Fictional machine capable of instantaneous or superluminal communication
POPULARITY
Categories
This show has been flagged as Clean by the host. Intro How I know BSD Very minimal NetBSD usage I'm am leaving out Dragonfly BSD Previous episodes Several by Claudio Miranda and others - check the tags page. hpr3799 :: My home router history hpr3187 :: Ansible for Dynamic Host Configuration Protocol hpr3168 :: FreeBSD Jails and iocage hpr2181 :: Install OpenBSD from Linux using Grub History and Overview https://en.wikipedia.org/wiki/History_of_the_Berkeley_Software_Distribution The history of the Berkeley Software Distribution began in the 1970s when University of California, Berkeley received a copy of Unix. Professors and students at the university began adding software to the operating system and released it as BSD to select universities. https://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems Comparisons to Linux Not better or worse, just different. BSD is a direct descendant of the original UNIX Not distributions - Separate projects with separate code bases. Permissive vs Copyleft One Project vs Kernel + User land Most Open Source software is available on BSD ports and packages Network Devices and DISKS will have different naming conventions. BE CAREFUL Distinctives FreeBSD Probably most widely used Base OS Commercial products Tightly integrated with ZFS Jails OS for Firewall appliances - PFSense and Opensense OpenBSD Focus on Code Correctness and Security Often First to develop new security methodologies - ASLR and Kernel relinking at boot Home of OpenSSH, ... Base includes Xorg and a minimal Window Manager The Best docs - man pages NetBSD Supports the most platforms pkgsrc can be used on any UNIX like. How I use BSD Home Router Recently migrated from FreeBSD to OpenBSD Better support for the cheap 2.5G network adapters in Ali express firewalls Workstations OpenBSD Dual boot laptop - missing some nice features - Vscode and BT audio OpenBSD for Banking NAS FreeBSD Was physical by migrated to Proxmox VM with direct attached drives Jails for some apps ZFS pools for storage My recommendations Router OpenBSD - Any BSD will work Opensense - similar experience to managing DD-WRT Thinkpads - OpenBSD Other laptops / PC - FreeBSD desktop focus derivative. ghost or midnight Servers/NAS FreeBSD ZFS Jails BSD is worth trying Dual booting is supported but can be tricky if unfamiliar. r Provide feedback on this episode.
Fresh off Red Hat Summit, Chris is eyeing an exit from NixOS. What's luring him back to the mainstream? Our highlights, and the signal from the noise from open source's biggest event of the year.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:
Working with multiple Infrastructure as Code (IAC) tools can be painful. Spacelift provides a platform that operates on top of disparate IaC tools, including Ansible, Kubernetes, Pulumi, Terraform, and OpenTofu. Spacelift helps build the automation with and between these tools, creating graphs of graphs that make your dependencies just work. On today's show, we talk... Read more »
Working with multiple Infrastructure as Code (IAC) tools can be painful. Spacelift provides a platform that operates on top of disparate IaC tools, including Ansible, Kubernetes, Pulumi, Terraform, and OpenTofu. Spacelift helps build the automation with and between these tools, creating graphs of graphs that make your dependencies just work. On today's show, we talk... Read more »
Working with multiple Infrastructure as Code (IAC) tools can be painful. Spacelift provides a platform that operates on top of disparate IaC tools, including Ansible, Kubernetes, Pulumi, Terraform, and OpenTofu. Spacelift helps build the automation with and between these tools, creating graphs of graphs that make your dependencies just work. On today's show, we talk... Read more »
Amanda Ruzza is a DevOps Engineer, world famous Jass Bassist, and a Services Architect at Datadog! in this episode she shares how she ‘migrated' traditional music studying techniques into learning Cloud and all things tech related! "Study is fun and it's all about falling in love with the journey
There are both benefits and challenges when adopting automation in the public sector, but Red Hat Ansible enhances efficiency, security and service delivery. With the right tooling, network operators can integrate automation into existing environments and improve network security. Providing insights into adopting automation in the public sector are Tony Dubiel, Principal Specialist Solution Architect... Read more »
There are both benefits and challenges when adopting automation in the public sector, but Red Hat Ansible enhances efficiency, security and service delivery. With the right tooling, network operators can integrate automation into existing environments and improve network security. Providing insights into adopting automation in the public sector are Tony Dubiel, Principal Specialist Solution Architect... Read more »
What’s it like to move from a NOC role to an operations and automation role? On today’s show we get the perspective of guest Joseph Nicholson, a Network Operations Engineer at NTT Data. He explains how he got started with automation, using tools like Python and Ansible, and the critical role of documentation in network... Read more »
What’s it like to move from a NOC role to an operations and automation role? On today’s show we get the perspective of guest Joseph Nicholson, a Network Operations Engineer at NTT Data. He explains how he got started with automation, using tools like Python and Ansible, and the critical role of documentation in network... Read more »
Welcome to episode 296 of The Cloud Pod – where the forecast is always cloudy! Today is a twofer – Justin and Ryan are in the house to make sure you don't miss out on any of today's important cloud and AI news. From AI Protection, to Google Next, to Amazon Q Developer, we've got it all, this week on TCP! Titles we almost went with this week: Amazon Step Functions, walks step by step into my IDE Deepseek seeks the truth of “is it serverless or servers”? Well Architected Reviews by AI… What will my solutions architects do now? The cloud pod hosts steps over the Azure EU Data Boundary BYOIP to ALBs… only years too late for everyone. A big thanks to this week's sponsor: We're sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You've come to the right place! Send us an email or hit us up on our slack channel for more info. General News 01:02 HashiCorp and Red Hat, better together Hashicorp has more details on its future, with the recent IBM acquisition in this blog post. They talk about the wide range of Day 2 operations, including things like drift detection, image management and patching, rightsizing, and configuration management. As Red Hat Ansible is a purpose built operational management platform, it makes it easier to properly configure resources after the initial creation, but also to evolve the configuration after setup, and then execute ad-hoc playbooks to keep things running reliably and more securely at scale. Some additional things they're exploring, now that the acquisition has closed: Red Hat Ansible Inventory generated dynamically by Terraform. Official Terraform modules for Redhat Ansible, making it easier to trigger terraform from Ansible Playbooks. Redhat and Hashicorp officially support the Red Hat Ansible Provider for Terraform, making it easier to trigger Ansible from Terraform. Evolving Terraform provisioners to support a more comprehensive set of lifecycle integrations. Improved mechanisms to invoke Ansible Playbooks outside of the resource provisioning lifecycle Customers – not surprisingly – regularly integrate Vault and Openshift, and they have identified dozens of connection points that can add value, including: Vault Secrets Operator for OpenShift Etcd data encryption Argo CI/CD Istio Certificate issuance 01:48 Justin – “That's a lot of promise for Ansible there, that I'm not sure it completely lives up to…” 07:09
In the second part of our SUSECON special we've had a blast talking to Don Vosburg and Stefan Behlert about the latest SUSE Multi-Linux Manager 5.1 and Uyuni news. The new version ships with a lot of new features including RBAC, enhanced Ansible support and official IBM POWER support. It can also be installed on SLE 15 SP7 in addition to SUSE Linux Micro.
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 08/03 a 14/03.
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 08/03 a 14/03.
In this episode, Jeremy Maldonado shares his experiences and insights on server management, highlighting the importance of learning from mistakes, the power of automation, and finding balance between Linux and Windows environments. He discusses the challenges and rewards of managing servers, the pivotal role of Ansible in streamlining operations, and the confidence required to maintain a reliable infrastructure. Jeremy encourages listeners to view setbacks as opportunities for growth while reminding us to be kind to ourselves throughout our professional journeys.
Key Considerations for Benchmarking Network Storage Performance, OpenZFS 2.3.0 available, Updates on AsiaBSDcon, GhostBSD Desktop Conference, Recovering from external zroot, Create a new issue in a Github repository with Ansible, Stories I refuse to believe, date limit in UFS1 filesystem extended, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Key Considerations for Benchmarking Network Storage Performance (https://klarasystems.com/articles/considerations-benchmarking-network-storage-performance/) OpenZFS 2.3.0 available (https://github.com/openzfs/zfs/releases/tag/zfs-2.3.0) News Roundup Updates on AsiaBSDCon 2025 - Cancelled - (https://lists.asiabsdcon.org/pipermail/announce/2025-January/000046.html) GhostBSD Desktop Conference (https://www.phoronix.com/news/BSD-Desktop-Conference-GhostBSD) Recovering from external zroot (https://adventurist.me/posts/00350) Create a new issue in a Github repository with Ansible (https://jpmens.net/2025/01/25/create-a-new-issue-in-a-github-repository/) Stories I refuse to believe (https://flak.tedunangst.com/post/stories-i-refuse-to-believe) Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106 (https://cgit.freebsd.org/src/commit/?id=1111a44301da39d7b7459c784230e1405e8980f8) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Feedback - Nelson - Ada/GCC (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/598/feedback/Nelson%20Feedback.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)
Alle Jahre wieder: das CfgMgmtCamp in Gent drehte sich wieder um Infrastruktur-Automatisierung und Cloud-Themen. In großer Runde besprechen wir mit Niklas Werker, Mar Sydymanov, Leon Krass und Jasper Wiegratz unsere Eindrücke. Neben spannenden Keynotes gab es auch spannende Entwicklungen von Pkl-, Puppet- und OpenTofu-Projekten.
