Podcasts about Canary

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard

Disambiguation page

  • 798PODCASTS
  • 1,315EPISODES
  • 46mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jan 5, 2022LATEST

POPULARITY

20122013201420152016201720182019202020212022


Best podcasts about Canary

Show all podcasts related to canary

Latest podcast episodes about Canary

Better Than Human
Beluga Whales: The Great White Sea Canary of the Arctic

Better Than Human

Play Episode Listen Later Jan 5, 2022 62:27


Beluga Whales are white cetaceans adapted to life in the Arctic. Belugas are highly sociable and communicate in high-pitched squeaks, squeals, clicks, and whistles. This is why they're also known as the  "sea canary" of the ocean. Their forehead contains an organ (called a melon) that they use for echolocation, finding breathing holes in the ice, and to hunt in dark or turbid waters. Young male belugas may mimic human speech, but they grow out of it. In The Good, The Bad, The NewsPhysics Professor mailed an anonymous cardboard box filled with cash. This gift would provide fully-funded scholarships for those in need. Beavers saved from euthanasia (who euthanizes beavers???) are now replenishing rivers in the Utah DesertBetty White  passed away

Contending for Truth Podcast, Dr. Scott Johnson
Emergency Freedom Alerts: 1-3-22-Part 2

Contending for Truth Podcast, Dr. Scott Johnson

Play Episode Listen Later Jan 4, 2022 107:33


Table of Contents: Part 2–Who is David Wilcock's (& General Michael Flynn's) “Michael the Arch-Angel”? Plus a listener comment about this subject and the blasphemous “Book of Urantia” Exposed: Urantia book, Urantia Society, Urantia Foundation, Urantia Fellowship,  and the Urantia Brotherhood universes–Ancient Earth Extra-Biblical Revelations Ghislaine Maxwell Vows to ‘Sing Like a Canary' Following Guilty Verdict…

Daniel House Book Club
Special Episode: In interview with Rug & Kilim Vice President, Cyrus Nazmiyal

Daniel House Book Club

Play Episode Listen Later Jan 4, 2022 41:19


We're going to push our study of Josef Albers' classic book Interaction of Color to next week, because  I wanted to share the interview I did with Cyrus Nazmiyal, the vice president of one of our vendors, Rug & Kilim. In our conversation, we talk about a bunch of stuff from the history of his family's incredible business, the trends he's seeing in rug specification by designers now and some of the processes that make a Rug & Kilim piece so special. Cyrus does mention some upcoming holiday festivities, as we talked right before the break, so I wanted you all to get to listen before the memories of the season are totally gone. Before I play the interview for you, a word of warning, Cyrus is a busy guy and Rug & Kilim has an actual live Canary in their beautiful Long Island City showroom, so you may notice more ambient noice than usual. Still, I think you'll all enjoy hearing what he has to say. 

That's Not Quite All Folks: A Looney Tunes Podcast
Dr. Tweety (Or How Marc Learned To Stop Worrying And Love The Canary)

That's Not Quite All Folks: A Looney Tunes Podcast

Play Episode Listen Later Jan 3, 2022 62:07


Join us as we take in some more Sylvester and Tweety hijinks! Jordan looks at the first appearance of Granny in 'Canary Row' Marc looks at the time Sylvester, Tweety, and Hector went to the hospital in 'Greedy For Tweety', And we watch an actually good Dr Jekyll and Mr Hyde short a couple of episodes late in 'Hyde and Go Tweet'

CockTales: Dirty Discussions
Ep. 271 "Ever Tried The Windshield Wiper?" ft. Dr. Canary

CockTales: Dirty Discussions

Play Episode Listen Later Dec 30, 2021 64:18


This week we're discussing breaking bad habits...or not. Follow Us! @cocktalespodcast @kikisaidso @coffeebeandean Check Out Our Sponsors! Talkspace- Try online therapy today and use code COCKTALES for $100 off your first month! https://www.talkspace.com/cocktales DAME PRODUCTS- code: COCKTALES visit https://www.dameproducts.com/cocktales GREENCHEF code cocktales125 www.greenchef.com/cocktales125 Get Your Vesper! use code LOVETALES for a free engraving! https://www.lovecrave.com/products/vesper/ See omnystudio.com/listener for privacy information. See omnystudio.com/listener for privacy information.

Guns & Yellow Ribbons
Episode 203- Signing Like A Canary

Guns & Yellow Ribbons

Play Episode Listen Later Dec 27, 2021 62:55


Fergus, Trev & Guests will be looking back at Norwich game & our cancelled game against Wolves and the usual Gooner Debate. Enjoy Share & Subscribe

Fringe Radio Network
Fire Theft Radio: Ravelin with Basil Rosewater and Christopher Gates (phd)

Fringe Radio Network

Play Episode Listen Later Dec 27, 2021 140:08


Basil is back and he brought the big guns! Christopher Gates (phd) is here to talk about the importance of hermeneutics. You're not going to want to miss this episode! We discuss some commonly misunderstood verses in the bible and talk about just how important it is not to misinterpret it. ”Father, Father why has thou forsaken me” is a widely misunderstood verse which Chris just blows our mind with its proper interpretation. Sit back and enjoy the ride!

RT
Redacted Tonight| Assange: Journalism on trial, Sweden's Meidner Plan

RT

Play Episode Listen Later Dec 24, 2021 28:02


Naomi Karavani interviews UK-based freelance journalist Mohamed Elmaazi this week on VIP. He's published with numerous outlets, including The Dissenter, Jacobin, The Canary and The Electronic Intifada. They go into the case that the US is presenting against Julian Assange, its implications for the future of journalism, and more. Elmaazi has covered every single hearing in Julian Assange's extradition case since it started. Then Anders Lee has a timely economics lesson from history. This lesson takes us to Sweden in the 1970s, where labor organizers pursued a left-wing economic agenda. The Meidner Plan would've seen, over time, more of the economy in the hands of working people. Similar policies were used to create the nation's generous welfare system. The plan, however, didn't survive right-wing attacks.

Grasslands With Out Time
The Soma Songs (Canary Blossom)

Grasslands With Out Time

Play Episode Listen Later Dec 17, 2021 18:46


Crocus' calm the Grasslands with the lightest of light as pulse resides below the plane, waiting to be absolved.  A place for the Wool Cyclops to find a few steps ahead.   Artwork @ Rachael Longo Music: Human Nature Website: https://grasslandswithouttime.photography/

Canary Call
Canary Call #48 Faire confiance à la jeunesse avec l'équipe étudiante gagnante du Hackathon #foranewbusinessoul 2020 organisé par les MBA DMB et RSE de l'EFAP et Canary Call

Canary Call

Play Episode Listen Later Dec 14, 2021 68:40


A l'occasion du coup d'envoi du Hackathon #foranewbusinesssoul 2021, cet épisode met à l'honneur l'équipe étudiante gagnante du Hackathon #Foranewbusinesssoul 2020. Des équipes mixtes issues du MBA Digital Marketing et du MBA RSE de l'EFAP se sont mobilisées du 16 au 18 décembre 2020 pour relever les défis proposés par des invités du podcast Canary Call (Sandrine Delage pour les Digital Ladies & Allies Episode #2 ; Hortense Harang pour Fleurs d'Ici Episode #7 ; Amélia Matar pour Colori Episode #17 ; Perrine Grua pour Canary Call Episode #18)L'agence éphémère Narsol, constituée pour l'occasion et composée de Camille GOIRAND, Malou GUYOMAR, Chen ZHANG, Marieke VAN MOURIK et Paul PERRINET, a gagné la compétition en mettant ses compétences au service de l'entreprise à mission “Fleurs d'Ici”. Cet événement avait aussi pour objectif d'expérimenter comment concrètement aligner ses expertises métiers avec ses convictions. Chaque équipe a eu pour mission d'activer les communautés des annonceurs engagés autour de leurs raisons d'être respectives. Cet épisode est l'occasion de se plonger dans le quotidien d'étudiant(e)s en cette période particulière pour la jeunesse. Depuis des territoires variés en France, les membres de l'équipe gagnante a répondu à mes questions sur les sujets suivants :Leur vécu du contexte actuel Leur vision du monde du travailLeurs attentes et enviesLeurs rêves et cauchemarsLeur canary callLes écouter donne envie de faire confiance à la jeunesse et apporte une vague d'énergie optimiste bienvenue. Vincent Montet, Directeur-Fondateur des MBA Spécialisés Digital Marketing & Business #MBADMB, à l'origine de cette initiative, nous fait l'honneur d'introduire et conclure l'épisode.

The Armor Men's Health Hour
Cardiac Canary In the Coal Mine: Why ED Can Indicate Heart Health Problems and How Dr. Nathan Pekar of Victory Medical Can Help With a Heartwise Physical

The Armor Men's Health Hour

Play Episode Listen Later Dec 11, 2021 10:50


Thanks for tuning in to the Armor Men's Health Hour Podcast today, where we bring you the latest and greatest in medical and urology care and the best urology humor out there.In this segment,  Dr. Mistry and Donna Lee are joined by friend of the practice, Dr. Nathan Pekar of Victory Medical Center in South Austin, Westlake, and Cedar Park. Today, Dr. Pekar and Dr. Mistry discuss the importance of advanced cardiac health screening for middle age men. Victory Medical is proud to offer the Heartwise Physical--an intensive cardiac workup that offers patients a full and detailed picture of their heart health and is covered by most commercial insurances. If you or a loved one is concerned about cardiac health or are experiencing symptoms of erectile dysfunction (which may be an early indicator of vascular disease elsewhere in your body), please call Victory Medical today at (512) 462-3627 or online at victorymed.com. This segment was previously aired on 12.20.20. Don't forget to like, subscribe, and share us with a friend! As always, be well! Check our our award winning podcast!https://blog.feedspot.com/sex_therapy_podcasts/https://blog.feedspot.com/mens_health_podcasts/Dr. Mistry is a board-certified urologist and has been treating patients in the Austin and Greater Williamson County area since he started his private practice in 2007.We enjoy hearing from you! Email us at armormenshealth@gmail.com and we'll answer your question in an upcoming episode!Phone: (512) 238-0762Email: Armormenshealth@gmail.comWebsite: Armormenshealth.comOur Locations:Round Rock Office970 Hester's Crossing RoadSuite 101Round Rock, TX 78681South Austin Office6501 South CongressSuite 1-103Austin, TX 78745Lakeline Office12505 Hymeadow DriveSuite 2CAustin, TX 78750Dripping Springs Office170 Benney Lane Suite 202Dripping Springs, TX 78620

Risky Business
Risky Biz Soap Box: Why Thinkst gives its honeytoken tech away for free

Risky Business

Play Episode Listen Later Dec 10, 2021


This isn't the normal weekly news episode of the show, if you're looking for the regular weekly Risky Business podcast, scroll one back in your podcast feed. This is a Soap Box edition, a wholly sponsored podcast brought to you in this instance by Thinkst Canary. For those who don't know, Thinkst makes hardware and virtual honeypots you can put on your network or into your cloud environments – they'll start chirping if an attacker interacts with them. They're a low cost and extremely effective detection tool. But you might not know that Thinkst also operates canarytokens.org where you can go set up a bunch of honeytokens for free. Hundreds of thousands of people are using canarytokens.org, but Thinkst doesn't charge anything for it, it's free to use. They'll even give you a docker container of the whole thing so you can run it yourself. Our guest today is Thinkst's founder and infosec legend Haroon Meer. He spent a chunk of his career at the South African security consultancy SensePost before founding Thinkst Applied Research and eventually launching Canary.Tools. In this interview we talk about what the industry is getting wrong, supply chain security, effective detections and more. But I started off by asking him why Thinkst hasn't tried to monetise canarytokens.org given how many people use it.

NY NOW Podcast
The Paper Plane Cocktail Hour: Two's Company, Three's a Crow & Canary

NY NOW Podcast

Play Episode Listen Later Dec 9, 2021 39:23


This holiday season, Amy and Sarah have a brilliant gift for our community — audience with Carina Murray of the exquisite Crow & Canary rep group. Year in and year out, Carina's NY NOW booth is consistently jammed, as it's a can't-miss destination for some of the freshest indie card ranges under the sun. Carina spills on her own personal design criteria, when and how to best work with reps, and how she builds that strong merchandise mix to dazzle every last client!    RESOURCES   Guest Websites:  https://crowandcanary.com/| NY NOW:https://nynow.com     | NY NOW Podcast Page:https://nynow.com/podcast     | NY NOW Digital Market:https://nynowdigitalmarket.com    Tags: Dondrill GloverNY NOW

Motivation and Entrepreneurial Tips from One Step Away with Kam Jennings

Canary Yellow for the WIN!!!I bet you're just one step away.  If your ready to get serious, join us in the Insider's Club and let me help you get there!https://epicconversions.net

The Musafir Stories - India Travel Podcast
Tales of Hazaribagh with Mihir Vatsa

The Musafir Stories - India Travel Podcast

Play Episode Listen Later Dec 9, 2021 56:23


GIVEAWAY ALERT!LISTEN TO THE EPISODE, ANSWER 3 SIMPLE QUESTIONS TO STAND A CHANCE TO WIN A COPY OF MIHIR'S BOOK - https://forms.gle/NUdNuS3HtwSiYmLNAThis week, The Musafir Stories speaks with author and poet, Mihir Vatsa, as we discover the plateau town of Hazaribagh through Mihir's book - Tales of Hazaribagh: An intimate exploration of the Chotanagpur plateau!Today's destination: Hazaribagh!Nearest Airport: Birsa Munda Airport, Ranchi, IXRNearest Railway Station: Hazaribagh Town Railway Station, HZBNPrerequisites - NAPacking - NATime of the year - Pleasant weather all round the yearLength of the itinerary: 3-5 daysItinerary Highlights:Hazaribagh is a plateau town situated on the Chotanagpur plateau in the state of Jharkhand. Mihir takes us through his hometown, talking about his return back home and how he wrote the book, re-discovering his hometown.Mihir talks about the origins of the town, its distinction of being one of the earliest hill stations in India, the vicinity to the Grand trunk road and the solace it offered to the homesick soldiers of East India Company.We talk about the origins of the name, its connection to tigers and a thousand gardens.Mihir also talks about the innumerable nature's bounty in and around Hazaribagh includingHills (specifically the Canary hill)The iconic stepped lake formation or the Hazaribagh lakeRivers and some rock formationsForests and the Hazaribagh Wildlife SanctuaryWaterfalls including Tiger fallsHot springs at SurajkundThe ruins of the Padma palace, Hawa Mahal and Badam FortKaranpura valley and its rock art dating 10,000 BCWe wrap the conversation talking about healing, the real and present threat of coal mining, and the legacy of fear of the Naxals and how this has impacted the area.Links:Link to Mihir's book: Tales of Hazaribagh: An intimate exploration of the Chotanagpur plateau!Instagram: https://www.instagram.com/tales.of.hazaribagh/Twitter: https://twitter.com/MihirVatsaWebsite: https://www.talesofhazaribagh.comFollow the Musafir stories on:Twitter : https://twitter.com/musafirstories?lang=enFacebook: https://www.facebook.com/themusafirstories/Instagram: https://www.instagram.com/musafirstoriespodcast/?hl=enwebsite: www.themusafirstories.comemail: themusafirstories@gmail.comYou can listen to this show and other awesome shows on the IVM Podcasts app on Android: https://ivm.today/android or iOS: https://ivm.today/ios, or any other podcast app.You can check out our website at http://www.ivmpodcasts.com/

The Assault on America
Episode 4: The Canary in the Coal Mine

The Assault on America

Play Episode Listen Later Dec 8, 2021 40:07


The Capitol insurrection was a content creation exercise on an epic scale. Robert Evans tells the story of a far right influencer addicted to online engagement, who surfed the social media algorithms, cruising through music and politics before finally breaching the Capitol with an outrageous plan in mind.  The Assault on America is produced by Cool Zone Media, iHeartRadio, and Novel. Learn more about your ad-choices at https://www.iheartpodcastnetwork.com

