 00:42:15,360 on this just because you found a CV that might 814 00:42:15,360 --> 00:42:17,400 be relevant and it relates to a UNK code that 815 00:42:17,519 --> 00:42:19,320 is deployed in your organization. Now you got to figure 816 00:42:19,320 --> 00:42:20,000 out what to do. 817 00:42:20,599 --> 00:42:24,000 Speaker 3: Yeah, And I think a big thing is it's really 818 00:42:24,039 --> 00:42:29,039 hard for organizations, specifically management to like specify an ROI 819 00:42:29,119 --> 00:42:33,159 on we're going to take the week or whatever it'll 820 00:42:33,199 --> 00:42:36,639 take to make this application a little bit more secure, 821 00:42:36,639 --> 00:42:39,760 and no, sorry, we have something something deadlined. Sorry, something 822 00:42:39,800 --> 00:42:41,639 something needs to be out this week at the end 823 00:42:41,679 --> 00:42:42,119 of the quarter. 824 00:42:42,239 --> 00:42:44,320 Speaker 2: When you're also avoiding the big thing, which is that 825 00:42:44,599 --> 00:42:47,719 the consequences to the company getting exploited never seem to 826 00:42:47,760 --> 00:42:51,239 be that significant either. You know, you if you engage 827 00:42:51,239 --> 00:42:53,800 your PR crisis team, you do your make help us 828 00:42:53,840 --> 00:42:55,880 on TV if you if you're a large enough scover 829 00:42:55,960 --> 00:42:58,599 that thing. All of the customers that got exploited, you 830 00:42:58,639 --> 00:43:00,639 sign them up to some kind of monitor during service 831 00:43:00,679 --> 00:43:04,039 and say sorry, and then you go on with your day. 832 00:43:04,599 --> 00:43:04,840 Speaker 1: Yeah. 833 00:43:05,039 --> 00:43:08,519 Speaker 3: And I've even heard, like quite literally, I've heard we 834 00:43:08,599 --> 00:43:09,320 don't want to know. 835 00:43:09,639 --> 00:43:11,679 Speaker 2: Yeah, yeah, because he represents liability. 836 00:43:11,719 --> 00:43:15,519 Speaker 1: Yeah. If I don't know, if you knew, you know, 837 00:43:15,599 --> 00:43:16,679 it's gonna blame me. Yeah. 838 00:43:16,719 --> 00:43:19,880 Speaker 2: Yeah, it's so. And I'm not a big on willful ignorance, 839 00:43:19,920 --> 00:43:28,719 but holy man, right, like come on, yeah, and again 840 00:43:28,760 --> 00:43:30,599 it so the side effective the run last time of 841 00:43:30,679 --> 00:43:33,639 dealing with real security guys where quit a job because 842 00:43:33,639 --> 00:43:36,199 they refused to deal with it and then when it 843 00:43:36,239 --> 00:43:38,440 went down big time, they got sa panted. 844 00:43:38,360 --> 00:43:43,159 Speaker 3: Right right, yep. Yeah, it's not a uh, it's actually 845 00:43:43,239 --> 00:43:47,800 not an uncommon thing. I mean it's very Yeah. Security 846 00:43:48,119 --> 00:43:51,519 is securing your application in general, securing your your DevOps 847 00:43:51,519 --> 00:43:54,800 piece of the puzzle. I mean, it's for for everybody listening. 848 00:43:54,920 --> 00:43:56,880 If you're wondering like, oh, do I have to go 849 00:43:56,920 --> 00:44:01,400 and dive into security full time? Or you know, what 850 00:44:01,400 --> 00:44:04,679 do I gotta do here? Really, it's just when you're 851 00:44:04,719 --> 00:44:09,199 designing your your pipeline, or you're designing your Kubernetus cluster, 852 00:44:09,280 --> 00:44:13,159 you're designing your application stack, whatever it is, just take 853 00:44:13,199 --> 00:44:16,559 the extra five to ten minutes to think it through, 854 00:44:16,880 --> 00:44:19,199 you know, and a lot of it again, it's it's 855 00:44:19,239 --> 00:44:24,239 so many just simple misconfigurations. Oopsies. I left root access 856 00:44:24,239 --> 00:44:26,599 on these r back permissions when I was testing something 857 00:44:26,599 --> 00:44:28,639 and I forgot they were there. I mean that's probably 858 00:44:28,679 --> 00:44:32,440 like in the top three things that happened, right, you know, Yeah. 859 00:44:32,400 --> 00:44:35,679 Speaker 2: Yeah, deployed with it with the dbug still on, and 860 00:44:35,719 --> 00:44:38,079 people can stap in back black hat stap in it 861 00:44:38,079 --> 00:44:40,320 and take advantage of it. Liketh, it's it, Yeah, well 862 00:44:40,440 --> 00:44:42,119 were I'm not clever enough to think of these things. 