With more criticisms of NixOS than ever—do they have a point? We'll dig into the tough critiques and give our perspective.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:
This show has been flagged as Clean by the host. Hello, this is Jon The Nice Guy, and after 10 years of knowing about Hacker Public Radio, here is my first podcast for the network. Firstly, I want to give a shout out to my Admin Admin Podcast co-host Al, who I heard just a week-or-so ago talking about Proxmox! Glad to hear you're over here too! I wanted to record an episode on my ridiculously complicated DHCP setup at home. I'm not saying this is the right or even a good idea for anyone else, but it's something you might want to do. Firstly, a little about why I have a complicated DHCP setup, and it starts with the router my previous ISP gave me. My router could just about cope with serving DHCP, but at the time when I was experimenting with running services on my home lab, the DNS server on the router wouldn't return addresses for hosts on my network, just those on the public internet. This wasn't a great experience! So, I installed PiHole [1] - initially because I'd heard good things about it's ad blocking capabilities, but later because it was just a pretty and sensible DHCP and DNS server that I could do things with. Under the covers, PiHole is running DNSMasq [2], which means that all the configuration is plain text files that I can overwrite with Ansible [3]. My PiHole was running on a Raspberry Pi 2 [4], in a lego-style case [5] plugged into the back of my router. And this was fine for a few months. And then it ran out of storage space, I changed jobs, my wife complained one too many times, and I reverted back to using the router's DHCPd and DNS. I also picked up either Nebula [6] or Tailscale [7] at around that time too, so I didn't need internal DNS to resolve to home services any more, and anything public I setup external DNS records pointing to the internal addresses. Job done. Scrub forward a couple of years, and when I changed jobs, I got a joining bonus which paid for me to get wired network around my house. I also setup my own Proxmox [8] cluster, which I documented on a post [9] on my blog [10]. Again, everything was peachy. I setup home assistant [11], which I expose on to the internet via a proxy on my VPS, and everything was still good... but things are a little more complicated now - I've got more stuff to keep track of and the router's DHCP server was struggling a little... but it was all OK. And then I changed ISP. My new ISP shipped a router running a customized version of OpenWRT [12], and I thought, finally, a good router! And then I realised I couldn't do *anything* sensible with it. It was so locked down, I couldn't even change the admin password without factory resetting it! Ugh. Within a couple of weeks my wife was complaining about random intermittent DNS requests failing, and I was seeing it too. So, I found on the Proxmox Helper Scripts [13] website that someone had put a script to setup a PiHole instance... So naturally, as I had two Proxmox Servers by this point, I ran two PiHole servers. This lasted a few months until I performed a system upgrade to the proxmox cluster and it took down both Proxmox cluster members at the same time and DNS fell off the network! I revived the Raspberry Pi 2 which now sits attached to the router again! Yes! Meanwhile, I was now getting more into IoT and I had several Tuya IoT devices connected over Wifi, and the 254 network addresses available in the /24 sized network [14] to me at home didn't seem enough, so I decided to expand my network to a /22, giving me enough address space for 1022 devices. Plus, I have kids, who each have computers and phones and games devices, my wife and I both work from home, so we both have computers from work and our own devices too... so I decided, now is the time to plan out my network. I decided to use PHPIPAM [15] having been asked to look at it at work, and found it was a good fit for what I wanted to do with it. PHPIPAM is really designed for owners of large-scale networks, people who allocate chunks of public IP scopes and IPv6 address ranges, but it will subdivide smaller network blocks, and so I could carve up my network. I decided to split my /22 into four /24 networks. One was dedicated to DHCP addressed items, with one smaller subnet in there allocated to the Proxmox hosted PiHole and another to the Raspberry Pi hosted PiHole, and both are basically a catch-all for anything I've not yet allocated. One was for end-user devices, like phones, computers, TVs and Games Consoles separated into smaller subnets per-person and one additional subnet for room-shared devices like TVs and Games Consoles. One subnet was separated into smaller subnets for IoT devices and core network things, like mains and network switches, light bulbs, cameras and printers. The last /24 subnet was undivided, but was for servers, both physical and virtual. Great, I've now got a lovely network map [IMAGE1], but *ugh* I've got to transfer all those DHCP and static IP allocations to the PiHoles. And, while I'd been using Gravity Sync [15] to synchronize between the two PiHole devices, sometimes it took a while for Gravity Sync to sync. And over time, I wanted to expose some of those services I was running at home, to my family, at home. So, I turned to Ansible. A few years ago, I'd helped write some Ansible modules which were used to interact with a cloud service my employer at the time was running, so I had a kind of idea on how Ansible works under the surface, the documentation for writing a new set of lookups was OK, and ChatGPT helped where I lost my way. I knew that there was a Terraform [17] Provider [18] for PHPIPAM, so there was a working API... and so I knew I could look up data in PHPIPAM. I wrote some Ansible lookups [19] to confirm the data was accessible from PHPIPAM, and it was! Great, now all I needed to do was to drop files into PiHole. I'd heard Alex [20] from the Self Hosting Podcast [21] talking about how he wrote some Ansible to automate his PiHole management [22], but it assumed a lot about how your network was setup and integrated a lot with other things he did - no complaints there! It's his network after all! But so I knew I needed to do 5 things. 1. Create a list of static DHCP allocations on both PiHole devices. 2. Create a list of DNS names to resolve in the internal network to addresses via A records 3. Create a list of DNS names to resolve to other DNS names via CNAME records 4. Create a list of DNS wildcards, so anything ending in that name would appear in my network. 5. If anything changed, restart DNSMasq. I wrote this code and ran it. Well, ran it and it didn't work, so I fixed it and ran it again... and again and again until it did work. I've just added that to my Github today, so feel free to take a look [23]. You've spent a while listening to this, so what is my "too long, didn't listen"? I have two pihole devices, I run a phpipam service under docker on a LXC container on my proxmox server. On the same LXC container I have a cron job which triggers the ansible playbook every 5 minutes to push any updates to PHPIPAM to the pihole hosts. Every few days I check to see what hosts have turned up in the DHCP pools on the PiHole hosts, map those to hosts I want to track in the future, and allocate them addresses in PHPIPAM so that those hosts will get managed IP addresses after 5 minutes, the next time they renew their DHCP addresses... Tada! For more over engineered solutions like this, feel free to take a look at the content on my blog, or maybe I'll appear again, on Hacker... Public... Radio. Take care, 73. [1] PiHole: https://pi-hole.net/ [2] DNSMasq: https://thekelleys.org.uk/dnsmasq/doc.html [3] Ansible: https://ansible.com [4] Raspberry Pi: https://www.raspberrypi.com/products/ [5] Lego style case: https://www.amazon.co.uk/gp/product/B015WVR5BS [6] Nebula: https://www.defined.net/ [7] Tailscale: https://tailscale.com/ [8] Proxmox: https://www.proxmox.com [9] Proxmox post: https://jon.sprig.gs/blog/post/2885 [10] My blog: https://jon.sprig.gs [11] Home Assistant: https://www.home-assistant.io/ [12] OpenWRT: https://openwrt.org/ [13] Helper Scripts: https://community-scripts.github.io/ProxmoxVE/ [14] Network address spreadsheet: https://gist.github.com/JonTheNiceGuy/a847aa4faf878d7d6cee5c069e1d66d6 [15] PHPIPAM: https://phpipam.net/ [16] Gravity Sync: https://github.com/vmstan/gravity-sync [17] Terraform: https://www.terraform.io/ [18] PHPIPAM Terraform Provider: https://registry.terraform.io/providers/lord-kyron/phpipam/latest [19] Ansible Lookup: https://gist.github.com/JonTheNiceGuy/289a8a2e0233e730f0fbc8f958ec4bc6 [20] Alex Kretzschmar: https://alex.ktz.me/ [21] Self Hosted Podcast: https://selfhosted.show/ [22] Fully Automated DNS and DHCP with PiHole and DNSMasq: https://blog.ktz.me/fully-automated-dns-and-dhcp-with-pihole-and-dnsmasq/ [23] ansible-pihole: https://github.com/JonTheNiceGuy/ansible-pihole [IMAGE1] https://jon.sprig.gs/blog/wp-content/uploads/2024/12/Screenshot-from-2024-12-20-19-29-22.png Provide feedback on this episode.
The Elixir Wizards welcome Jim Freeze, organizer of ElixirConf and creator of the Horizon library. Jim shares his journey from organizing Ruby conferences to founding and growing ElixirConf into the community cornerstone it is today. He reflects on the challenges of running a major conference, how COVID-19 shaped the event, and why the talks remain an evergreen resource for the Elixir ecosystem. We discuss Horizon, Jim's deployment library for Elixir and Phoenix applications with Postgres on FreeBSD. Driven by a need for simplicity and cost-effectiveness, Jim explains how Horizon minimizes external dependencies while delivering fault-tolerant and streamlined setups. He compares it to tools like Fly, Terraform, and Ansible, highlighting its low cognitive load and flexibility—key benefits for developers seeking more control over their deployment environments. Jim also unpacks the broader value of understanding and customizing your deployment stack rather than relying solely on managed services. He discusses the benefits of using FreeBSD, including its stability, security, and performance advantages, as well as its robust ZFS file system. Jim emphasizes the importance of coherent deployment workflows, community collaboration, and contributions to open-source projects like Horizon. He invites listeners to explore Horizon, share feedback, and own their deployments. Topics discussed in this episode: Jim Freeze's background organizing RubyConf and founding ElixirConf Reducing reliance on managed services and external dependencies Simplifying deployments with minimal tools and lower cognitive overhead The trade-offs of cutting-edge tools vs. stable, well-documented solutions The importance of customizing deployment tools to meet specific needs Addressing challenges with Tailwind compatibility Streamlining the FreeBSD installation process for Horizon users Community collaboration: contributing to open-source tools Jim's vision for Horizon: PKI support, hot standby features, and serverless potential Links mentioned Nine Minutes of Elixir (https://youtu.be/hht9s6nAAx8?si=ocrk1wQtGplSGL0B) https://www.youtube.com/@ElixirConf https://github.com/liveview-native https://github.com/elixir-nx/nx https://2024.elixirconf.com/ https://github.com/jfreeze/horizon https://hexdocs.pm/horizon/deploying-with-horizon.html#web-cluster-topology https://kamal-deploy.org/ https://fly.io/ https://aws.amazon.com/console/ https://www.digitalocean.com/ https://cloud.google.com/ https://www.cloudflare.com/ https://www.hetzner.com/ https://www.proxmox.com/en/ https://nginx.org/ https://github.com/openzfs/zfs Zettabyte File System https://en.wikipedia.org/wiki/ZFS https://www.postgresql.org/ https://www.terraform.io/ https://www.ansible.com/ https://docs.freebsd.org/ https://www.redhat.com/ https://ubuntu.com/ https://esbuild.github.io/ Listener's Survey: https://smr.tl/EWS13 Special Guest: Jim Freeze.