Screaming in the Cloud
Ironing out the BGP Ruffles with Ivan Pepelnjak

Screaming in the Cloud

Play Episode Listen Later Dec 3, 2021 42:19


About IvanIvan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, blogger, and webinar author at ipSpace.net. He's been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced internetworking technologies since 1990.https://www.ipspace.net/About_Ivan_PepelnjakLinks:ipSpace.net: https://ipspace.net TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.  Corey: Developers are responsible for more than ever these days. Not just the code they write, but also the containers and cloud infrastructure their apps run on. And a big part of that responsibility is app security — from code to cloud.That's where Snyk comes in. Snyk is a frictionless security platform that meets developers where they are, finding and fixing vulnerabilities right from the CLI, IDEs, repos, and pipelines. And Snyk integrates seamlessly with AWS offerings like CodePipeline, EKS, ECR, etc., etc., etc., you get the picture! Deploy on AWS. Secure with Snyk. Learn more at snyk.io/scream. That's S-N-Y-K-dot-I-O/scream. Because they have not yet purchased a vowel.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I have an interesting and storied career path. I dabbled in security engineering slash InfoSec for a while before I realized that being crappy to people in the community wasn't really my thing; I was a grumpy Unix systems administrator because it's not like there's a second kind of those out there; and I dabbled ever so briefly in the wide world of network administration slash network engineering slash plugging the computers in to make them talk to one another, ideally correctly. But I was always a dabbler. When it comes time to have deep conversations about networking, I immediately tag out and look to an expert. My guest today is one such person. Ivan Pepelnjak is oh so many things. He's a CCIE emeritus, and well, let's start there. Ivan, welcome to the show.Ivan: Thanks for having me. And oh, by the way, I have to tell people that I was a VAX/VMS administrator in those days.Corey: Oh, yes the VAX/VMS world was fascinating. I talked—Ivan: Yes.Corey: —to a company that was finally emulating them on physical cards because that was the only way to get them there. Do you refer to them as VAXen, or VAXes, or how did you wind up referring—Ivan: VAXes.Corey: VAXes. Okay, I was on the other side of that with the inappropriately pluralizing anything that ends with an X with an en—‘boxen' and the rest. And that's why I had no friends for many years.Ivan: You do know what the first VAX was, right?Corey: I do not.Ivan: It was a Swedish Hoover company.Corey: Ooh.Ivan: And they had a trademark dispute with Digital over the name, and then they settled that.Corey: You describe yourself in your bio as a CCIE Emeritus, and you give the number—which is low—number 1354. Now, I've talked about certifications on this show in the context of the modern era, and whether it makes sense to get cloud certifications or not. But this is from a different time. Understand that for many listeners, these stories might be older than you are in some cases, and that's okay. But Cisco at one point, believe it or not, was a shining beacon of the industry, the kind of place that people wanted to work at, and their certification path was no joke.I got my CCNA from them—Cisco Certified Network Administrator—and that was basically a byproduct of learning how networks worked. There are several more tiers beyond that, culminating in the CCIE, which stands for Cisco Certified Internetworking Expert, or am I misremembering?Ivan: No, no, that's it.Corey: Perfect. And that was known as the doctorate of networking in many circles for many years. Back in those days, if you had a CCIE, you are guaranteed to be making an awful lot of money at basically any company you wanted to because you knew how networking—Ivan: In the US.Corey: —worked. Well, in the US. True. There's always the interesting stories of working in places that are trying to go with the lowest bidder for networking gear, and you wind up spending weeks on end trying to figure out why things are breaking intermittently, and only to find out at the end that someone saved 20 bucks by buying cheap patch cables. I digress, and I still have the scars from those.But it was fascinating in those days because there was a lab component of getting those tests. There were constant rumors that in the middle of the night, during the two-day certification exam, they would come in and mess with the lab and things you'd set up—Ivan: That's totally true.Corey: —you'd have to fix it the following day. That is true?Ivan: Yeah. So, in the good old days, when the lab was still physical, they would even turn the connectors around so that they would look like they would be plugged in, but obviously there was no signal coming through. And they would mess up the jumpers on the line cards and all that stuff. So, when you got your broken lab, you really had to work hard, you know, from the physical layer, from the jumpers, and they would mess up your config and everything else. It was, you know, the real deal. The thing you would experience in real world with, uh, underqualified technicians putting stuff together. Let's put it this way.Corey: I don't wish to besmirch our brethren working in the data centers, but having worked with folks who did some hilariously awful things with cabling, and how having been one of those people myself from time to time, it's hard to have sympathy when you just spent hours chasing it down. But to be clear, the CCIE is one of those things where in a certain era, if you're trying to have an argument on the internet with someone about how networks work and their responses, “Well, I'm a CCIE.” Yeah, the conversation was over at that point. I'm not one to appeal to authority on stuff like that very often, but it's the equivalent of arguing about medicine with a practicing doctor. It's the same type of story; it is someone where if they're wrong, it's going to be in the very fringes or the nuances, back in this era. Today, I cannot speak to the quality of CCIEs. I'm not attempting to besmirch any of them. But I'm also not endorsing that certification the way I once did.Ivan: Yeah, well, I totally agree with you. When this became, you know, a mass certification, the reason it became a mass certification is because reseller discounts are tied to reseller status, which is tied to the number of CCIEs they have, it became, you know, this, well, still high-end, but commodity that you simply had to get to remain employed because your employer needed the extra two point discount.Corey: It used to be that the prerequisite for getting the certification was beyond other certifications was, you spent five or six years working on things.Ivan: Well, that was what gave you the experience you needed because in those days, there were no boot camps. Today, you have [crosstalk 00:06:06]—Corey: Now, there's boot camp [crosstalk 00:06:07] things where it's we're going to train you for four straight weeks of nothing but this, teach to the test, and okay.Ivan: Yeah. No, it's even worse, there were rumors that some of these boot camps in some parts of the world that shall remain unnamed, were actually teaching you how to type in the commands from the actual lab.Corey: Even better.Ivan: Yeah. You don't have to think. You don't have to remember. You just have to type in the commands you've learned. You're done.Corey: There's an arc to the value of a certification. It comes out; no one knows what the hell it is. And suddenly it's, great, you can use that to really identify what's great and what isn't. And then it goes at some point down into the point where it becomes commoditized and you need it for partner requirements and the rest. And at that point, it is no longer something that is a reliable signal of anything other than that someone spent some time and/or money.Ivan: Well, are you talking about bachelor degree now?Corey: What—no, I don't have one of those either. I have—Ivan: [laugh].Corey: —an eighth grade education because I'm about as good of an academic as it probably sounds like I am. But the thing that really differentiated in my world, the difference between what I was doing in the network engineering sense, and the things that folks like you who were actually, you know, professionals rather than enthusiastic amateurs took into account was that I was always working inside of the LAN—Local Area Network—inside of a data center. Cool, everything here inside the cage, I can make a talk to each other, I can screw up the switching fabric, et cetera, et cetera. I didn't deal with any of the WAN—Wide Area Network—think ‘internet' in some cases. And at that point, we're talking about things like BGP, or OSPF in some parts of the world, or RIP. Or RIPv2 if you make terrible life choices.But BGP is the routing protocol that more or less powers the internet. At the time of this recording, we're a couple weeks past a BGP… kerfuffle that took Facebook down for a number of hours, during which time the internet was terrific. I wish they could do that more often, in fact; it was almost like a holiday. It was fantastic. I took my elderly relatives out and got them vaccinated. It was glorious.Now, we're back to having Facebook and, terrific. The problem I have whenever something like this happens is there's a whole bunch of crappy explainers out there of, “What is BGP and how might it work?” And people have angry opinions about all of these things. So instead, I prefer to talk to you. Given that you are a networking trainer, you have taught people about these things, you have written books, you have operated large—scale environments—Ivan: I even developed a BGP course for Cisco.Corey: You taught it for Cisco, of all places—Ivan: Yeah. [laugh].Corey: —back when that was impressive, and awesome and not a has-been. It's honestly, I feel like I could go there and still wind up going back in time, and still, it's the same Cisco in some respects: ‘evolve or die dinosaur,' and they got frozen in amber. But let's start at the very beginning. What is BGP?Ivan: Well, you know, when the internet was young, they figured out that we aren't all friends on the internet anymore. And I want to control what I tell you, and you want to control what you tell me. And furthermore, I want to control what I believe from what you're telling me. So, we needed a protocol that would implement policy, where I could say, “I will only announce my customers to you, but not what I've heard from Verizon.” And you will do the same.And then I would say, “Well, but I don't want to hear about that customer of yours because he's also my customer.” So, we need some sort of policy. And so they invented a protocol where you will tell me what you have, I will tell you what I have and then we would both choose what we want to believe and follow those paths to forward traffic. And so BGP was born.Corey: On some level, it seems like it's this faraway thing to people like me because I have a residential internet connection and I am not generally allowed to make my own BGP announcements to the greater world. Even when I was working in data centers, very often the BGP was handled by our upstream provider, or very occasionally by a router they would drop in with the easiest maintenance instructions in the world for me of, “Step one, make sure it has power. Step two, never touch it. Step three, we'd prefer if you don't even look at it and remain at least 20 feet away to keep from bringing your aura near anything we care about.” And that's basically how you should do with me in the context of hardware. So, it was always this arcane magic thing.Ivan: Well, it's not. You know, it's like power transmission: when you know enough about it, it stops being magic. It's technology, it's a bit more complicated than some other stuff. It's way less complicated than some other stuff, like quantum physics, but still, it's so rarely used that it gets this aura of being mysterious. And then of course, everyone starts getting their opinion, particularly the graduates of the Facebook Academy.And yes, it is true that usually BGP would be used between service providers, so whenever, you know, we are big enough to need policy, if you just need one uplink, there is no policy there. You either use the uplink or you don't use the uplink. If you want to have two different links to two different points of presence or to two different service providers, then you're already in the policy land. Do I prefer one provider over the other? Do I want to announce some things to one provider but other things to the other? Do I want to take local customers from both providers because I want to, you know, have lower latency because they are local customers? Or do I want to use one solely as the backup link because I paid so little for that link that I know it's shitty.So, you need all that policy stuff, and to do that, you really need BGP. There is no other routing protocol in the world where you could implement that sort of policy because everything else is concerned mostly with, let's figure out as fast as possible, what is reachable and how to get there. And BGP is like, “Hey, slow down. There's policy.”Corey: Yeah. In the context of someone whose primary interaction with networks is their home internet, where there's a single cable coming in from the outside world, you plug it into a device, maybe yours, maybe ISPs, maybe we don't care. That's sort of the end of it. But think in terms of large interchanges, where there are multiple redundant networks to get from here to somewhere else; which one should traffic go down at any given point in time? Which networks are reachable on the other end of various distant links? That's the sort of problem that BGP is very good at addressing and what it was built for. If you're running BGP internally, in a small network, consider not doing exactly that.Ivan: Well, I've seen two use cases—well, three use cases for people running BGP internally.Corey: Okay, this I want to hear because I was always told, “No touch ‘em.” But you know, I'm about to learn something. That's why I'm talking to you.Ivan: The first one was multinationals who needed policy.Corey: Yes. Many multi-site environments, large-scale companies that have redundant links, they're trying to run full mesh in some cases, or partial mesh where—between a bunch of facilities.Ivan: In this case, it was multiple continents and really expensive transcontinental links. And it was, I don't want to go from Europe to Sydney over US; I want to go over Middle East. And to implement that type of policy, you have to split, you know, the whole network into regions, and then each region is what BGP calls an autonomous system, so that it gets its stack, its autonomous system number and then you can do policy on that saying, “Well, I will not announce Asian routes to Europe through US, or I will make them less preferred so that if the Middle East region goes down, I can still reach Asia through US but preferably, I will not go there.”The second one is yet again, large networks where they had too many prefixes for something like OSPF to carry, and so their OSPF was breaking down and the only way to solve that was to go to something that was designed to scale better, which was BGP.And third one is if you want to implement some of the stuff that was designed for service providers, initially, like, VPNs, layer two or layer three, then BGP becomes this kitchen sink protocol. You know, it's like using Route 53 as a database; we're using BGP to carry any information anyone ever wants to carry around. I'm just waiting for someone to design JSON in BGP RFC and then we are, you know… where we need to be.Corey: I feel on some level, like, BGP gets relatively unfair criticism because the only time it really intrudes on the general awareness is when something has happened and it breaks. This is sort of the quintessential network or systems—or, honestly, computer—type of issue. It's either invisible, or you're getting screamed at because something isn't working. It's almost like a utility. On some level. When you turn on a faucet, you don't wonder whether water is going to come out this time, but if it doesn't, there's hell to pay.Ivan: Unless it's brown.Corey: Well, there is that. Let's stay away from that particular direction; there's a beautiful metaphor, probably involving IBM, if we do. So, the challenge, too, when you look at it is that it's this weird, esoteric thing that isn't super well understood. And as soon as it breaks, everyone wants to know more about it. And then in full on charging to the wrong side of the Dunning-Kruger curve, it's, “Well, that doesn't sound hard. Why are they so bad at it? I would be able to run this better than they could.” I assure you, you can't. This stuff is complicated; it is nuanced; it's difficult. But the common question is, why is this so fragile and able to easily break? I'm going to turn that around. How is it that something that is this esoteric and touches so many different things works as well as it does?Ivan: Yeah, it's a miracle, particularly considering how crappy the things are configured around the world.Corey: There have been periodic outages of sites when some ISP sends out a bad BGP announcement and their upstream doesn't suppress it because hey, you misconfigured things, and suddenly half the internet believes oh, YouTube now lives in this tiny place halfway around the world rather than where it is currently being Anycasted from.Ivan: Called Pakistan, to be precise.Corey: Exact—there was an actual incident there; we are not dunking on Pakistan as an example of a faraway place. No, no, an Pakistani ISP wound up doing exactly this and taking YouTube down for an afternoon a while back. It's a common problem.Ivan: Yeah, the problem was that they tried to stop local users accessing YouTube. And they figured out that, you know, YouTube, is announcing this prefix and if they would announce to more specific prefixes, then you know, they would attract the traffic and the local users wouldn't be able to reach YouTube. Perfect. But that leaked.Corey: If you wind up saying that, all right, the entire internet is available on this interface, and a small network of 256 nodes available on the second interface, the most specific route always wins. That's why the default route or route of last resort is the entire internet. And if you don't know where to send it, throw it down this direction. That is usually, in most home environments, the gateway that then hands it up to your ISP, where they inspect it and do all kinds of fun things to sell ads to you, and then eventually get it to where it's going.This gets complicated at these higher levels. And I have sympathy for the technical aspects of what happened at Facebook; no sympathy whatsoever for the company itself because they basically do far more harm than they do good and I've been very upfront about that. But I want to talk to you as well about something that—people are going to be convinced I'm taking this in my database direction, but I assure you I'm not—DNS. What is the relationship between BGP and DNS? Which sounds like a strange question, sometimes.Ivan: There is none.Corey: Excellent.Ivan: It's just that different large-scale properties decided to implement the global load-balancing global optimal access to their servers in different ways. So, Cloudflare is a typical example of someone who is doing Anycast, they are announcing the same networks, the same prefixes, from hundreds locations around the world. So, BGP will take care that you always get to the close Cloudflare [unintelligible 00:18:46]. And that's it. That's how they work. No magic. Facebook didn't believe in the power of Anycast when they started designing their service. So, what they're doing is they have DNS servers around the world, and the DNS servers serve the local region, if you wish. And that DNS server then decides what facebook.com really stands for. So, if you query for facebook.com, you'll get a different answer in Europe than in US.Corey: Just a slight diversion on what Anycast is. If I ping Google's public resolver 8.8.8.8—easy to remember—from my computer right now, the packet gets there and back in about five milliseconds.Wherever you are listening to this, if you were to try that same thing you'd see something roughly similar. Now, one of two things is happening; either Google has found a way to break the laws of physics and get traffic to a central point faster than light for the 8.8.8.8 that I'm talking to and the one that you are talking to are not in fact the same computer.Ivan: Well, by the way, it's 13 milliseconds for me. And between you and me, it's 200 millisecond. So yes, they are cheating.Corey: Just a little bit. Or unless they tunneled through the earth rather than having to bounce it off of satellites and through cables.Ivan: No, even that wouldn't work.Corey: That's what the quantum computers are for. I always wondered. Now, we know.Ivan: Yeah. They're entangling the replies in advance, and that's how it works. Yeah, you're right.Corey: Please continue. I just wanted to clarify that point because I got that one hilariously wrong once upon a time and was extremely confused for about six months.Ivan: Yeah. It's something that no one ever thinks about unless, you know, you're really running large-scale DNS because honestly, root DNS servers were Anycasted for ages. You think they're like 12 different root DNS servers; in reality, there are, like, 300 instances hidden behind those 12 addresses.Corey: And fun trivia fact; the reason there are 12 addresses is because any more than that would no longer fit within the 512 byte limit of a UDP packet without truncating.Ivan: Thanks for that. I didn't know that.Corey: Of course. Now, EDNS extensions that you go out with a larger [unintelligible 00:21:03], but you can't guarantee that's going to hit. And what happens when you receive a UDP packet—when you receive a DNS result with a truncate flag set on the UDP packet? It is left to the client. It can either use the partial result, or it can try and re-establish over a TCP connection.That is one of those weird trivia questions they love to ask in sysadmin interviews, but it's yeah, fundamentally, if you're doing something that requires the root nameservers, you don't really want to start going down those arcane paths; you want it to just be something that fits in a single packet not require a whole bunch of computational overhead.Ivan: Yeah, and even within those 300 instances, there are multiple servers listening to the same IP address and… incoming packets are just sprayed across those servers, and whichever one gets the packet replies to it. And because it's UDP, it's one packet in one packet out. Problem solved. It all works. People thought that this doesn't work for TCP because, you know, you need a whole session, so you need to establish the session, you send the request, you get the reply, there are acknowledgements, all that stuff.Turns out that there is almost never two ways to get to a certain destination across the internet from you. So, people thought that, you know, this wouldn't work because half of your packets will end in San Francisco, and half of the packets will end in San Jose, for example. Doesn't work that way.Corey: Why not?Ivan: Well, because the global Internet is so diverse that you almost never get two equal cost paths to two different destinations because it would be San Francisco and San Jose announcing 8.8.8.8 and it would be a miracle if you would be sitting just in the middle so that the first packet would go to San Francisco, the second one would go to San Jose, and you know, back and forth. That never happens. That's why Cloudflare makes it work by analysing the same prefix throughout the world.Corey: So, I just learned something new about how routing announcements work, an aspect of BGP, and you a few minutes ago learned something about the UDP size limit and the root name servers. BGP and DNS are two of the oldest protocols in existence. You and I are also decades into our careers. If someone is starting out their career today, working in a cloud-y environment, there are very few network-centric roles because cloud providers handle a lot of this for us. Given these protocols are so foundational to what goes on and they're as old as they are, are we as an industry slash sector slash engineers losing the skills to effectively deploy and manage these things?Ivan: Yes. The same problem that you have in any other sufficiently developed technology area. How many people can build power lines? How many people can write a compiler? How many people can design a new CPU? How many people can design a new motherboard?I mean, when I was 18 years old, I was wire wrapping my own motherboard, with 8-bit processor. You can't do that today. You know, as the technology is evolving and maturing, it's no longer fun, it's no longer sexy, it stops being a hobby, and so it bifurcates into users and people who know about stuff. And it's really hard to bridge the gap from one to the other. So, in the end, you have, like, this 20 [graybeard 00:24:36] people who know everything about the technology, and the youngsters have no idea. And when these people die, don't ask me [laugh] how we'll get any further on.Corey: This episode is sponsored by our friends at CloudAcademy. That's right, they have a different lab challenge up for you called, “Code Red: Repair an AWS Environment with a Linux Bastion Host.” What does it do? Well, its going to assess your ability to troubleshoot AWS networking and security issues in a production like environment. Well, kind of, its not quite like production because some exec is not standing over your shoulder, wetting themselves while screaming. But..ya know, you can pretend in fact I'm reasonably certain you can retain someone specifically for that purpose should you so choose. If you are the first prize winner who completes all four challenges with the fastest time, you'll win a thousand bucks. If you haven't started yet you can still complete all four challenges between now and December 3rd to be eligible for the grand prize. There's only a few days left until the whole thing ends, so I would get on it now. Visit cloudacademy.com/corey. That's cloudacademy.com/C-O-R-E-Y, for god's sake don't drop the “E” that drives me nuts, and thank you again to Cloud Academy for not only promoting my ridiculous non sense but for continuing to help teach people how to work in this ridiculous environment.Corey: On some level, it feels like it's a bit of a down the stack analogy for what happened to me early in my career. My first systems administration job was running a large-scale email system. So, it was a hobby that I was interested in. I basically bluffed my way into working at a university for a year—thanks, Chapman; I appreciate that [laugh]—and it was great, but it was also pretty clear to me that with the rise of things like hosted email, Gmail, and whatnot, it was not going to be the future of what the present day at that point looked like, which was most large companies needed an email administrator. Those jobs were dwindling.Now, if you want to be an email systems administrator, there are maybe a dozen companies or so that can really use that skill set and everyone else just outsources that said, at those companies like Google and Microsoft, there are some incredibly gifted email administrators who are phenomenal at understanding every nuance of this. Do you think that is what we're going to see in the world of running BGP at large scale, where a few companies really need to know how this stuff works and everyone else just sort of smiles, nods and rolls with it?Ivan: Absolutely. We're already there. Because, you know, if I'm an end customer, and I need BGP because I have to uplinks to two ISPs, that's really easy. I mean, there are a few tricks you should follow and hopefully, some of the guardrails will be built into network operating systems so that you will really have to configure explicitly that you want to leak [unintelligible 00:26:15] between Verizon and AT&T, which is great fun if you have too low-speed links to both of them and now you're becoming transit between the two, which did happen to Verizon; that's why I'm mentioning them. Sorry, guys.Anyway, if you are a small guy and you just need two uplinks, and maybe do a bit of policy, that's easy and that's achievable, let's say with some Google and paste, and throwing spaghetti at the wall and seeing what sticks. On the other hand, what the large-scale providers—like for example Facebook because we were talking about them—are doing is, like, light years away. It's like comparing me turning on the light bulb and someone running, you know, nuclear reactor.Corey: Yeah, you kind of want the experts running some aspects on that. Honestly, in my case, you probably want someone more competent flipping the light switch, too. But that's why I have IoT devices here that power my lights, it on the one hand, keeps me from hurting myself on the other leads to a nice seasonal feel because my house is freaking haunted.Ivan: So, coming back to Facebook, they have these DNS servers all around the world and they don't want everyone else to freak out when one of these DNS servers goes away. So, that's why they're using the same IP address for all the DNS servers sitting anywhere in the world. So, the name server for facebook.com is the same worldwide. But it's different machines and they will give you different answers when you ask, “Where is facebook.com?”I will get a European answer, you will get a US answer, someone in Asia will get whatever. And so they're using BGP to advertise the DNS servers to the world so that everyone gets to the closest DNS server. And now it doesn't make sense, right, for the DNS server to say, “Hey, come to European Facebook,” if European Facebook tends to be down. So, if their DNS server discovers that it cannot reach the servers in the data center, it stops advertising itself with BGP.Why would BGP? Because that's the only thing it can do. That's the only protocol where I can tell you, “Hey, I know about this prefix. You really should send the traffic to me.” And that's what happened to Facebook.They bricked their backbone—whatever they did; they never told—and so their DNS server said, “Gee, I can't reach the data center. I better stop announcing that I'm a DNS server because obviously I am disconnected from the rest of Facebook.” And that happens to all DNS servers because, you know, the backbone was bricked. And so they just, you know, [unintelligible 00:29:03] from the internet, they've stopped advertising themselves, and so we thought that there was no DNS server for Facebook. Because no DNS server was able to reach their core, and so all DNS servers were like, “Gee, I better get off this because, you know, I have no clue what's going on.”So, everything was working fine. Everything was there. It's just that they didn't want to talk to us because they couldn't reach the backend servers. And of course, people blamed DNS first because the DNS servers weren't working. Of course they weren't. And then they blame the BGP because it must be BGP if it isn't DNS. But it's like, you know, you're blaming headache and muscle cramps and high fever, but in fact you have flu.Corey: For almost any other company that wasn't Facebook, this would have been a less severe outage just because most companies are interdependent on each other companies to run infrastructure. When Facebook itself has evolved the way that it has, everything that they use internally runs on the same systems, so they wound up almost with a bootstrapping problem. An example of this in more prosaic terms are okay, the data center had a power outage. Okay, now I need to power up all the systems again and the physical servers I'm trying to turn on need to talk to a DNS server to finish booting but the DNS server is a VM that lives on those physical servers. Uh-oh. Now, I'm in trouble. That is a overly simplified and real example of what Facebook encountered trying to get back into this, to my understanding.Ivan: Yes, so it was worse than that. It looks like, you know, even out-of-band management access didn't work, which to me would suggest that out-of-band management was using authentication servers that were down. People couldn't even log to Zoom because Zoom was using single-sign-on based on facebook.com, and facebook.com was down so they couldn't even make Zoom calls or open Google Docs or whatever. There were rumors that there was a certain hardware tool with a rotating blade that was used to get into a data center and unbrick a box. But those rumors were vehemently denied, so who knows?Corey: The idea of having someone trying to physically break into a data center in order to power things back up is hilarious, but it does lead to an interesting question, which is in this world of cloud computing, there are a lot of people in the physical data centers themselves, but they don't have access, in most cases to log into any of the boxes. One of the most naive things I see all the time is, “Oh well, the cloud provider can read all of your data.” No, they can't. These things are audited. And yeah, theoretically, if they're lying outright, and somehow have falsified all of the third-party audit stuff that has been reported and are willing to completely destroy their business when it gets out—and I assure you, it would—yeah, theoretically, that's there. There is an element of trust here. But I've had to answer a couple of journalists questions recently of, “Oh, is AWS going to start scanning all customer content?” No, they physically cannot do it because there are many ways you can configure things where they cannot see it. And that's exactly what we want.Ivan: Yeah, like a disk encryption.Corey: Exactly. Disk encryption, KMS on some level, using—rolling your own, et cetera, et cetera. They use a lot of the same systems we do. The point being, though, is that people in the data centers do not even have logging rights to any of these nodes for the physical machines, in some cases, let alone the customer tenants on top of those things. So, on some level, you wind up with people building these systems that run on top of these computers, and they've never set foot in one of the data centers.That seems ridiculous to me as someone who came up visiting data centers because I had to know where things were when they were working so I could put them back that way when they broke later. But that's not necessary anymore.Ivan: Yeah. And that's the problem that Facebook was facing with that outage because you start believing that certain systems will always work. And when those systems break down, you're totally cut off. And then—oh, there was an article in ACM Queue long while ago where they were discussing, you know, the results of simulated failures, not real ones, and there were hilarious things like phone directory was offline because it wasn't on UPS and so they didn't know whom to call. Or alerts couldn't be diverted to a different data center because the management station for alert configuration was offline because it wasn't on UPS.Or, you know the one, right, where in New York, they placed the gas pump in the basement, and the diesel generators were on the top floor, and the hurricane came in and they had to carry gas manually, all the way up to the top floor because the gas pump in the basement just stopped working. It was flooded. So, they did everything right, just the fuel wouldn't come to the diesel generators.Corey: It's always the stuff that is under the hood on these things that you can't make sense of. One of the biggest things I did when I was evaluating data center sites was I'd get a one-line diagram—which is an electrical layout of the entire facility—great. I talked to the folks running it. Now, let's take a walk and tour it. Hmmm, okay. You show four transformers on your one-line diagram. I see two transformers and two empty concrete pads. It's an aspirational one-line diagram. It's a joke that makes it a one-liner diagram and it's not very funny. So it's, okay if I can't trust you for those little things, that's a problem.Ivan: Yeah, well, I have another funny story like that. We had two power feeds coming into the house plus the diesel generator, and it was, you know, the properly tested every month diesel generator. And then they were doing some maintenance and they told us in advance that they will cut both power feeds at 2 a.m. on a Sunday morning.And guess what? The diesel generator didn't start. Half an hour later UPS was empty, we were totally dead in water with quadruple redundancy because you can't get someone it's 2 a.m. on a Sunday morning to press that button on the diesel generator. In half an hour.Corey: That is unfortunate.Ivan: Yeah, but that's how the world works. [laugh].Corey: So, it's been fantastic reminding myself of some of the things I've forgotten because let's be clear, in working with cloud, a lot of this stuff is completely abstracted away. I don't have to care about most of these things anymore. Now, there's a small team of people that AWS who very much has to care; if they don't, I will say mean things to them on Twitter, if I let my HugOps position slip up just a smidgen. But they do such a good job at this that we don't have problems like this, almost ever, to the point where when it does happen, it's noteworthy. It's been fun talking to you about this just because it's a trip down a memory lane that is a lot more aligned with the things that are there and we tend not to think about them. It's almost a How it's Made episode.Ivan: Yeah. And don't be so relaxed regarding the cloud networking because, you know, if you don't go full serverless with nothing on-premises, you know what protocol you're running between on-premises and the cloud on direct connect? It's called BGP.Corey: Ah. You know, I did not know that. I've done some ridiculous IPsec pairings over those things, and was extremely unhappy for a while afterwards, but I never got to the BGP piece of it. Makes sense.Ivan: Yeah, even over IPsec if you want to have any dynamic failover, or multiple sites, or anything, it's [BP 00:36:56].Corey: I really want to thank you for taking the time to go through all this with me. If people want to learn more about how you view these things, learn more things from you, as I'd strongly recommend they should if they're even slightly interested by the conversation we've had, where can they find you?Ivan: Well, just go to ipspace.net and start exploring. There's the blog with thousands of blog entries, some of them snarkier than others. Then there are, like, 200 webinars, short snippets of a few hours of—Corey: It's like a one man version of re:Invent. My God.Ivan: Yeah, sort of. But I've been working on this for ten years, and they do it every year, so I can't produce the content at their speed. And then there are three different full-blown courses. Some of them are just, you know, the materials from the webinars, plus guest speakers plus hands-on exercises, plus I personally review all the stuff people submit, and they cover data centers, and automation, and public clouds.Corey: Fantastic. And we will, of course, put links to that into the [show notes 00:38:01]. Thank you so much for being so generous with your time. I appreciate it.Ivan: Oh, it's been such a huge pleasure. It's always great talking with you. Thank you.Corey: It really is. Thank you once again. Ivan Pepelnjak network architect and oh so much more. CCIE #1354 Emeritus. And read the bio; it's well worth it. I am Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice and a comment formatted as a RIPv2 announcement.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Security Voices
All the Latest Cybersecurity Research, Summarized: Rebooting ThinkstScapes with Jacob Torrey

Security Voices

Play Episode Listen Later Dec 2, 2021 56:31


What if there was someone who could take all of the best security research over recent months and distill it down into the greatest hits? Sort of like a Spotify “Release Radar”, but for the best talks at conferences. There is. It's not in Blinkist. It's (back) at ThinkstScapes after a multiyear hiatus.And it's now gloriously free.This episode of Security Voices covers the return of Thinkstscapes with Jacob Torrey who led the reboot of the now quarterly report. In the interview with Jack and Dave, Jacob explains how he and the team at Thinkst devour and summarize the very best security research from thousands of presentations and hundreds of conferences across the globe.Jacob starts with some of his favorites, which focuses on an innovative research project not from a startup or researcher, but from a multi-decade antivirus company that went all in on an industrial controls system honeypot project. From there we cover ground that ranges from speculative execution vulnerabilities to a spate of embedded vulnerabilities, including a Hollywood style attack using laser pointers to compromise voice activated devices such as Amazon's Alexa. In continuity from our last episode with Frank Pound, we also discuss a TCP timing attack that threatens to allow eavesdropping over satellite base station connections.Look for our next episodes to resume their normal, monthly cadence as we've found a means of streamlining our audio production and we now have a recording waiting in the wings. Enjoy the show!