863 00:44:42,159 --> 00:44:43,519 All I have is the case studies. 864 00:44:45,599 --> 00:44:49,760 Speaker 3: Yeah, it's really, honestly, so much of it, especially especially 865 00:44:49,840 --> 00:44:53,679 from a DevOps perspective, is just yeah, take the extra 866 00:44:53,920 --> 00:44:56,639 you know, breathing through your nose and out through your 867 00:44:56,679 --> 00:45:00,840 mouth and just say okay, does does the look okay? 868 00:45:01,519 --> 00:45:04,800 And honestly, if you if you just take that couple 869 00:45:04,880 --> 00:45:09,880 of minutes, I can guarantee that you're gonna find some stuff. 870 00:45:09,920 --> 00:45:11,760 And you're like, oh, this would have been bad. 871 00:45:12,000 --> 00:45:15,280 Speaker 1: Yeah, well that's the standard cycle of development too. You know, 872 00:45:16,119 --> 00:45:19,800 when I'm developing, I always when I'm done, okay, there, 873 00:45:20,079 --> 00:45:22,440 I get up and I walk away for fifteen to 874 00:45:22,599 --> 00:45:25,000 twenty minutes, and I come back and I go through 875 00:45:25,000 --> 00:45:28,000 it again and just you know, take a deep breath 876 00:45:28,000 --> 00:45:30,800 to think. But you know, now now you have to 877 00:45:30,800 --> 00:45:36,119 think about it from the perspective of security, you know, 878 00:45:36,400 --> 00:45:38,920 and everything else, not just development. 879 00:45:39,920 --> 00:45:41,960 Speaker 3: And that's that's tough for a lot of teams, right, 880 00:45:42,039 --> 00:45:45,159 especially for DevOps teams, because honestly, I think that the 881 00:45:45,199 --> 00:45:48,119 biggest problem is I've spoken to a lot of people, 882 00:45:48,119 --> 00:45:49,440 and a lot of people are like, yeah, I wish 883 00:45:49,440 --> 00:45:51,480 we could do this, but we don't have the time. 884 00:45:51,559 --> 00:45:53,079 Yeah I wish we could do this, but we got 885 00:45:53,119 --> 00:45:54,639 to get this done tomorrow. Yeh, I wish we could. 886 00:45:54,880 --> 00:45:57,199 And that that's it's always what it is. So sometimes 887 00:45:57,280 --> 00:46:00,400 you have to manage up as well. Again, and it's 888 00:46:00,840 --> 00:46:04,719 it's never a technology problem. It's it's always a people thing, 889 00:46:05,079 --> 00:46:07,760 not even a problem, right, It's just you need to 890 00:46:07,760 --> 00:46:09,199 be able to and this is going to be different 891 00:46:09,199 --> 00:46:12,599 across every organization. You need to be able to think 892 00:46:12,599 --> 00:46:17,800 about what your manager, how your manager receives information, and 893 00:46:18,599 --> 00:46:21,079 mold what you want to tell them in a way 894 00:46:21,119 --> 00:46:24,239 that gets them to understand, ooh, this is important, we 895 00:46:24,280 --> 00:46:27,840 need the extra day because usually a manager can find 896 00:46:27,880 --> 00:46:30,519 the extra day or the extra couple of hours as 897 00:46:30,559 --> 00:46:33,440 long as you present the information in a way that 898 00:46:33,920 --> 00:46:36,159 they can digest it and it's important to them. If 899 00:46:36,199 --> 00:46:39,400 you're frantically running around and saying, oh, this thing needs 900 00:46:39,400 --> 00:46:41,079 to be done because of this and that and technical 901 00:46:41,159 --> 00:46:44,159 jargon here and technical jargon there, chances are a manager's 902 00:46:44,199 --> 