In this episode, we have an insightful discussion with Carol Chen from Red Hat at the All Things Open conference. Carol, who works in the Open Source Program Office at Red Hat, shares her experiences and insights on her ongoing project, InstructLab, a collaboration with IBM aimed at applying open source methods to building and training large language models. The conversation covers the importance of democratizing AI, reducing the fear and misconceptions surrounding AI technology, and making AI tools and concepts more accessible and understandable for everyone, including those who are not tech-savvy. Carol also discusses the social responsibility associated with AI development, emphasizing the need for transparency and community collaboration. 00:00 Introduction and Welcome 00:17 Carol's Background and Role at Red Hat 01:00 AI and Open Source 03:13 Challenges and Opportunities in AI 06:43 InstructLab: Making AI Accessible 12:09 Personal Journey into AI 15:37 AI Ethics and Open Source Guest: Carol Chen is a Community Architect at Red Hat, supporting and promoting various upstream communities such as InstructLab, Ansible and ManageIQ. She has been actively involved in open source communities while working for Jolla and Nokia previously. In addition, she also has experiences in software development/integration in her 12 years in the mobile industry. Carol has spoken at events around the world, including DevConf.CZ in Czech Republic and OpenInfra Summit in China. On a personal note, Carol plays the Timpani in an orchestra in Tampere, Finland, where she now calls home.
Keri Olson (@ksolson20, VP AI for Code at @IBM) talks about coding assistants across the software development lifecycle, the future of agents, and domain-specific assistants.SHOW: 869SHOW TRANSCRIPT: The Cloudcast #869 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SHOW SPONSOR:While data may be shaping our world, Data Citizens Dialogues is shaping the conversationFollow Data Citizens Dialogues on Apple, Spotify, YouTube, or wherever you get your podcastsSHOW NOTES:IBM Watsonx Code Assistant (homepage)IBM Watsonx Code Assistant for Ansible Lightspeed (homepage)IBM Watsonx Code Assistant for Z (homepage)Topic 1 - Welcome to the show. Tell us about your background, and then give us a little bit of background on where you focus your time at IBM these days?Topic 2 - Developer code assistants have become one of the most popular areas of GenAI usage. At a high level, how mature are the technologies that augment developers today? Topic 3 - Software development has an entire lifecycle (Generate, Complete, Explain, Test, Transform, Document). It's easy for developers to just plug in a service, but is that often the most effective way to start using GenAI in the software development lifecycle? Topic 4 - Software developers are notoriously picky about what tools they use and how they use them. GenAI doesn't “guarantee” outputs. Are there concerns that if different developers or groups use different coding assistants, that it could create more challenges than it helps? Topic 5 - What is a holistic way to think about code assistants? How much should be actively engaged with developers, how much should be behind the scenes, how much will be automated or agentic in the future? Topic 6 - In the past, we essentially had “real developers” (people who wrote code) and things like Low-Code for “citizen developers” on process tasks. Do you expect to see code assistants bringing more powerful skills to people that previously hadn't identified as a real developer? (e.g. the great idea on a napkin that turns into a mobile app)FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
Today we're revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level. Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!
Sixty vulnerabilities and exposures disclosed in one week sounds like a lot. We'll explain why it's just business as usual.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:
Larry Niven og Jerry Pournelle fortæller i The Mote in God's Eye en opfindsom historie om mødet mellem menneskeheden og en udenjordisk civilisation. Romanen, fra 1974, er både en old school first contact-historie og et forsøg på filosofisk undersøgelse af konsekvenserne af mødet med det radikalt fremmede. Et møde med "Moties" Romanen foregår i år 3017 i et fremtidigt menneskeligt imperium kaldet "Det Andet Imperium af Mennesket". Historien begynder, da en ekspedition ledet af Kaptajn Lord Roderick Blaine opdager et fremmed rumskib nær New Caledonia-stjernesystemet. Det fremmede fartøj viser sig at indeholde et enkelt væsen fra en hidtil ukendt alien-race. Denne race bliver senere kendt som Motierne på grund af deres hjemstjernes placering i forhold til en tåge, der ligner et støvkorn i Guds øje. Det bliver afsættet for en videnskabelig og militær ekspedition til Mote Prime systemet og mødet med Motierne. Biologisk specialisering Motierne er teknologisk avancerede, men meget forskellige fra menneskene. De er inddelt i forskellige racer, der er fysisk og mentalt tilpassede til specialiserede roller, som de udfylder med enorm effektivitet. En motie ingeniør kan reparere en fremtids-ipad med hænderne og deres forhandlere/ambassadører kan lære sprog lynhurtigt, og næsten læse tanker. Efterhånden opdager menneskene, at Motierne skjuler vigtige oplysninger om deres historie og biologi. Det afsløres, at Motierne er fanget i en cyklus af vækst, overpopulation, krig og sammenbrud på grund af deres ukontrollerede reproduktion; en ukontrolleret reproduktion, som vil overvælde menneskeheden, skulle Motierne slippe ud fra deres stjernesystem og sprede sig til resten af galaksen. Frygten for det ukendte The Mote in God's Eye er lige dele military scifi og old school first contact. Romanens styrke ligger i dens spekulationer om, hvad der sker, når to radikalt forskellige kulturer mødes. Når den er bedst fascineres man af at opleve menneskeheden gennem Motiernes øjne. Når den er svag, skyldes det, at verdensopbygningen, særligt på Mote Prime, ikke virker særlig troværdig og gennemtænkt. Jens og Anders har SCIFI Snakket The Mote in God's Eye. Shownotes til The Mote in God's Eye Intro og siden sidst Anders Har set Dark Matter – stadig underholdende og superflot Fik endelig set Silo færdig i forberedelse til kommende sæson 2, men synes nok stadig den er lidt træg… Fik læst Quantum Magician af Derek Künsken færdig, og må indrømme at jeg småløb gennem anden halvdel. Måske var det bare mig, men jeg kunne ikke holde overblik i det komplicerede heist-plot, og var inderligt ligeglad med karaktererne… Har læst Ann Leckies Translation State Har læst Marie-Helene Bertino's Beautyland (sær men cool bog, der handler om en pige/kvinde som måske er alien, måske “bare” autist…) Har læst Some Desperate Glory af Emili Tesh (military YA-scifi med multiverser og moralske dilemmaer) Har læst In Ascension af Martin MacInnes (samme vibes som Meg Howrey's Wanderers– fokus på drama omkring en tre-personers ekspedition i ultrahurtigt rumskib på vej ud af Solsystemet) Er gået igang med Sunny på ATV+ (men har foreløbig droppet den igen…) Keanu skriver bog med Mieville?! https://www.wired.com/story/china-mieville-writes-a-secret-novel-with-the-internets-boyfriend-keanu-reeves/ Jens Læst dispossesed af Ursula K. Le Guin. Mind. Blown! - Meget meget interessant bog om anarkisme/sociale og samfund (odonians) og hvordan det føles, hvis man er vokset op i et stærkt idealistisk samfund, og køber totalt ind på principperne om total frihed og anarki. Samtidig følger vi Chevek, som er fysiker og forsker i temporal teori (noget som kan bruges til at FTL) - han ender med at skabe det der “Ansible” device som også refereres i Left Hand. Den er del af samme bogserie. Hainish cycle. Adrian tchaikovsky - Service Model. Nyeste bog fra juni 2024. Når vi har overladt alt til robotter og det så begynder at gå ...