Screaming in the Cloud
“Snyk”ing into the Security Limelight with Clinton Herget

Screaming in the Cloud

Play Episode Listen Later Dec 2, 2021 37:12


About ClintonClinton Herget is Principal Solutions Engineer at Snyk, where he focuses on helping our large enterprise and public sector clients on their journey to DevSecOps. A seasoned technologist, Clinton spent his 15+ year career prior to Snyk as a web software engineer, DevOps consultant, cloud solutions architect, and technical director in the systems integrator space, leading client delivery of complex agile technology solutions. Clinton is passionate about empowering software engineers and is a frequent conference speaker, developer advocate, and everything-as-code evangelist.Links:Try Snyk for free today at:https://app.snyk.io/login?utm_campaign=Screaming-in-the-Cloud-podcast&utm_medium=Partner&utm_source=AWS TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.  Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode features Clinton Herget, who's a principal solutions engineer at Snyk. Or ‘Snick.' Or ‘Cynic.' Clinton, thank you for joining me, how the heck do I pronounce your company's name?Clinton: That is always a great place to start, Corey, and we like to say it is ‘sneak' as in sneaking around or a pair of sneakers. Now, our colleagues in the UK do like to say ‘Snick,' but that is because they speak incorrectly. We will accept it; it is still wrong. As long as you're not saying ‘Sink' because it really has nothing to do with plumbing and we prefer to avoid that association.Corey: Generally speaking, I try not to tell other people how to run their business, but I will make an exception here because I can't take it anymore. According to CrunchBase, your company has raised $1.4 billion. Buy a vowel for God's sake. How much could it possibly cost for a single letter that clarifies all of this? My God.Clinton: Yeah, but then we wouldn't spend the first 20 minutes of every sales conversation talking about how to pronounce the company name and we would need to fill that with content. So, I think we're just going to stay the course from here on out.Corey: I like that. So, you're a principal solutions engineer. First, what does that do? And secondly, I've known an awful lot of folks who I would consider problem engineers, but they never self-describe that way. It's always solutions-oriented?Clinton: Well, it's because I worked for Snyk, and we're not a problems company, Corey, we're a solutions company.Corey: I like that.Clinton: It's an interesting role, right, because I work with some of our biggest customers, a lot of our strategic partners here in North America, and I'm kind of the evangelist that comes out and says, “Hey, here's what sucks about being a developer. Here's how we could maybe be better.” And I want to connect with other engineers to say, “Look, I share your pain, there might be an easier way, if you, you know, give me a few minutes here to talk about Snyk.”Corey: So, I've seen Snyk around for a while. I've had a few friends who worked there almost since the beginning and they talk about this thing—this was before, I believe, you had the Dobermann logo back in the early days—and I keep periodically seeing you folks in a variety of different contexts and different places. Often I'll be installing something from Docker Hub, for example, and it will mention that, oh, there's a Snyk scan thing that has happened on the command line, which is interesting because I, to the best of my knowledge, don't pay Docker for things that I do because, “No, I'm going to build it myself out of popsicle sticks,” is sort of my entire engineering ethos. But I keep seeing you in different cases where as best I am aware, I have never paid you folks for services. What is it you do as a company because you're one of those folks that I just keep seeing again and again and again, but I can't actually put my finger on what it is you do.Clinton: Yeah, you know, most people aren't aware that popsicle sticks are actually a CNCF graduated project. So, you know, that's that—Corey: Oh, and they're load-bearing in almost every piece of significant technical debt over the last 50 years.Clinton: Absolutely. Look at your bill of materials; it's there. Well, here's where I can drop in the other fun fact about Snyk's name, it's actually an acronym, right, stands for So, Now You Know. So, now you know that much, at least. Popsicle sticks, key component to any containerized infrastructure. Look, Snyk is a developer security company, right? And people hear that and go, “I'm sorry, what? I'm a developer; I don't give a shit about security.” Or, “I'm a security person”—Corey: Usually they don't say that out loud as often as you would hope, but it's like, “That's not true. I say that I care about security an awful lot.” It's like, “Yeah, you say that. Therein lies the rub.”Clinton: Until you get a couple of drinks in them at the party at re:Invent and then the real stuff comes out, right? No, Snyk is always been historically committed to the open-source community. We want to help open-source developers every bit as much as, you know, we're helping the engineers at our top-tier customers. And that's because fundamentally, open-source is inextricably linked to the way software is developed today, right? There is nobody not using open-source.And so we, sort of, have to be supporting those communities at the same time. And that fundamentally is where the innovation is happening. And you know, my sales guys hate when I say this, right, but you can get an amazing amount of value out of Snyk by using the freemium solution, using the open-source tooling that we've put out in the community, you get full access to our vulnerability database, which is updated every day, and if you're working on public projects, that's going to be free forever, right? We're fundamentally committed to making that work. If you're an enterprise that happens to have money to spend, I guess we'll take that too, right, but my job is really talking to developers and figuring out, you know, how can we reduce the amount of pain in your life through better security tooling?Corey: The challenging part is that your business, although I confess is significantly larger than my business, we're sort of on some level solving the same problem. And that sounds odd to say because I focus on fixing AWS bills and you're focused on improving developer security. But I'm moving up about six levels to the idea that there are only two big problems in the world of technology, in the world of companies for that matter. And the problem that we're solving is the worst one of the two. And that is reducing risk exposure.It is about eliminating downside. It's cost optimization, it's security tooling, it is insurance, et cetera, et cetera, et cetera. And the other problem, the one that I've always found, that is the thing that will get people actually excited rather than something they feel obligated to do is speeding up time to market, improving feature velocity, being able to deliver the right things sooner. That's the problem companies are biasing towards investing in extremely heavily. They'll convene the board to come up with an answer there.That said, you stray closer into that problem space than most security companies that I'm aware of just because you do in fact, speed up the developer process. It let people move faster, but do it safely at least is my general understanding. If I'm completely wrong on this, and, “Nope, we are purely risk mitigation, then this is going to look fairly silly, but it wouldn't be the first time I put my foot in my mouth.”Clinton: Yeah, Corey, it sounds like you really read the first three words of the website, right? “Develop fast. Stay secure.” And I think that fundamentally gets at the traditional alignment, where security equals slow, right, because risk mitigation is all about preventing problematic things from going into production. But only doing that as a stop gate at the end of the process, right, by essentially saying we assume all developers are bad and want to do bad things, and so we're going to put up this big gate and generate an 1100 page PDF, and then throw it back to them and say, “Now, go figure out all of the bad things you did and how to fix them. And by the way, you're already overshooting your delivery target.” Right? So, there's no way to win in that traditional model unless you're empowering developers earlier with the right context they need to actually write more secure code to begin with, rather than remediating after the fact when those fixes are actually most expensive.Corey: It's the idea of the people who want to slow down and protect things and not break are on the operation side of the world, and then you have developers who want to ship things. And you have that natural tension, so we're going to smash them together and call it DevOps, which at least if nothing else, leads to interesting stories on stages. Whether it actually leads to lasting cultural transformation is another thing entirely. And then someone said, “Well, what about security?” And the answer is, “We have a security department?” And the answer is, “Yeah, you know, those grumpy people that say no all the time whenever we ask if we could do anything.” “Oh, that security department. I ignore them and go around them instead.” And it's, “All right, well, we need help on that so we're going to smash them in, too.” Welcome to DevSecOps, which is basically buzzword-driven cultural development. And here we are. But there is something to be said for you can no longer be the Department of No. I would argue that you couldn't do that successfully previously, but at least now we're a little more aware of it.Clinton: I think you could certainly do that when you were deploying software a couple times a year, right? Because you could build in all of the time to very expensively and time consumingly fix things after the fact, right? We're no longer in that world. I think when you're deploying every few seconds or a few minutes, what you need is tooling that, first of all, runs at that speed, that gives developers insights into what risk are they bringing on board with that application once it will be deployed, but then also give them the context they actually need to fix things, right? I mean, regardless of where those vulnerabilities are found, it still ultimately is a line of code that has to be written by a developer and committed and pushed through a pipeline to make it back into production.And that's true, whether we're talking about application security and proprietary code, we're talking about vulnerabilities in open-source, vulnerabilities in the container, infrastructure as code. I mean, it used to be that a network vulnerability was fixed by somebody going into the data center, unplugging a Cat 5 cable and plugging it in somewhere else, right? I mean, that was the definition of network security. It was a hardware problem. Now, networking is software-defined. I mean [laugh]—Corey: Oh, the firewall I trust is basically a wire cutter. Yeah, cut through the entire cable, and that is the only secure firewall. And it's like, oh, no, no, there are side-channel attacks. It's not completely going to solve things for you. Yeah.Clinton: You know, without naming names, there are certainly vendors in the security space that still consider mitigation to be shutting down access to a workload, right. Like, let's remediate by taking this off of the internet and allowing it to no longer be accessible.Corey: I don't think it's come from a security standpoint, but that does feel like it's a disturbing proportion of Google's product strategy.Clinton: [laugh]. Absolutely. But you know, I do think maybe we can take the forward-looking step of saying there are ways to fix issues while keeping applications online at the same time. For example, by arming engineers with the security intelligence they need when they're making decisions about what goes into those applications. Because those wire cutters now, that's a line in a YAML file, right?That's a Kubernetes deployment, that's a CloudFormation template, and that is living in code in the same repo with everything else, with all of the other logic. And so it's fundamentally indistinguishable at the point where all security is really now developer security, except the security tooling available doesn't speak to the developer, it doesn't integrate into their workflow, it doesn't enable them to make remediations, it's still slapping them on the wrist. And this is why I think when you talk about—to invoke one of the most overused buzzwords in the security industry—when you talk about shifting left, that's really only half the story. I mean, if you're taking a traditional solution that's designed to slow things down, and shifting that into the developer workflow, you're just slowing them down earlier, right? You're not enabling them with better decision-making capacity so they can say, “Oh, I now understand the risks that I'm bringing on board by not sanitizing a string before I dump it into a SQL, you know, query. But now I understand that better because Snyk is giving me that information at the right time when I don't have to context switch out of it, which is, as I'm writing that line of code to begin with.”Corey: When I look at your website—and I'm really, really hoping that your marketing folks don't turn me into a liar on this one between the time we have recorded this and the time it sees the light of day in a week or so—it's notable because you are a security vendor, but you almost wouldn't know that from your website. And that is a compliment because at no point, start to finish, on the landing page at snyk.io do I see anything that codes to, “Hackers are coming to kill you. Give us money immediately to protect yourself.”You're not slinging FUD. You're talking entirely about how to improve velocity. The closest it gets to even mentioning security stuff is, “Ship on time with peace of mind.” That is as close as it gets to talking about security stuff. There is no fear based on this, and you don't treat people like children and say, “Security is extremely important.” “Thank you, Professor, I really appreciate that helpful tip.”Clinton: Yeah, you know, again, I think we take the very controversial approach that developers are not bad people who want to make applications less secure, right? And I think again, when you go into that 40-year trajectory of that constant tension between the engineering and the security sides of the house, it really involves certain perceptions about what those other people are like: security are bad and want to shut everything down; developers are, you know, wild cowboys who don't care about standardization and are just introducing a bunch of risk, right? Where Snyk comes in is fundamentally saying, “Hey, we can actually all live together in a world where we recognize there's pain on both sides?” And look, Corey, I'm coming to you after essentially waking up every day for 20 years and writing code of some kind or other, and I can tell you, developers are already scared enough, man. It is a fearful and anxiety ridden experience to know that you're not completely in command of what happens to that application once it leaves your IDE, right?You know at some point you're going to get that PDF dumped on you; you're going to have a build block, you're going to have a bug report come in from a very important customer at three o'clock in the morning and you're going to have to do something about it. I think every software engineer in the world carries that fear around with them. They don't have to be told you have the capacity to do bad stuff here and you should be better at it. What they need is somebody to tell them here's how to do things better, right? Here's not necessarily even why a cross-site scripting attack is dangerous—although we can certainly educate you on that as well—but here's what you need to do to remediate it. Here's how other developers have fixed that in applications that look like yours.And if you get that intelligence at the right point, then it becomes truly—to go back to your original question—it becomes about solutions rather than about problems, right? The last thing we ever want to do is adopt that traditional approach of saying, “You did a bad thing. It's your fault. You have to go figure out what to do. And then by the way, you have to do all the refactoring on top of that because we didn't tell you you did the bad thing until three weeks later when that traditional SaaS tool finally finished running.”Corey: Exactly. It's a question of how much can you reduce that feedback loop? If I get pinged 60 seconds after I commit code that there's a problem with it, great. I still have that in my head. Mostly. I hope. But if it's six months later it's, “Who even wrote this?” And I pull up git blame and, “Ah, crap, it was me. What was I possibly thinking back then?” It's about being able to move rapidly and fix things, I guess, as early in the process as possible, the whole shift-left movement. That's important. That's valuable.Clinton: Yeah, the context switching is so expensive, right, because the minute you switch away from that file, you're reading some documentation. You're out of that world. Most of the developer's time is spent getting into and out of different contexts. Once you're in there, I mean, you could rattle off 40 lines of code in a sitting and actually clear a ticket and you feel really good about yourself, right? The next day, when that comes back from QA saying you did something wrong here, that's the painful part of having to get back in.And by the time you've already done that, you've doubled the amount of time you've spent on that feature. So, it's all about integrating the right intelligence in the right context at the right time, and doing so in such a way that we're not throwing around blame, that we're not saying, “You should have known better.” We're saying, “We want to help you do this better because, you know, ultimately, you're going to write another SQL query. That's okay. We hope that maybe this will inspire you to sanitize those strings properly, and we're going to give you some suggestions on how to do that.”Corey: Yeah. Developer time is way more expensive than the infrastructure. That is, I think, a little understood facet of how this works from an engineering perspective because an awful lot of us came up in this industry considering our time to be free. Because we were doing this as a hobby in some cases, it was. When I was in my dorm room back many years ago, as I was basically in the process of being expelled from boarding school, it was very clearly my time was not worth a whole hell of a lot to anyone at that point.Speaking of expensive things, I want to talk for a minute about your pricing. And what I like about this is, let me be clear here. I am a big fan of taking shortcuts wherever I can, and one of the shortcuts I love doing—and I don't know if I've talked about it on this show before—is when I'm talking to a company and I need to figure out do they know what they're doing or are they clowns, I cheat and I go to the pricing page. And there are two big things that I look for, and you have them both.The first is that over on the far left side of the spectrum, it's do you have a free option? And yes, you do. And, “Click here to get started immediately.” Great because it's three in the morning, I need to get something done, I'm under a deadline, I do not have time for a conversation with sales, and as an engineer, I absolutely don't want to deal with that type of sales process because it feels weird to go and ask my boss to go ahead and sign off on something because I feel like my spending authority is capped at $20. Now that I have a little more context, I understand exactly why [laugh] my spending authority was capped at $20 back when I was an engineer.Clinton: Yeah, exactly right. And so it's not only that commitment to ensuring every software engineer in the world can have access to Snyk immediately by making one click because, you know, ultimately, we're committed to that community, right? There's 3 million developers using Snyk currently. That's about 10% of all engineers in the world. We're very proud of that number.We expect that to continue to grow and I think it shows that there is need out there, right? And if we can enable every engineer who's up at 3 a.m. faced with some security prospect to say, you know, it is as simple as getting a free account and getting a vulnerability report, getting the remediation advice, being able to sleep easier. I think we're successful as a company, regardless of what the bottom line is. But when you look at how to scale that into the enterprise, the way security solutions are priced, I mean, it's like throwing a bunch of wet noodles at the wall and seeing what sticks, right?Corey: Yes. And that's the other piece of your pricing that I like is a lot of people are going to be listening to that, what I'm saying right now about, “Oh, well, we have a free tier. Why do you think we're clowns?” It's, “Ah. Because the other end is just as important if not more so, which is there has to be an enterprise tier, and the price for that has got to be, ‘Click here to have a conversation.'” And the reason behind that is if you work in procurement, which is very often who's going to be reaching out on something like this, you are going to need custom contracts; you are going to want a long-term enterprise deal, and if the top tier is X dollars per thing that's already there, it reeks of unsophisticated vendor to a buyer in that position, and it makes the people a big blue chip companies think, “Oh, they don't know how to deal with someone at our scale.” Pricing his messaging, and I think people lose sight of that. You absolutely say the right things on both ends. I look at this, and there's nothing I would change or improve about your pricing page, which to be honest, is really rare.Clinton: I'm not sure all of our sales leaders would agree with you there, but I will pass that feedback along. Well, and the other thing I would add to that is, what everyone who's in a pricing conversation wants is predictability about what is this going to be in the future, right? And so we base our pricing on how many developers are in your organization, right? That's probably a number you know; that's probably a number that you can predict over time. We're not going to say, “How many CPUs are we using, right? What's the footprint of the cloud resources we're deploying to scan your stuff?” These are all things that you have very little control over and there is alchemy there that introduces a financial risk into that situation. And we're all about risk mitigation at scale, right?Corey: You don't pop up halfway through a cycle of, “Oh, you've gone on a hiring spree. Time to go ahead and pay us a bunch more money you didn't plan for or budget for.” I've had vendors pop up a quarter after I signed a deal—repeatedly—and it drives me up a wall because back in my engineering days, it was, great, now I have to spend time on this that I hadn't planned for; I have to go to my boss and ask for more money, never a great conversation, and as a cherry on top, I get to look like I don't know how to manage vendors for crap. It's just everyone is angry about those conversations. And even the salespeople reaching out had the decency to act a little sheepish about having to have that conversation with me.Clinton: The best ones do, at least. Well, and on top of that, you know, maybe that tool has been capped so that now your bills are breaking because you went one over your cap, right? So, I—Corey: Yeah. I love it. When I fail in production. That's my favorite thing. It's like, “All right, we're going to wind up not scanning for security stuff anymore. And if you go five beyond your cap, we're going to start introducing vulnerabilities.” It's, “That's awesome. Just, great plan.” But I'm kidding. I'm kidding. I want to be very clear, I have never heard a whisper of an actual vendor doing that, on purpose anyway.Clinton: Exactly. Right. And you know, look. We want to make it as easy as possible, and that's why, for example, we're on AWS Marketplace. You can use your existing EDP program to, you know, buy Snyk, just as—Corey: At 50% of your spend on Snyk then winds up counting toward your spend commit, which is always an interesting approach that some people are like, “Ooh. So, we can wind up transferring the money that we're spending on a vendor to count toward our commit?” But in many cases, it's how much are you spending on other third-party vendors in this space because you're getting excited about a few tens of thousands in most cases, and you have a $50 million annual [laugh] commit. What are you doing there, buddy? That's like trying to become a millionaire via credit card points. It doesn't usually pan out that way.Clinton: Fair enough. Yeah. And then look, we're very proud of that partnership with Amazon. And look if hey, if they can lock some of our customers into $15 million a year spend contracts, we'll take a few pennies on that, right?Corey: Oh, yeah, as a vendor, you'd be silly not too. It makes sense. But you're doing significantly more than that. As of this week being re:Invent week, you are—well, tell me about it.Clinton: Yeah, Corey, we are thrilled to announce this week that AWS is now integrating with Snyk's vulnerability database within Amazon Inspector. And this is going to bring the best-of-breed security intelligence with a curated vulnerability database, including all of our proprietary research around things like exploit maturity, reachability, vulnerable conditions, social trends on vulnerabilities, all available within Amazon Inspector to any developer utilizing it. We also have an AWS code pipeline integration that makes it easy for anyone utilizing AWS for your CI/CD to get immediate feedback on vulnerabilities in your applications as they move through that pipeline. And remember, we're never just going to say, “We've identified a vulnerability. Now, you need to figure out what to do with it.” We're always going to integrate the remediation advice because our audience at the end of the day is the developer whose job it is to make the fix and who has such a wide variety of responsibility these days, the best we can do is say to them, not just, “We found something wrong,” but, “Here's the solution that we think you should implement to get that secure code back out into production.”Corey: This episode is sponsored by our friends at CloudAcademy. That's right, they have a different lab challenge up for you called, “Code Red: Repair an AWS Environment with a Linux Bastion Host.” What does it do? Well, its going to assess your ability to troubleshoot AWS networking and security issues in a production like environment. Well, kind of, its not quite like production because some exec is not standing over your shoulder, wetting themselves while screaming. But..ya know, you can pretend in fact I'm reasonably certain you can retain someone specifically for that purpose should you so choose. If you are the first prize winner who completes all four challenges with the fastest time, you'll win a thousand bucks. If you haven't started yet you can still complete all four challenges between now and December 3rd to be eligible for the grand prize. There's only a few days left until the whole thing ends, so I would get on it now. Visit cloudacademy.com/corey. That's cloudacademy.com/C-O-R-E-Y, for god's sake don't drop the “E” that drives me nuts, and thank you again to Cloud Academy for not only promoting my ridiculous non sense but for continuing to help teach people how to work in this ridiculous environment.Corey: First, congratulations. It's neat to have a first-party integration like that with an AWS service, as opposed to, you know, their somewhat storied approach of, “Hey, it's an open-source project. We're just going to implement something that's API compatible ourselves, and irritate people.” Now, to be clear, my problem is not that you should expect to build anything and not face competition. My concern is a little bit more along the lines of, “Huh. Why is that same company always the first in line to compete with something.” Which is neither here nor there.Security is also one of those areas where I think competition is important. You want it continual background level of investment in the space because this stuff is super important. What I like about Snyk and a number of companies in this space is I know exactly where you stand. Let's contrast that for a second with AWS. You're integrating with Inspector, which is a great service, but you're not, I don't believe, integrating with their other security services such as [big breath in] Amazon Detective, the Audit Manager—if you want to consider that one of them—Amazon Macie, AWS Firewall Manager, AWS Shield, the Network Firewall, IoT Device Defender, CloudTrail, Config.Amazon Inspector is in one you're there, but not really Security Hub, or GuardDuty, or IAM itself. And I look at all of these services—I mean, IAM is free, of course, but the rest are very much not—and I do some basic arithmetic and I'm starting to realize that if I can figure all the various AWS security services together and what that's going to cost me, it turns out the answer is more than the data breach. So, on some level, it's one of those—at what point is it so confusing and it starts to look like a cross-sell deal between all of the different services, and turn them all on because you could ever have too much security, we still have to ship things eventually. And their security messaging has been extraordinarily confused for a long time. At some level, the fact that you are now integrating with them on the Inspector side means that for the first time, I think I understand what Inspector does now, which is more than a little messed up. But here we are.Clinton: Indeed. Well, the first thing I would say on that is, you know, stay tuned. As we move into the new year. I think you're going to see a lot more announcements both, you know, on the AWS side, but also kind of industry-wide and terms of integration with Snyk. That Vulnerability Database feed also, as you mentioned earlier, in use in Docker Hub, so anyone with Containers and Docker Hub can get advantage by scanning with our Snyk container tool.We have other integrations with Red Hat, for example. And there are actually many other companies utilizing that DB feed to, again, get access to that best in breed vulnerability data. When you talk about that model of, you know, being outcompeted on the security front, I think that's more difficult to do when you're actually talking about data, right? Like tooling, on some level—and I might get in trouble for saying this—but tooling is commodity, right? Somebody tomorrow is going to come out with a better tool to do a thing a little bit faster in a little bit more intuitive way. What can't be easily replicated is the data and intelligence behind that, right? And so that's why—Corey: Yeah, the secret sauce that makes you folks work is not the fact of, “Ah, we can fire off or catch a web hook, and then run the following command against the codebase.” That is—sure it's handy and it's useful and you're good at that, but that is not the reason that people become your customer.Clinton: Exactly right. Look, there's a lot of tools that can resolve the dependency tree within your open-source application, right? We can do that as well. We leverage a lot of open-source to do that, you know, we're very open with that. As I mentioned earlier, a lot of Snyk tooling is available on GitHub, you can see how it works, that code is public.Really the value we're providing is in that curated security research that our dedicated team is working on day in and day out and verifying public security data that's out in CVEs. Is this actually accurate? Do we agree with the severity rating? Might there be other factors that could modify that severity rating? What happens when you are scanning an application that might have some vulnerable conditions versus others? Don't you want to prioritize those vulnerabilities differently? What happens at runtime, right? If you're deploying an application to an EC2 instance with an OpenSSH ingress into your security group, that's going to make certain vulnerabilities a lot bigger risk than if you've got your IAC configured correctly, right? So, the really the overall mission of Snyk as we move into this broader, kind of, ASPM application, you know, security posture management space, is to say, how many different signals across the SDLC can we combine in intuitive ways for the developer to understand that risk at the right time with the right context and armed with the remediation advice to make a better decision as they're writing their code, you know, rather than after the fact? If I could sum it all up, kind of, that's the vision of where we are both today and ultimately where we're going.Corey: There also needs to be an understanding of who the customer is. If I go through the launch wizard and spin up in a brand new account, my first EC2 instance, and I spin up an instance by going through the wizard, the first thing it does is yell at me. Because, “Ah, that SSH port is open to the world.” Which you need to get into it, once it's there. So, it sets that up for me and yells at me all in the same breath. And it's, this is not a promising start; I kind of need that to get into it.Conversely, if you're not someone learning this stuff for the first time, and you're, oh I don't know, a production engineer at a bank, you care quite a bit differently in that use case about things like OpenSSH groups, it's security posture, et cetera, et cetera. An awful lot of the tooling is, “Ah, you're failing this benchmark, and this benchmark, and this benchmark,” from CIS and the rest of all these rules of, oh, you're not encrypting your data at rest. Well, it's in an AWS data center environment. Yeah, if someone could break in and steal the drives from multiple facilities and somehow recombine them together and get out alive, yeah, that's really not my threat model.But it's easy to turn it on and check a box and make an auditor go away. But that's not where I would spend the bulk of my energies if I'm trying to improve my security posture. And it turns into rote checklists super easily. The thing I've always appreciated about the stuff that you're tooling in the open-source world has highlighted is it's not nonsense. And I really can't understate just how valuable that is.Clinton: Absolutely. And that comes from a combination of signals across that SDLC, from the open-source, from the container, from the proprietary code, from the IAC, but then also what's happening at runtime, right? Like, how are those containers actually deployed onto EKS? What ports are open? What running binaries are on the container that might influence, you know, what packages you choose to upgrade, versus not?All of that matters, and what—you know, the issue I think now is getting that visibility to the developer at the right time so that they can make it actionable. And the thing about infrastructure as code, that I think that's really interesting and not super well understood is a lot of those defaults are really insecure. And developers have no idea, right? Like, they might not be aware that if you don't define that encryption for your S3 bucket, it'll happily deploy unencrypted, right? Yes, that's a compliance problem, but that's also potentially exacerbator have other vulnerabilities that might be in that application.But you only see those when you can combine and have a single pane of glass that gives you the runtime signaling plus everything that's happening in the application, armed with the correct information to actually remediate that at the time, and say, “Don't you think you wanted to add, you know, AES encryption to this bucket? Don't you think you wanted to close down port 22?” And also, combine that with your internal business logic, right? Like maybe for an internal only application that never transits beyond your VPC perimeter, sure, it's fine to have port 22 open, right? There's just going to be people within your zero-trust environment authenticating to it. But for your production web application, that might be a different story.Corey: There are other concerns, too. For example, I'm sitting here complaining about the idea of encrypting at rest in an AWS environment, but if you've signed customer contracts that state that you're doing it, you'd better freaking do it, as opposed to, “Well, I know what the actual security risk is and it's no big deal.” Yeah, don't make that decision. If you are contractually obligated to do a thing. Don't YOLO it; do what you say you're going to do. That's that whole integrity thing.Clinton: Oh, sure. And look in a battle between security and compliance. Compliance always wins, right? But from a developer perspective, I don't know that we on the front lines writing code actually differentiate, right? That certainly is a matter for the people defining the policies and, you know, creating their gating mechanisms in CI to figure out.What I want to know as a developer is, is my build going to succeed, right? Or am I going to get shut down and get the nastygram that says, you know, “We couldn't launch this for x, y, and z reason.” Now, everybody on my team hates me, my lead dev is on me, now there's a bunch of merge conflicts because my branch is behind. I want to get that out into production, but in order to do that, I need information on how are all these signals going to be compiled together in a way that, you know, creates that red light or green light on the risk dashboard later on. But up until I think, you know, relatively recently, I don't have visibility into that except to launch the commit, you know, start the build and see what happens, and then I have that context-switching problem, right, because it's hours or days later, that I finally get that signal back.So yes, I think we have a compliance story to tell from the Snyk perspective as well. A lot of those same issues, you know, we're detecting, especially with regard to infrastructure as code, but it ultimately is up to various parts of the organization to work together and say, “What balance do we want to strike between security and velocity,” right? Understanding that those are not mutually opposed. What we need is tooling and more importantly a culture that takes both into account and allows us to develop securely and fast at the same time.Corey: I want to thank you so much for taking the time to speak with me about all this. If people want to learn more, where can they find you? And for God's sake, please don't say in your booth at re:Invent.Clinton: [laugh]. I will not be at re:Invent this year. I've had a little bit too much of the Vegas Strip here recently.Corey: No, I hear you. Right now, the people going are those whose employers find them expendable, which is why I'm there.Clinton: I wouldn't say that Corey. I think you'll do great, and you know, just make sure to bank all your vacation for a couple weeks after. Look, come to snyk.io start a conversation, but more importantly, just start using it, right?I don't want to give you the sales pitch; I want you to see the value in the tooling, and the easiest way to do that as an engineer is just to start using it. And if there is value there, you want to bring it to your enterprise. I would love to have that conversation and move forward. But engineer to engineer, like, figure out if this is going to work for you: does it make your life easier? Does it reduce the pain and anxiety you feel before making that commit into the production branch? And if so, then yeah, we'd love to talk.Corey: I will, of course, put links to that in the [show notes 00:33:22]. Thank you so much for speaking to me today. I really appreciate it.Clinton: Thank you, Corey. Glad to do it.Corey: Clinton Herget, principal solutions engineer at Snyk. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment yelling at Snyk about how they're a terrible company because they continually refuse to patronize your side business down at the Vowel Emporium.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Screaming in the Cloud
Handling Time-Series Data with Brian Mullen