00:46:46,360 going to say, yep, just another person that you know 903 00:46:46,599 --> 00:46:49,079 just wants extra time to do this thing and to put, 904 00:46:49,119 --> 00:46:51,480 you know, a couple of extra sprinkles on top. I've 905 00:46:51,480 --> 00:46:54,880 seen this a thousand times in my career. But if 906 00:46:54,880 --> 00:46:57,280 you're the person that goes to your manager and explains 907 00:46:57,280 --> 00:47:00,159 it in a way that makes them realize just how 908 00:47:00,199 --> 00:47:02,320 important it is, and hopefully you know your manager well 909 00:47:02,440 --> 00:47:05,039 enough to know how to do that, If you don't learn, 910 00:47:05,400 --> 00:47:08,400 then your outcome is going to be very different. So really, 911 00:47:08,480 --> 00:47:11,719 I mean implementing all the security implementations can be as 912 00:47:11,719 --> 00:47:16,119 simple as just understanding what the other person needs to 913 00:47:16,119 --> 00:47:19,440 be able to hear to make it an effective decision. 914 00:47:19,519 --> 00:47:22,519 Speaker 1: You know, one thing we haven't talked about is social 915 00:47:22,599 --> 00:47:28,079 engineering from outside forces into you know, the staff on 916 00:47:28,159 --> 00:47:32,119 the edge of the of the organization, you know, clicking 917 00:47:32,159 --> 00:47:35,079 on emails and all of that stuff, and then somebody 918 00:47:35,079 --> 00:47:38,360 getting control of your network inside. I mean, the way 919 00:47:38,400 --> 00:47:41,679 to prepare for that isn't necessarily with technology, but education 920 00:47:41,960 --> 00:47:45,599 of your staff. And I wonder how how often that 921 00:47:45,679 --> 00:47:49,119 creeps up in your line of work. 922 00:47:49,360 --> 00:47:53,239 Speaker 3: I would say not as much as like, if you're 923 00:47:53,280 --> 00:47:55,480 on the help desk or you're you know, in the 924 00:47:55,480 --> 00:47:58,519 cisadmin space or something right now, you're probably going to 925 00:47:58,599 --> 00:48:01,480 see that a lot more. The only time that I 926 00:48:01,559 --> 00:48:04,559 personally see it is like if I accidentally click on 927 00:48:04,840 --> 00:48:09,880 a phishing scan, which I'm human like, sometimes things look legit, 928 00:48:09,960 --> 00:48:12,519 you know, and I'm like, oh, this was one of 929 00:48:12,519 --> 00:48:14,599 those no before tests or something like that. 930 00:48:15,679 --> 00:48:20,199 Speaker 1: But I guess, like the standard backup practices protect against ransomware, right, 931 00:48:20,280 --> 00:48:23,519 so if something does happen, what do you do? And 932 00:48:23,599 --> 00:48:27,320 you could spend an ordinate amount of money on protecting 933 00:48:27,320 --> 00:48:29,920 yourself with multiple backups and off site and all of 934 00:48:29,960 --> 00:48:33,199 this stuff. How do you how do you prepare for 935 00:48:33,239 --> 00:48:35,400 the or do you even prepare for ransomware? Are you 936 00:48:35,599 --> 00:48:38,400 just like, now, if that happens, we're screud. 937 00:48:38,000 --> 00:48:41,960 Speaker 3: Should you prepare for it? Absolutely? Like taking the backup example. 938 00:48:42,639 --> 00:48:45,320 Last week, I actually with a client, I did a 939 00:48:45,599 --> 00:48:48,840 dr strategy test where we were on the call for 940 00:48:48,880 --> 00:48:51,679 about three hours and we blew a database away and 941 00:48:51,719 --> 00:48:53,840 we tested to make sure that things were going to 942 00:48:53,920 --> 00:48:57,239 work as expected to luckily you know we you know, 943 00:48:57,280 --> 00:48:59,880 they test recoveries. They don't just back things up and 944 00:49:00,039 --> 00:49:00,719 hope for the best. 945 00:49:01,199 --> 00:49:03,639 Speaker 1: Now, you don't have backups unless you test. 946 00:49:03,440 --> 00:49:06,679 