Discerning and Defining a product manager Role is S.10 E.2 n.142 of the FSG Messaging and Optics Podcast, Wait What Really OK hosted by Messaging and Optics Strategist Loren Weisman. Derrick is the guest on this episode of Wait What Really OK. Together Loren and Derrick dig in to the ins, outs, ups and downs of Product Managers. In this episode, Derrick helps with the discerning and defining when it comes to an effective product manager as well as some red flags to watch out for and many of the attributes to look for. This podcast is raw, real and true. Done in one take, a little EQ and up… Proud of the flubs, the ums and the uhs. This was unscripted and in the moment. Derrick did not have the questions in advance. Derrick Boudwin is a Qualified Director of Product Engineering with over 15 years experience leading international cross-functional teams, using people-centric strategies to develop software resulting in successful, patented, and disruptive products. Derrick is also versed in the Programming Languages of Python, Bash, Visual Basic, Powershell, SQL, Ruby, Java as well as being familiar with Tools and Technologies that include AWS, GCP, Azure, Tensorflow, Docker, Ansible, Terraform, Jenkins, CircleCI, Git, OpenCV, Pivotal, Jira, and ConfluenceTo talk to Derrick about any or all things Product Manager related or to get some help in your product manager search or assistance in interviewing or reviewing your candidates, email: Derrick@DerrickBoudwin.com *Loren Weisman is a Messaging and Optics Strategist. starting as a session/ghost drummer and then music producer, loren has 700 album credits across major and indie labels as drummer and producer. He then shifted to TV production with credits for ABC, NBC, FOX, CBS, TLC and more including reality shows, infomercials, movies and documentaries. Loren wrote three internationally published and distributed books, including Wiley and Sons, “Music Business for Dummies”, as well as GreenLeaf's “The Artists Guide to Success in the Music Business.” https:/lorenweisman.com/ * © 2024 Loren Weisman / Fish Stewarding Group All Rights Reserved ® ℗ *
On this episode of DevOps Dialogues: Insights & Innovations, I am joined by Senior Director of Market Insights, Hybrid Platforms at Red Hat, Stuart Miniman, for a discussion on Red Hat Virtualization and AI Impacts on DevOps Our conversation covers: Highlights of Red Hat Summit Impacts of Virtualization and AI on the market Additions of Lightspeed into RHEL and OpenShift expanding on Ansible
Unlock the secrets to building a hybrid home lab that seamlessly integrates local hardware with public cloud resources. Join us as we chat with Matt Elliott, who takes us on an inspiring journey from his early ideas in 2018 to his current sophisticated setup. Matt shares the pivotal moments that transitioned him from clunky physical servers to efficient containers on Linux hosts, offering invaluable insights and amusing anecdotes from his experiences within Kentucky's vibrant IT community.In this episode, we delve into the power of automation tools that can transform your hybrid home lab into a powerhouse of efficiency. We discuss key infrastructure components like Redis, Postgres, LibreNMS, and Prometheus, and emphasize the importance of secrets management with 1Password. Discover how containers can swiftly deploy new AI tools, and how Infrastructure as Code (IaC) with Terraform and Ansible can streamline your lab's management and automation. Plus, learn how AI can be your assistant in optimizing and troubleshooting your setup.Our conversation also covers the crucial aspect of networking in a hybrid home lab. We navigate the nuances of transitioning from Docker to Podman, discuss the user-friendly benefits of Tailscale, and consider alternatives like ZeroTier. Get practical advice on overcoming routing issues and maintaining network stability. Finally, we explore leveraging AI to enhance coding, documenting your learning in a GitHub repository, and creating an extensible home lab that integrates both on-prem and cloud resources. This episode is packed with actionable tips, expert advice, and personal stories, making it essential listening for anyone keen on building a versatile hybrid home lab.Draft Details on Matt's Hybrid Home Lab (OCTANT):https://docs.google.com/document/d/17O_qt_1gAo-F8za7K3kK6CZlzbk6TV7v_LpzxWUV6wk/edit?usp=sharingFollow Matt:https://x.com/NetworkBrouhahaMatt's Blog:https://networkbrouhaha.com/2018/08/hybrid-home-lab-pt1/https://networkbrouhaha.com/2022/03/vcd-verraform-example/Check out the Fortnightly Cloud Networking NewsVisit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatjArt of Network Engineering (AONE): https://artofnetworkengineering.com
A look into CISA's Known Exploited Vulnerability Catalogue is on our minds this week, plus we look at vulnerability updates for gdb, Ansible, CUPS, libheif, Roundcube, the Linux kernel and more.
This week we talk about: * Daniel's upcoming trip to Barcelona for the Formula One Grand Prix * Dave's app, GoVJ, and its use in an art installation by a customer (shout out to Sarah Fox!) * Dave's new app, the NDI Switcheroo * Daniel is playing Druids and Wizards again with the TelemetryDeck server stack and Ansible. Join us, while we're Waiting For Review, We are open for sponsorship! email us at contact@waitingforreview.com The Discord server is open to all, and you can contact us via our social links below. Enjoy the show, Dave ✨ und Daniel
This week we talk about: * Daniel's upcoming trip to Barcelona for the Formula One Grand Prix * Dave's app, GoVJ, and its use in an art installation by a customer (shout out to Sarah Fox!) * Dave's new app, the NDI Switcheroo * Daniel is playing Druids and Wizards again with the TelemetryDeck server stack and Ansible. Join us, while we're Waiting For Review, We are open for sponsorship! email us at contact@waitingforreview.com The Discord server is open to all, and you can contact us via our social links below. Enjoy the show, Dave ✨ und Daniel
Discover the captivating journey of John Capobianco from the factory floor to the forefront of AI technology at Cisco on this episode of Cables2Clouds. John shares his inspiring path, detailing how his early fascination with technology and subsequent mastery of programming languages like Ansible and Python laid the groundwork for his current role in network automation and AI. Listen as he recounts his experience with early access to ChatGPT's API and discusses cutting-edge advancements in AI such as Retrieval-Augmented Generation (RAG) and the innovative Raptor approach.Join us as we navigate the intricate world of AI integration within network operations and the ongoing debate between cloud and on-premises solutions. Using Cisco's AI Security Assistant as a real-world example, we highlight how AI is transforming complex IT tasks into more manageable processes. From prompt engineering to the unpredictable nature of AI outputs, we tackle the challenges and opportunities that come with adopting new technologies, drawing enlightening parallels to the tech shifts of the past.Finally, we delve into the evolving role of security analysts in light of AI and automation, spotlighting Cisco's recent updates to the CCNA certification. Learn about the strategic importance of embedding AI knowledge early in an engineer's career and the safeguards necessary for handling sensitive data. We explore the implementation of Cisco's validated designs and the concept of a digital twin for networks, and share insights on fine-tuning AI models. Tune in to grasp how AI is poised to revolutionize network management, making operations more streamlined and elevating the role of IT professionals.Check out the Fortnightly Cloud Networking NewsVisit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatjArt of Network Engineering (AONE): https://artofnetworkengineering.com
This week Matthew Jones and Kaete Piccirilli join the Ask Noah Show to talk Ansible! Catch the latest advancements as well as a look at what's coming down the road. -- During The Show -- 00:55 Steve's WiFi Problems Multiple APs 70+ Access Points 02:23 Guacamole Conversation - Joey Steve's presentation? SELF puts them online Steve might have a copy Restricting to IP Don't use as sole defense Shields from "script kiddies" Block based on GeoIP/Country 08:50 Watch Axis Camera in VLC - TwoBit Steve routes them into Home Assistant ispyconnect.com (https://www.ispyconnect.com/cameras) Generated view URL ``` rtsp://admin:admin@192.168.1.20/onvif-media/media.amp ``` 11:48 News Wire Linux 6.10 RC - Linux Mailing List (https://lkml.iu.edu/hypermail/linux/kernel/2405.3/01595.html) RISC-V Rust Support - Phoronix (https://www.phoronix.com/news/Linux-6.10-RISC-V) NFS v2 Being Disabled - Phoronix (https://www.phoronix.com/news/Linux-6.10-NFS-Client) Alpine Linux 3.20 - Alpine Linux (https://alpinelinux.org/posts/Alpine-3.20.0-released.html) Handbrake 1.8 - Handbrake (https://handbrake.fr/news.php?article=53) New Tuxedo Hardware - Tuxedo Computers (https://www.tuxedocomputers.com/en/TUXEDO-Stellaris-Slim-15-Gen6-INTEL.tuxedo) IBM & AI - Silicon Angle (https://siliconangle.com/2024/05/21/ibm-pivots-focus-code-generation-open-source-granite-generative-ai-models/) AMD Acquiring Nod.AI - MSN (https://www.msn.com/en-us/money/other/amd-to-acquire-nodai-boosting-its-open-source-ai-software-capabilities/ar-AA1i02AI) 13:11 Marknote Obsidian (https://obsidian.md/) Closed Source You can install KDE apps on Windows Very early in development KDE Apps (https://apps.kde.org/marknote/) Marknote Flathub (https://flathub.org/apps/org.kde.marknote) 19:15 KaOS 24 Linux IAC (https://linuxiac.com/kaos-linux-2024-05-released/) Arch based Takes peices from many distros KaOS Base (https://kaosx.us/about/based/) BcasheFS (https://bcachefs.org/) Snap Shots in Linux RHEL ABI tracking (https://openzfs.github.io/openzfs-docs/Getting%20Started/RHEL-based%20distro/index.html) Steve would go Red Hat now 28:40 Ubuntu 24.04 & MILK V & MARS RISC-V RISC-V SBC Forward thinking design of Linux 9 to 5 Linux (Ubuntu 24.04 / MILK V & MARS RISC-V) 31:13 Kaspersky Research Increase in Linux cyber attacks More Linus Crime moving to "cyber" More people "at home" Keep your box up to date 33:58 Ansible Interview Matthew Jones - Chief Architect of Ansible Automation for Red Hat Kaete Piccirilli - Director, Product Marketing, Ansible Automation Brief description of Ansible Requirements for Ansible Ansible Galaxy (https://galaxy.ansible.com/) Ansible Lightspeed (https://developers.redhat.com/products/ansible/lightspeed) AI model trained for Ansible Good starting point Set of tools around Lightspeed On premise Lightspeed LLM hallucinations Lightspeed adding "documentation" Preventing data leaks Ansible secrets best practices Encrypting a playbook Content signing & verification Ansible education Event driven Ansible What is new this year Policy as code EDA Making Ansible Galaxy more "decentralized" Making Ansible more efficient What is next for Ansible 51:15 SELF Looking forward to seeing you! ANS/SELF Meetup Pinkys (https://eatatpinkys.com/) Friday 6:00 PM -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/391) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
It looks like the rumors were true! Recently, IBM announced that they are buying HashiCorp (and Terraform) for a cool 6.4 billion dollars, in cash. Tom and Chunga both find themselves asking the question, "Why did IBM choose to do this?" They already own Red Hat and Ansible. Did they buy HashiCorp / Terraform because they could, or did they buy it because the should? Chunga thinks it's definitely the former. He's also of the opinion that they made this purchase without having an actual plan. Tom, on the other hand, says it's not quite as simple and people think, altholugh Chunga may be right on this one. Why? Listen now to find out! Join the Salt Project Discord server! Start using Salt in just a few minutes!