Screaming in the Cloud

Play Episode Listen Later Dec 1, 2021 31:40


About BrianBrian is an accomplished dealmaker with experience ranging from developer platforms to mobile services. Before InfluxData, Brian led business development at Twilio. Joining at just thirty-five employees, he built over 150 partnerships globally from the company's infancy through its IPO in 2016. He led the company's international expansion, hiring its first teams in Europe, Asia, and Latin America. Prior to Twilio Brian was VP of Business Development at Clearwire and held management roles at Amp'd Mobile, Kivera, and PlaceWare.Links:InfluxData: https://www.influxdata.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous nonsense.   Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted guest episode is brought to us by our friends at InfluxData. And my guest is titled as the Chief Marketing Officer at InfluxData, and I don't even care because his bio has something absolutely fascinating that I want to address instead. Brian Mullen is an accomplished dealmaker is how the bio starts. And so many of us spend time negotiating deals, but so few people describe ourselves in that way. First, Brian, thank you for joining us. And secondly, what's up with that?Brian: [laugh]. Well, thanks, Corey, very excited to be here. And yes, dealmaker; I guess that would be apropos. How did I get into marketing? Well, a lot of my career is spent in business development, and so I think that's where the dealmaker part comes from.Several different roles, including my first role at Influx—when I joined Influx—was in business development and partnerships. And so, prior to coming to Influx, I spent many years building out the business development team at Twilio, growing that up, and we did a lot of deals with carriers, with Cloud partners, with all kinds of different partners; you name it, we worked with them. And then moving into Influx, joined in an BD capacity here and had a couple different roles that eventually evolved to Chief Marketing Officer. But  that's where the dealmaker comes from. I like to do deals, it's always nice to have one on the side   in whatever capacity you're working in, it's nice to have a deal or two working on the side. It kind of keeps you fresh.Corey: It's fun because people think, “Oh, a deal. You're thinking of mergers and acquisitions, and how hard could that be? You just show up with a bag of money and give it to people and then you have a deal closed.” And oh, if only it were that simple. Every client engagement we have on the consulting side has been a negotiation back and forth, and the idea is to ideally get everyone to the point where they're happy, but honestly, if everyone's slightly unhappy but can live with the result, we'll take that too.And as people go through their own careers it's, you're always trying to make a deal in some form: when you try to get a project approved, or you're trying to get resources thrown at something—by which I generally mean money, not people, though people, too—it's something that isn't necessarily clearly understood or discussed very often, despite the fact that half of what I do is negotiating with AWS on behalf of clients for better contractual terms. The thing that I think takes people by surprise the most is that dealmaking is almost never about pounding the table, being angry, and walking out, like you read the world's worst guide to buying a car or something. It's about finding the win for everyone. At least that's the way I've always approached it.Brian: That's a good point. And actually that wording that you described of finding a win for everybody, that's how I always thought about it. I think about it as first of all, you're trying to understand what the other party—and it could be an individual, it could be a company, it could be a group of companies, sometimes—you're trying to understand what their goals are, what their agenda is and see how that matches with your own; sometimes they're opposing, sometimes they're overlapping. And then everyone has to have some perceived win  in a deal. And it's not competitively; it's more like you just have to have value, that is kind of what the win is – having value in that deal.And so that's the way I always approached it. And doing deals, whether you're in BD or sales, or if you're working with vendors and you're in a different functional role, sometimes it's not even commercial, it's just about aligning resources, perhaps. Our deal might be that you and I are both going to put a collective effort into building something or taking something to market. In another scenario might be like, I'm going to pay for this service that you're delivering, or vice versa. Or we're going to go and bring two revenue-generating products together and take them to market. Whatever it might be, it doesn't matter so much what the mechanics are of the deal, but it's usually about aligning those agendas and in having someone get utility, get value on the other side.Corey: I think that people lose sight of the fact as well, that when you're talking about a service provider—and let's be clear, InfluxData has launched a cloud platform that we'll talk about in a minute—this is not the one-off transactional relationship; once the deal is signed, you've got to work with these people. When they host parts of your production infrastructure, whether you want to admit it or not they're your partner more so than they are your vendor. It has to be an ongoing relationship that people are, if they at least aren't thrilled with it, can at least be happy enough to live with, otherwise it just winds up with this growing sense of resentment and it just sort of leads nowhere.Brian: Yeah, there really is no deal moment. Yes, people sign agreements with companies, but that's just the very beginning. Your relationship evolves from there. We're delivering a product, we're delivering this platform that handles time-series data to our customers, and we're asking them to trust us with their product that they're taking out to market. They're asking us to handle their data and to deliver service to them that they're turning into their production applications. And so it's a big responsibility. And so we care about the relationship with our customers to continue that.Corey: So, I first really became aware of time-series data a few years back during a re:Invent keynote when they pre-announced Timestream, which took entirely too long to come to market. Okay, great. So, you're talking about time-series data. Can you explain what that means in simple terms? And I learned over the next eight minutes that they were talking about it, that no, no, they couldn't. I wound up more confused by the end of the announcement than I was at the beginning.So, assuming that I have the same respect for databases as you would expect for someone whose favorite data store is Route 53—because you can misuse it as a beautiful database—what is time-series data and why does it matter in 2021?Brian: Sure, it's a good question. And I was there in that audience as well that day. So, we think of time-series data as really any type of data that's stamped in time, in some way. It could be every hour, every minute, every second, every half second, whatever. But more specifically, it's any type of data that is generated by some source—and that could be a sensor sources within systems or an actual application—and these things change over time, and then therefore, stamped in time in some way.They can come at different frequencies, like I said, from nanoseconds to seconds, or minutes and hours, but the most important thing is that they usually trigger a workflow, trigger some sort of action. And so that's really what our platform is about. It allows people to handle this type of data and then work with it from there in their applications, trigger new workflows, et cetera. Because the historical context of what happens is super important.And when we talk about sources, it could be really many things. It could be in physical spaces, and we have a lot of IoT types of customers and use cases. And those are things like devices and sensors on the factory floor, out in the field, it's on a vehicle. It's even in space, believe it or not. There are customers that are using us on satellites.And then it can also be sources from within software, applications, and infrastructure, things like VMs, and containers, and microservices, all emitting time-series data. And it could be applications like crypto, or financial, or stock market, agricultural type of applications that are themselves as applications emitting data. So, you think about all these sources that are out there from the physical world to the virtual world, and they're all generating time-series data, and our platform is really specially designed to handle that kind of data. And we can get into some details of what exactly that means, but that's really why we're here. That's what time-series is all about.Corey: And this is the inherent challenge I think we're seeing across the entire industry slash ecosystem. I mean, this is airing during re:Invent week, but at the time we are recording this, we have not yet seen the Tuesday keynote that Adam Selipsky will take to the stage, and no doubt, render the stat I'm about to throw at you completely obsolete. But depending on how you count them, there's somewhere between 13 and 15 managed database or database-like services today that AWS offers. And they never turn things off and they're always releasing new things, supposedly on behalf of customers; in practice because someone somewhere wants to get promoted by launching a new service; good for them. Godspeed.If we look into the uncertain future, at some point, someone's job is going to be disambiguating between the 40 different managed database services that AWS offers and picking the one that works. What differentiates time-series from—let's just start with an easy one—something like MySQL or Postgres—or ‘Postgres-squeal' is how I insist on pronouncing that one. Let's stay away from things like Neptune because no one knows what a social graph database is and I assure you, you almost certainly don't need one. Where does something like Influx work in a way that, “Huh. Running this on MySQL is really starting to suck.”Brian: When and why is it time to consider a specialized tool. And in fact, that's actually what we see a lot with our customers is coming to us around that time when a time-series is a problem to solve for them is reaching the point where they really need a specialized tool that's kind of built for that. And so one way to look at that is really just to think about time-series in general as a type of data. It's rapidly rising. It's the fastest growing data category out there right now.And the reason for that is it's being driven by two big macro trends. One is the explosion of all these applications and services running in the cloud. They're expanding horizontally, they're running in more regions, they're in many cases running on multiple clouds, and so it's just getting big—the workloads are getting bigger and bigger. And those are emitting time-series data. And then simultaneously, you have this  growth of all these devices and sensors that are coming online out in the real world: batteries, and temperature gauges, and all kinds of stuff, both new and old, that is coming online, and those sources are generating a lot of time-series data.So typically, we're in a moment now, where a lot of developers are faced with this massive growth of time-series data. And if you think about some data set that you have, that you're putting into some kind of traditional database, now add the component of time as a multiplier by all the data you have. Instead of that one data, that one metric, you're now looking at doing that every one second in perpetuity. And so it's just an order of magnitude more data that you're dealing with. And then you also have this notion of—when you have that magnitude of data, you have fidelity, you're taking a lot of it in at the same time, I mean, very quickly, so you have  batch or stream data coming in at super high volume, and you may need that for a few minutes or a few hours or days, but maybe you don't need it for months and years.And so you'd maybe dropped down to kind of a lower fidelity for the longer-term. But you really have this  toggling back and forth of the high fidelity and low fidelity, all coming at you at pretty high volume. And so typically what happens is, is when the workloads get big enough, the legacy tools, they're just not equipped to do it. And a developer—if they have a small set of time-series they're dealing with, what is the first thing they're going to do? They're going to look around and be like, “Hey, what do I have here? Oh, I've got Mongo over here. I've got Splunk, or I've got this old relational database, I can put it in.”And that's typically what they'll do, and that works fine until it doesn't. And then that's when they come around looking for a specialized tool. So, we really sit in Influx and, frankly, other time-series products really do sit at that point where people are considering a specialized tool just because the workload has gotten such that it requires that.Corey: Yeah. Taking a look at most of the offerings in the space; anything that winds up charging anything more than a very tiny fraction of a penny—from what you're describing—is going to quickly become non-economical, where it's, “Oh, we're going to charge you”—like using S3: every, I think, 1000 writes cost a penny—“Oh, we're just going to use S3 for this.” Well, at some of these data volumes, that means that your request charge on S3 is very quickly going to become the largest single line item in your bill, which is nothing short of impressive in a lot of cases, but it also probably means that you've taken a very specific tool—like an iPad—and tried to use it as something else—like a hammer—and no one's particularly happy with that outcome.Brian: Yeah. First of all, having usage-based pricing is really important. We think about it as allowing people to have the full version of the product without a major commitment, and be using it in test scenarios and then later in the very early production scenarios. But as a principle, it's important for people that just signed up two hours ago using your product are basically using the same full product that the biggest customers that you have are using that are paying many, many thousands or tens of thousands per month. And so the way to do that is to offer usage-based pricing and not force people to commit to something before they're ready to do it.And so there's ways to unlock lower pricing, and we, like a lot of companies, offer annual pricing and we have a sales team that worked with folks to basically draw down their unit costs on the use of the platform once they kind of get comfortable with their workload. So, there's definitely avenues to get lower price, and we're believers in that. And we also want to, from a product development perspective, try to make the product more efficient. And so we basically are trying to drive down the costs through efficiencies in the product: make it run faster, make queries take less time, and also ship products on top of it that require developers to write less code themselves, kind of, do more of the work for them.Corey: One of the things I find particularly compelling about what you've done is it is an open-source project. If I want to go ahead and run some time-series experiments myself, I can spin it up anywhere I want and run it however I see fit. Now, at some point, if I'm doing this for anything more than, “Oh, let's see how I can misuse this today,” I probably want to at least consider letting someone who's better at running these things than I am take it over. And as I'm looking through your customer list, the thing that strikes me is how none of these things are quite like the other. We're talking about companies like Hulu is probably not using it the same way as Capital One is, at least I certainly hope not. You have Texas Instruments; you also have Adobe. And it sort of runs an entire gamut of none of these companies quite look alike; I have to imagine their use cases are also somewhat varied, too.Brian: Yeah, that's right. And we really do see as a platform, and with time-series being the common problem that people are looking to solve, we see this pretty broad set of use cases and customer types. And we have some more traditional customers like the Cisco's and the IBM's of the world, and then some  relatively new folks like Tesla and Hulu and others that are a little bit more recent. But they're all trying to solve the same fundamental problem with time-series, which is “How can I handle it in an efficient way and make use of it meaningfully in my applications and services?”And we were talking earlier about having some sources of time-series data being in, kind of a virtual space, like in infrastructure and software, and then some being in physical space, like in devices and sensors out in the real world. So, we have breadth in that way, too. We have folks who are building big software observability infrastructure solutions on us, and we also have people that are pulling data off of the devices on a solar panel that's sitting on a house in the emerging world, right? So, you have basically these two far ends of the spectrum, but all using this specialized tool to handle the time-series data that they're generating.Corey: It seems to me that for most of these use cases and the way you describe it, it's more about the overall shape of the data when we're talking about time-series more so than it is any particular data point in isolation. Is that accurate, or are there cases where that is very much not the case?Brian: I think that's accurate. What people are mostly trying to understand is context for what's happening. And so it's not necessarily—to your point—not searching for one specific data point or moment, but it's really understanding context for some general state that has changed or some trend that has emerged, whatever that might be, and then making sense of that, and then taking action on that. And taking an action could mean a couple of different things, too. It could be in an observability sense, where somebody in  an operator type of mode where they're looking at dashboards and paying attention to  infrastructure that's running and then need to take some sort of action based on that. It also, in many cases, is automated in some way: it's either some series of automated responses to some state that is reached that is visible in the data, or is actually kicking off some new series of tasks or actions inside of an application based on what is occurring and shown by the time-series data.Corey: You know what doesn't add to your AWS bill? Free developer security from Snyk. Snyk is a frictionless security platform that meets developers where they are, finding and fixing vulnerabilities right from the CLI, IDEs, repos, and pipelines. And Snyk integrates seamlessly with AWS offerings like CodePipeline, EKS, ECR, and oh so much more.Secure with Snyk and save some loot. Learn more at snyk.io/scream. That's S-N-Y-K-dot-I-O/screamCorey: So, we've talked about, you have an open-source product, which is the sort of thing that most people listening to this should have a vague idea of, “Oh, that means I can go on GitHub and download it and start using it, if it's not already in my package manager.” Great. You also have the enterprise offering, which is more or less, I presume, a supported distribution of this—for lack of a better term—that you then wind up providing blessed configurations thereof and helping run support for that—for companies that want to run it on-prem. Is that directionally accurate, or am I grossly mischaracterizing [laugh] what your enterprise offering is?Brian: Directionally accurate, of course. You could have a great job in marketing. I really think you could.Corey: Oh, you know, I would argue, on some level, I probably do. The challenge I have is that I keep conflating marketing with spectacle and that leads down to really unfortunate, weird places. But one additional area, which is relatively recent since the last time I spoke with Paul—one of the cofounders of your company—on this show is InfluxDB Cloud, which is one of those, “Oh, let me see if I look—if I'm right.” And sure enough, yeah, you wind up managing the infrastructure for us and it becomes a pay-per consumption model the way that most cloud service providers do, without the really obnoxious hidden 15 levels of billing dimensions.Brian: Yes, we are trying to bring the transparency back. But yes, you're correct. We have open-source and we have—it's very popular—we have over 500,000-plus instances of that deployed globally today in the community. And that's typically very common for developers to get started using the open-source, easily recognizable, it's been out for a long time, and so many people start the journey there.And then we have InfluxDB Enterprise, which it's actually a clustered version of InfluxDB open-source. So, it allows you to basically handle in an environment that you want to manage yourself, you manage a cluster and scale it out and handle ever-increasing workloads and have things like redundancy and replication, et cetera. But that's really specifically for people who want to deploy and operate the software themselves, which is a good set of people; we have a lot of folks who have done that. But one of the areas that's a little bit more recent is InfluxDB Cloud, which is really, for folks who don't want to have anything to do with the management; they really just want to use it as a service, send their data in—Corey: Yeah, give me an API endpoint, and I want you to worry about the care, and the feeding, and the waking up at two in the morning when a disk starts filling up. Yeah, that is the best kind of problem from my perspective: someone else's.Brian: Exactly. That's our job. And increasingly, we've seen folks gravitate to that. We've got a lot of folks have signed up on this product since it launched in 2019, and it's really increasingly where they begin their journey, maybe not even going to the open-source just going directly to this because it's relatively simple to get started.It's priced based on usage. People pay for three vectors: they have the amount of data in; they have number of queries made against the platform; and then storage, how much data you have and for how long. And depending on the use case, some people keep it around for relatively short time, like a few days or a couple of weeks. Other folks have it for many, many months and potentially years in some places. So, you really have that option.But I would say the three products are really about how you want to run it. Do you care about running the, kind of, underlying infrastructure and managing it or do you just want to hit an endpoint, as you said.Corey: You launched this, I want to say in 2019, which feels about directionally right. And I know it was after Timestream was announced, so I just want to say first, how kind and selfless it was of you to validate AWS's market, which is, you know how they always like to clarify and define what they're doing when they decide to enter every single market anywhere to compete with everyone. It turns out, I don't get the sense that they like it quite [laugh] as much being on the other side of that particular divide, but that's the best kind of problem, too: again, someone else's.Brian: Yeah, I think that's really true.Corey: The challenge that I have is that it seems like a weird direction to go in as a company, though it is clearly based upon a number of press releases you have made about the success and market traction that you found, it feels, on some level, like it is falling into an older version of an open-source trap of assuming that, “Well, we wrote the software therefore we are the best people you could pick to run it.” That was what a lot of companies did; it turns out that AWS has this operational excellence, as they call it, and what the rest of us call burning through people and making them wake up in the middle of the night to fix things before it becomes customer-visible. But from the outside, there's no difference. It seems, however, that you have built something that is clearly resonating, and in a big way, in a way that—I've got to be direct with you—the AWS time-series service that they are offering has not been finding success.Brian: Thank you for saying that, and we feel pretty excited about the success we've had even being in the same market as Amazon. And Amazon does a phenomenal job at running products at scale, and the breadth that they have in their product lineup is pretty impressive, especially when they roll out new stuff at AWS re:Invent every year. But we've been able to find some pretty good success with our approach, and it's based on a couple of things. So, one is being the company that actually develops and still deploys the open-source is really important. People gravitate to that.Our roots as a company are open-source, we've been a part of and fostered this community over many, many years, and there's a certain trust in the direction that we're taking the company. And Paul, our founder who you mentioned, he's been front and center with that community, pretty deeply engaged for many, many years. I think that carries a lot of weight. At least that's the way we think about it. But then as far as commercial products go, we really think about it as going to where our customers are, going to where developers are. And that could mean the language that they prefer, the language of preference for them. And that could [crosstalk 00:22:25]—Corey: Oh, and it's very clear; it seems that most database companies that I talk to—again, without naming names—tend to focus on the top-down sale, but I've never worked in an environment where the database that will be used was dictated by anyone other than the application developers who are the closest to the technical requirements for the workload. I've never understood this model of, “Oh, we're going to talk to the C suite because we believe that they're going to pick a database vendor based upon who has box seats this season.” I've never gotten that and that probably means I'm a terrible enterprise marketer, on some level. But unlike almost every other player in the database space, I've never struggled to understand what the hell your messaging has meant, other than the technical bits that I just don't have quite enough neurons to bang together to create sparks to fully understand. It is very clearly targeted at a builder rather than someone who's more or less spending their entire life in meetings. Which, oh, God, that's me.Brian: [laugh]. Yes, it's very much the case. We are focused on the developer. And that developer is a builder of an application or service that is seeing the light of day, it's going out and being used by their own end-users and end-customers.And so we care about going to where those developers are, and that could mean going and making your product easily used in the language and tool that customer cares about. So, if you're a Python developer, it's important for us to have tools and make it easy for Python developers. We have client libraries for Python, for example. It also means going to the cloud where your customers are. And this is something that differentiates us as well, when you start looking at what the other cloud providers are offering, in that data—like it or not—has gravity. And so somebody that has built their whole stack on AWS and sure they care about using a service that is going to receive their data, and that also being in AWS, but—Corey: It has to live where the customers are, especially with data egress charges being what they are, too.Brian: Exactly.Corey: And data gravity is real. The cloud provider people pick is the one where their data lives because of that particular inflection in the market.Brian: Absolutely true. And so that's great if you're only going after people who are on AWS, but what about Google Cloud and what about Microsoft Azure? There are a lot of developers that are building on those platforms as well, and that's one of the reasons we want to go there as well. So, InfluxDB Cloud is a multi-cloud offering, and it's equal experience and capability and pricing on each of the three major clouds. You can buy directly from us; you can put it on any of your cloud bills in one of those marketplaces, and to us that's like a really, really fundamental point is to bring your product and make it as easy to use on those platforms and in those languages, and in those realms and use cases where people are already working.Corey: I'm a big believer in multi-cloud for the use case you just defined. Because I know I'm going to get letters if I don't say this based upon my public multi-cloud is a dumb default worst practice for most folks—because it is, on a workload-by-workload basis—but you're building a service that has to be close to where your customers are and for that specific thing, yeah, it makes an awful lot of sense for you to have a presence across all the different providers. Now, here's the $64,000 question for you: is the experience as an InfluxDB Cloud customer meaningfully different between different providers?Brian: It's not. We actually pride ourselves on it being the same. Using InfluxDB, you sign up for InfluxDB Cloud, you come in, you set up your account, create your organization, and then you choose which underlying cloud provider you want your account to be provisioned in. And so it actually comes as a secondary choice; it's not something that is gated in the beginning, and that allows us to deliver a uniform experience across the board. And you may in a future use case, maybe somebody wants to have part of what they're building data living in AWS and maybe part of it living in Azure, I mean, that could be a scenario as well.However, typically what we've seen—and you've probably seen this as well—is  most developers are—and organizations—are building mostly on one cloud. I don't see a lot of  multi-cloud in that organization. But we ourselves need to be multi-cloud in order to go to where those people are working. And so that's the distinction. It's for us as a company that delivers product to those people, it's important for us to go where they are, whereas they themselves are not necessarily running on all three cloud products; they're probably running on one platform.Corey: Yeah. On a workload-by-workload basis, that's what generally makes sense. Anytime you have someone who has a particular workload that needs to be in multiple providers, okay, great, you're going to put that out there, but their backend systems, their billing, their marketing, all the rest, is not going to go down that path for a variety of excellent reasons, mostly that it is a colossal pain, and a bunch of, more or less, solving the same problems over and over, rather than the whole point of cloud being to make it someone else's. I want to thank you for taking so much time to speak to me about how you're viewing the evolution of the market, how you're seeing your move into cloud, and how you're effectively targeting folks who can actually care about the implementation details of a database rather than, honestly, suits. If people want to learn more, where can they find you?Brian: They can go to our website; it's the easiest place to go. So, influxdata.com. You can read all about InfluxDB, it's a pretty easy sign up to get underway. So, I recommend that people get their hands dirty with the product. That's the easiest way to understand what it's all about.Corey: And if you do end up doing that, please tell them I sent you because the involuntary flinch whenever people mention my name to vendors is one of my favorite parts of being me. Brian, thank you so much for being so generous with your time. I appreciate it.Brian: Thanks so much for having us on. It was great.Corey: Brian Mullen, Chief Marketing Officer—and dealmaker—at InfluxData. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a long, angry comment telling me that you work on the Timestream service team, and your product is the best. It's found huge success, but I've just never met any of your customers and I can't because they all live in Canada.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Screaming in the Cloud
Keeping the Chaos Searchable with Thomas Hazel