Speaker 3: Them exactly, that's it. So things like that, I mean, yeah, 947 00:49:06,719 --> 00:49:10,760 like you can absolutely sit there and prepare for But again, 948 00:49:12,239 --> 00:49:15,239 it's one of those things where you want to do it, 949 00:49:15,320 --> 00:49:18,599 and you can do it from a technology perspective. It 950 00:49:18,679 --> 00:49:21,440 is there and it's readily available, but now you have 951 00:49:21,519 --> 00:49:25,400 to go in convince your manager that you need to 952 00:49:25,400 --> 00:49:27,280 take to three to four hours to go and test 953 00:49:27,320 --> 00:49:29,760 this thing and confirm that it's going to work as expected. 954 00:49:30,280 --> 00:49:33,239 Ironically enough, in the realm of DevOps and in the 955 00:49:33,280 --> 00:49:36,599 realm of a lot of engineering. When you get to 956 00:49:36,639 --> 00:49:39,840 the senior at to principal level and you're the one 957 00:49:39,840 --> 00:49:42,760 that's supposed to be making these decisions and calling these 958 00:49:42,800 --> 00:49:46,400 things out, your job is a lot more sales than 959 00:49:46,440 --> 00:49:49,199 it is engineering. You have to go and sell this 960 00:49:49,360 --> 00:49:51,840 idea and you can do it, and the technology is 961 00:49:51,880 --> 00:49:55,000 there and there is trust me, there are twenty vendors 962 00:49:55,000 --> 00:49:57,840 as we speak that want to sell you their solution 963 00:49:58,000 --> 00:49:59,719 that can do this thing, and they can do it 964 00:50:00,239 --> 00:50:03,199 very very well. Now you've got to go sell that 965 00:50:03,320 --> 00:50:05,119 idea to upper management. 966 00:50:05,239 --> 00:50:06,920 Speaker 1: Well, the best way to do that is put a 967 00:50:06,960 --> 00:50:10,840 dollar figure around it, Like if we got ransomwared, what 968 00:50:10,880 --> 00:50:12,840 would it be worth to you to get all this 969 00:50:12,960 --> 00:50:15,400 data back? You know? And they're going to know that. 970 00:50:15,519 --> 00:50:18,760 So ten million dollars, twenty million, thirty, one hundred million 971 00:50:18,800 --> 00:50:21,480 dollars like those aren't out of the out of the 972 00:50:21,519 --> 00:50:24,280 realm of the ransoms that we've seen paid totally. And 973 00:50:24,920 --> 00:50:27,960 so you convince the management with dollar figures, what is 974 00:50:28,000 --> 00:50:29,880 the risk if we don't do this? Yeah? 975 00:50:29,920 --> 00:50:30,719 Speaker 3: A thousand percent? 976 00:50:30,840 --> 00:50:34,000 Speaker 2: Always yeah, And it's always good to bring this numbers 977 00:50:34,039 --> 00:50:38,079 to the CFO and bring scary headlines to the CEO. 978 00:50:40,480 --> 00:50:40,840 Speaker 1: That's it. 979 00:50:41,119 --> 00:50:43,800 Speaker 3: Yep, yep, yeah, and you just you really just got 980 00:50:43,840 --> 00:50:45,719 to be able to sell the idea of like what 981 00:50:45,800 --> 00:50:49,239 can happen. And for your manager it could be those 982 00:50:49,320 --> 00:50:53,079 dollar figures. For another manager, it could be, well, if 983 00:50:53,119 --> 00:50:56,119 this happens, we're going to have to hire a consulting 984 00:50:56,159 --> 00:50:58,800 firm and we're going to pay them five hundred thousand 985 00:50:58,840 --> 00:51:01,280 dollars to do this, Or could be we need well, 986 00:51:02,000 --> 00:51:04,920 we're going to have compliance issues, right, and we're gonna 987 00:51:05,000 --> 00:51:06,840 you know, we're going to mess up and we're not 988 00:51:06,880 --> 00:51:08,880 going to be able to get our High Trust serve 989 00:51:09,079 --> 00:51:11,599 or our SoC two compliance or whatever it is. So 990 00:51:11,639 --> 00:51:13,440 you just got to figure out what's important. 991 00:51:13,519 --> 00:51:15,559 Speaker 2: Could end up in an audit, you know, if your 992 00:51:15,760 --> 00:51:19,519 financial services he gets hairy. 