In Elixir Wizards Office Hours Episode 8, hosts Sundi Myint and Owen Bickford lead an engaging Q&A session with co-host Dan Ivovich, diving deep into the nuances of DevOps. Drawing from his extensive experience, Dan navigates topics from the early days before Docker to managing diverse polyglot environments and optimizing observability. This episode offers insights for developers of all levels looking to sharpen their DevOps skills. Explore the realms of Docker, containerization, DevOps workflows, and the deployment intricacies of Elixir applications. Key topics discussed in this episode: Understanding DevOps and starting points for beginners Best practices for deploying applications to the cloud Using Docker for containerization Managing multiple programming environments with microservices Strategies for geographic distribution and ensuring redundancy Localization considerations involving latency and device specs Using Prometheus and OpenTelemetry for observability Adjusting scaling based on application metrics Approaching failure scenarios, including database migrations and managing dependencies Tackling challenges in monitoring setups and alert configurations Implementing incremental, zero-downtime deployment strategies The intricacies of hot code upgrades and effective state management Recommended learning paths, including Linux and CI/CD workflows Tools for visualizing system health and monitoring Identifying actionable metrics and setting effective alerts Links mentioned: Ansible open source IT automation engine https://www.ansible.com/ Wikimedia engine https://doc.wikimedia.org/ Drupal content management software https://www.drupal.org/ Capistrano remote server automation and deployment https://capistranorb.com/ Docker https://www.docker.com/ Circle CI CI/CD Tool https://circleci.com/ DNS Cluster https://hex.pm/packages/dnscluster ElixirConf 2023 Chris McCord Phoenix Field Notes https://youtu.be/Ckgl9KO4E4M Nerves https://nerves-project.org/ Oban job processing in Elixir https://getoban.pro/ Sidekiq background jobs for Ruby https://sidekiq.org/ Prometheus https://prometheus.io/ PromEx https://hexdocs.pm/promex/PromEx.html GitHub Actions - Setup BEAM: https://github.com/erlef/setup-beam Jenkins open source automation server https://www.jenkins.io/ DataDog Cloud Monitoring https://www.datadoghq.com/
Unlock the story behind IBM's bold play in acquiring HashiCorp, a move that's sent shockwaves through the tech sector. We pull back the curtain to reveal what this means for industry consolidation and how IBM's bet on HashiCorp's varied offerings, from Terraform to Vault, could be a game-changer for their private cloud ambitions. And with cloud giants like Google and Azure flaunting their latest earnings, we shed light on the true picture behind the numbers and the clever strategies they employ to stay ahead of the curve.Then, strap in as we examine Fortinet's pioneering move to infuse Gen AI into their FortiOS for unparalleled threat detection. We're not just observers; we're analysts questioning the practicality of Cisco and Red Hat's ACI and OpenShift integration and the unfolding saga within Cisco's own product ecosystem. Need a dose of reality? Our critique of the AWS Network Firewall, courtesy of insights from SDX Central, promises to mix humor with hard-hitting truths about cybersecurity in the cloud era. Join us for this episode that's anything but typical, as we navigate the intricate web of tech alliances and innovations.Check out the Fortnightly Cloud Networking NewsVisit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatjArt of Network Engineering (AONE): https://artofnetworkengineering.com
Today on Elixir Wizards Office Hours, SmartLogic Engineer Joel Meador joins Dan Ivovich to discuss all things background jobs. The behind-the-scenes heroes of app performance and scalability, background jobs take center stage as we dissect their role in optimizing user experience and managing heavy-lifting tasks away from the main application flow. From syncing with external systems to processing large datasets, background jobs are pivotal to successful application management. Dan and Joel share their perspectives on monitoring, debugging, and securing background jobs, emphasizing the need for a strategic approach to these hidden workflows. Key topics discussed in this episode: The vital role of background jobs in app performance Optimizing user experience through background processing Common pitfalls: resource starvation and latency issues Strategies for effective monitoring and debugging of task runners and job schedulers Data integrity and system security in open source software Background job tools like Oban, Sidekiq, Resque, Cron jobs, Redis pub sub CPU utilization and processing speed Best practices for implementing background jobs Keeping jobs small, focused, and well-monitored Navigating job uniqueness, locking, and deployment orchestration Leveraging asynctask for asynchronous operations The art of continuous improvement in background job management Links mentioned in this episode: https://redis.io/ Oban job processing library https://hexdocs.pm/oban/Oban.html Resque Ruby library for background jobs https://github.com/resque Sidekiq background processing for Ruby https://github.com/sidekiq Delayed Job priority queue system https://github.com/collectiveidea/delayed_job RabbitMQ messaging and streaming broker https://www.rabbitmq.com/ Mnesia distributed telecommunications DBMS https://www.erlang.org/doc/man/mnesia.html Task for Elixir https://hexdocs.pm/elixir/1.12/Task.html ETS in-memory store for Elixir and Erlang objects https://hexdocs.pm/ets/ETS.html Cron - https://en.wikipedia.org/wiki/Cron Donate to Miami Indians of Indiana https://www.miamiindians.org/take-action Joel Meador on Tumblr https://joelmeador.tumblr.com/ Special Guest: Joel Meador.
Ensure peak performance, security and compatibility with Azure for Red Hat Enterprise Linux. Leverage Azure Migrate to transition on-prem Linux VMs to Azure, for cloud-native or hybrid deployment. Deploy and orchestrate infrastructure with Azure Resource Manager templates, Terraform, and Ansible playbooks. Uncover cost-saving opportunities and performance optimization tools, and benefit from license portability, commitment-based discounts, and diverse compute options, including Azure Confidential Computing VMs, for enhanced scalability and efficiency. Experience flexibility with Azure, enabling RHEL workloads to run across global regions and edge locations, with Azure Arc providing centralized management and security for hybrid environments. Join Azure expert, Matt McSpirit, as he shares why Azure is the right place to run your Red Hat Enterprise Linux workloads. ► QUICK LINKS: 00:00 - Why run Red Hat Enterprise Linux workloads on Azure? 01:10 - Integration 01:41 - Automated scripting or code-based options 02:09 - Beyond provisioning 02:31 - Customer support 03:07 - Efficiency- optimize your spend 04:28 - Increase performance and scalability 05:41 - Flexibility 06:26 - Update management 06:40 - Wrap Up ► Link References: See the Forrester Consulting study at https://aka.ms/RHELTEI For additional information check out https://aka.ms/RedHatAzure ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Matt Horn built a data center network through automation, remotely. This is the future of network engineering. Matt shares how his team did it technically: Terraform, a little Ansible, leveraging pipelines, etc. But he also shares the processes and culture that made it happen: Management and peer buy-in, tight enforcement based on user access, and... Read more »
Matt Horn built a data center network through automation, remotely. This is the future of network engineering. Matt shares how his team did it technically: Terraform, a little Ansible, leveraging pipelines, etc. But he also shares the processes and culture that made it happen: Management and peer buy-in, tight enforcement based on user access, and... Read more »
Matt Horn built a data center network through automation, remotely. This is the future of network engineering. Matt shares how his team did it technically: Terraform, a little Ansible, leveraging pipelines, etc. But he also shares the processes and culture that made it happen: Management and peer buy-in, tight enforcement based on user access, and... Read more »
Chris spends the week in a VR desktop, revealing the glitches, gains, and VR's open-source future.
Deploying Nextcloud the Nix way promises a paradise of reproducibility and simplicity. But is it just a painful trek through configuration hell? We built the dream Nextcloud using Nix and faced reality. Special Guest: Alex Kretzschmar.
Alex has been deep-diving into container networking, and Chris is trying to steelman Plex's new rental service. Plus, why are we building our containers with Tailscale networking now, and the latest from the Home Assistant project?
In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: Thought eels were slippery? Check out AnyDesk's PR! Why Microsoft's 365 is a nightmare to secure Cloudflare's needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week's feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He's joining the show to talk about CISA's demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA's Joint Cyber Defense Collaborative is a bit of a shambles. This week's sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they've committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn't have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use' after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire' and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.' Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens' handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren't bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC's competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits' CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube
In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: Thought eels were slippery? Check out AnyDesk's PR! Why Microsoft's 365 is a nightmare to secure Cloudflare's needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week's feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He's joining the show to talk about CISA's demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA's Joint Cyber Defense Collaborative is a bit of a shambles. This week's sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they've committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn't have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use' after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire' and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.' Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens' handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren't bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC's competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits' CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube
In this episode of the PowerShell Podcast, we are joined by the talented Jordan Borean. Join us as we delve into the world of PowerShell development with Jordan, exploring some of his exceptional modules that have made waves in the community. Jordan shares his unique perspective as a Python developer using PowerShell and highlights the benefits of binary modules. Dive into the details of Jordan's experience within the PowerShell community Discord, and gain insights into his journey to Red Hat, where Open Source played a pivotal role. As a bonus, discover the surprising answer to the question: If PowerShell was a song, what would it be? This episode is packed with coding wisdom, community adventures, and a touch of musical revelation. Guest Bio and links: I've been working in IT for around 10 years now with experience in a range of roles. Currently, I'm a programmer working on Ansible for RedHat, specializing in Windows automation. While my job is mostly working with Python I play around with PowerShell and C# mostly in my spare time and have written quite a few PowerShell modules. In my spare time, I like to spend time with my wife and dog as well as go on some bike rides around where I live. I currently specialize in network protocols like WinRM, SMB, PSRemoting, LDAP, among others, and I have written a few cross-platform clients that implement these protocols outside of Windows. I'm also quite active in the Discord community and love to help/lurk the various questions that come up there. There's always something new that I learn. Watch the PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=iTFr1ojayTM https://2pintsoftware.com/news/details/why-is-add-content-bad-in-powershell-51 https://github.com/JustinGrote/ModuleFast/releases/tag/v0.1.0 https://lindnerbrewery.github.io/posts/converting_to_semtantic_version/ https://github.com/jborean93/PowerShell-ctypes https://github.com/jborean93/PSDetour https://github.com/jborean93/PSDetour-Hooks https://github.com/jborean93/PSEtw https://github.com/jborean93/PSOpenAD https://github.com/ansible-collections/ansible.windows https://github.com/ansible-collections/community.windows https://github.com/ansible-collections/microsoft.ad https://github.com/SeeminglyScience/ImpliedReflection https://github.com/JustinGrote/ModuleFast/ https://github.com/SeeminglyScience/ClassExplorerhttps://github.com/pester/Pester
We look back at what has changed, what's failed us, and what's sticking around in our homelabs. Special Guest: Brent Gervais.