Screaming in the Cloud

Play Episode Listen Later Nov 30, 2021 44:43


About ThomasThomas Hazel is Founder, CTO, and Chief Scientist of ChaosSearch. He is a serial entrepreneur at the forefront of communication, virtualization, and database technology and the inventor of ChaosSearch's patented IP. Thomas has also patented several other technologies in the areas of distributed algorithms, virtualization and database science. He holds a Bachelor of Science in Computer Science from University of New Hampshire, Hall of Fame Alumni Inductee, and founded both student & professional chapters of the Association for Computing Machinery (ACM).Links:ChaosSearch: https://www.chaossearch.io TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.   Corey: This episode is sponsored in part by our friends at Vultr. Spelled V-U-L-T-R because they're all about helping save money, including on things like, you know, vowels. So, what they do is they are a cloud provider that provides surprisingly high performance cloud compute at a price that—while sure they claim its better than AWS pricing—and when they say that they mean it is less money. Sure, I don't dispute that but what I find interesting is that it's predictable. They tell you in advance on a monthly basis what it's going to going to cost. They have a bunch of advanced networking features. They have nineteen global locations and scale things elastically. Not to be confused with openly, because apparently elastic and open can mean the same thing sometimes. They have had over a million users. Deployments take less that sixty seconds across twelve pre-selected operating systems. Or, if you're one of those nutters like me, you can bring your own ISO and install basically any operating system you want. Starting with pricing as low as $2.50 a month for Vultr cloud compute they have plans for developers and businesses of all sizes, except maybe Amazon, who stubbornly insists on having something to scale all on their own. Try Vultr today for free by visiting: vultr.com/screaming, and you'll receive a $100 in credit. Thats v-u-l-t-r.com slash screaming.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode is brought to us by our friends at ChaosSearch.We've been working with them for a long time; they've sponsored a bunch of our nonsense, and it turns out that we've been talking about them to our clients since long before they were a sponsor because it actually does what it says on the tin. Here to talk to us about that in a few minutes is Thomas Hazel, ChaosSearch's CTO and founder. First, Thomas, nice to talk to you again, and as always, thanks for humoring me.Thomas: [laugh]. Hi, Corey. Always great to talk to you. And I enjoy these conversations that sometimes go up and down, left and right, but I look forward to all the fun we're going to have.Corey: So, my understanding of ChaosSearch is probably a few years old because it turns out, I don't spend a whole lot of time meticulously studying your company's roadmap in the same way that you presumably do. When last we checked in with what the service did-slash-does, you are effectively solving the problem of data movement and querying that data. The idea behind data warehouses is generally something that's shoved onto us by cloud providers where, “Hey, this data is going to be valuable to you someday.” Data science teams are big proponents of this because when you're storing that much data, their salaries look relatively reasonable by comparison. And the ChaosSearch vision was, instead of copying all this data out of an object store and storing it on expensive disks, and replicating it, et cetera, what if we queried it in place in a somewhat intelligent manner?So, you take the data and you store it, in this case, in S3 or equivalent, and then just query it there, rather than having to move it around all over the place, which of course, then incurs data transfer fees, you're storing it multiple times, and it's never in quite the format that you want it. That was the breakthrough revelation, you were Elasticsearch—now OpenSearch—API compatible, which was great. And that was, sort of, a state of the art a year or two ago. Is that generally correct?Thomas: No, you nailed our mission statement. No, you're exactly right. You know, the value of cloud object stores, S3, the elasticity, the durability, all these wonderful things, the problem was you couldn't get any value out of it, and you had to move it out to these siloed solutions, as you indicated. So, you know, our mission was exactly that, transformed customers' cloud storage into an analytical database, a multi-model analytical database, where our first use case was search and log analytics, replacing the ELK stack and also replacing the data pipeline, the schema management, et cetera. We automate the entire step, raw data to insights.Corey: It's funny we're having this conversation today. Earlier, today, I was trying to get rid of a relatively paltry 200 gigs or so of small files on an EFS volume—you know, Amazon's version of NFS; it's like an NFS volume except you're paying Amazon for the privilege—great. And it turns out that it's a whole bunch of operations across a network on a whole bunch of tiny files, so I had to spin up other instances that were not getting backed by spot terminations, and just firing up a whole bunch of threads. So, now the load average on that box is approaching 300, but it's plowing through, getting rid of that data finally.And I'm looking at this saying this is a quarter of a terabyte. Data warehouses are in the petabyte range. Oh, I begin to see aspects of the problem. Even searching that kind of data using traditional tooling starts to break down, which is sort of the revelation that Google had 20-some-odd years ago, and other folks have since solved for, but this is the first time I've had significant data that wasn't just easily searched with a grep. For those of you in the Unix world who understand what that means, condolences. We're having a support group meeting at the bar.Thomas: Yeah. And you know, I always thought, what if you could make cloud object storage like S3 high performance and really transform it into a database? And so that warehouse capability, that's great. We like that. However to manage it, to scale it, to configure it, to get the data into that, was the problem.That was the promise of a data lake, right? This simple in, and then this arbitrary schema on read generic out. The problem next came, it became swampy, it was really hard, and that promise was not delivered. And so what we're trying to do is get all the benefits of the data lake: simple in, so many services naturally stream to cloud storage. Shoot, I would say every one of our customers are putting their data in cloud storage because their data pipeline to their warehousing solution or Elasticsearch may go down and they're worried they'll lose the data.So, what we say is what if you just said activate that data lake and get that ELK use case, get that BI use case without that data movement, as you indicated, without that ETL-ing, without that data pipeline that you're worried is going to fall over. So, that vision has been Chaos. Now, we haven't talked in, you know, a few years, but this idea that we're growing beyond what we are just going after logs, we're going into new use cases, new opportunities, and I'm looking forward to discussing with you.Corey: It's a great answer that—though I have to call out that I am right there with you as far as inappropriately using things as databases. I know that someone is going to come back and say, “Oh, S3 is a database. You're dancing around it. Isn't that what Athena is?” Which is named, of course, after the Greek Goddess of spending money on AWS? And that is a fair question, but to my understanding, there's a schema story behind that does not apply to what you're doing.Thomas: Yeah, and that is so crucial is that we like the relational access. The time-cost complexity to get it into that, as you mentioned, scaled access, I mean, it could take weeks, months to test it, to configure it, to provision it, and imagine if you got it wrong; you got to redo it again. And so our unique service removes all that data pipeline schema management. And because of our innovation because of our service, you do all schema definition, on the fly, virtually, what we call views on your index data, that you can publish an elastic index pattern for that consumption, or a relational table for that consumption. And that's kind of leading the witness into things that we're coming out with this quarter into 2022.Corey: I have to deal with a little bit of, I guess, a shame here because yeah, I'm doing exactly what you just described. I'm using Athena to wind up querying our customers' Cost and Usage Reports, and we spend a couple hundred bucks a month on AWS Glue to wind up massaging those into the way that they expect it to be. And it's great. Ish. We hook it up to Tableau and can make those queries from it, and all right, it's great.It just, burrr goes the money printer, and we somehow get access and insight to a lot of valuable data. But even that is knowing exactly what the format is going to look like. Ish. I mean, Cost and Usage Reports from Amazon are sort of aspirational when it comes to schema sometimes, but here we are. And that's been all well and good.But now the idea of log files, even looking at the base case of sending logs from an application, great. Nginx, or Apache, or [unintelligible 00:07:24], or any of the various web servers out there all tend to use different logging formats just to describe the same exact things, start spreading that across custom in-house applications and getting signal from that is almost impossible. “Oh,” people say, “So, we'll use a structured data format.” Now, you're putting log and structuring requirements on application developers who don't care in the first place, and now you have a mess on your hands.Thomas: And it really is a mess. And that challenge is, it's so problematic. And schemas changing. You know, we have customers and one reasons why they go with us is their log data is changing; they didn't expect it. Well, in your data pipeline, and your Athena database, that breaks. That brings the system down.And so our system uniquely detects that and manages that for you and then you can pick and choose how you want to export in these views dynamically. So, you know, it's really not rocket science, but the problem is, a lot of the technology that we're using is designed for static, fixed thinking. And then to scale it is problematic and time-consuming. So, you know, Glue is a great idea, but it has a lot of sharp [pebbles 00:08:26]. Athena is a great idea but also has a lot of problems.And so that data pipeline, you know, it's not for digitally native, active, new use cases, new workloads coming up hourly, daily. You think about this long-term; so a lot of that data prep pipelining is something we address so uniquely, but really where the customer cares is the value of that data, right? And so if you're spending toils trying to get the data into a database, you're not answering the questions, whether it's for security, for performance, for your business needs. That's the problem. And you know, that agility, that time-to-value is where we're very uniquely coming in because we start where your data is raw and we automate the process all the way through.Corey: So, when I look at the things that I have stuffed into S3, they generally fall into a couple of categories. There are a bunch of logs for things I never asked for nor particularly wanted, but AWS is aggressive about that, first routing through CloudTrail so you can get charged 50-cent per gigabyte ingested. Awesome. And of course, large static assets, images I have done something to enter colloquially now known as shitposts, which is great. Other than logs, what could you possibly be storing in S3 that lends itself to, effectively, the type of analysis that you built around this?Thomas: Well, our first use case was the classic log use cases, app logs, web service logs. I mean, CloudTrail, it's famous; we had customers that gave up on elastic, and definitely gave up on relational where you can do a couple changes and your permutation of attributes for CloudTrail is going to put you to your knees. And people just say, “I give up.” Same thing with Kubernetes logs. And so it's the classic—whether it's CSV, where it's JSON, where it's log types, we auto-discover all that.We also allow you, if you want to override that and change the parsing capabilities through a UI wizard, we do discover what's in your buckets. That term data swamp, and not knowing what's in your bucket, we do a facility that will index that data, actually create a report for you for knowing what's in. Now, if you have text data, if you have log data, if you have BI data, we can bring it all together, but the real pain is at the scale. So classically, app logs, system logs, many devices sending IoT-type streams is where we really come in—Kubernetes—where they're dealing with terabytes of data per day, and managing an ELK cluster at that scale. Particularly on a Black Friday.Shoot, some of our customers like—Klarna is one of them; credit card payment—they're ramping up for Black Friday, and one of the reasons why they chose us is our ability to scale when maybe you're doing a terabyte or two a day and then it goes up to twenty, twenty-five. How do you test that scale? How do you manage that scale? And so for us, the data streams are, traditionally with our customers, the well-known log types, at least in the log use cases. And the challenge is scaling it, is getting access to it, and that's where we come in.Corey: I will say the last time you were on the show a couple of years ago, you were talking about the initial logging use case and you were speaking, in many cases aspirationally, about where things were going. What a difference a couple years is made. Instead of talking about what hypothetical customers might want, or what—might be able to do, you're just able to name-drop them off the top of your head, you have scaled to approximately ten times the number of employees you had back then. You've—Thomas: Yep. Yep.Corey: —raised, I think, a total of—what, 50 million?—since then.Thomas: Uh, 60 now. Yeah.Corey: Oh, 60? Fantastic.Thomas: Yeah, yeah.Corey: Congrats. And of course, how do you do it? By sponsoring Last Week in AWS, as everyone should. I'm taking clear credit for that every time someone announces around, that's the game. But no, there is validity to it because telling fun stories and sponsoring exciting things like this only carry you so far. At some point, customers have to say, yeah, this is solving a pain that I have; I'm willing to pay you money to solve it.And you've clearly gotten to a point where you are addressing the needs of those customers at a pretty fascinating clip. It's bittersweet from my perspective because it seems like the majority of your customers have not come from my nonsense anymore. They're finding you through word of mouth, they're finding through more traditional—read as boring—ad campaigns, et cetera, et cetera. But you've built a brand that extends beyond just me. I'm no longer viewed as the de facto ombudsperson for any issue someone might have with ChaosSearch on Twitters. It's kind of, “Aww, the company grew up. What happened there?”Thomas: No, [laugh] listen, this you were great. We reached out to you to tell our story, and I got to be honest. A lot of people came by, said, “I heard something on Corey Quinn's podcasts,” or et cetera. And it came a long way now. Now, we have, you know, companies like Equifax, multi-cloud—Amazon and Google.They love the data lake philosophy, the centralized, where use cases are now available within days, not weeks and months. Whether it's logs and BI. Correlating across all those data streams, it's huge. We mentioned Klarna, [APM Performance 00:13:19], and, you know, we have Armor for SIEM, and Blackboard for [Observers 00:13:24].So, it's funny—yeah, it's funny, when I first was talking to you, I was like, “What if? What if we had this customer, that customer?” And we were building the capabilities, but now that we have it, now that we have customers, yeah, I guess, maybe we've grown up a little bit. But hey, listen to you're always near and dear to our heart because we remember, you know, when you stop[ed by our booth at re:Invent several times. And we're coming to re:Invent this year, and I believe you are as well.Corey: Oh, yeah. But people listening to this, it's if they're listening the day it's released, this will be during re:Invent. So, by all means, come by the ChaosSearch booth, and see what they have to say. For once they have people who aren't me who are going to be telling stories about these things. And it's fun. Like, I joke, it's nothing but positive here.It's interesting from where I sit seeing the parallels here. For example, we have both had—how we say—adult supervision come in. You have a CEO, Ed, who came over from IBM Storage. I have Mike Julian, whose first love language is of course spreadsheets. And it's great, on some level, realizing that, wow, this company has eclipsed my ability to manage these things myself and put my hands-on everything. And eventually, you have to start letting go. It's a weird growth stage, and it's a heck of a transition. But—Thomas: No, I love it. You know, I mean, I think when we were talking, we were maybe 15 employees. Now, we're pushing 100. We brought on Ed Walsh, who's an amazing CEO. It's funny, I told him about this idea, I invented this technology roughly eight years ago, and he's like, “I love it. Let's do it.” And I wasn't ready to do it.So, you know, five, six years ago, I started the company always knowing that, you know, I'd give him a call once we got the plane up in the air. And it's been great to have him here because the next level up, right, of execution and growth and business development and sales and marketing. So, you're exactly right. I mean, we were a young pup several years ago, when we were talking to you and, you know, we're a little bit older, a little bit wiser. But no, it's great to have Ed here. And just the leadership in general; we've grown immensely.Corey: Now, we are recording this in advance of re:Invent, so there's always the question of, “Wow, are we going to look really silly based upon what is being announced when this airs?” Because it's very hard to predict some things that AWS does. And let's be clear, I always stay away from predictions, just because first, I have a bit of a knack for being right. But also, when I'm right, people will think, “Oh, Corey must have known about that and is leaking,” whereas if I get it wrong, I just look like a fool. There's no win for me if I start doing the predictive dance on stuff like that.But I have to level with you, I have been somewhat surprised that, at least as of this recording, AWS has not moved more in your direction because storing data in S3 is kind of their whole thing, and querying that data through something that isn't Athena has been a bit of a reach for them that they're slowly starting to wrap their heads around. But their UltraWarm nonsense—which is just, okay, great naming there—what is the point of continually having a model where oh, yeah, we're going to just age it out, the stuff that isn't actively being used into S3, rather than coming up with a way to query it there. Because you've done exactly that, and please don't take this as anything other than a statement of fact, they have better access to what S3 is doing than you do. You're forced to deal with this thing entirely from a public API standpoint, which is fine. They can theoretically change the behavior of aspects of S3 to unlock these use cases if they chose to do so. And they haven't. Why is it that you're the only folks that are doing this?Thomas: No, it's a great question, and I'll give them props for continuing to push the data lake [unintelligible 00:17:09] to the cloud providers' S3 because it was really where I saw the world. Lakes, I believe in. I love them. They love them. However, they promote the move the data out to get access, and it seems so counterintuitive on why wouldn't you leave it in and put these services, make them more intelligent? So, it's funny, I've trademark ‘Smart Object Storage,' I actually trademarked—I think you [laugh] were a part of this—‘UltraHot,' right? Because why would you want UltraWarm when you can have UltraHot?And the reason, I feel, is that if you're using Parquet for Athena [unintelligible 00:17:40] store, or Lucene for Elasticsearch, these two index technologies were not designed for cloud storage, for real-time streaming off of cloud storage. So, the trick is, you have to build UltraWarm, get it off of what they consider cold S3 into a more warmer memory or SSD type access. What we did, what the invention I created was, that first read is hot. That first read is fast.Snowflake is a good example. They give you a ten terabyte demo example, and if you have a big instance and you do that first query, maybe several orders or groups, it could take an hour to warm up. The second query is fast. Well, what if the first query is in seconds as well? And that's where we really spent the last five, six years building out the tech and the vision behind this because I like to say you go to a doctor and say, “Hey, Doc, every single time I move my arm, it hurts.” And the doctor says, “Well, don't move your arm.”It's things like that, to your point, it's like, why wouldn't they? I would argue, one, you have to believe it's possible—we're proving that it is—and two, you have to have the technology to do it. Not just the index, but the architecture. So, I believe they will go this direction. You know, little birdies always say that all these companies understand this need.Shoot, Snowflake is trying to be lake-y; Databricks is trying to really bring this warehouse lake concept. But you still do all the pipelining; you still have to do all the data management the way that you don't want to do. It's not a lake. And so my argument is that it's innovation on why. Now, they have money; they have time, but, you know, we have a big head start.Corey: I remembered last year at re:Invent they released a, shall we say, significant change to S3 that it enabled read after write consistency, which is awesome, for again, those of us in the business of misusing things as databases. But for some folks, the majority of folks I would say, it was a, “I don't know what that means and therefore I don't care.” And that's fine. I have no issue with that. There are other folks, some of my customers for example, who are suddenly, “Wait a minute. This means I can sunset this entire janky sidecar metadata system that is designed to make sure that we are consistent in our use of S3 because it now does it automatically under the hood?” And that's awesome. Does that change mean anything for ChaosSearch?Thomas: It doesn't because of our architecture. We're append-only, write-once scenario, so a lot of update-in-place viewpoints. My viewpoint is that if you're seeing S3 as the database and you need that type of consistency, it make sense of why you'd want it, but because of our distributive fabric, our stateless architecture, our append-only nature, it really doesn't affect us.Now, I talked to the S3 team, I said, “Please if you're coming up with this feature, it better not be slower.” I want S3 to be fast, right? And they said, “No, no. It won't affect performance.” I'm like, “Okay. Let's keep that up.”And so to us, any type of S3 capability, we'll take advantage of it if benefits us, whether it's consistency as you indicated, performance, functionality. But we really keep the constructs of S3 access to really limited features: list, put, get. [roll-on 00:20:49] policies to give us read-only access to your data, and a location to write our indices into your account, and then are distributed fabric, our service, acts as those indices and query them or searches them to resolve whatever analytics you need. So, we made it pretty simple, and that is allowed us to make it high performance.Corey: I'll take it a step further because you want to talk about changes since the last time we spoke, it used to be that this was on top of S3, you can store your data anywhere you want, as long as it's S3 in the customer's account. Now, you're also supporting one-click integration with Google Cloud's object storage, which, great. That does mean though, that you're not dependent upon provider-specific implementations of things like a consistency model for how you've built things. It really does use the lowest common denominator—to my understanding—of object stores. Is that something that you're seeing broad adoption of, or is this one of those areas where, well, you have one customer on a different provider, but almost everything lives on the primary? I'm curious what you're seeing for adoption models across multiple providers?Thomas: It's a great question. We built an architecture purposely to be cloud-agnostic. I mean, we use compute in a containerized way, we use object storage in a very simple construct—put, get, list—and we went over to Google because that made sense, right? We have customers on both sides. I would say Amazon is the gorilla, but Google's trying to get there and growing.We had a big customer, Equifax, that's on both Amazon and Google, but we offer the same service. To be frank, it looks like the exact same product. And it should, right? Whether it's Amazon Cloud, or Google Cloud, multi-select and I want to choose either one and get the other one. I would say that different business types are using each one, but our bulk of the business isn't Amazon, but we just this summer released our SaaS offerings, so it's growing.And you know, it's funny, you never know where it comes from. So, we have one customer—actually DigitalRiver—as one of our customers on Amazon for logs, but we're growing in working together to do a BI on GCP or on Google. And so it's kind of funny; they have two departments on two different clouds with two different use cases. And so do they want unification? I'm not sure, but they definitely have their BI on Google and their operations in Amazon. It's interesting.Corey: You know its important to me that people learn how to use the cloud effectively. Thats why I'm so glad that Cloud Academy is sponsoring my ridiculous non-sense. They're a great way to build in demand tech skills the way that, well personally, I learn best which I learn by doing not by reading. They have live cloud labs that you can run in real environments that aren't going to blow up your own bill—I can't stress how important that is. Visit cloudacademy.com/corey. Thats C-O-R-E-Y, don't drop the “E.” Use Corey as a promo-code as well. You're going to get a bunch of discounts on it with a lifetime deal—the price will not go up. It is limited time, they assured me this is not one of those things that is going to wind up being a rug pull scenario, oh no no. Talk to them, tell me what you think. Visit: cloudacademy.com/corey,  C-O-R-E-Y and tell them that I sent you!Corey: I know that I'm going to get letters for this. So, let me just call it out right now. Because I've been a big advocate of pick a provider—I care not which one—and go all-in on it. And I'm sitting here congratulating you on extending to another provider, and people are going to say, “Ah, you're being inconsistent.”No. I'm suggesting that you as a provider have to meet your customers where they are because if someone is sitting in GCP and your entire approach is, “Step one, migrate those four petabytes of data right on over here to AWS,” they're going to call you that jackhole that you would be by making that suggestion and go immediately for option B, which is literally anything that is not ChaosSearch, just based upon that core misunderstanding of their business constraints. That is the way to think about these things. For a vendor position that you are in as an ISV—Independent Software Vendor for those not up on the lingo of this ridiculous industry—you have to meet customers where they are. And it's the right move.Thomas: Well, you just said it. Imagine moving terabytes and petabytes of data.Corey: It sounds terrific if I'm a salesperson for one of these companies working on commission, but for the rest of us, it sounds awful.Thomas: We really are a data fabric across clouds, within clouds. We're going to go where the data is and we're going to provide access to where that data lives. Our whole philosophy is the no-movement movement, right? Don't move your data. Leave it where it is and provide access at scale.And so you may have services in Google that naturally stream to GCS; let's do it there. Imagine moving that amount of data over to Amazon to analyze it, and vice versa. 2020, we're going to be in Azure. They're a totally different type of business, users, and personas, but you're getting asked, “Can you support Azure?” And the answer is, “Yes,” and, “We will in 2022.”So, to us, if you have cloud storage, if you have compute, and it's a big enough business opportunity in the market, we're there. We're going there. When we first started, we were talking to MinIO—remember that open-source, object storage platform?—We've run on our laptops, we run—this [unintelligible 00:25:04] Dr. Seuss thing—“We run over here; we run over there; we run everywhere.”But the honest truth is, you're going to go with the big cloud providers where the business opportunity is, and offer the same solution because the same solution is valued everywhere: simple in; value out; cost-effective; long retention; flexibility. That sounds so basic, but you mentioned this all the time with our Rube Goldberg, Amazon diagrams we see time and time again. It's like, if you looked at that and you were from an alien planet, you'd be like, “These people don't know what they're doing. Why is it so complicated?” And the simple answer is, I don't know why people think it's complicated.To your point about Amazon, why won't they do it? I don't know, but if they did, things would be different. And being honest, I think people are catching on. We do talk to Amazon and others. They see the need, but they also have to build it; they have to invent technology to address it. And using Parquet and Lucene are not the answer.Corey: Yeah, it's too much of a demand on the producers of that data rather than the consumer. And yeah, I would love to be able to go upstream to application developers and demand they do things in certain ways. It turns out as a consultant, you have zero authority to do that. As a DevOps team member, you have limited ability to influence it, but it turns out that being the ‘department of no' quickly turns into being the ‘department of unemployment insurance' because no one wants to work with you. And collaboration—contrary to what people wish to believe—is a key part of working in a modern workplace.Thomas: Absolutely. And it's funny, the demands of IT are getting harder; the actual getting the employees to build out the solutions are getting harder. And so a lot of that time is in the pipeline, is the prep, is the schema, the sharding, and et cetera, et cetera, et cetera. My viewpoint is that should be automated away. More and more databases are being autotune, right?This whole knobs and this and that, to me, Glue is a means to an end. I mean, let's get rid of it. Why can't Athena know what to do? Why can't object storage be Athena and vice versa? I mean, to me, it seems like all this moving through all these services, the classic Amazon viewpoint, even their diagrams of having this centralized repository of S3, move it all out to your services, get results, put it back in, then take it back out again, move it around, it just doesn't make much sense. And so to us, I love S3, love the service. I think it's brilliant—Amazon's first service, right?—but from there get a little smarter. That's where ChaosSearch comes in.Corey: I would argue that S3 is in fact, a modern miracle. And one of those companies saying, “Oh, we have an object store; it's S3 compatible.” It's like, “Yeah. We have S3 at home.” Look at S3 at home, and it's just basically a series of failing Raspberry Pis.But you have this whole ecosystem of things that have built up and sprung up around S3. It is wildly understated just how scalable and massive it is. There was an academic paper recently that won an award on how they use automated reasoning to validate what is going on in the S3 environment, and they talked about hundreds of petabytes in some cases. And folks are saying, ah, S3 is hundreds of petabytes. Yeah, I have clients storing hundreds of petabytes.There are larger companies out there. Steve Schmidt, Amazon's CISO, was recently at a Splunk keynote where he mentioned that in security info alone, AWS itself generates 500 petabytes a day that then gets reduced down to a bunch of stuff, and some of it gets loaded into Splunk. I think. I couldn't really hear the second half of that sentence because of the sound of all of the Splunk salespeople in that room becoming excited so quickly you could hear it.Thomas: [laugh]. I love it. If I could be so bold, those S3 team, they're gods. They are amazing. They created such an amazing service, and when I started playing with S3 now, I guess, 2006 or 7, I mean, we were using for a repository, URL access to get images, I was doing a virtualization [unintelligible 00:29:05] at the time—Corey: Oh, the first time I played with it, “This seems ridiculous and kind of dumb. Why would anyone use this?” Yeah, yeah. It turns out I'm really bad at predicting the future. Another reason I don't do the prediction thing.Thomas: Yeah. And when I started this company officially, five, six years ago, I was thinking about S3 and I was thinking about HDFS not being a good answer. And I said, “I think S3 will actually achieve the goals and performance we need.” It's a distributed file system. You can run parallel puts and parallel gets. And the performance that I was seeing when the data was a certain way, certain size, “Wait, you can get high performance.”And you know, when I first turned on the engine, now four or five years ago, I was like, “Wow. This is going to work. We're off to the races.” And now obviously, we're more than just an idea when we first talked to you. We're a service.We deliver benefits to our customers both in logs. And shoot, this quarter alone we're coming out with new features not just in the logs, which I'll talk about second, but in a direct SQL access. But you know, one thing that you hear time and time again, we talked about it—JSON, CloudTrail, and Kubernetes; this is a real nightmare, and so one thing that we've come out with this quarter is the ability to virtually flatten. Now, you heard time and time again, where, “Okay. I'm going to pick and choose my data because my database can't handle whether it's elastic, or say, relational.” And all of a sudden, “Shoot, I don't have that. I got to reindex that.”And so what we've done is we've created a index technology that we're always planning to come out with that indexes the JSON raw blob, but in the data refinery have, post-index you can select how to unflatten it. Why is that important? Because all that tooling, whether it's elastic or SQL, is now available. You don't have to change anything. Why is Snowflake and BigQuery has these proprietary JSON APIs that none of these tools know how to use to get access to the data?Or you pick and choose. And so when you have a CloudTrail, and you need to know what's going on, if you picked wrong, you're in trouble. So, this new feature we're calling ‘Virtual Flattening'—or I don't know what we're—we have to work with the marketing team on it. And we're also bringing—this is where I get kind of excited where the elastic world, the ELK world, we're bringing correlations into Elasticsearch. And like, how do you do that? They don't have the APIs?Well, our data refinery, again, has the ability to correlate index patterns into one view. A view is an index pattern, so all those same constructs that you had in Kibana, or Grafana, or Elastic API still work. And so, no more denormalizing, no more trying to hodgepodge query over here, query over there. You're actually going to have correlations in Elastic, natively. And we're excited about that.And one more push on the future, Q4 into 2022; we have been given early access to S3 SQL access. And, you know, as I mentioned, correlations in Elastic, but we're going full in on publishing our [TPCH 00:31:56] report, we're excited about publishing those numbers, as well as not just giving early access, but going GA in the first of the year, next year.Corey: I look forward to it. This is also, I guess, it's impossible to have a conversation with you, even now, where you're not still forward-looking about what comes next. Which is natural; that is how we get excited about the things that we're building. But so much less of what you're doing now in our conversations have focused around what's coming, as opposed to the neat stuff you're already doing. I had to double-check when we were talking just now about oh, yeah, is that Google cloud object store support still something that is roadmapped, or is that out in the real world?No, it's very much here in the real world, available today. You can use it. Go click the button, have fun. It's neat to see at least some evidence that not all roadmaps are wishes and pixie dust. The things that you were talking to me about years ago are established parts of ChaosSearch now. It hasn't been just, sort of, frozen in amber for years, or months, or these giant periods of time. Because, again, there's—yeah, don't sell me vaporware; I know how this works. The things you have promised have come to fruition. It's nice to see that.Thomas: No, I appreciate it. We talked a little while ago, now a few years ago, and it was a bit of aspirational, right? We had a lot to do, we had more to do. But now when we have big customers using our product, solving their problems, whether it's security, performance, operation, again—at scale, right? The real pain is, sure you have a small ELK cluster or small Athena use case, but when you're dealing with terabytes to petabytes, trillions of rows, right—billions—when you were dealing trillions, billions are now small. Millions don't even exist, right?And you're graduating from computer science in college and you say the word, “Trillion,” they're like, “Nah. No one does that.” And like you were saying, people do petabytes and exabytes. That's the world we're living in, and that's something that we really went hard at because these are challenging data problems and this is where we feel we uniquely sit. And again, we don't have to break the bank while doing it.Corey: Oh, yeah. Or at least as of this recording, there's a meme going around, again, from an old internal Google Video, of, “I just want to serve five terabytes of traffic,” and it's an internal Google discussion of, “I don't know how to count that low.” And, yeah.Thomas: [laugh].Corey: But there's also value in being able to address things at much larger volume. I would love to see better responsiveness options around things like Deep Archive because the idea of being able to query that—even if you can wait a day or two—becomes really interesting just from the perspective of, at that point, current cost for one petabyte of data in Glacier Deep Archive is 1000 bucks a month. That is ‘why would I ever delete data again?' Pricing.Thomas: Yeah. You said it. And what's interesting about our technology is unlike, let's say Lucene, when you index it, it could be 3, 4, or 5x the raw size, our representation is smaller than gzip. So, it is a full representation, so why don't you store it efficiently long-term in S3? Oh, by the way, with the Glacier; we support Glacier too.And so, I mean, it's amazing the cost of data with cloud storage is dramatic, and if you can make it hot and activated, that's the real promise of a data lake. And, you know, it's funny, we use our own service to run our SaaS—we log our own data, we monitor, we alert, have dashboards—and I can't tell you how cheap our service is to ourselves, right? Because it's so cost-effective for long-tail, not just, oh, a few weeks; we store a whole year's worth of our operational data so we can go back in time to debug something or figure something out. And a lot of that's savings. Actually, huge savings is cloud storage with a distributed elastic compute fabric that is serverless. These are things that seem so obvious now, but if you have SSDs, and you're moving things around, you know, a team of IT professionals trying to manage it, it's not cheap.Corey: Oh, yeah, that's the story. It's like, “Step one, start paying for using things in cloud.” “Okay, great. When do I stop paying?” “That's the neat part. You don't.” And it continues to grow and build.And again, this is the thing I learned running a business that focuses on this, the people working on this, in almost every case, are more expensive than the infrastructure they're working on. And that's fine. I'd rather pay people than technologies. And it does help reaffirm, on some level, that—people don't like this reminder—but you have to generate more value than you cost. So, when you're sitting there spending all your time trying to avoid saving money on, “Oh, I've listened to ChaosSearch talk about what they do a few times. I can probably build my own and roll it at home.”It's, I've seen the kind of work that you folks have put into this—again, you have something like 100 employees now; it is not just you building this—my belief has always been that if you can buy something that gets you 90, 95% of where you are, great. Buy it, and then yell at whoever selling it to you for the rest of it, and that'll get you a lot further than, “We're going to do this ourselves from first principles.” Which is great for a weekend project for just something that you have a passion for, but in production mistakes show. I've always been a big proponent of buying wherever you can. It's cheaper, which sounds weird, but it's true.Thomas: And we do the same thing. We have single-sign-on support; we didn't build that ourselves, we use a service now. Auth0 is one of our providers now that owns that [crosstalk 00:37:12]—Corey: Oh, you didn't roll your own authentication layer? Why ever not? Next, you're going to tell me that you didn't roll your own payment gateway when you wound up charging people on your website to sign up?Thomas: You got it. And so, I mean, do what you do well. Focus on what you do well. If you're repeating what everyone seems to do over and over again, time, costs, complexity, and… service, it makes sense. You know, I'm not trying to build storage; I'm using storage. I'm using a great, wonderful service, cloud object storage.Use whats works, whats works well, and do what you do well. And what we do well is make cloud object storage analytical and fast. So, call us up and we'll take away that 2 a.m. call you have when your cluster falls down, or you have a new workload that you are going to go to the—I don't know, the beach house, and now the weekend shot, right? Spin it up, stream it in. We'll take over.Corey: Yeah. So, if you're listening to this and you happen to be at re:Invent, which is sort of an open question: why would you be at re:Invent while listening to a podcast? And then I remember how long the shuttle lines are likely to be, and yeah. So, if you're at re:Invent, make it on down to the show floor, visit the ChaosSearch booth, tell them I sent you, watch for the wince, that's always worth doing. Thomas, if people have better decision-making capability than the two of us do, where can they find you if they're not in Las Vegas this week?Thomas: So, you find us online chaossearch.io. We have so much material, videos, use cases, testimonials. You can reach out to us, get a free trial. We have a self-service experience where connect to your S3 bucket and you're up and running within five minutes.So, definitely chaossearch.io. Reach out if you want a hand-held, white-glove experience POV. If you have those type of needs, we can do that with you as well. But we booth on re:Invent and I don't know the booth number, but I'm sure either we've assigned it or we'll find it out.Corey: Don't worry. This year, it is a low enough attendance rate that I'm projecting that you will not be as hard to find in recent years. For example, there's only one expo hall this year. What a concept. If only it hadn't taken a deadly pandemic to get us here.Thomas: Yeah. But you know, we'll have the ability to demonstrate Chaos at the booth, and really, within a few minutes, you'll say, “Wow. How come I never heard of doing it this way?” Because it just makes so much sense on why you do it this way versus the merry-go-round of data movement, and transformation, and schema management, let alone all the sharding that I know is a nightmare, more often than not.Corey: And we'll, of course, put links to that in the [show notes 00:39:40]. Thomas, thank you so much for taking the time to speak with me today. As always, it's appreciated.Thomas: Corey, thank you. Let's do this again.Corey: We absolutely will. Thomas Hazel, CTO and Founder of ChaosSearch. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this episode, please leave a five-star review on your podcast platform of choice along with an angry comment because I have dared to besmirch the honor of your homebrewed object store, running on top of some trusty and reliable Raspberries Pie.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Trent Loos Podcast
Rural Route Radio Nov 29, 2021 Hank Vogler has long been the canary in the coal mine, but how many even know what that means any more.

Trent Loos Podcast

Play Episode Listen Later Nov 29, 2021 48:04


If you take a quick look at what has happened to the ranchers of the Federal Lands you pretty quickly see the overall plan of removing men and women from the land.