993 00:51:19,360 --> 00:51:22,280 Speaker 1: And it's something as simple as how much would it 994 00:51:22,320 --> 00:51:26,679 cost us per day to not have our data exactly right? 995 00:51:26,840 --> 00:51:30,599 To be offline in one day would cost x amount? Right, 996 00:51:30,639 --> 00:51:34,039 And now you're so you're more likely to pay the 997 00:51:34,119 --> 00:51:35,760 ransom to get your data back. 998 00:51:35,880 --> 00:51:38,039 Speaker 2: Accept it. Often when you pay the ransom, you don't 999 00:51:38,039 --> 00:51:38,760 get your data back. 1000 00:51:38,840 --> 00:51:41,480 Speaker 1: Yeah, that's true. You know, there's no guaranteed failure rate is. 1001 00:51:41,840 --> 00:51:44,960 Speaker 2: Failure rate's pretty high you know, we have taken that 1002 00:51:45,079 --> 00:51:49,159 story where we're a certain security person actually had to 1003 00:51:49,320 --> 00:51:58,159 fix the decryptor when decrypt files larger than two gigs. Yeah, 1004 00:51:59,239 --> 00:52:01,400 and the reality and we've done this show and run 1005 00:52:01,440 --> 00:52:05,440 as as well. It's a year minimum. You know, you're 1006 00:52:05,440 --> 00:52:07,199 going to have people involved, You're going to be cleaning 1007 00:52:07,239 --> 00:52:09,599 up messes like it's just nothing's fast. It takes a 1008 00:52:09,639 --> 00:52:11,599 long time. And it takes the same amount of time 1009 00:52:11,599 --> 00:52:13,800 where you paid, where you paid the ransom or you did. 1010 00:52:13,880 --> 00:52:18,679 Speaker 1: I've heard of companies doing testing their staff by sending 1011 00:52:18,760 --> 00:52:23,480 out phishing emails, you know, and seeing if they actually 1012 00:52:23,639 --> 00:52:25,880 click on them, and you know, when they get there, 1013 00:52:25,960 --> 00:52:28,440 you say, congratulations, you just ransom. 1014 00:52:28,960 --> 00:52:30,639 Speaker 2: You just signed up for additional training. 1015 00:52:31,320 --> 00:52:33,639 Speaker 1: Yeah, exactly, And a lot of them. 1016 00:52:33,480 --> 00:52:37,039 Speaker 3: Are actually pretty good. Like you know, the old method, 1017 00:52:37,079 --> 00:52:39,719 for example, used to be, you know, hover over the 1018 00:52:40,559 --> 00:52:42,599 email and make sure that the domain doesn't have like 1019 00:52:42,639 --> 00:52:43,280 a zero. 1020 00:52:43,199 --> 00:52:44,639 Speaker 1: Instead of an ozer exactly. 1021 00:52:45,519 --> 00:52:49,039 Speaker 3: And now it's you know, everything's legit and you're like, yep, 1022 00:52:49,119 --> 00:52:51,159 this is a legit email and you click it and 1023 00:52:51,199 --> 00:52:53,000 it's like oop, sorry, so. 1024 00:52:53,360 --> 00:52:56,400 Speaker 2: Yeah now and the well, now you get into the 1025 00:52:56,440 --> 00:52:58,800 other out level of this, which is that be more 1026 00:52:58,800 --> 00:53:02,079 careful next time? Is not a strategy now that we 1027 00:53:02,119 --> 00:53:03,679 actually have got a. 1028 00:53:03,360 --> 00:53:06,840 Speaker 1: Lot Another big one is you know, here, copy this 1029 00:53:07,000 --> 00:53:12,000 file off my USB stick right oops. So in the 1030 00:53:12,079 --> 00:53:14,920 studio here, I have customers that come and go with 1031 00:53:15,000 --> 00:53:18,079 their own data all the time, and I have a 1032 00:53:18,119 --> 00:53:21,400 machine that is not on the Internet, that that has 1033 00:53:21,559 --> 00:53:23,639 you know, malware bytes and all that stuff on it. 1034 00:53:24,519 --> 00:53:26,840 So I get the latest updates, I unplug it from 1035 00:53:26,880 --> 00:53:29,239 the Internet, stick the thing and run a scan on it, 1036 00:53:29,320 --> 00:53:31,639 and if it's okay, I feel comfortable enough that I 1037 00:53:31,639 --> 00:53:34,760 can put