Maya Kaczorowski, Chief Product Officer at Tailscale, joins Corey on Screaming in the Cloud to discuss what sets the Tailscale product approach apart, for users of their free tier all the way to enterprise. Maya shares insight on how she evaluates feature requests, and how Tailscale's unique architecture sets them apart from competitors. Maya and Corey discuss the importance of transparency when building trust in security, as well as Tailscale's approach to new feature roll-outs and change management.About MayaMaya is the Chief Product Officer at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises.Maya completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French.Outside of work, Maya is passionate about ice cream, puzzling, running, and reading nonfiction.Links Referenced: Tailscale: https://tailscale.com/ Tailscale features: VS Code extension: https://marketplace.visualstudio.com/items?itemName=tailscale.vscode-tailscale Tailscale SSH: https://tailscale.com/kb/1193/tailscale-ssh Tailnet lock: https://tailscale.com/kb/1226/tailnet-lock Auto updates: https://tailscale.com/kb/1067/update#auto-updates ACL tests: https://tailscale.com/kb/1018/acls#tests Kubernetes operator: https://tailscale.com/kb/1236/kubernetes-operator Log streaming: https://tailscale.com/kb/1255/log-streaming Tailscale Security Bulletins: https://tailscale.com/security-bulletins Blog post “How Our Free Plan Stays Free:” https://tailscale.com/blog/free-plan Tailscale on AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-nd5zazsgvu6e6 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn, and I am joined today on this promoted guest episode by my friends over at Tailscale. They have long been one of my favorite products just because it has dramatically changed the way that I interact with computers, which really should be enough to terrify anyone. My guest today is Maya Kaczorowski, Chief Product Officer at Tailscale. Maya, thanks for joining me.Maya: Thank you so much for having me.Corey: I have to say originally, I was a little surprised to—“Really? You're the CPO? I really thought I would have remembered that from the last time we hung out in person.” So, congratulations on the promotion.Maya: Thank you so much. Yeah, it's exciting.Corey: Being a product person is probably a great place to start with this because we've had a number of conversations, here and otherwise, around what Tailscale is and why it's awesome. I don't necessarily know that beating the drum of why it's so awesome is going to be covering new ground, but I'm sure we're going to come up for that during the conversation. Instead, I'd like to start by talking to you about just what a product person does in the context of building something that is incredibly central not just to critical path, but also has massive security ramifications as well, when positioning something that you're building for the enterprise. It's a very hard confluence of problems, and there are days I am astonished that enterprises can get things done based purely upon so much of the mitigation of what has to happen. Tell me about that. How do you even function given the tremendous vulnerability of the attack surface you're protecting?Maya: Yeah, I don't know if you—I feel like you're talking about the product, but also the sales cycle of talking [laugh] and working with enterprise customers.Corey: The product, the sales cycle, the marketing aspects of it, and—Maya: All of it.Corey: —it all ties together. It's different facets of frankly, the same problem.Maya: Yeah. I think that ultimately, this is about really understanding who the customer that is buying the product is. And I really mean that, like, buying the product, right? Because, like, look at something like Tailscale. We're typically used by engineers, or infrastructure teams in an organization, but the buyer might be the VP of Engineering, but it might be the CISO, or the CTO, or whatever, and they're going to have a set of requirements that's going to be very different from what the end-user has as a set of requirements, so even if you have something like bottom-up adoption, in our case, like, understanding and making sure we're checking all the boxes that somebody needs to actually bring us to work.Enterprises are incredibly demanding, and to your point, have long checklists of what they need as part of an RFP or that kind of thing. I find that some of the strictest requirements tend to be in security. So like, how—to your point—if we're such a critical part of your network, how are you sure that we're always available, or how are you sure that if we're compromised, you're not compromised, and providing a lot of, like, assurances and controls around making sure that that's not the case.Corey: I think that there's a challenge in that what enterprise means to different people can be wildly divergent. I originally came from the school of obnoxious engineering where oh, as an engineer, whenever I say something is enterprise grade, that's not a compliment. That means it's going to be slow and moribund. But that is a natural consequence of a company's growth after achieving success, where okay, now we have actual obligations to customers and risk mitigation that needs to be addressed. And how do you wind up doing that without completely hobbling yourself when it comes to accelerating feature velocity? It's a very delicate balancing act.Maya: Yeah, for sure. And I think you need to balance, to your point, kind of creating demand for the product—like, it's actually solving the problem that the customer has—versus checking boxes. Like, I think about them as features, or you know, feature requests versus feature blockers or deal blockers or adoption blockers. So, somebody wants to, say, connect to an AWS VPC, but then the person who has to make sure that that's actually rolled out properly also wants audit logs and SSH session recording and RBAC-based controls and lots of other things before they're comfortable deploying that in their environment. And I'm not even talking about the list of, you know, legal, kind of, TOS requirements that they would have for that kind of situation.I think there's a couple of things that you need to do to even signal that you're in that space. One of the things that I was—I was talking to a friend of mine the other day how it feels like five years ago, like, nobody had SOC 2 reports, or very few startups had SOC 2 reports. And it's probably because of the advent of some of these other companies in this space, but like, now you can kind of throw a dart, and you'll hit five startups that have SOC 2 reports, and the amount that you need to show that you're ready to sell to these companies has changed.Corey: I think that there's a definite broadening of the use case. And I've been trying to avoid it, but let's go diving right into it. I used to view Tailscale as, oh it's a VPN. The end. Then it became something more where it effectively became the mesh overlay where all of the various things that I have that speak Tailscale—which is frankly, a disturbing number of things that I'd previously considered to be appliances—all talk to one another over a dedicated network, and as a result, can do really neat things where I don't have to spend hours on end configuring weird firewall rules.It's more secure, it's a lot simpler, and it seems like every time I get that understanding down, you folks do something that causes me to yet again reevaluate where you stand. Most recently, I was doing something horrifying in front-end work, and in VS Code the Tailscale extension popped up. “Oh, it looks like you're running a local development server. Would you like to use Tailscale Funnel to make it available to the internet?” And my response to that is, “Good lord, no, I'm ashamed of it, but thanks for asking.” Every time I think I get it, I have to reevaluate where it stands in the ecosystem. What is Tailscale now? I feel like I should get the official description of what you are.Maya: Well, I sure hope I'm not the official description. I think the closest is a little bit of what you're saying: a mesh overlay network for your infrastructure, or a programmable network that lets you mesh together your users and services and services and services, no matter where they are, including across different infrastructure providers and, to your point, on a long list of devices you might have running. People are running Tailscale on self-driving cars, on robots, on satellites, on elevators, but they're also running Tailscale on Linux running in AWS or a MacBook they have sitting under their desk or whatever it happens to be. The phrase that I like to use for that is, like, infrastructure agnostic. We're just a building block.Your infrastructure can be whatever infrastructure you want. You can have the cheapest GPUs from this cloud, or you can use the Android phone to train the model that you have sitting on your desk. We just help you connect all that stuff together so you can build your own cloud whatever way you want. To your point, that's not really a VPN [laugh]. The word VPN doesn't quite do it justice. For the remote access to prod use case, so like a user, specifically, like, a developer infra team to a production network, that probably looks the most like a zero-trust solution, but we kind of blur a lot of the lines there for what we can do.Corey: Yeah, just looking at it, at the moment, I have a bunch of Raspberries Pi, perhaps, hanging out on my tailnet. I have currently 14 machines on there, I have my NAS downstairs, I have a couple of EC2 instances, a Google Cloud instance, somewhere, I finally shut down my old Oracle Cloud instance, my pfSense box speaks it natively. I have a Thinkst Canary hanging out on there to detect if anything starts going ridiculously weird, my phone, my iPad, and a few other things here and there. And they all just talk seamlessly over the same network. I can identify them via either IP address, if I'm old, or via DNS if I want to introduce problems that will surprise me at one point or another down the road.I mean, I even have an exit node I share with my brother's Tailscale account for reasons that most people would not expect, namely that he is an American who lives abroad. So, many weird services like banks or whatnot, “Oh, you can't log in to check your bank unless you're coming from US IP space.” He clicks a button, boom, now he doesn't get yelled at to check his own accounts. Which is probably not the primary use case you'd slap on your website, but it's one of those solving everyday things in somewhat weird ways.Maya: Oh, yeah. I worked at a bank maybe ten years ago, and they would block—this little bank on the east coast of the US—they would block connections from Hawaii because why would any of your customers ever be in Hawaii? And it was like, people travel and maybe you're—Corey: How can you be in Hawaii? You don't have a passport.Maya: [laugh]. People travel. They still need to do banking. Like, it doesn't change, yeah. The internet, we've built a lot of weird controls that are IP-based, that don't really make any sense, that aren't reflective. And like, that's true for individuals—like you're describing, people who travel and need to bank or whatever they need to do when they travel—and for corporations, right? Like the old concept—this is all back to the zero trust stuff—but like, the old concept that you were trusted just because you had an IP address that was in the corp IP range is just not true anymore, right? Somebody can walk into your office and connect to the Wi-Fi and a legitimate employee can be doing their job from home or from Starbucks, right? Those are acceptable ways to work nowadays.Corey: One other thing that I wanted to talk about is, I know that in previous discussions with you folks—sometimes on the podcast sometimes when I more or less corner someone a Tailscale at your developer conference—one of the things that you folks talk about is Tailscale SSH, which is effectively a drop-in replacement for the SSH binary on systems. Full disclosure, I don't use it, mostly because I'm grumpy and I'm old. I also like having some form of separation of duties where you're the network that ties it all together, but something else winds up acting as that authentication step. That said, if I were that interesting that someone wanted to come after me, there are easier ways to get in, so I'm mostly just doing this because I'm persnickety. Are you seeing significant adoption of Tailscale SSH?Maya: I think there's a couple of features that are missing in Tailscale SSH for it to be as adopted by people like you. The main one that I would say is—so right now if you use Tailscale SSH, it runs a binary on