Screaming in the Cloud
Striking a Balance on the Cloud with Rachel Stephens

Screaming in the Cloud

Play Episode Listen Later Nov 29, 2021 39:11


About RachelRachel Stephens is a Senior Analyst with RedMonk, a developer-focused industry analyst firm. RedMonk focuses on how practitioners drive technological adoption. Her research covers a broad range of developer and infrastructure products, with a particular focus on emerging growth technologies and markets. (But not crypto. Please don't talk to her about NFTs.)Before joining RedMonk, Rachel worked as a database administrator and financial analyst. Rachel holds an MBA from Colorado State University and a BA in Finance from the University of Colorado.Links: RedMonk: https://redmonk.com/ Great analysis: https://redmonk.com/rstephens/2021/09/30/a-new-strategy-r2/ “Convergent Evolution of CDNs and Clouds”: https://redmonk.com/sogrady/2020/06/10/convergent-evolution-cdns-cloud/ “Everything is Securities Fraud?”: https://cafe.com/stay-tuned/everything-is-securities-fraud-with-matt-levine/ Twitter: https://twitter.com/rstephensme TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinkstCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.   Corey: This episode is sponsored in part by our friends at Vultr. Spelled V-U-L-T-R because they're all about helping save money, including on things like, you know, vowels. So, what they do is they are a cloud provider that provides surprisingly high performance cloud compute at a price that—while sure they claim its better than AWS pricing—and when they say that they mean it is less money. Sure, I don't dispute that but what I find interesting is that it's predictable. They tell you in advance on a monthly basis what it's going to going to cost. They have a bunch of advanced networking features. They have nineteen global locations and scale things elastically. Not to be confused with openly, because apparently elastic and open can mean the same thing sometimes. They have had over a million users. Deployments take less that sixty seconds across twelve pre-selected operating systems. Or, if you're one of those nutters like me, you can bring your own ISO and install basically any operating system you want. Starting with pricing as low as $2.50 a month for Vultr cloud compute they have plans for developers and businesses of all sizes, except maybe Amazon, who stubbornly insists on having something to scale all on their own. Try Vultr today for free by visiting: vultr.com/screaming, and you'll receive a $100 in credit. Thats v-u-l-t-r.com slash screaming.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. The last time I spoke to Rachel Stephens over at RedMonkwas in December of 2019. Well, on this podcast anyway; we might have exchanged conversational tidbits here and there at some point since then. But really, if we look around the world there's nothing that's materially different than it was today from December in 2019, except, oh, that's right everything. Rachel Stephens, you're still a senior analyst at RedMonk, which hey, in this day and age, longevity at a company is something that is almost enough to occasion comment on its own. Thanks for coming back for another round, I appreciate it.Rachel: Oh, I'm so happy to be here, and it's exciting to talk about the state of the world a few years later than the last time we talked. But yeah, it's been a hell of a couple years.Corey: Really has, but rather than rehashing pandemic stuff because I feel like unless people have been living in a cave for the last couple of years—because we've all been living in caves for the last couple of years—they know what's up with that. What's new in your world? What has changed for you aside from all of this in the past couple of years working in one of the most thankless of all jobs, an analyst in the cloud computing industry?Rachel: Well, the job stuff is all excellent and I've had wonderful time working at RedMonk. So, RedMonk overall is an analyst firm that is focused on helping people understand technology trends, particularly from the view of the developer or the practitioner. So, helping to understand how the people who are using technologies are actually driving their overall adoption. And so there has been all kinds of interesting things that have happened in that score in the last couple of years. We've seen a lot of interesting trends, lots of fun things to look at in the space and it's been a lot.On a personal side, like a week into lockdown I found out that I was pregnant, so I went through all of locking down and the heart of the pandemic pregnant. I had my maternity leave earlier this year and came back and so excited to be back in. But it's also just been a lot to catch up on in the space as you come back from leave which I'm sure you are well familiar with.Corey: Yes, I did the same thing, slightly differently timed. My second daughter Josephine was born at the end of September. When did your kiddo arrive on the scene to a world of masked strangers?Rachel: So, I have an older daughter who just turned four, and then my youngest is coming up on his first birthday. He was born in December.Corey: Excellent. It sounds like our kids are basically the same age, in both directions. And from my perspective, at least looking back, what advice would I give someone for having a baby in a pandemic? It distills down to ‘don't,' just because it changes so much, it's no longer a trivial thing to have a grandparent come out and spend time with the kid. It's the constant… drumbeat of is this over? Is this not over?And that manifested a bunch of different ways. And I'm glad that I got the opportunity to take some time off to spend time with my family during that timeframe, but at the same time, it would've great if there were options such as not being stuck at home with every rambunctious—at the time—three-year-old as I went through that entire joy of having the kid.Rachel: Yeah. No, for the longest time, my thing was like, okay, like, there's no amount of money you could pay me to go back to middle school. I would never do it. And my new high bar there is no amount of money that you could pay me to go back to April 2020. That was the hardest month of my entire life was getting through that, like, first trimester, both parents at home, toddler at home, nowhere to go, no one to help. That was a [BLEEP] hard month. [laugh] that was bad.Corey: Oh, my God, yes, and we don't talk about this because we're basically communicating with people on social media, and everyone feels bad looking at social media because they're comparing their blooper reel with everyone else's highlights. And it feels odd on some level to complain about things like that. And let's be very clear as a man, I wind up in society getting lauded for even deigning to mention that I have children, whereas when mothers wind up talking about anything even slightly negative it's, “Oh, you sound like a bad mom.” And it is just one of the most abhorrent things out there in the world, I suppose. It's a strange inverted thing but one of the things that surprised me the most when I was expecting my first kid was looking at the different parenting forums, and the difference in tone was palpable where on the dad forums, everyone is super supportive and you got this dude it's great. You're fine. You're doing your best.Sure, these the occasional, “I gave my toddler beer and now people yell at me,” and it's, “What is wrong with you asshole?” But everyone else is mostly sane and doing their best. Whereas a lot of the ‘mommy' forums seem to bias more toward being relatively dismissive other people's parenting choices. And I understand I'm stereotyping wildly, not all forums, not all people, et cetera, et cetera, but it really was an interesting window into an area that as a stereotypical white man world, I don't see a lot of places I hang out with that are traditionally male that are overwhelmingly supportive in quite the same way. It was really an eye-opening experience for me.Rachel: I think you hit on some really important trends. One of the things that I have struggled with is—so I came into RedMonk—I've had a Twitter account forever, and it was always just, like, my personal Twitter account until I started working at RedMonk five years ago. And then all of a sudden I'm tweeting in technical and work capacities as well. And finding that balance initially was always a challenge.But then finding that balance again after having kids was very different because I would always—it was, kind of, mix of my life and also what I'm seeing in the industry and what I'm working on and this mix of things. And once you started tweeting about kids, it very much changes the potential perception that people have of who you are, what you're doing. I know this is just a mommy blogger kind of thing.You have to be really cognizant of that balance and making sure that you continue to put yourself in a place where you can still be your authentic self, but you really as a mom in the workspace and especially in tech have to be cognizant of not leaning too far into that. Because it can really damage your credibility with some audiences which is a super unfortunate thing, but also something I've learned just, like, I have to be really careful about how much mom stuff I share on Twitter.Corey: It's bizarre to me that we have to shade aspects of ourselves like this. And I don't know what the answer is. It's a weird thing that I never thought about before until suddenly I find that, oh, I'm a parent. I guess I should actually pay attention to this thing now. And it's one of those once you see it you can't unsee it things and it becomes strange and interesting and also more than a little sad in some respects.Rachel: I think there are some signs that we are getting to a better place, but it's a hard road for parents I think, and moms, in particular, working moms, all kinds of challenges out there. But anyways, it's one of those ones that is nice because love having my kids as a break, but sometimes Mondays come and it's such a relief to come back to work after a weekend with kids. Kids are a lot of work. And so it has brought elements of joy to my personal life, but it has also brought renewed elements of joy to my work life as really being able to lean into that side of myself. So, it's been a good year.Corey: Now that I have a second kid, I'm keenly aware of why parents are always very reluctant to wind up—the good parents at least to say, “Oh yeah, I have X number of kids, but that one's my favorite.” And I understand now why my mom always said with my brother and I that, “I can't stand either one of you.” And I get that now. Looking at the children of cloud services it's like, which one is my favorite?Well, I can't stand any of them, but the one that I hate the most is the Managed NAT Gateway because of its horrible pricing. In fact, anything involving bandwidth pricing in this industry tends to be horrifying, annoying, ill-behaved, and very hard to discipline. Which is why I think it's probably time we talk a little bit about egress charges in cloud providers.You had a great analysis of Cloudflare's R2, which is named after a robot in Star Wars and is apparently also the name of their S3 competitor, once it launches. Again, this is a pre-announcement, yeah, I could write blog posts that claim anything; the proof is really going to be in the pudding. Tell me more about, I guess, what you noticed from that announcement and what drove you to, “Ah, I have thoughts on this?”Rachel: So, I think it's an interesting announcement for several reasons. I think one of them is that it makes their existing offering really compelling when you start to add in that object store to something like the CDN, or to their edge functions which is called their Workers platform. And so, if you start to combine some of those functionalities together with a better object storage story, it can make their existing offering a lot more compelling which I think is an interesting aspect of this.I think one of the aspects that is probably gotten a lot more of the traction though is their lack of egress pricing. So, I think that's really what took everyone's imaginations by storm is what does the world look like when we are not charging egress pricing on object storage?Corey: What I find interesting is that when this came out first, a lot of AWS fans got very defensive over it, which I found very odd because their egress charges are indefensible from my point of view. And their response was, “Well, if you look at how a lot of the data access patterns work this isn't as big of a deal as it looks like,” and you're right. If I have a whole bunch of objects living in an object store, and a whole bunch of people each grab one of those objects this won't help me in any meaningful sense.But if I have one object that a bunch of people grab, well, suddenly we're having a different conversation. And on some level, it turns into an interesting question of what differentiates this with their existing CDN-style approach. From my perspective, this is where the object actually lives rather than just a cache that is going to expire. And that is transformative in a bunch of different ways, but my, I guess, admittedly overstated analysis for some use cases was okay, I store a petabyte in AWS and use it with and without this thing. Great, the answer came out to something like 51 or $52,000 in egress charges versus zero on Cloudflare. That's an interesting perspective to take. And the orders of magnitude in difference are eye-popping assuming that it works as advertised, which is always the caveat.Rachel: Yeah. I remember there was a RedMonk conversation with one of the cloud vendors set us up with a client conversation that want to, kind of, showcase their products kind of thing. And it was a movie studio and they walked us through what they architecturally have to do when they drop a trailer. If you think about that thing from this use case where all of a sudden you have videos that are all going out globally at the same time, and everybody wants to watch it and you're serving it over and over, that's a super interesting and compelling use case and very different from a cost perspective.Corey: You'll notice the video streaming services all do business with something that is not AWS for what they stream to end-users from. Netflix has its own Open Connect project that effectively acts as their own homebuilt CDN that they partner with providers to put in their various environments. There are a bunch of providers that focus specifically on this. But if you do the math for the Netflix story at retail pricing—let's be clear at large scale, no one pays retail pricing for anything, but okay—even assuming that you're within hailing distance of the same universe as retail pricing; you don't have to watch too many hours of Netflix before the data egress charges cost more than you're paying a month than subscription. And I have it on good authority—read as from their annual reports—that a much larger expense for Netflix than their cloud and technology and R&D expenses is their content expenses.They're making a lot of original content. They're licensing an awful lot of content, and that's way more expensive than providing it to folks. They have to have a better economic model. They need to be able to make a profit of some kind on streaming things to people. And with the way that all the major cloud providers wind up pricing this stuff, it's not tenable. There has to be a better answer.Rachel: So, Netflix calls to mind an interesting antidote that has gone around the industry which is who can become each other faster? Can HBO become Netflix faster, or can Netflix become HBO faster? So, can you build out that technology infrastructure side, or can you build out that content side? And I think what you're talking to with their content costs speaks to that story in terms of where people are investing and trying to actually make dents in their strategic outlays.I think a similar concept is actually at play when we talk about cloud and CDN. We do have this interesting piece from my coworker, Steve O'Grady, and he called it “Convergent Evolution of CDNs and Clouds.” And they originally evolved along separate paths where CDNs were designed to do this edge-caching scenario, and they had the core compute and all of the things that go around it happening in the cloud.And I think we've seen in recent years both of them starting to grow towards each other where CDNs are starting to look a lot more cloud-like, and we're seeing clouds trying to look more CDN-like. And I think this announcement in particular is very interesting when you think about what's happening in the CDN space and what it actually means for where CDNs are headed.Corey: It's an interesting model in that if we take a look at all of the existing cloud providers they had some other business that funded the incredible expense outlay that it took to build them. For example, Amazon was a company that started off selling books and soon expanded to selling everything else, and then expanded to putting ads in all of their search portals, including in AWS and eroding customer trust.Google wound up basically making all of their money by showing people ads and also killing Google Reader. And of course, Microsoft has been a software company for a lot longer than they've been a cloud provider, and given their security lapses in Azure recently is the question of whether they'll continue to be taken seriously as a cloud provider.But what makes Cloudflare interesting from this approach is they start it from the outside in of building out the edge before building regions or anything like that. And for a lot of use cases that works super well, in theory. In practice, well, we've never seen it before. I'm curious to see how it goes. Obviously, they're telling great stories about how they envision this working out in the future. I don't know how accurate it's going to be—show, don't tell—but I can at least acknowledge that the possibility is definitely there.Rachel: I think there's a lot of unanswered questions at this point, like, will you be able to have zero egress fees, and edge-like latencies, and global distribution, and have that all make sense and actually perform the way that the customer expects? I think that's still to be seen. I think one of the things that we have watched with interest is this rise of—I think for lack of a better word techno-nationalism where we are starting to see enclaves of where people want technology to be residing, where they want things to be sourced from, all of these interesting things.And so having this global network of storage flies in the face of some of those trends where people are building more and more enclaves of we're going to go big and global. I think that's interesting and I think data residency in this global world will be an interesting question.Corey: It also gets into the idea of what is the data that's going to live there. Because the idea of data residency, yes, that is important, but where that generally tends to matter the most is things like databases or customer information. Not the thing that we're putting out on the internet for anyone who wants to, to be able to download, which has historically been where CDNs are aiming things.Yes, of course, they can restrict it to people with logins and the rest, but that type of object storage in my experience is not usually subject to heavy regulation around data residency. We'll see because I get the sense that this is the direction Cloudflare is attempting to go in, and it's really interesting to see how it works. I'm curious to know what their stories are around, okay, you have a global network. That's great. Can I stipulate which areas my data can live within or not?At some point, it's going to need to happen if they want to look at regulated entities, but not everyone has to start with that either. So, it really just depends on what their game plan is on this. I like the fact that they're willing to do this. I like the fact they're willing to be as transparent as they are about their contempt for AWS's egress fees. And yes, of course, they're a competitor.They're going to wind up smacking competition like this, but I find it refreshing because there is no defense for what they're saying, their math is right. Their approach to what customers experience from AWS in terms of egress fees is correct. And all of the defensiveness at, well, you know, no one pays retail price for this, yeah, but they see it on the website when they're doing back-of-the-envelope math, and they're not going to engage with you under the expectation that you're going to give them a 98% discount.So, figure out what the story is. And it's like beating my head against the wall. I also want to be fair. These networks are very hard to build, and there's a tremendous amount of investment. The AWS network is clearly magic in some respects just because having worked in data centers myself, the things that I see that I'm able to do between various EC2 instances at full network line rate would not have been possible in the data centers that I worked within.So, there's something going on that is magic and that's great. And I understand that it's expensive, but they've done a terrible job of messaging that. It just feels like, oh, bandwidth in is free because, you know, that's how it works. Sending it out, ooh, that's going to cost you X and their entire positioning and philosophy around it just feels unnecessary.Rachel: That's super interesting. And I think that also speaks to one of the questions that is still an open concern for what happens to Cloudflare if this is wildly successful. Which, based off of people's excitement levels at this point, it's seems like it's very potentially going to be successful. And what does this mean for the level of investment that they're going to have to make in their own infrastructure and network and order to actually be able to serve all of this?Corey: The thing that I find curious is that in a couple of comment threads on Hacker News and on Twitter, Cloudflare's CEO, Matthew Prince—who's always been extremely accessible as far as executives of giant cloud companies go—has said that at their scale and by which they he's referring to Cloudflare, and he says, “I assume that Amazon can probably get at least as decent economics on bandwidth pricing as we can,” which is a gross understatement because Amazon will spend years fighting over 50 cents.Great, but what's interesting is that he refers to bandwidth at that scale as being much closer to a fixed cost than something that's a marginal cost for everything that a customer uses. The way that companies buy and sell bandwidth back and forth is complex, but he's right. It is effectively a fixed monthly fee for a link and you can use as much or as little of that link as you want. 95th percentile billing aficionados, please don't email me.But by and large, that's the way to think about it. You pay for the size of the pipe, not how much water flows through it. And as long as you can keep the links going without saturating them to the point where more data can't fit through at a reasonable amount of time, your cost don't change. So, yeah, if there's a bunch of excitement they'll have to expand the links, but that's generally a fixed cost as opposed to a marginal cost per gigabyte.That's not how they think about it. There's a whole translation layer that's an economic model. And according to their public filings, they have something like a 77% gross margin which tells me that, okay, they are not in fact losing money on bandwidth even now where they generally don't charge on a metered basis until you're on the Cloudflare Enterprise Plan.Rachel: Yeah. I think it's going to just be really interesting to watch. I'm definitely interested to see what happens as they open this up, and like, 11 9s of availability feels like a lot of availabilities. It's just the engineering of this, the economics of this it feels like there's a lot of open questions that I'm excited to watch.Corey: You're onto my favorite part of this. So, the idea of 11 9s because it sounds ludicrous. That is well within the boundaries of probability of things such as, yeah, it is likely that gravity is going to stop working than it is that's going to lose data. How can you guarantee that? Generally speaking, although S3 has always been extremely tight-lipped about how it works under the hood, other systems have not been.And it looks an awful lot like the idea of Reed-Solomon erasure coding, where for those of us who spent time downloading large files of questionable legality due to copyright law and whatnot off of Usenet, they had the idea of parity files where they'd take these giant media files up—they're Linux ISOs; of course they are—and you'd slice them into a bunch of pieces and then generate parity files as well.So, you would wind up downloading the let's say 80 RAR files and, oh, three of them were corrupt, each parity file could wind up swapping in so as long as you had enough that added up to 80, any of those could wind up restoring the data that had been corrupted. That is almost certainly what is happening at the large object storage scale. Which is great, we're going to break this thing into a whole bunch of chunks. Let's say here is a file you've uploaded or an object.We're going to break this into a hundred chunks—let's say arbitrarily—and any 80 of those chunks can be used to reconstitute the entire file. And then you start looking at where you place them and okay, what are the odds of simultaneous drive failure in these however many locations? And that's how you get that astronomical number. It doesn't mean what people think of does. The S3 offers 11 9s of durability on their storage classes, including the One Zone storage class.Which is a single availability zone instead of something that's an entire region, which means that they're not calculating disaster recovery failure scenarios into that durability number. Which is fascinating because it's far, like, you're going to have all the buildings within the same office park burn down than it is all of the buildings within a hundred square miles burn down, but those numbers remain the same.There's a lot of assumptions baked into that and it makes for an impressive talking point. I just hear it as, oh yeah, you're a real object-store. That's how I see it. There's a lot that's yet to be explained or understood. And I think that I'm going to be going up one side and down the other as soon as this exists in the real world and I'm looking forward to seeing it. I'm just a little skeptical because it has been preannounced.The important part for me is even the idea that they can announce something like this and not be sued for securities fraud tells me that it is at least theoretically economically possible that they could be telling the truth on this. And that alone speaks volumes to just how out-of-bounds it tends to be in the context of giant cloud customers.Rachel: I mean, if you read Matt Levine, “Everything is Securities Fraud?“ so, I don't know how much we want to get excited about that.Corey: Absolutely. A huge fan of his work. Corey: You know its important to me that people learn how to use the cloud effectively. Thats why I'm so glad that Cloud Academy is sponsoring my ridiculous non-sense. They're a great way to build in demand tech skills the way that, well personally, I learn best which I learn by doing not by reading. They have live cloud labs that you can run in real environments that aren't going to blow up your own bill—I can't stress how important that is. Visit cloudacademy.com/corey. Thats C-O-R-E-Y, don't drop the “E.” Use Corey as a promo-code as well. You're going to get a bunch of discounts on it with a lifetime deal—the price will not go up. It is limited time, they assured me this is not one of those things that is going to wind up being a rug pull scenario, oh no no. Talk to them, tell me what you think. Visit: cloudacademy.com/corey,  C-O-R-E-Y and tell them that I sent you!Corey: So, we've talked a fair bit about what data egress looks like. What else have you been focusing on? What have you found that is fun, and exciting, and catches your eye in this incredibly broad industry lately?Rachel: Oh, there's all kinds of exciting things. One of the pieces of research that's been on my back-burner, usually I do it early summer, and it is—due to a variety of factors—still in my pipeline, but I always do a piece of research about base infrastructure pricing. And it's an annual piece of looking about what are all of the cloud providers doing in regards to their pricing on that core aspect of compute, and storage, and memory.And what does that look like over time, and what does that look like across providers? And it is absolutely impossible to get an apples-to-apples comparison over time and across providers. It just can't actually be done. But we do our best [laugh] and then caveat the hell out of it from there. But that's the piece of research that's most on my backlog right now and one that I'm working on.Corey: I think that there's a lot of question around the idea of what is the cost of a compute unit—or something like that—between providers? The idea of if I have this configuration will cost me more on cloud provider a or cloud provider B, my pet working theory is that whenever people ask for analyses like that—or a number of others, to be perfectly frank with you—what they're really looking for is confirmation bias to go in the direction that they wanted to go in already. I have yet to see a single scenario where people are trying to decide between cloud providers and they say, “That one because it's going to be 10% less.” I haven't seen it. That said I am, of course, at a very particular area of the industry. Have you seen it?Rachel: I have not seen it. I think users find it interesting because it's always interesting to look at trends over time. And in particular, with this analysis, it's interesting to watch the number of providers narrow and then widen back out because we've been doing this since 2012. So, we used to have [unintelligible 00:26:24] and HPE used to be in there. So, like, we used to—CenturyLink. We used to have this broader list of cloud providers that we considered that would narrow down to this doesn't really count anymore.And now why do you need to back out? It's like, okay, Oracle Cloud you're in, Alibaba, Tencent, like, let's look at you. And so, like, it's interesting to just watch the providers in the mix shift over time which I think is interesting. And I think one of just the broad trends that is interesting is early years of this, there was steep competition on price, and that leveled off for solid three, four years.We've seen some degree of competitiveness reemerge with competitors like Oracle in particular. So, those broad-brush trends are interesting. The specifics of the pricing if you're doing 10% difference kind of things I think you're missing the point of the analysis largely, but it's interesting to look at what's happening in the industry overall.Corey: If you were to ask me to set up a simple web app, if there is such a thing, and tell you in advance what it was going to cost to host, and I can get it accurate within 20%, I am on fire in terms of both analysis and often dumb luck just because it is so difficult to answer the question. Getting back to our earlier conversational topic, let's say I put CloudFront, Amazon's sorry excuse for a CDN, in front of it which is probably the closest competitor they have to Cloudflare as a CDN, what'll it cost me per gigabyte? Well, that's a fascinating question. The answer comes down to where are you visiting it from? Depending where on the planet, people who are viewing my website, or using my web app are sitting, the cost per gigabyte will vary between eight-and-a-half cents—retail pricing—and fourteen cents. That's a fairly wide margin and there's no way to predict that in advance for most use cases. It's the big open-ended question.And people build out their environments and they want to know they're making a rational decision and that their provider is not charging three times more than their competitor is for the exact same thing, but as long as it's within a certain level of confidence interval, that makes sense.Rachel: Yeah, and I think the other thing that's interesting about this analysis and one of the reasons that it's a frustrating analysis for me, in particular, is that I feel like that base compute is actually not where most of the cloud providers are actually competing anymore. So, like, it was definitely the interesting story early in cloud.I think very clearly not the focus area for most of us now. It has moved up an abstraction layer. It's moved to manage services. It has moved to other areas of their product portfolio. So, it's still useful. It's good to know. But I think that the broader portfolio of the cloud providers is definitely more the story than this individual price point.Corey: That is an interesting story because I believe it, and it speaks to the aspirational version of where a lot of companies see themselves going. And then in practice, I see companies talking like this constantly, and then I look in their environment and say, “Okay, you're basically spending 70% of your entire cloud bill on EC2 instances, running—it's a bunch of VMs that sit there.”And as much as they love to talk about the future and how other things are being considered and how their—use of machine learning in the rest, and Kubernetes, of course, a lot of this stuff all distills down to, yeah, it runs in software. It sits on top of EC2 instances and that's what you get billed for. At re:Invent it's always interesting and sad at the same time that they don't give EC2 nearly enough attention or stage time because it's not interesting, despite it being a majority of AWS bill.Rachel: I think that's a fantastic point, well made.Corey: I'll take it even one step further—and this is one where I think is almost a messaging failure on some level—Google Cloud offers sustained use discounts which apparently they don't know how to talk about appropriately, but it's genius. The way this works is if you run a VM for more than in a certain number of hours in a month, the entire month is now charged for that VM at a less than retail rate because you've been using it in a sustained way.All you have to do to capture that is don't turn it off. You know, what everyone's doing already. And sure if you commit to usage on it you get a deeper discount, but what I like about this is if you buy some reserved instances is or you buy some committed use discounting, great, you'll save more money, but okay, here's a $20 million buy. You should click the button on, people are terrified to click at that button because I don't usually get to approve dollar figure spend with multiple commas in them. That's kind of scary. So, people hem and they haw and they wait six months. This is maybe not as superior mathematically, but it's definitely an easier sell psychologically, and they just don't talk about it.It's what people say they care about when people actually do are worlds apart. And the thing that continually astounds me because I didn't expect it, but it's obvious in hindsight that when it comes to cloud economics it's more about psychology than it is about math.Rachel: I think one of the things that, having come from the finance world into the analyst world, and so I definitely have a particular point of view, but one of the things that was hardest for me when I worked in finance was not the absolute dollar amount of anything but the variability of it. So, if I knew what to expect I could work with that and we could make it work. It was when things varied in unexpected ways that it was a lot more challenging.And so I think one of the things that when people talked about, like, this shift to cloud and the move to cloud, and everyone is like, “Oh, we're moving things from the balance sheet to the income statement.” And everyone talked about that like it's a big deal. For some parts of the organization that is a big deal, but for a lot of the organization, the shift that matters is the shift from a fixed cost to a variable cost because that lack of predictability makes a lot of people's jobs, a lot more difficult.Corey: The thing that I always find fun is a thought exercise is okay, let's take a look at any given cloud company's cloud bill for the last 18 to 36 months and add all of that up. Great, take that big giant number and add 20% to it. If you could magically go back in time and offer that larger number to them as here's your cloud bill and all of your usage for the next 18 to 36 months. Here you go. Buy this instead.And the cloud providers laugh at me and they say, “Who in the world would agree to that deal?” And my answer is, “Almost everyone.” Because at the company's scale it's not like the individual developer response of, “Oh, my God, I just spent how much money? I've got to eat this month.” Companies are used to absorbing those things. It's fine. It's just a, “We didn't predict this. We didn't plan for this. What does this do to our projections, our budget, et cetera?”If you can offer them certainty and find some way to do it, they will jump at that. Most of my projects are not about make the bill lower, even though that is what is believed, in some cases by people working on these projects internally at these companies. It's about making it understandable. It's about making it predictable, it's about understanding when you see a big spike one month. What project drove that?Spoiler, it's almost always the data science team because that's what they do, but that's neither here nor there. Please don't send me letters. But yeah, it's about understanding what is going on, and that understanding and being able to predict it is super hard when you're looking at usage-based pricing.Rachel: Exactly.Corey: I want to thank you for taking so much time to speak with me. If people want to hear more about your thoughts, your observations, et cetera, where can they find you?Rachel: Probably the easiest way to get in touch with me is on Twitter, which is @rstephensme that's R-S-T-E-P-H-E-N-S-M-E.Corey: And we will, of course, put links to that in the [show notes 00:34:08]. Thank you so much for your time. I appreciate it.Rachel: Thanks for having me. This was great.Corey: Rachel Stephens, senior analyst at RedMonk. I'm Cloud Economist, Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment, angrily defending your least favorite child, which is some horrifying cloud service you have launched during the pandemic.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

All Out of F***s Podcast
S2EP20: THE WHITE POWER CANARY IN THE MINESHAFT: RITTENHOUSE VERDICT AND BRINGING AHMAUD ARBERY'S MURDERS TO JUSTICE

All Out of F***s Podcast

Play Episode Listen Later Nov 26, 2021 66:39


From Kyle Rittenhouse's Acquittal to unease on the upcoming verdict in Ahmaud Arbery murder case. What do these outcomes mean? Is this just consolidation of white power? Any chance the jurors in the Ahmaud Arbery murders' trial convict? Is this their OJ?     INTRODUCTION Welcome Back Thanks for subscribing and listening. Find us on Apple Podcasts on iTunes, Spotify, Soundcloud and Libsyn   BLOWING SMOKE NFL Weekend Holiday Cooking Greg's Florida Trip Chicago Bulls Purdue Boilermakers Basketball Going In   SESSION OF THE DAY:  Kyle Rittenhouse Verdict White Vigilante Justice White Consolidation of Power Protecting Property Interest Over Black Lives Ahmaud Arbery Murders' Trial Juror Composition CItizen's Arrest Statute Outcome?   WHAT THE F*CK NEWS SEGMENT Kyle Kuzma Ridiculousness Sweater THANK YOU Thanks for joining us this episode of All Out of Fucks Podcast! Make sure to check us out on Instagram @alloutoffuckspodcast, Twitter @AllOutofFuxPod, and our website at alloutoffuckspodcast.com, where you can subscribe to the show in iTunes, Stitcher or via RSS so you'll never miss a show. While you're at it, if you liked what you heard, then we'd appreciate you heading over to iTunes and giving us a 5 star rating or just tell a friend about the show

Political Misfits
Arkansas Anti-BDS Law; NASA DART Mission; UK Citizenship Bill

Political Misfits

Play Episode Listen Later Nov 25, 2021 111:36


Richard Becker, author of "Palestine, Israel and the U.S. Empire" joins us to discuss the ongoing campaign against the Boycott Divestment and Sanctions (BDS) movement, which saw a local newspaper in Arkansas threatened with a withdrawal of advertising from a local company due to a state law that asks businesses to pledge not to support any boycotts of Israel. We talk about the pervasiveness of such laws, with 30 states having laws similar to the one Arkansas passed in 2017, and whether we are starting to see some resistance to knee-jerk support for Israel. Katherine Rahill, Senior Scientist for the Office of the Chief Scientist of NASA's Human Research Program (HRP) at Johnson Space Center, Houston, TX, joins us to talk about the news of NASA's DART mission attempting to manually alter the course of an asteroid by smashing a spacecraft into it at high speeds to test a defense mechanism against wayward asteroids that may threaten Earth. We also discuss the prospects of the mission's success and whether we will see a planetary defense system in the future.Mohamed Elmaazi, journalist and contributor to numerous outlets including Jacobin, The Canary, The Grayzone, and The Real News, talks to us about the dangerous implications of a new Nationality and Borders bill currently moving through the British House of Commons, which would allow the government to remove a person's citizenship without having to give them notice so long as it is deemed in the public interest or the interests of national security. We discuss the impact this bill could have not only on naturalized immigrants, but citizens born in the UK as well. Esther Iverem, multidisciplinary author and independent journalist, host of "On The Ground: Voices of Resistance From the Nation's Capital" on Pacifica Radio, and founding member of DC Poets Against the War, joins hosts Michelle Witte and Bob Schlehuber to talk about a jury awarding $26 million in the Charlottesville "Unite the Right" rally civil case, the latest developments in Ethiopia, and two examples of how American society and our judicial system are not designed to rehabilitate people.

I Want To Rewatch: An X-Files Podcast
Patreon Holiday Bonus: "A Night of Fright Is No Delight"

I Want To Rewatch: An X-Files Podcast

Play Episode Listen Later Nov 24, 2021 45:47


Scooby Doo, Where Are You! Season 1, Episode 16: “A Night of Fright Is No Delight” Scooby-Doo is named in the will of an eccentric millionaire whose life he saved several years earlier. However, to claim the inheritance Scooby and the other four heirs must spend the night in the deceased's isolated mansion — which they quickly learn is haunted by not one, but two malevolent ghosts who are picking off the heirs one by one. Originally recorded on 23 October 2021. Originally released on 24 November 2021. As mentioned in the episode: The Cat and the Canary (1927) Our music is mixed by Lazy N. “Dark Science” by David Hilowitz “The Truth Is What We Make of It” by The Agrarians Join our Patreon! We'd love to have you on board. You can find links for everything I Want To Rewatch related here! https://linktr.ee/iwtrw

Plant Based Briefing
147: Fly High Little Sparrow by Sandra Kyle of EndAnimalSlaughter.org and published at All-Creatures.org

Plant Based Briefing

Play Episode Listen Later Nov 16, 2021 10:21


Sandra Kyle writes about her friend, Lonia, rescuing a baby sparrow who couldn't fly high enough to be released back into the wild, and the beautiful relationship that developed between them. Posted at All-Creatures.org. Please take a moment to rate & review the podcast here. Thank you!

Renegade Talk Radio
Episode 3573: PARIS ATTACKS Were the Canary in the Coal Mine...and We’d Better Listen!

Renegade Talk Radio

Play Episode Listen Later Nov 15, 2021 48:09


No sooner did we commemorate the 6th anniversary of the Paris attack of 2015 (their 9/11) than terrorists struck Britain! You will hear, in this podcast, that there are clues in the Paris attack that warn us the time is ripe for it to happen in the U.S. (and other Western countries)! First, you will jump in a time machine and be taken back  to Paris, so you can recall the highlights of the attack where 9 terrorists used suicide belts and guns to kill 130 people and injure hundreds more at Le Stade de France, Le Theatre du Bataclan, restaurants and cafes. (Dr. Carole lived in Paris for years and gives you an inside look-literally-into what it was like being in the audience of the Bataclan after the attack.)Next we will look at the lives of the two most notable ofthese terrorists, who began as childhood BFF's, and then went on from partners in petty crime to partners in Paris carnage. Salah Abdeslam, called the ‘10th man' is currently standing trial for being in charge of logistics. His BFF, Abdelhamid Abaaoud, the mastermind of the attack, who went to Syria and returned to radicalize the others, was killed by police after a manhunt. Then we will bring this story ‘home', comparing today's situation in France, where two thirds of the people feel threatened by extinction because of mass Muslim migration and their overtaking of French culture. Last, you will hear the current Department of Homeland Security warnings, and their misdirection of counter-terrorism resources toward so-called Domestic Terrorists instead of Radical Islamists - like those who perpetrated the Paris attack. So, can the Paris attack happen where you are? “Oui, Oui, absolument!”

Trent Loos Podcast
Rural Route Radio Nov 15, 2021 Hank Vogler is truly the canary in the coal mine, they want land ownership by individuals to vanish.

Trent Loos Podcast

Play Episode Listen Later Nov 15, 2021 48:03


You can absolutely not believe the angles that the Federal Government takes to ban the ownership of land from each of us. But the case of Hank Vogler and all other Federal Lands ranchers is it blatant.