it in my real computer, right right. Yeah. 1038 00:53:35,039 --> 00:53:39,119 So cynical, Yeah, I wish I didn't have to be, 1039 00:53:39,199 --> 00:53:40,320 but yeah yeah. 1040 00:53:40,360 --> 00:53:42,440 Speaker 2: But is this the pain point these days? Really just 1041 00:53:42,480 --> 00:53:44,480 think it's the security side of things when it comes 1042 00:53:44,480 --> 00:53:48,440 to software, Like I feel like a lot of the 1043 00:53:49,159 --> 00:53:51,840 a lot of stuff has been well automated deployments automated 1044 00:53:51,880 --> 00:53:54,679 now like that part works, Continuous deployment like that, that 1045 00:53:54,760 --> 00:53:56,639 seems to work pretty well. If you put in the time, 1046 00:53:56,679 --> 00:53:59,480 you can get your results. Total testing still seems to 1047 00:53:59,480 --> 00:54:03,559 be a strugg but that's evolving. But actually having a 1048 00:54:03,599 --> 00:54:06,880 sense of the security quality of your app, I don't 1049 00:54:06,920 --> 00:54:09,159 have good measures man like that. You only find that 1050 00:54:09,199 --> 00:54:10,719 out in the field, it seems. 1051 00:54:10,559 --> 00:54:13,280 Speaker 3: Yeah, And I think to that point, the biggest thing 1052 00:54:13,360 --> 00:54:15,440 right now, going back to what I was saying before, 1053 00:54:16,440 --> 00:54:20,119 is the networking aspect, like where are my packets going? 1054 00:54:21,280 --> 00:54:24,760 There's so many different layers now, yeah, east west traffic, 1055 00:54:24,800 --> 00:54:27,199 north south traffic, so many different layers that it's like, 1056 00:54:27,840 --> 00:54:30,400 where is this going? And do I know where it's 1057 00:54:30,480 --> 00:54:32,880 going and what it's doing and who can hit it? 1058 00:54:32,920 --> 00:54:36,360 Speaker 2: Did it really need to go there right right doing 1059 00:54:36,559 --> 00:54:37,639 unnecessary things? 1060 00:54:37,760 --> 00:54:42,679 Speaker 3: And I guarantee, I guarantee that can fix ninety percent 1061 00:54:43,440 --> 00:54:45,440 of the security issues that you see in like a 1062 00:54:45,519 --> 00:54:49,800 devop slash platform engineering environment right now where there's a 1063 00:54:49,800 --> 00:54:52,679 lot of you know, Kubernetes and there's a lot of cloud. 1064 00:54:52,519 --> 00:54:55,880 Speaker 2: But it speaks to whitelisting, allow no traffic except the 1065 00:54:55,920 --> 00:54:59,119 paths I've specified, and I don't see very many folks working. 1066 00:54:58,920 --> 00:55:02,800 Speaker 3: That way totally the defense and depth, but you know, 1067 00:55:02,880 --> 00:55:06,159 it's it's all that stuff. It's least privilege right, like 1068 00:55:06,760 --> 00:55:12,239 block everything and then open up as necessary. The problem 1069 00:55:12,320 --> 00:55:14,920 is again that's that's that takes a lot of time 1070 00:55:15,199 --> 00:55:17,920 and people are like, hey, I got you know something 1071 00:55:18,000 --> 00:55:24,079 something deadline, that's it. That's it, yep, yep, yeah, and 1072 00:55:24,119 --> 00:55:27,960 it's it's it's wild to see even even like let's 1073 00:55:27,960 --> 00:55:31,599 say you're setting up different metrics toolings, right like maybe 1074 00:55:31,599 --> 00:55:35,400 you're you're setting up Jaeger, you're setting up Prometheus, and 1075 00:55:35,440 --> 00:55:38,719 you're you're collecting you know, end to end app metrics, 1076 00:55:38,760 --> 00:55:43,199 you're collecting standard server metrics. Whatever you're collecting. Go look 1077 00:55:43,239 --> 00:55:47,599 at those sometime and see what's talking to what from 1078 00:55:47,639 --> 00:55:50,559 a networking perspective, and your mind is going to be blown. 