the host, you can use your Tailscale credentials, and your Tailscale private key, effectively, to SSH something else. So, you don't have to manage a separate set of SSH keys or certs or whatever it is you want to do to manage that in your network. Your identity provider identity is tied to Tailscale, and then when you connect to that device, we still need to have an identity on the host itself, like in Unix. Right now, that's not tied to Tailscale. You can adopt an identity of something else that's already on the host, but it's not, like, corey@machine.And I think that's the number one request that we're getting for Tailscale SSH, to be able to actually generate or tie to the individual users on the host for an identity that comes from, like, Google, or GitHub, or Okta, or something like that. I'm not hearing a lot of feedback on the security concerns that you're expressing. I think part of that is that we've done a lot of work around security in general so that you feel like if Tailscale were to be compromised, your network wouldn't need to be compromised. So, Tailscale itself is end-to-end encrypted using WireGuard. We only see your public keys; the private keys remain on the device.So, in some sense the, like, quote-unquote, “Worst” that we could do would be to add a node to your network and then start to generate traffic from that or, like, mess with the configuration of your network. These are questions that have come up. In terms of adding nodes to your network, we have a feature called tailnet lock that effectively lets you sign and verify that all the nodes on your network are supposed to be there. One of the other concerns that I've heard come up is, like, what if the binary was compromised. We develop in open-source so you can see that that's the case, but like, you know, there's certainly more stuff we could be doing there to prevent, for example, like a software supply chain security attack. Yeah.Corey: Yeah, but you also have taken significant architectural steps to ensure that you are not placed in a position of undue trust around a lot of these things. Most recently, you raised a Series B, that was $100 million, and the fact that you have not gone bankrupt in the year since that happened tells me that you are very clearly not routing all customer traffic through you folks, at least on one of the major cloud providers. And in fact, a little bit of playing a-slap-and-tickle with Wireshark affirm this, that the nodes talk to each other; they do not route their traffic through you folks, by design. So one, great for the budget, I have respect for that data transfer pattern, but also it means that you are in the position of being a global observer in a way that can be, in many cases, exploited.Maya: I think that's absolutely correct. So, it was 18 months ago or so that we raised our Series B. When you use Tailscale, your traffic connects peer-to-peer directly between nodes on your network. And that has a couple of nice properties, some of what you just described, which is that we don't see your traffic. I mean, one, because it's end-to-end encrypted, but even if we could capture it, and then—we're not in the way of capturing it, let alone decrypting it.Another nice property it has is just, like, latency, right? If your user is in the UK, and they're trying to access something in Scotland, it's not, you know, hair-pinning, bouncing all the way to the West Coast or something like that. It doesn't have to go through one of our servers to get there. Another nice property that comes with that is availability. So, if our network goes down, if our control plane goes down, you're temporarily not able to add nodes or change your configuration, but everything in your network can still connect to each other, so you're not dependent on us being online in order for your network to work.And this is actually coming up more and more in customer conversations where that's a differentiator for us versus a competitor. Different competitors, also. There's a customer case study on our website about somebody who was POC'ing us with a different option, and literally during the POC, the competitor had an outage, unfortunately for them, and we didn't, and they sort of looked at our model, our deployment model and went, “Huh, this really matters to us.” And not having an outage on our network with this solution seems like a better option.Corey: Yeah, when the network is down, the computers all turn into basically space heaters.Maya: [laugh]. Yeah, as long as they're not down because, I guess, unplugged or something. But yeah, [laugh] I completely agree. Yeah. But I think there's a couple of these kinds of, like, enterprise things that people are—we're starting to do a better job of explaining and meeting customers where they are, but it's also people are realizing actually does matter when you're deploying something at this scale that's such a key part of your network.So, we talked a bit about availability, we talked a bit about things like latency. On the security side, there's a lot that we've done around, like I said, tailnet lock or that type of thing, but it's like some of the basic security features. Like, when I joined Tailscale, probably the first thing I shipped in some sense as a PM was a change log. Here's the change log of everything that we're shipping as part of these releases so that you can have confidence that we're telling you what's going on in your network, when new features are coming out, and you can trust us to be part of your network, to be part of your infrastructure.Corey: I do want to further call out that you have a—how should I frame this—a typically active security notification page.Maya: [laugh].Corey: And I think it is easy to misconstrue that as look at how terrifyingly insecure this is? Having read through it, I would argue that it is not that you are surprisingly insecure, but rather that you are extraordinarily transparent about things that are relatively minor issues. And yes, they should get fixed, but, “Oh, that could be a problem if six other things happen to fall into place just the right way.” These are not security issues of the type, “Yeah, so it turns out that what we thought was encrypting actually wasn't and we're just expensive telnet.” No, there's none of that going on.It's all been relatively esoteric stuff, but you also address it very quickly. And that is odd, as someone who has watched too many enterprise-facing companies respond to third-party vulnerability reports with rather than fixing the problem, more or less trying to get them not to talk about it, or if they do, to talk about it only using approved language. I don't see any signs of that with what you've done there. Was that a challenging internal struggle for you to pull off?Maya: I think internally, it was recognizing that security was such an important part of our value proposition that we had to be transparent. But once we kind of got past that initial hump, we've been extremely transparent, as you say. We think we can build trust through transparency, and that's the most important thing in how we respond to security incidents. But code is going to have bugs. It's going to have security bugs. There's nothing you can do to prevent that from happening.What matters is how you—and like, you should. Like, you should try to catch them early in the development process and, you know, shift left and all that kind of stuff, but some things are always going to happen [laugh] and what matters in that case is how you respond to them. And having another, you know, an app update that just says “Bug fixes” doesn't help you figure out whether or not you should actually update, it doesn't actually help you trust us. And so, being as public and as transparent as possible about what's actually happening, and when we respond to security issues and how we respond to security issues is really, really important to us. We have a policy that talks about when we will publish a bulletin.You can subscribe to our bulletins. We'll proactively email anyone who has a security contact on file, or alternatively, another contact that we have if you haven't provided us a security contact when you're subject to an issue. I think by far and large, like, Tailscale has more security bulletins just because we're transparent about them. It's like, we probably have as many bugs as anybody else does. We're just lucky that people report them to us because they see us react to them so quickly, and then we're able to fix them, right? It's a net positive for everyone involved.Corey: It's one of those hard problems to solve for across the board, just because I've seen companies in the past get more or less brutalized by the tech press when they have been overly transparent. I remember that there was a Reuters article years ago about Slack, for example, because they would pull up their status history and say, “Oh, look at all of these issues here. You folks can't keep your website up.” But no, a lot of it was like, “Oh, file uploads for a small subset of our users is causing a problem,” and so on and so forth. These relatively minor issues that, in aggregate, are very hard to represent when you're using traffic light signaling.So, then you see people effectively going full-on AWS status page where there's a significant outage lasting over a day, last month, and what you see on this is if you go really looking for it is this yellow thing buried in his absolute sea of green lights, even though that was one of the more disruptive things to have happened this year. So, it's a consistent and constant balance, and I really have a lot of empathy no matter where you wind up landing on that?Maya: Yeah, I think that's—you're saying it's sort of about transparency or being able to find the right information. I completely agree. And it's also about building trust, right? If we set expectations as to how we will respond to these things then we consistently respond to them, people believe that we're going to keep doing that. And that is almost more important than, like, committing to doing that, if that makes any sense.I remember having a conversation many years ago with an eng manager I worked with, and we were debating what the SLO for a particular service should be. And he sort of made an interesting point. He's like, “It doesn't really matter what the SLO is. It matters what you actually do because then people are going to start expecting [laugh] what you actually do.” So, being able to point at this and say, “Yes, here's what we say and here's what we actually do in practice,” I think builds so much more trust in how we respond to these kinds of things and how seriously we take security.I think one of the other things that came out of the security work is we realized—and I think you talked to Avery, the CEO of Tailscale on a prior podcast about some of this stuff—but we realized that platforms are broken, and we don't have a great way of pushing automatic updates on a lot of platforms, right? You know, if you're using the macOS store, or the Android Play Store, or iOS or whatever, you can automatically update your client when there is a security issue. On other platforms, you're kind of stuck. And so, as a result of us wanting to make sure that the fleet is as updated as possible, we've actually built an auto-update feature that's available on all of our major clients now, so people can opt in to getting those updates as quickly as needed when there is a security issue. We want to expose people to as little risk as possible.Corey: I am not a Tailscale customer. And that bugs me because until I cross that chasm into transferring $1 every month from my bank account to yours, I'm just a whiny freeloader in many respects, which is not at all how you folks who never made me feel I want to be very clear on that. But I believe in paying for the services that empower me to do my job more effectively, and Tailscale absolutely qualifies.Maya: Yeah, understood, I think that you still provide value to us in ways that aren't your data, but then in ways that help our business. One of them is that people like you tend to bring Tailscale to work. They tend to have a good experience at home connecting to their Synology, helping their brother connect to his bank account, whatever it happens to be, and they go, “Oh.” Something kind of clicks, and then they see a problem at work that looks very similar, and then they bring it to work. That is our primary path of adoption.We are a bottom-up adoption, you know, product-led growth product [laugh]. So, we have a blog post called “How Our Free Plan Stays Free” that covers some of that. I think the second thing that I don't want to undersell that a user like