Les Cast Codeurs Podcast
LCC 267 - Lagom efface sa dette technique

Les Cast Codeurs Podcast

Play Episode Listen Later Nov 15, 2021 76:33


Antonio et Emmanuel discutent Microsoft et Java, cryostat, Java 17, Micronaut, Quarkus, Play framework, Lagom, Amazon, CORS, CSS (si si), Hibernate Reactive, AtomicJar, canary, amplification algorithmique. Enregistré le 12 novembre 2021 Téléchargement de l'épisode LesCastCodeurs-Episode–267.mp3 News Langages Blog sur les extraits de code dans les JavaDocs (18 Oct 2021) C'est plus agréable à utiliser que les balises pre, pas besoin d'escaping (pour < et >), l'espace à gauche est normalisé On peut mettre en valeur certaines portion, ou remplacer par une expression régulière certains bouts Et on peut également externaliser d'où vient l'extrait de code, au lieu de le mettre dans la JavaDoc, on peut référencer une région de son vrai code. Donc au moins, on est sûr que c'est du code valide et qui compile évidemment Gunnar explique comment reprendre le code provenant de nos classes de test, pour le faire apparaître dans les JavaDocs, créant ainsi une vraie documentation “exécutable” Compress class space (27 Mars 2019) compressed object ou class pointer sur 64buts en 32 bits vis adresse relative due adresse relative, la Klass structure dans le metaspace doit être mémoire contiguë et pré allouée initialement (risque de non reallocation si mémoire libre non contiguë ) Donc le classpart et le non class part séparés dans le meta space. Klass is 32G max et contiguë et la klass part est appelé compressed class space Par défaut 1G mais configurable jusqu'à 3G. C'est virtual mémoire, juste une réservation. 1K pas classe environ donc 1000000 de classes max Que quand on utilise compressed oops Que pour Java heap size de 32G max Cryostat 2.0 (18 Oct 2021) Fournit une API sécurisée pour profiler et monitored les applis Java dans les containers avec Java Flight Recorder Cryostat peut récupérer stoquer et analyser les enregistrements flight recorder de containers Ensuite consommé par graphana ou l.appli JDK Mission Control desktop Fichier reste local au container par défaut donc pas pratique Connection via JMX directe pas pratique ni secure par défaut Cryostat récupère les recording via HTTPS A un opérateur kubernetes Etc Microsoft augmente ses investissements dans Java. (4 Nov 2021) Microsoft rejoints le JCP Travaille sur VSCode for Java avec Red Hat Est OK avec le LTS passant à 2 ans et va aider à supporter ces releases plus fréquentes Librairies Micronaut 3.1 (11 Oct 2021) support d'applications utilisant JDK 17 améliorations d'injections de dependances (repeatable scopes, primitive beans, etc) les classes générées sont plus petites et amélioration de consommation mémoire sous GraalVM routes HTTP par regexp random port binding (pour les conflits de tests) Changement certificats TLs via refresh sans arreter le serveur Kotlin coroutine supportées dans micronaut data extension de la couverture de support JPA (e.g. attribute converter) support des informers Kubernetes via le Kubernetes SDK integration Oracle Coherence sortie du mode preview Quarkus 2.4 (27 Oct 2021) Hibernate Reactive 1.0.0.Final Introducing Kafka Streams DevUI (c'est cool pour développer ca et savoir ce qui se passe Support continuous testing for multi module projects Support AWT image resize via new AWT extension Lightbend lâche Play Framework (20 Oct 2021) lightbend construit sur Scala, akka, et play framework C'est le moment de la 2.0 je crois Mais avec le cloud, ils veulent se focaliser sur les systèmes distribués Akka Open Source et Akka Serverless (leur PaaS) Laisse Play à la,communité et lightbend arrête d'investir dedans Dans une orga séparée Besoin de sponsors et de contributeurs Question: ils n'avaient pas déjà arrêté Scala? Lightbend déveste de Lagom aussi (27 Oct 2021) Lagom effacé par akka Platform'et Akka Serverless Trop de contraintes limitantes dans le framework Mais si client de Lightbend, supporté sur Lagom mais sans nouvelle fonctionnalité Infrastructure Installer et utiliser podman-machine sur macOS (19 Oct 2021) La virtualisation s'appuie sur qemu et met en place une VM dans laquelle les pods tournent. Podman Machine pour installer une VM linux avec les outils fonctionne aussi sous linux pour ceux qu ne supportent pas podman ou pour sandboxer fonctionne sous M1 homebrew pour l'installation comme docker machine avant en gros il y a aussi une belle présentation de Devoxx France Cloud Amazon déclaré la guerre à Microsoft en utilisant les arguments “Proprietaire” (28 Oct 2021) Aurora a un font qui parler protocole SQL server (Babelfish pour Aurora PostgreSQL). Et convertit les T-SQL Open source the t sql vers Postgres (debug). Sous license ASL Pas tout open sourcé encore Web CORS expliqué (12 Oct 2021) inclue images d'autres sites, c'est l'origine les cookies, credeitials etc etaient envoyés yahoo mail pouvait filer les credentials des utilisateurs une iFrame pouvait lire le contenu d'une autre iFrame (Netscape met en place le Cross-Frame Scripting) Access-Control-Allow-Origin: * est ok si pas de données privées Rendre une page HTML brute jolie en 100 caractères de CSS (16 Oct 2021) basique mais expliqué ligne par ligne E.g. 60–80 caractères pour la lecture Et 100 bytes de plus pour améliorer Data elasticsearch 8.0 will require java 17 (3 Nov 2021) definitely easier for something standalone than a library or anything that needs to share the JDK with all its apps PR GitHub Hibernate Reactive 1.0.0, ça vaut le coup ? (27 Oct 2021) PostgreSQL, MySQL, MariaDB, Db2, SQL Server, and CockroachDB bases de donnés désignées pour des interactions classiques Donc les constructions haut niveau ont tendances à être limitées par le protocole sous-jacent ce qui ne se voyait pas ou peu en JDBC utiliser HR si votre appli est déjà réactive au cœur (e.g. RESTEasy reactive dans Quarkus ou une appli Vert.x) Compareperfs acec techempower mais avec angle latence à un volume donné et et pas throughout max 20 requêtes d'affilée 20k request/s -> 35k sous 10ms de latence. C'est la valeur relative qui est intéressante Une requête et du processing pour rendre au client, peu de différence Toruhghput tend à être meilleur Amélioration de réactive sur un an Un vidéo cast sur le sujet Outillage AtomicJar se lance dans une offre Cloud (04 Nov 2021) les containers de test containers ne tournent plus en local Mais dans le cloud de AtomicJar A plus de spores source qu'une machine locale typique (2 cores et 8GB ram pour la docker machine) peut utiliser la machine quand les tests tournent Pour CI limitées vs containers ou les cloud IDE pour pas trop dépenser Pas de problème avec M1 Un petit binaire à installer (eg via curl) TestContainers et Quarkus: TestContainer Cloud fonctionne avec Dev Service (les containers lancés et configurés automatiquement) Encore en cours de développement (beta privée et on peut demander invitation) Méthodologies Canary releases ou avoir des testeurs (04 Nov 2021) canary release est une release en prod mais sur un petit sous ensemble des utilisateurs Peut aider a voir si une nouvelle fonctionnalité intéresse les utilisateurs avant de commiter sur le long terme Toujours option du retour arrière Donc peut on réduire les tests internes ? Risque de réputation ou abandon utilisateur (acquisition et rétentions sont chères) Test automatisés compréhensifs permettent le risque de canary Test exploratoires pour compléter les tests automatiques Loi, société et organisation Le droit à decompiler pour corriger des erreurs confirmé légal (21 Oct 2021) arrêt du 6 octobre 2021 Pour corriger une erreur affectant le fonctionnement y compris via la désactivation d'une fonction affectant le bon fonctionnement de l'application Influence de l'amplificartion algorithmique sur le contenu politique (21 Octo 2021) les recommendations algorithmiques amplifient-elle le contenu politique ? dans le cas des timeline organisées algorithmiquement et pas reverse chronologique Est-ce que ça varie entre partis politiques ou groups politiques Des sources de nouvelles plus amplifiées que d'autre Les élus sont plus amplifiés que le contenu politique général Pas d'amplification particulière d.individus ces d'autres au sein du même parti ???? La,droite tend à avoir une amplification plus importante que la gauche Les sources de nouvelles orientées à droite sont aussi plus amplifiées que celles de gauche La méthodologie est détaillée sur par exemple ce qu'est un journal de droite Pourquoi c'est amplifié différemment est une question plus difficile à répondre Amplification n'est pas mauvaise par défaut mais elle l'est si elle amène à un traitement préférentiel du à l'algorithme (vs comment les gens interagissent sur la plateforme) Le PDF de l'étude intégrale Conférences DevFest Lille le 19 novembre 2021 Devoxx France du 20 au 22 avril 2021 SunnyTech les 30 juin et 1er juillet 2022 à Montpellier Nous contacter Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Faire un crowdcast ou une crowdquestion Contactez-nous via twitter https://twitter.com/lescastcodeurs sur le groupe Google https://groups.google.com/group/lescastcodeurs ou sur le site web https://lescastcodeurs.com/

Latitud Podcast
#67 - Fueling innovation in LatAm: Florian Hagenbuch, Loft

Latitud Podcast

Play Episode Listen Later Nov 11, 2021 69:15


Entrepreneurship is much like running into a wall until you knock it down, and German-born Florian Hagenbuch has committed to making sure that the wall stays down for those coming after him.Florian founded Loft to digitalize the real estate market and make it accessible to millions of Brazilians dreaming of owning a home. Their latest funding round bumped them up to a nearly 3 billion-dollar valuation.With a portfolio of over 100 companies he has personally invested into as an angel, his trajectory naturally evolved into the formation of a VC fund. Canary, a pre-seed and seed-stage investment firm in Latin America, has now over $150M in assets under management.In this episode, Florian goes over:The lifecycle of disruption opportunitiesHow fast-growing companies can accelerate careersThe potential of addressable markets in Latin AmericaAngel investing as a way to give backBuilding something new? Apply for the Latitud Fellowship at apply.latitud.com

FreightCasts
F3 Day 02: Canary in the coal mine EP377 WHAT THE TRUCK?!?

FreightCasts

Play Episode Listen Later Nov 10, 2021 44:37


On today's episode Dooner and The Dude are coming to you live from day 2 of the F3 virtual event. They're joined by Anil Khanna, Director of Product: Digital Vehicle Solutions at Daimler on improving fleet uptime via tech. Dennis Anderson, Chief Customer Officer at ArcBest on capacity networks: the unsung heroes of the industry.Thom Albrecht, CFO & CRO at Reliance Partners on trucking's "Canary in the Coal Mine" warning signals?Daryl Failor, Owner Operator at DF Dedicated Fleet shares the carrier perspective on empty milesTrey Griggs. VP, Sales at Lean Solutions Group covers trends in the labor market that will impact hiring in 2022.Visit our sponsorSubscribe to the WTT newsletterApple PodcastsSpotifyMore FreightWaves Podcasts

What The Truck?!?
F3 Day 02: Canary in the coal mine

What The Truck?!?

Play Episode Listen Later Nov 10, 2021 44:37


On today's episode Dooner and The Dude are coming to you live from day 2 of the F3 virtual event. They're joined by Anil Khanna, Director of Product: Digital Vehicle Solutions at Daimler on improving fleet uptime via tech. Dennis Anderson, Chief Customer Officer at ArcBest on capacity networks: the unsung heroes of the industry.Thom Albrecht, CFO & CRO at Reliance Partners on trucking's "Canary in the Coal Mine" warning signals?Daryl Failor, Owner Operator at DF Dedicated Fleet shares the carrier perspective on empty milesTrey Griggs. VP, Sales at Lean Solutions Group covers trends in the labor market that will impact hiring in 2022.Visit our sponsorSubscribe to the WTT newsletterApple PodcastsSpotifyMore FreightWaves Podcasts

Linux User Space
Episode 2:10: Watch_OUT!

Linux User Space

Play Episode Listen Later Nov 8, 2021 84:24


0:00 Cold Open 1:34 Banter: IP Bloggin 12:04 Topic: Ubuntu's Flutter Installer 17:59 Topic: Fedora 35 21:15 Topic: Linux Kernel 5.15 24:51 Topic: Edge Watch! 29:48 Topic: TOK 32:43 Topic: Mozilla Watch! 54:47 Topic: Brave Watch! 1:02:35 Topic: Trojan Source 1:08:54 Housekeeping 1:14:04 App Focus: Fragments 1:19:29 Next Time 1:22:57 Stinger Coming up in this episode 1. Some ip peeking 2. Installing with Flutter 3. Edge Watch 4. Mozilla Watch 5. Brave Watch 6. And fragmented downloads Banter - Leo is working on a blog (https://leochavez.org) post about some basic ip commands. ip -c a ip -br -c a ip -br -c l ip -br -c n ip -c r resolvectl dns Ubuntu Flutter Installer It is in the daily test isos (https://discourse.ubuntu.com/t/new-desktop-installer-preview-build/24765) Look for the Canary builds. Fedora 35 Release Party! (https://fedoramagazine.org/announcing-fedora-35/) What's new (https://fedoramagazine.org/whats-new-fedora-35-workstation/) November 12–13 is the release party - registration required (https://hopin.com/events/fedora-linux-35-release-party/registration) Linux Kernel 5.15 released (https://9to5linux.com/linux-kernel-5-15-released-with-new-ntfs-file-system-in-kernel-smb-server-and-more) Edge Watch Microsoft Edge Now Stable on Linux (https://www.microsoft.com/en-us/edge#linux) Official announcement in there somewhere (https://blogs.windows.com/msedgedev/2021/11/02/edge-ignite-nov-2021/) TOK, a KDE-Telegram Client Niccolò Ve's recent video (https://tube.kockatoo.org/w/kmsaS5tJTaB5AZNRujdRAd) TOK (https://invent.kde.org/network/tok) Mozilla Watch Firefox turns 94 (https://www.mozilla.org/en-US/firefox/94.0/releasenotes/) With EGL in tow (https://mastransky.wordpress.com/2021/10/30/firefox-94-comes-with-egl-on-x11/) more on EGL (https://mozillagfx.wordpress.com/2021/10/30/switching-the-linux-graphics-stack-from-glx-to-egl/) And Side Channel Attack Prevention (https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture/) configure which tabs are unloaded manually in about:unload (https://support.mozilla.org/kb/unload-inactive-tabs-save-system-memory-firefox) Mozilla kills malicious addons used by 455k Firefox users (https://www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/) Plasma Browser Integration Unavailable because of MFA Requirement (https://blog.broulik.de/2021/10/psa-plasma-browser-integration-currently-unavailable/) The delayed commit (https://invent.kde.org/plasma/plasma-browser-integration/-/commit/7f3bc46f90440dd6baccb3e2b9b29212338d2b00) More useful mobile Home page (https://blog.mozilla.org/en/mozilla/news/firefox-brings-you-a-new-homepage/) Brave Watch Brave Ditches Google, Qwant and DuckDuckGo by Default (https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/) Unicode's Bidi Algorithm Breaks All Code Forever (https://www.trojansource.codes/) Rust is the first to patch (that Leo found) (https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html) Housekeeping Ubuntu Security Podcast (https://ubuntusecuritypodcast.org) Reddit subreddit - https://reddit.com/r/LinuxUserSpace/ Email us - contact@linuxuserspace.show Linux User Space Discord Server (https://linuxuserspace.show/discord) Our Matrix room (https://linuxuserspace.show/matrix) Support us at Patreon (https://patreon.com/linuxuserspace) Join us on Telegram (https://linuxuserspace.show/telegram) Follow us on Twitter (https://twitter.com/LinuxUserSpace) Watch us on YouTube (https://linuxuserspace.show/youtube) Or Watch us on Odysee (https://linuxuserspace.show/odysee) Check out our website https://linuxuserspace.show App Focus Gnome Fragments Gnome Fragments (https://gitlab.gnome.org/World/Fragments) Next Time We wrap up our thoughts on Zorin OS Zorin OS (https://zorin.com/os/) Join us in two weeks when we return to the Linux User Space Stay tuned on Twitter, Telegram, Matrix, Discord whatever. Give us your suggestions on our new subreddit r/LinuxUserSpace Join the conversation. Talk to us, and give us more ideas. We would like to acknowledge our top patrons. Thank you for your support! Contributor Nicholas CubicleNate LiNuXsys666 Jill and Steve WalrusZ sleepyeyesvince Co-Producer Donnie Johnny Producer Bruno John

The Citizen's Guide to the Supreme Court
SB8 Oral Argument (aka 2 Canary 2 Coal Mine)

The Citizen's Guide to the Supreme Court

Play Episode Listen Later Nov 7, 2021 58:33


Brett and Nazim return with a discussion on the oral argument in Whole Women's Health v. Jackson and United States v. Texas, which both address the (procedural) Constitutionality of Texas' abortion ban supported by private enforcement.  This discussion includes (1) what are they talking about, (2) how did this get here, and (3) is this going to be over soon.  Law starts at (05:02); and for reference, there are minor sound static in the third act because Brett was pounding on his desk when he talked, but it goes away fairly quickly.

Insurance Dudes: Helping Insurance Agency Owners Gain Business Leverage
Perry's Marketing Sanctuary Will Gleefully Marry Your Keyword Canary Part 2

Insurance Dudes: Helping Insurance Agency Owners Gain Business Leverage

Play Episode Listen Later Nov 4, 2021 22:34


The World Famous Insurance Dudes chat with Perry Olson Part 2We Are Insurance Dudes!!! We Are Here To Learn From All The Incredible Insurance Dudes And Dudettes We Speak With And To Pass The Knowledge Nuggets That We Learn To Our Dedicated And Amazing DudeNation!For All Things Related To Being An Insurance Dude or Dudette,  Incredible Tips, Amazing Tools, and Valuable Resources, Check Out The Insurance Dudes Hub!https://www.theidudes.com/Are you interested in learning  “How To Predictably Sell 6-Figures A Month From Insurance Internet Leads While Saving You Time And Money!?"Head over to our free masterclass  today! Click Herehttps://www.theidudes.com/masterclass-registration1619461457775..................................................................................................................................................................About PerryPerry Olson is an award-winning insurance agent providing coverage for individuals, families, and businesses across Nevada, California, Utah and Arizona. But before he started his career as a celebrated State Farm insurance agent, he was a Jackrabbit… at South Dakota State University! After graduating, he hopped into the insurance industry in 2002 to help connect people with the policies they need.In 2006, Perry headed west to join State Farm in Las Vegas, NV. By 2012, Perry had become a Nevada multi-office agent with three offices offering auto, home, life, and business insurance. Today, he and his team have grown his agencies to one of the largest offices in the country servicing over 12,000 households and 25,000 policies.His success has earned him attention in the industry. In addition to receiving awards from State Farm and other organizations, Perry was one of the first agents to qualify for President's Club (top 50 in the company) in both his offices in the same year! Perry is also a member of the Million Dollar Round Table.Perry's philosophy for business is simple: put the customer first. This mantra is what has led Perry to employ more team members than any other agent in the nation. He believes that his team should be available to help customers and ensure they get the coverage that suits their specific needs.   With two bustling offices, Perry's a busy guy. But he still finds time to enjoy his hobbies, like traveling, trying different Peloton workouts, and winding down with his pets.   Website: https://www.perryolson.com/Linkedin: https://www.linkedin.com/in/perry-olson-62888842Facebook: https://www.facebook.com/Perry-M-Olson-State-Farm-Agent-106224044265376/https://www.yelp.com/biz/perry-olson-state-farm-insurance-agent-las-vegas

Like a Boss
Izabel Gallera, sócia do Canary. Primeiro cheque, primeira rodada.

Like a Boss

Play Episode Listen Later Nov 4, 2021 45:21


Grupo exclusivo ouvintes do Like a Boss: https://t.me/grupolikeaboss. A Izabel Gallera é engenheira de formação e sócia do Canary, firma de investimentos que mudou a trajetória do venture capital no Brasil. Junto dos fundadores Marcos Toledo, Mate Pencz, Florian Hagenbuch, Julio Vasconcellos e Patrick de Picciotto, a Bel e os demais sócios do fundo têm a […] O post Izabel Gallera, sócia do Canary. Primeiro cheque, primeira rodada. apareceu primeiro em Like a Boss.

Insurance Dudes: Helping Insurance Agency Owners Gain Business Leverage
Perry's Marketing Sanctuary Will Gleefully Marry Your Keyword Canary

Insurance Dudes: Helping Insurance Agency Owners Gain Business Leverage

Play Episode Listen Later Nov 3, 2021 19:05


The World Famous Insurance Dudes chat with Perry OlsonWe Are Insurance Dudes!!! We Are Here To Learn From All The Incredible Insurance Dudes And Dudettes We Speak With And To Pass The Knowledge Nuggets That We Learn To Our Dedicated And Amazing DudeNation!For All Things Related To Being An Insurance Dude or Dudette,  Incredible Tips, Amazing Tools, and Valuable Resources, Check Out The Insurance Dudes Hub!https://www.theidudes.com/Are you interested in learning  “How To Predictably Sell 6-Figures A Month From Insurance Internet Leads While Saving You Time And Money!?"Head over to our free masterclass  today! Click Herehttps://www.theidudes.com/masterclass-registration1619461457775..................................................................................................................................................................About PerryPerry Olson is an award-winning insurance agent providing coverage for individuals, families, and businesses across Nevada, California, Utah and Arizona. But before he started his career as a celebrated State Farm insurance agent, he was a Jackrabbit… at South Dakota State University! After graduating, he hopped into the insurance industry in 2002 to help connect people with the policies they need.In 2006, Perry headed west to join State Farm in Las Vegas, NV. By 2012, Perry had become a Nevada multi-office agent with three offices offering auto, home, life, and business insurance. Today, he and his team have grown his agencies to one of the largest offices in the country servicing over 12,000 households and 25,000 policies.His success has earned him attention in the industry. In addition to receiving awards from State Farm and other organizations, Perry was one of the first agents to qualify for President's Club (top 50 in the company) in both his offices in the same year! Perry is also a member of the Million Dollar Round Table.Perry's philosophy for business is simple: put the customer first. This mantra is what has led Perry to employ more team members than any other agent in the nation. He believes that his team should be available to help customers and ensure they get the coverage that suits their specific needs.   With two bustling offices, Perry's a busy guy. But he still finds time to enjoy his hobbies, like traveling, trying different Peloton workouts, and winding down with his pets.   Website: https://www.perryolson.com/Linkedin: https://www.linkedin.com/in/perry-olson-62888842Facebook: https://www.facebook.com/Perry-M-Olson-State-Farm-Agent-106224044265376/https://www.yelp.com/biz/perry-olson-state-farm-insurance-agent-las-vegas

Political Misfits
Assange Court Proceedings; Zuckerberg's Metaverse; Biden in Europe; Lebanon Crisis

Political Misfits

Play Episode Listen Later Oct 30, 2021 110:27


Mohamed Elmaazi, journalist and contributor to numerous outlets including Jacobin, The Canary, The Grayzone, and The Real News, joins us to talk about the court proceedings in the appeal filed by the U.S. in the extradition case of Wikileaks founder Julian Assange. We talk about whether the Yahoo News report describing conversations within the U.S. government about, among other ideas, assassinating Assange, has colored the public perception of the case, and whether it will affect the outcome of the case itself.Morgan Artyukhina, writer and news editor at Sputnik News, joins us to talk about Mark Zuckerberg's new plan to change the way we live our lives by unveiling his concept of the metaverse, which envisions conducting our daily interactions through avatars in virtual reality. We talk about how this move means that Facebook is treading even more into public utility territory, whether this transformation will make our government reconsider the way Facebook as a communication device is treated, and whether the company's ambitions are actually achievable. Reilly Colin Dixon, reporter for Yellow Springs News, joins us to talk about plans by famous and controversial comedian Dave Chappelle's plans to develop his hometown of Yellow Springs, Ohio by building a comedy club, restaurant, production studio and offices, and a business/housing mixed development project, the intersection between comedy and politics, whether celebrities are the best spokespeople for political causes, and the long history of activism and and counterculture of the town. Laith Marouf, international affairs analyst and media law consultant, joins hosts Michelle Witte and Bob Schlehuber to talk about President Biden's visit to Europe, where G-20 leaders are expected to endorse a 15 percent global minimum corporate tax rate, hold discussions on Iran, and seek to iron out supply chain issues. We also talk about Israel's announcement targeting six Palestinian groups, allowing authorities to freeze their funds and potentially arrest their leaders, as well as the ongoing crisis in Lebanon that has suffered shortages of essential goods and has seen multiple deadly protests, and how corruption at the top has been one of the main drivers of this crisis.