1079 00:55:51,840 --> 00:55:55,119 Speaker 2: You know, it's not not even controlling it, just monitoring it. 1080 00:55:55,199 --> 00:55:55,960 Speaker 3: You just look at it. 1081 00:55:56,000 --> 00:55:57,840 Speaker 2: You'll be surprised even. 1082 00:55:57,599 --> 00:55:59,400 Speaker 3: Like every once in a while, you know, I'll I'll 1083 00:55:59,719 --> 00:56:03,280 open up this this fancy new tool called wire shark. 1084 00:56:04,079 --> 00:56:08,199 Yeah crazy, and I'll look at what's talking to what, 1085 00:56:08,360 --> 00:56:09,679 and I'm like, I don't even know. 1086 00:56:09,639 --> 00:56:10,199 Speaker 1: What this is. 1087 00:56:10,440 --> 00:56:13,320 Speaker 2: Although I'm minutely wire sharks better at marking updata now 1088 00:56:13,360 --> 00:56:15,480 than it's ever been before. The problem with wire sharks 1089 00:56:15,519 --> 00:56:17,239 you turned that on one. Okay, there's a lot of stuff. 1090 00:56:17,320 --> 00:56:19,480 I have no idea what it means. It's overwhelming. 1091 00:56:19,559 --> 00:56:23,599 Speaker 3: Yeah, yeah, it's all fun. 1092 00:56:25,119 --> 00:56:29,639 Speaker 1: Until somebody loses an eye exactly, sure enough. So Michael, 1093 00:56:29,679 --> 00:56:32,679 what's in your inbox? What's coming up for you? What's next? 1094 00:56:32,880 --> 00:56:36,960 Speaker 3: So really still focused in the Kubernetes realm, I'm going 1095 00:56:37,039 --> 00:56:40,719 to be focusing more and more on the networking aspects 1096 00:56:40,840 --> 00:56:46,639 of things, Securing networks, observing networks, making sure that proper 1097 00:56:46,679 --> 00:56:49,480 traffic routing is going where it's supposed to go. Is 1098 00:56:49,519 --> 00:56:51,119 this thing is supposed to be talking to this thing? 1099 00:56:51,960 --> 00:56:54,159 And then also in the realm of AI, you know, 1100 00:56:54,639 --> 00:56:58,840 looking at various agents, how are these agents talking to 1101 00:56:58,920 --> 00:57:02,000 one another? How are you talking to agents? Really everything 1102 00:57:02,119 --> 00:57:06,800 around the Kubernetes networking security realm, and then of course 1103 00:57:06,880 --> 00:57:11,519 just overall platform engineering, making sure that what tools are 1104 00:57:11,519 --> 00:57:15,559 implemented are necessary, which I call in my head just 1105 00:57:15,880 --> 00:57:18,360 proper architecture. I think what's next for me is just 1106 00:57:18,440 --> 00:57:19,519 proper architecture. 1107 00:57:20,960 --> 00:57:24,719 Speaker 1: That's good, good, Okay, Well, thanks for hanging out with 1108 00:57:24,800 --> 00:57:25,360 us for an hour. 1109 00:57:25,400 --> 00:57:26,119 Speaker 2: We learned a lot. 1110 00:57:26,239 --> 00:57:29,920 Speaker 1: I know I did anyway, and thanks again. 1111 00:57:29,719 --> 00:57:30,760 Speaker 3: Thank you so much for having me. 1112 00:57:30,880 --> 00:57:33,280 Speaker 1: You bet, and we'll talk to you next time on 1113 00:57:33,440 --> 00:57:56,000 dot net rocks. Dot net Rocks is brought to you 1114 00:57:56,039 --> 00:58:00,960 by Franklin's Net and produced by Pop Studios Service audio, 1115 00:58:01,079 --> 00:58:05,519 video and post production facility located physically in New London, Connecticut, 1116 00:58:05,760 --> 00:58:10,559 and of course in the cloud online at PWOP dot com. 1117 00:58:10,760 --> 00:58:12,880 Visit our website at d O T N E t 1118 00:58:13,119 --> 00:58:17,159 R O c k S dot com for RSS feeds, downloads, 1119 00:58:17,280 --> 00:58:20,960 mobile apps, comments, and access to the full archives going 1120 00:58:21,000 --> 00:58:24,400 back to show number one, recorded in September two thousand 1121 00:58:24,440 --> 00:58:27,079 and two. And make sure you check out our sponsors. 1122 00:58:27,239 --> 00:58:30,239 They keep us in business. Now go write some code. 1123 00:58:30,599 --> 00:58:34,000 See you next time. You got javans 1124 00:58:36,159 --> 00:58:40,840 Speaker 2: And