you also does is, you have a problem, you hit an issue, and you write into support, and you find something that nobody else has found yet [laugh].Corey: I am very good at doing that entirely by accident.Maya: [laugh]. But that helps us because that means that we see a problem that needs to get fixed, and we can catch it way sooner than before it's deployed, you know, at scale, at a large bank, and you know, it's a critical, kind of, somebody's getting paged kind of issue, right? We have a couple of bugs like that where we need, you know, we need a couple of repros from a couple different people in a couple different situations before we can really figure out what's going on. And having a wide user base who is happy to talk to us really helps us.Corey: I would say it goes beyond that, too. I have—I see things in the world of Tailscale that started off as features that I requested. One of the more recent ones is, it is annoying to me to see on the Tailscale machines list everything I have joined to the tailnet with that silly little up arrow next to it of, “Oh, time to go back and update Tailscale to the latest,” because that usually comes with decent benefits. Great, I have to go through iteratively, or use Ansible, or something like that. Well, now there's a Tailscale update option where it will keep itself current on supported operating systems.For some unknown reason, you apparently can't self-update the application on iOS or macOS. Can't imagine why. But those things tend to self-update based upon how the OS works due to all the sandboxing challenges. The only challenge I've got now is a few things that are, more or less, embedded devices that are packaged by the maintainer of that embedded system, where I'm beholden to them. Only until I get annoyed enough to start building a CI/CD system to replace their package.Maya: I can't wait till you build that CI/CD system. That'll be fun.Corey: “We wrote this code last night. Straight to the bank with it.” Yeah, that sounds awesome.Maya: [laugh] You'd get a couple of term sheets for that, I'm sure.Corey: There are. I am curious, looping back to the start of our conversation, we talked about enterprise security requirements, but how do you address enterprise change management? I find that that's something an awful lot of companies get dreadfully wrong. Most recently and most noisily on my part is Slack, a service for which I paid thousands of dollars a year, decided to roll out a UI redesign that, more or less, got in the way of a tremendous number of customers and there was no way to stop it or revert it. And that made me a lot less likely to build critical-flow business processes that depended upon Slack behaving a certain way.Just, “Oh, we decided to change everything in the user interface today just for funsies.” If Microsoft pulled that with Excel, by lunchtime they'd have reverted it because an entire universe of business users would have marched on Redmond to burn them out otherwise. That carries significant cost for businesses. Yet I still see Tailscale shipping features just as fast as you ever have. How do you square that circle?Maya: Yeah. I think there's two different kinds of change management really, which is, like—because if you think about it, it's like, an enterprise needs a way to roll out a product or a feature internally and then separately, we need a way to roll out new things to customers, right? And so, I think on the Tailscale side, we have a change log that tells you about everything that's changing, including new features, and including changes to the client. We update that religiously. Like, it's a big deal, if something doesn't make it the day that it's supposed to make it. We get very kind of concerned internally about that.A couple of things that were—that are in that space, right, we just talked about auto-updates to make it really easy for you to maintain what's actually rolled out in your infrastructure, but more importantly, for us to push changes with a new client release. Like, for example, in the case of a security incident, we want to be able to publish a version and get it rolled out to the fleet as quickly as possible. Some of the things that we don't have here, but although I hear requests for is the ability to, like, gradually roll out features to a customer. So like, “Can we change the configuration for 10% of our network and see if anything breaks before rolling back, right before rolling forward.” That's a very traditional kind of infra change management thing, but not something I've ever seen in, sort of, the networking security space to this degree, and something that I'm hearing a lot of customers ask for.In terms of other, like, internal controls that a customer might have, we have a feature called ACL Tests. So, if you're going to change the configuration of who can access what in your network, you can actually write tests. Like, your permission file is written in HuJSON and you can write a set of things like, Corey should be able to access prod. Corey should not be able to access test, or whatever it happens to be—actually, let's flip those around—and when you have a policy change that doesn't pass those tests, you actually get told right away so you're not rolling that out and accidentally breaking a large part of your network. So, we built several things into the product to do it. In terms of how we notify customers, like I said, that the primary method that we have right now is something like a change log, as well as, like, security bulletins for security updates.Corey: Yeah, it's one of the challenges, on some level, of the problem of oh, I'm going to set up a service, and then I'm going to go sail around the world, and when I come back in a year or two—depending on how long I spent stranded on an island somewhere—now I get to figure out what has changed. And to your credit, you have to affirmatively enable all of the features that you have shipped, but you've gone from, “Oh, it's a mesh network where everything can talk to each other,” to, “I can use an exit node from that thing. Oh, now I can seamlessly transfer files from one node to another with tail drop,” to, “Oh, Tailscale Funnel. Now, I can expose my horrifying developer environment to the internet.” I used that one year to give a talk at a conference, just because why not?Maya: [crosstalk 00:27:35].Corey: Everything evolves to become [unintelligible 00:27:37] email on Microsoft Outlook, or tries to be Microsoft Excel? Oh, no, no. I want you to be building Microsoft PowerPoint for me. And we eventually get there, but that is incredibly powerful functionality, but also terrifying when you think you have a handle on what's going on in a large-scale environment, and suddenly, oh, there's a whole new vector we need to think about. Which is why your—the thought and consideration you put into that is so apparent and so, frankly, welcome.Maya: Yeah, you actually kind of made a statement there that I completely missed, which is correct, which is, we don't turn features on by default. They are opt-in features. We will roll out features by default after they've kind of baked for an incredibly long period of time and with, like, a lot of fanfare and warning. So, the example that I'll give is, we have a DNS feature that was probably available for maybe 18 months before we turned it on by default for new tailnets. So didn't even turn it on for existing folks. It's called Magic DNS.We don't want to touch your configuration or your network. We know people will freak out when that happens. Knowing, to your point, that you can leave something for a year and come back, and it's going to be the same is really important. For everyone, but for an enterprise customer as well. Actually, one other thing to mention there. We have a bunch of really old versions of clients that are running in production, and we want them to keep working, so we try to be as backward compatible as possible.I think the… I think we still have clients from 2019 that are running and connecting to corp that nobody's updated. And like, it'd be great if they would update them, but like, who knows what situation they're in and if they can connect to them, and all that kind of stuff, but they still work. And the point is that you can have set it up four years ago, and it should still work, and you should still be able to connect to it, and leave it alone and come back to it in a year from now, and it should still work and [laugh] still connect without anything changing. That's a very hard guarantee to be able to make.Corey: And yet, somehow you've been able to do that, just from the perspective of not—I've never yet seen you folks make a security-oriented decision that I'm looking at and rolling my eyes and amazed that you didn't make the decision the other way. There are a lot of companies that while intending very well have done, frankly, very dumb things. I've been keeping an eye on you folks for a long time, and I would have caught that in public. I just haven't seen anything like that. It's kind of amazing.Last year, I finally took the extraordinary step of disabling SSH access anywhere except the tailnet to a number of my things. It lets my logs fill up a lot less, and you've built to that level of utility-like reliability over the series of longtime experimentation. I have yet to regret having Tailscale in the mix, which is, frankly, not something I can say about almost any product.Maya: Yeah. I'm very proud to hear that. And like, maintaining that trust—back to a lot of the conversation about security and reliability and stuff—is incredibly important to us, and we put a lot of effort into it.Corey: I really appreciate your taking the time to talk to me about how things continue to evolve over there. Anything that's new and exciting that might have gotten missed? Like, what has come out in, I guess, the last six months or so that are relevant to the business and might be useful for people looking to use it themselves?Maya: I was hoping you're going to ask me what came out in the last, you know, 20 minutes while we were talking, and the answer is probably nothing, but you never know. But [laugh]—Corey: With you folks, I wouldn't doubt it. Like, “Oh, yeah, by the way, we had to do a brand treatment redo refresh,” or something on the website? Why not? It now uses telepathy just because.Maya: It could, that'd be pretty cool. No, I mean, lots has gone on in the last six months. I think some of the things that might be more interesting to your listeners, we're now in the AWS Marketplace, so if you want to purchase Tailscale through AWS Marketplace, you can. We have a Kubernetes operator that we've released, which lets you both ingress and egress from a Kubernetes cluster to things that are elsewhere in the world on other infrastructure, and also access the Kubernetes control plane and the API server via Tailscale. I mentioned auto-updates. You mentioned the VS Code extension. That's amazing, the fact that you can kind of connect directly from within VS Code to things on your tailnet. That's a lot of the exciting stuff that we've been doing. And there's boring stuff, you know, like audit log streaming, and that kind of stuff. But it's good.Corey: Yeah, that stuff is super boring until suddenly, it's very, very exciting. And those are not generally good days.Maya: [laugh]. Yeah, agreed. It's important, but boring. But important.Corey: [laugh]. Well, thank you so much for taking the time to talk through all the stuff that you folks are up to. If people want to learn more, where's the best place for them to go to get started?Maya: tailscale.com is the best place to go. You can download Tailscale from there, get access to our documentation, all that kind of stuff.Corey: Yeah, I also just want to highlight that you can buy my attention but never my opinion on things and my opinion on Tailscale remains stratospherically high, so thank you for not making me look like a fool, by like, “Yes. And now we're pivoting to something horrifying is a business model and your data.” Thank you for not doing exactly that.Maya: Yeah, we'll keep doing that. No, no, blockchains in our future.Corey: [laugh]. Maya Kaczorowski, Chief Product Officer at Tailscale. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. This episode has been brought to us by our friends at Tailscale. If you enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, insulting comment that will never actually make it back to us because someone screwed up a firewall rule somewhere on their legacy connection.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
This week, our embarrassment is your entertainment. Then, we check the age and health of all our disks with one app.