Craig Peterson's Tech Talk
How Ransomware, Trojanware, and Adware Hurt You

Craig Peterson's Tech Talk

Play Episode Listen Later Oct 29, 2021 85:09


How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now that pretty much everybody is going to be facing a serious ransomware attack within the next 12 months. The numbers are staggering. And what are they doing while now they're getting you with the double whammy. [00:00:50] The first whammy is they encrypt your data. Your computers are encrypted, everything on them. So you can't use them anymore. Bottom line. Yeah, they'll boot they'll run enough in order to be able for you to pay that ransom. But any document that you might care about, any PDF, any word doc, and the spreadsheet is going to be encrypted. [00:01:14] And the idea behind that is. You have to pay in order to get that decryption key about 50% of the time. Yeah. About half of the time. Even if you pay the ransom, you'll get your data back the rest of the time. No, you you'll never see it again. So what do you do about that type of ransomware? Well, obviously most people just pay the rent. [00:01:39] But that's gone up as well. We've seen over a hundred percent increase in the amount of ransom people happy. So what's the best thing to do. What's the easiest thing to do in order to help you with this type of ransomware while it's obviously to have good backups. Now I'm going to be doing a bootcamp. [00:02:00] We're going to talk about this and a workshop. I really want to get going with these one week long workshops. So we'll do a, at least a couple of times a month in these boot camps that we'll do pretty much every week here, but they're coming up fairly soon. You'll only know about them. If you are on my email list, that is Craig peterson.com and the number one thing that you can do to. [00:02:27] You when you're hit with this type of rent somewhere, because if you're not taking all of the other precautions, you should be digging under really good that you're going to get hit the better than 50%. And once you do is have a good backup, and I want to warn everybody because I've seen this again and against people just keep making this mistake, probably because they don't get it. [00:02:51] They don't understand why and where and how, when it comes to ransom. The mistake is they do a backup to a local desk. Now, many times the backup is on a thumb drive or USB drive. So you just go to the big box store. You go to Amazon, you order an external drive. You're just amazed how cheap they are. [00:03:16] Nowadays. Once you've got that drive, you plug it in. You turn on some backup software. Maybe it's something you've used for some years, maybe. If you have a Mac, you're just using the built-in backup software. Even the windows operating system now comes with some built-in backup and you think you're off and running because every so often it back. [00:03:40] If we're using a Mac is smart enough to not only back up your whole machine, but as you're editing files, it's going to go ahead and make a backup of that file as you're editing it. So if there is a crash or something else, you're not going to lose much. I just love the way apple does that. Huge problem. [00:03:59] Because if the disc is attached to your machine, or let's say that disc is on a file server, cause you're smart, right? You set up some network attached storage of some sort and your machine has access to it. And so you're sending it off of your machine to a central. Well, you still got a problem because if your machine can read or more particularly right to a location on your network or locally, that ransomware is going to also encrypt everything, it can find there. [00:04:37] So, if you are sharing a network drive and you get ransomware, when you remember the odds are better than 50%, you're gonna get it. Then what happens? What would this type of ransomware it not only encrypts the files on your computer, but encrypts them on the backup as well. And it also encrypts them on any of the. [00:04:58] File servers or network attached storage the, to have on your network. So now everything's encrypted. You wonder why someone and people pay the ransom? Oh, that's a large part of the reason right there. And I keep saying this type of ransomware because there isn't another type of ransomware and they usually go hand in hand. [00:05:21] The bad guys were not making enough money off of holding your files. Rants. So the next thing the bad guys have done is they've gone to a different type of extortion. This one is, Hey, if you don't pay us, we are going to release your files to the world. Now they might do it on a dark website. They might do it on a publicly available site, which is what many of them are starting to do now. [00:05:51] And you're going to either be embarrassed or subject to a lot of fines or both, because now if your files have. Confidential information. Let's say it's your intellectual property. Now, anybody who bothers to search online can find your intellectual property out there. If you have anything that's personally identifiable information. [00:06:18] And it gets out. Now you are subject to major fines. In fact, in some states like California and Massachusetts, you are subject to fines. Even if the bad guys don't post it online. So that's the second type of ransomware and it's a bad type. And usually what'll happen is the bad guys, get their software on your machine and they can do it in a number of different ways. [00:06:45] One of the popular ways to do it now is to just break in because. Our businesses, we've, we've set up something called remote desktop, and we're using remote desktop for our users to get in. And maybe we're using some form of a VPN to do it with, or maybe we've made the mistake of using express VPN. And, uh, we have that now connected up to our homes and we think that that's keeping us safe. [00:07:13] And I got a few things to say about that as well. These VPN services. What happens now while Microsoft remote desktop has been under major attack and there are some major flaws. Some of these were patched more than a year ago now, but according to recent studies, 60%, almost two thirds of businesses have not applied the patches. [00:07:42] You know, th this is basic stuff. And I understand how hard it can be and it can be confusing and you can break your systems, but you have to weigh that against well, what's going to happen if our systems are broken into, because we didn't apply the patch. So that's the second type of ransomware and that's what most people are afraid of and for good reason. [00:08:07] And one of the things we do for businesses and we do ransomware audits, we have a look at your systems, your firewalls, et cetera, and make recommendations to. Man. I got to talk about this too, cause it really upset me this week. I signed up for a webinar just to see what was going on. There's a company out there that sells these marketing systems to managed services providers. [00:08:33] And I, I, I had to turn it off like instantly because it was just such. Garbage that they were telling managed services providers MSPs to do. I couldn't believe it. So this guy was talking about how, again, I turned it back on and I said, Hey, I've got to watch us anyways, because I need to know what's going on. [00:08:54] And this guy was telling these managed services providers, how they can double their clothes. I couldn't believe this guy. Cause he was saying that what they do is they offer to do a ransomware audit for businesses and they say, normally we charge $6,000 to do a ransomware audit, but I tell you what we'll do it for you for. [00:09:20] Now, this is a guy that he had an MSP managed services provider. Apparently he had started it and he was bringing in more than $1 million per month in revenue. Can you imagine that monthly recurring revenue over a million dollars? And so he's telling people businesses, Hey, I have a $6,000 audit that we'll do. [00:09:47] For free, Hey people, how long have we said, if you're not paying for something your, the product remember Facebook, right? Google, Instagram, all of those guys, Twitter, you don't pay for it, but your information is the product. So what's this guy doing well, guess what? His audit, it's going to show his audit. [00:10:10] It's going to show that you need him. And he's sucked in hundreds of businesses and he didn't even know what he was doing when it came to the audits or protecting them. It is insane. What's going on out there. I am ashamed of my industry, absolutely ashamed of it. You know, I've got my first attack, successful attack against my company back in 91 92. [00:10:42] And I learned this stuff because I had to, and I help you guys because I don't want you to get stuck. Like I was so important, important word of advice. If you want to nod it, go to someone that charges you for the audit. That's going to do a real one. It's going to give you real advice that you can really need and use rather than, Hey, you knew do use me. [00:11:11] Because my free audit tells you so, so many scams. [00:11:15] What is ad where in what is crypto, where these are two types of real, kind of bad things. Won't gray areas, things that are hurting us, our mobile devices, our businesses. And our homes. [00:11:32] Adware is also a type of malware that's been around a long time. But it does live in a gray area. [00:11:42] And that gray area is between basically marketing and, uh, well outright fraud. And I don't even want to call it just marketing because it's very aggressive market. What they will do with add where is they? They will have some JavaScript code or something else that's embedded on a webpage, and that's usually how you get it. [00:12:09] And then once it's in, in your browser, it sits there and it pops up things. So it'll pop up an ad for this, pop up an ad for that, even if it's. Uh, part of the site that you're on right now, and it can live for months or years on your computer. We've known for a long time about ad where on the windows environment and how it has just been just terribly annoying at the very least Microsoft and genetic Explorer. [00:12:40] One of the worst web browsers ever. Perpetrated on humankind was well-known for this. And of course, Microsoft got rid of internet Explorer, and then they came up with her own symposer browser, the edge browser that was also openly scorned. And so Microsoft got rid of their edge browser and switched over to basically Google Chrome chromium, and then changed his name to the edge browser. [00:13:11] And so you think you're running edge, but you're kind of not, you kind of are. So they did all of that in order to help with compatibility and also to help with some of these problems that people have had using that Microsoft browser online, very, very big problems. So what can you do about it and what does it do to you and where can be very. [00:13:37] You might've had it before words always popping up again and again and again on your browser, just so crazy knowing it it's insane, but it can also be used to spy on where you're going online and potentially to, to infect you with something even worse. Sometimes some of this ad where we'll purposely click on ads, that the people who gave you the ad were, are using as kind of like a clickbait type thing. [00:14:09] So you go to a website and it was. Automatically click certain ads and click on unbeknownst to you, right? It's as though you went there so that people have to pay for that ad. And sometimes aids are very, very complicated. Sometimes they'll use. In order to drive a competitor out of business or out of the market, because the ads are so expensive because so many people are supposedly clicking on the ads. [00:14:40] But in reality, you didn't click on the ad. You're not going to see that page that you supposedly clicked on, and it's going to cost that advertiser money, whole bunch of money. You might not care. Right. But it is. Ad ware over on the Mac, however, is the only real malware menace at all I had to where is something that choosed fairly frequently on the Mac? [00:15:09] It is pretty darn easy to get rid of. And as a general rule, it doesn't work very well on the Mac. Although I have seen some cases where it got very, very sticky. Where someone ended up installing it, it wasn't just running in the browser, but they installed it on their Mac, which is something you should never do. [00:15:29] But apple has some things in place to help stop any of this from happening. And it's gotten a lot better. I haven't seen this problem in a couple of years, but apple is using the signature based blocking technology called export. They also have at apple, this developer based notarization of apps. And so the run of the mill malware, which includes most of this Al where really can't find a foothold. [00:15:57] But I want to remind everybody that if they can get Al add where onto your computer, they might be able to get something worse. So you really got to keep an eye out for no two ways about it. There are some companies out there, for instance, there's this one. Parrot, which is a program linked to this Israeli marketing firm that gains persistence on your browser and potentially could gain root access to the Mac system. [00:16:30] So careful, careful on all fronts now. Anti-malware stuff that we use for our clients is called amp, which is an advanced malware protection system. That's been developed by our friends over at Cisco it's amp is very, very good. Unfortunately, you cannot get it unless you buy it from somebody like us and you have to buy so many seats for some of this stuff, it gets gets expensive quickly. [00:17:00] Um, if you can't do that much, a lot of people like Malwarebytes, there are some very good things about it, but be careful because in order for this to work, this is Railey parrot software to work. It has a fake install. So again, it's just be careful if you know how apple installed software, you know that unless you have instigated it, it's not going to be installed. [00:17:30] You're not just going to see an installer. And say, Hey, we're apple install us. Right? Apple just does it in the background when it comes to updates patches. But they're very sneaky here trying to install things like the Adobe floor. Player, which has been deprecated. Deprecated is completely now gone from Mac systems and from windows systems, you should not be using flash at all anymore. [00:18:02] It was very, very bad. So up becomes you, you go to wound stole the leaders flash player, or, and I'm sure they're going to change this or something else, right? It won't be flashed in a future. It'll be a Adobe. Would you also don't need on a Mac. So anyhow, that's what you got to be careful of ad were still a big problem in windows. [00:18:25] Not much as much as it used to be. Uh, thanks to the change to Google Chrome, which Microsoft has rebranded as of course its own edge browser. Much of a problem at all on Macs, but be very, very careful in either platform about installing software that you did not start installing. Now earlier this year, there's a security firm called red Canary that found something that's been named silver Sparrow. [00:18:58] That was on a. 30,000 Mac computers. And apparently the developers for this malware had already adapted it to apples and one chip architecture and have distributed this binary, this program as a universal binary. Now in the macro, the member doesn't just use Intel. It used to use power PCs and then it used Intel. [00:19:21] And now it's using its own architecture for the chips themselves. So a universal binary is something that will run on Mac Intel based and Mac architecture base. But, uh, the bottom line is that this proof of concept. Malware, if you will had no payload. So we know it's out there, we seen it now on almost 30,000 Mac computers, but at this point it's not really doing much, much at all. [00:19:53] So. These are malicious search engine results and they're directing victims to download these PKGs, which are Mac packaged format installers based on network connections from your browser shortly before download. So just be very careful about all of that. It can be something as annoying as malware or something as a malicious. [00:20:17] Well, potentially as ransomware. Particularly if you're running windows, Hey, if you want to find out more about this, if you want to get into some of my free courses here, we got free boot camps coming up. Make sure you go to Craig peterson.com/subscribe. More than glad to send you my show notes, a little bit of training, and of course, let you attend these free bootcamps that are now to sell you stuff, but solve problems for you. [00:20:49] Hey, if you use VPNs to try and keep yourself safe, particularly if you use express VPN. Wow. What just came out is incredible. It is anything but safe and secure. [00:21:06] Express VPN was purchased by a company called Cape K A P E. Cape is a company that had changed its name because oh, things were bad. [00:21:19] Right. It was originally founded under the name of cross writer. And you might've seen notices from your anti-malware software over the years for everything from Malwarebytes on saying that, oh, it blew up. To this cross writer piece of malware, most of the time it's ad ware, but it is really interesting to see because this company was founded by a person who was part of the Israeli secret service. Right? So it wasn't of course not. It's not called the secret service over there in Israel. And it, frankly, it compares to our NSA, you know, no such agency. Yeah. It's part of unit 8,200 in the Israeli intelligence military. And it's been dubbed, of course, Israel's NSA. Teddy Saggy, which was one of these investors also was mentioned in the Panama papers. [00:22:24] Remember those? We talked about those back in 2016, those were leaked and that showed these law firm, this one particular law firm in panel. And that we're sheltering assets for people all over the world. And so now that express VPN is owned by this company that is, this company built entirely by intelligence agents for almost a billion. [00:22:55] Dollars in cash and stock purchases. That's a much, they sold express VPN for almost a billion dollars, which is kind of crazy when you think of it as a VPN service, but makes a lot of sense. If you're going to want to monitor what people are doing, where they're going, maybe even break into their systems or better choice than a VPN provider and the. [00:23:20] The company has been buying up VPN providers and is now the proud owner of express VPN. If you attended my VPN workshop that I had, oh, it's probably been a year and I'm going to start doing these again. I promise, I promise. I promise, but you know how much I just like VPNs. In fact, one of you guys, I'm sorry, I forgot your name. [00:23:46] Send me. A couple of weeks ago now about VPNs and saying, I know how much you disliked VPN look at this article. And it was talking about this whole thing with express VPN. So they just now all over the place, the discussions online about what. Been to hear who the founder was, the CEO, the CTO, this growing portfolio that they have in Sunbrella of ownerships, that now is centralized in a multiple VPNs. [00:24:15] Now, Cape technology only started acquiring VPN companies about four years ago. And they've been in business now for over a decade. And what were they doing before? They started buying VPN companies? While they own VPN companies. Oh, they were a major manufacturer and distributor of. Malware of varying types. [00:24:40] Now the first part of the show today, of course, I was explaining some of the differences, like ad words, et cetera, so that you could understand this story. Right? Ghulja that? So you can understand this. That's what these guys have been doing. It's absolutely crazy. So the F the co-founder of Cape technology and former CEO started his career in information technologies while serving in the Israeli defense forces. [00:25:08] As I mentioned, Israeli intelligence Corps under unit 8,200 it's that unit is responsible for. Dean what's called signal intelligence and data decryption. Now we have signal intelligence here as well, and that's basically intercepting signals, figuring out what's being said, what's going on? Where they are, the size of the forces, et cetera. [00:25:32] I have a friend of mine, a young lady who is in signal intelligence in, I think it's the Navy, but every part of our military has it is. However, our military doesn't directly control VPM services like express VPN that can be used in a very big spike capacity. That's what I'm really concerned about. Now. I also, I found an interesting article on zero hedge about this, uh, you know, this company express, VPN being acquired. [00:26:06] But they're also pointing out that companies that were founded by former operatives of unit 8,200. That again, the Israeli version of the NSA included. Ways Elbit systems, which is right in my hometown of Merrimack, New Hampshire and slews of other startups now ways. Right. I, I used ways I recommended people to use it and of course, Google bought it a few years back and that's when I stopped using it, but it was really nice. [00:26:39] It worked really well. And I had no idea the information was likely going to. The Israeli defense Corps. Oh my goodness. There's spy agencies, uh, and a bunch of other startups, by the way. It's estimated that there have been over 1000 stack tech startups that came out of the people working at unit 8,208. [00:27:07] Again, they're CIA NSA, uh, guys, their spine on everybody. You can, you believe that? And they've been bought by a mentioned Google, but other companies like Kodak, PayPal, Facebook, Microsoft have bought them. So in addition to the thousands of companies, according to zero. Uh, unit 8,200 has also fostered close working relationship with the U S government, which you would expect, right? [00:27:33] Edward Snowden. You remember him? He disclosed leaked documents. He obtained, which included an agreement between the NSA and the Israeli defense force. The agreement showed that the U S intelligence. Agency would share information. It collected under domestic surveillance operations with it. Israeli counterpart. [00:27:53] You remember we talked before about the five eyes, seven eyes searching eyes. It's up in the twenties. Now these countries that spy on each other citizens. For the other countries, right? Yeah. Your information might not be collected by the U S government, but the U S government gets it by buying it from private contractors, which it says it can do because we're only barred from collecting it ourselves. [00:28:17] We can use private contractors that collected on you. And also by going in partnership with foreign government. Because again, we can't collect that information, but we can certainly have the Israelis or, or the Brits or the Australians or Canada. They could collect it from. Can you believe this, how they're just stretching these rules to fit in what they want to fit. [00:28:39] Okay. Completely ignoring not only the constitution, but the laws of the United States. It's, it's just absolutely incredible. So critics of this unit, Eddy 200 attested that the Israeli intelligence outfit routinely uses the data received from the NSA by providing it to. Politicians Israeli politicians for the basics of blackmailing. [00:29:06] Yes. Blackmailing others. Yes. Indeed. Other whistle blowers have revealed any two hundreds operations have been able to disrupt Syrian air defense systems, hack Russia. Cap Kaspersky labs. You remember I told you guys don't use Kaspersky antivirus and has outfitted several Israeli embassies with Glendale, seen surveillance systems, cleanse Stein. [00:29:31] However you want to pronounce it. By the time Cape technologies acquired his first VPN company. Uh, the CE original CEO had left and he went on to found cup pie before leaving as it CEO in 2019, it goes on and on, uh, bottom line gas, SWAT express VPN, which is advertised by so many conservatives. Now looks like it is actually part of a spy operation. [00:30:01] So sign up now. Craig peterson.com. Craig peterson.com/subscribe. You're going to want to attend my free VPN webinar. Hey, I don't have anything to sell you when it comes to VPNs. I just want you to know the truth. [00:30:17] Labor shortages are making businesses turn direction. And now that we're laying off people or firing them because they didn't take the jab, what are businesses going to do? Well, I have news for you that reduced workforce, well, guess what?. [00:30:34] U.S. Businesses are really seriously moving to automation. [00:30:39] Now they've been doing this since the start of this whole lockdown. They were doing it even before then. I tell the story of when I was in France, a boom went four or five years ago now, and I stayed off the beaten path. I was not in the touristy areas. I speak French. So I went just where the. I decided to go, my wife and I, so we rented a car and we spent a month just kind of driving around where do we want to go next to, or do we want to go next? [00:31:08] It was a whole lot of fun. And while we were there on a Sunday, I came to realize that these small French towns have no restaurants open on Sunday, nothing at all, talking about a bit of a culture shock. That's not true. There was one restaurant opened in the town and that restaurant was, and McDonald's. [00:31:30] So when I go to McDonald's here a few years ago in France, central France. And when I walk in, there's nobody at the counter, but they're all. Oh, half a dozen kiosks out front. So you go and you order your hamburger, whatever might be, or your drinks, et cetera, right there in the kiosk, you pay for them riding the kiosk. [00:31:53] And there's some people working out back that are then making the hamburgers or the milkshakes or coffee, whatever you ordered and bringing it up to the front. And then they just put her right there for you to grab that simple. And this was of course, pre. Down days, I assume that it has gone even more automated. [00:32:14] Uh, they're in France, but hard to say. And I've seen the same thing here in the us. I was out in Vermont just about a month ago and I was riding with a buddy of mine, motorcycle riding, couple of buddies, actually. And we stopped in this small. Town. And we went to this little breasts, breakfast restaurant and the breakfast restaurant had maybe four or five tables inside. [00:32:42] And you just sat at the table. No waitress came up, but there's little sign with the QR code. So it said a scan, the QR code to get started. So you scanned it, it knew based on the QR code, which table you were at, and it showed you the menu that was in effect right then and there. So the lunch menu or the breakfast or the all day, you got to pick it and then you selected what you wanted. [00:33:08] It used whatever payment you wanted. I used apple pay. And in order to pay for my breakfast and my buddy ordered what he wanted. And then out came a waitress who delivered the food. Once it was already in the drinks, it was very automated. It allowed them to cut back on some people and others, this small restaurant, they probably had one last waitress, but when you kind of had in the shifts. [00:33:33] Days and vacation days is probably two waitresses. So they're saving some serious money because a system like this that you just scan a QR code and do the order and it prints up in the kitchen is cheap compared to hiring. Well, of course, it's hard to hire people, especially in the restaurant industry nowadays heck and in my business where we go in and we do analysis of computer networks and systems, it's almost impossible to find people that are really well qualified that understand the regulations that apply to these different businesses. [00:34:10] So it's like, forget about it. There's more than a million of these jobs open right now. And just in this cybersecurity. Well, September mark, the end of the real lockdown induced unemployment benefits workers. Didn't just flood the labor market as we kind of expected. And we have now few, we have more people now. [00:34:38] Who are out of the workforce. Who've decided not to look for a job than we did in 2008. So that's telling you something 2008 during the great recession. Interesting things are about to happen, but there's a great little article that I found in. Times this week, and it's talking about this quality local products company out of Chicago, the prince logos on merchandise, like t-shirts water bottles, you know, the little stress balls, all of that sort of stuff. [00:35:10] And he said prior to the pandemic, we had over 120 employees. That's the co-founder talk in there. And he said, Primary focus was on growth. We simply plugged any holes or any efficiencies that we could along the way with human capital, bringing people in. But once the lockdown happened, of course, all of a sudden now you don't have the access to employees you had before. [00:35:36] So they had a huge decrease also in business. So those two went hand in hand. They let a lot of people go and they use the opportunity to program many of the previous manual and human controlled activities into computers. So now 18 months later, yeah, two weeks to flatten the curve. Right? 18 months later, the company employees, 83 workers. [00:36:03] And as managing a workload, that's pretty much the same as pre lockdown. So they went from over 120 employees down to 83. So basically they cut 40 employees from the workforce. That's a whole lot of quarter of the workforce gone. They don't need them anymore. So that's going to help produce more profits for them. [00:36:27] A lot more profits. Cause usually automating. Yeah, it can be painful, but it usually has major paybacks and that's exactly what it had for them. And they're saying that they anticipate that they can reduce employees even more by the end of this year and get their head count below. 50 now 50 is a magic number. [00:36:48] So it was a hundred when it comes to employees. Well, one is like the biggest magic number because when, once you have one employee, you all of a sudden have to comply with all kinds of rules, regulations, state, local, federal. But if you hit 50 employees, you have the next step of major new regulations that are gonna affect your business. [00:37:09] And then when you hit a hundred employees, Even more, so many people try and keep their businesses below 50 employees because it's just not worth it to have all of those regulations, additional regulation, taxes, and everything else. Another company, this is a California based property management. The managing more than 90,000 commercial and residential properties. [00:37:33] And what they've done is they added a chat feature to the website, the company's called sea breeze. And he says, even though we have the live chat, you can still reach us outside of business hours. Well, You are using the chat or you can call us either way, but they're saying people like the simple form and someone gets back to them as soon as they can. [00:37:57] So they're avoiding now having staff available 24 7 to respond to chat messages and to respond to the voicemails and phone calls that come in. So it's pretty good all the way around, frankly, new shopping models are in place. I'm looking at a picture of a business and it has. Of course, a window up front and in the window they have jewelry. [00:38:21] This is a jewelry store and they've got QR codes in front of each of these pieces of jewelry right on the inside of the window. So if you're interested in finding out more about that piece of jewelry, Just scan the QR code. It'll take you to the right page on their website and we'll even let you buy the jewelry and they will mail it to you again. [00:38:46] How's that for? Great. If you have a business in a tourist jury area and you don't want to be open until 11:00 PM at night, your story can keep selling for you. Even when you're close. This is window shopping, taken to an extreme, very simple. To do as well. This company is called full me waiter. Obviously they've got a bit of a sea theme here. [00:39:10] So once someone orders the jewelry and the other merchandise sent right to them, or they can have it set for pickup in the store, when they next open it's phenomenal. They're calling. Alfresco shopping space, right from the sidewalk. So businesses again are returning to pre pandemic levels and he, this guy is available in the store by appointment only he's loving it. [00:39:37] And he says that customers have been so satisfied with this QR code window shopping contract. That he wrote a guidebook. You can get it@scantshopsolution.com or excuse me, scan, just shop solution.com. I misread that. So any retailers who want to use this method, if you don't know what QR codes are, or you don't know how to code it into a website, et cetera, she's got webinars she's taught on it and she's got the guide book. [00:40:05] I think this is great. Right? So she's now making some money on. Explain to other people, how she did this. It's phenomenal across industries. Epic times is saying the staffing shortages could be temporary, but as firms are further embracing, embracing automation and all of its benefits, some of these jobs that people just don't want anymore may actually be going away. [00:40:33] And I think this is ultimately a problem. We had, uh, you know, again, I'm older generation, right? Us baby boomers. We had opportunities when we were younger. I had newspaper routes. I had the biggest drought in the area. I can't remember. It was like 120 homes. It was huge. It took me hours to do, but I made money. [00:40:56] I learned how to interact with people. I knew, I learned how to do bill collection, how important it was not to let customers get too far behind on their bills. Although I have been slack on that one, I'm afraid, but it helped me out a lot. So, what are kids going to do that need to learn a work ethic that need to be able to have a job, make the mistakes, maybe get fired a once or twice or, or three times maybe learn how to interact with customers. [00:41:27] Everyone, I think can benefit from some retail experience. Get that when you're young and if these jobs don't exist, then. Or the younger generations here, are they just going to be trying to find jobs they can do with Instagram? Right? They're all I know. A few kids who have said, well, I'm a social media influencer and you look them up and okay. [00:41:50] So they got a thousand people following them. I have far more than that, but you know, it, that's not a job. It's not going to last. Your looks are only going to last so long. Right now you start having a family and you start working hard outdoors, et cetera. There's a lot of things that make that all go away. [00:42:09] So I think many businesses now we're going to continue to accelerate our plans program out and. A lot of weld pain positions, as well as these entry-level positions in the next five or 10 years. Really? I don't even know if it's going to be 10 years retool retrain our workforce, or everyone's going to be in for a world of hurt. [00:42:33] Hey, make sure you subscribe. So you're not in a world of hurt. Get my latest in news, especially tech news and cybersecurity. Craig peterson.com. [00:42:46] In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business, email compromises. It's really crazy. That's what we're going to talk about. [00:43:03] An important part of keeping ourselves safe in this day and age really is con to confuse the hackers. The hackers are out there. They're trying to do some things. For instance, like business, email compromise. It is one of the biggest crimes out there today. You know, you hear about ransomware and. It hits the news legitimately. [00:43:26] It's very scary. It can really destroy your business and it can hurt you badly. If you're an individual you don't want ransomware. Well, how about those emails that come in? I just got an email in fact, from a listener this week and they got a phone call. His wife answered and it was Amazon on the phone and Amazon said, Hey, listen, your account's been hacked. [00:43:54] We need to clear it up so that your identity doesn't get stolen. And there's a fee for this. It's a $500 fee. And what you have to do is just go to amazon.com. Buy a gift card and we'll then take that gift card number from you. And we'll use that as the fee to help recover your stolen information. So she went ahead and did it. [00:44:20] She went ahead and did all of the things that the hackers wanted and now they had a gift card. Thank you very much. We'll follow up on this and. Now she told her husband, and of course this isn't a sex specific thing, right. It could have happened to either one. My dad fell for one of these scams as well. [00:44:44] So she told her husband or her husband looked at what had happened and said, oh my gosh, I don't think this is right. Let me tell you, first of all, Amazon, your bank, various credit card companies are not going to call you on the phone. They'll send you a message right. From their app, which is usually how I get notified about something. [00:45:10] Or they will send an email to the registered to email that. Uh, that you set up on that account. So that email address then is used by them to contact you right. Pretty simple. Or they might send you a text message. If you've registered a phone for notifications, that's how they contact you. It's like the IRS. [00:45:35] I was at a trade show and I was on the floor. We were exhausted. And I got no less than six phone calls from a lady claiming to be from the IRS and I needed to pay right away. And if I didn't pay right away, they were going to seize everything. And so all I had to do. Buy a gift card, a visa gift card, give her the number and she would use that to pay the taxes it and this lady had a, an American accent to one that you would recognize. [00:46:10] I'm sure. And it's not something that they do now. They do send emails, as I said. So the part of the problem with sending emails is, is it really them? Are they sending a legitimate email to a legitimate email address? Always a good question. Well, here's the answer. Yeah, they'll do that. But how do you know that it isn't a hacker sending you the email? [00:46:42] It can get pretty complicated. Looking into the email headers, trying to track. Where did this come from? Which email servers did it go through? Was it authenticated? Did we accept? Did the, uh, the provider use proper records in their DNS, the SPIF, et cetera, to make sure that it's legitimate. Right? How do you follow up on that? [00:47:07] That's what we do for our clients. And it gets pretty complicated looking at DKMS and everything else to verify that it was legitimate, making sure that the email came from a registered MX server from the, the real center. There is a way around this. And this has to do with the identities, having these fake burner identities. [00:47:33] I've been doing this for decades myself, but now it's easy enough for anybody to be able to do. There are some services out there. And one of the more recommended ones. And this is even the New York times, they have an article about this. They prefer something called simple log-in. You can find them online. [00:47:57] You can go to simple login dot I O. To get started now it's pretty darn cool. Cause they're using, what's called open source software it's software. Anybody can examine to figure out is this legitimate or not? And of course it is legitimate, but, uh, they it's, it's all out there for the whole world to see. [00:48:17] And that means it's less likely in some ways to be hacked. There are people who argue that having open source software means even more. In some ways you are, but most ways you're not, anyways, it doesn't matter. Simple login.io. Now, why would you consider doing this? Uh, something like simple login? Well, simple login is nice because it allows you to create dozens and dozens of different email address. [00:48:51] And the idea is with simple log-in it will forward the email to you at your real email address. So let's say you're doing some online shopping. You can go ahead and set up an email address for, you know, whatever it is, shopping company.com, uh, that you're going to use a shopping company.com. So you'd go there. [00:49:13] You put in two simple log-in, uh, I want to create a new identity and you tag what it's for, and then you then go to some, um, you know, shopping company.com and use the email address that was generated for you by simple login. Now you're a simple login again. Is it going to be tied into your real email account, wherever that might be if using proton mail, which is a very secure email system, or if using outlook or heaven forbid Gmail or one of these others, the email will be forwarded to you. [00:49:52] You will be able to see that indeed that email was sent to your. Shopping company.com email address or your bank of America, email address, et cetera, et cetera, that makes it much easier for you to be able to tell, was this a legitimate email? In other words, if your bank's really trying to get ahold of you, and they're going to send you an email, they're going to send you an email to an address that you use exclusive. [00:50:22] For bank of America. In reality, you only have the one email box that is over there on wherever proton, mail, outlook, Gmail, your business. You only have that one box you have to look at, but the email is sent to simple login. Does that make sense? You guys, so you can create a, these alias email boxes. It will go ahead and forward. [00:50:49] Any emails sent to them, to you, and you'll be able to tell if this was indeed from the company, because that's the only place that you use that email address. That makes it simple, but you don't have to maintain dozens or hundreds of email accounts. You only have the one email account. And by the way, you can respond to the email using that special aliased email address that you created for the shopping company or bank of America or TD or whomever. [00:51:22] It might be, you can send from that address as well. So check it out online, simple log-in dot IO. I really liked this idea. It has been used by a lot of people over, out there. Now here's one other thing that it does for you, and this is important as well. Not using the same email address. Everywhere means that when the hackers get your email address from shopping company.com or wherever, right. [00:51:56] pets.com, you name it. They can not take that and put it together with other information and use that for business, email compromise. Does that make sense? It's it makes it pretty simple, pretty straightforward. Don't get caught in the whole business email compromise thing. It can really, really hurt you. [00:52:19] And it has, it's one of the worst things out there right now, dollar for dollar it's right up there. It, by the way is one of the ways they get ransomware into your systems. So be very careful about that. Always use a different email address for every. Website you sign up for. Oh, and they do have paid plans like a $30 a year plan over at simple IO will get you unlimited aliases, unlimited mailboxes, even your own domain name. [00:52:50] So it makes it pretty simple, pretty handy. There's other things you might want to do for instance, use virtual credit cards. And we'll talk about those a little bit. As well, because I, I think this is very important. Hey, I want to remind everybody that I have started putting together some trainings. [00:53:12] You're going to get a little training at least once a week, and we're going to put all of that into. We have been calling our newsletter. I think we might change the name of it a little bit, but you'll be getting those every week. And the only way to get those is to be on that email list. Go to Craig peterson.com/subscribe. [00:53:35] Please do that right. I am not going to harass you. I'm not going to be one of those. And I've never been one of those internet. Marketers is sending you multiple dozens of emails a day, but I do want to keep you up to date. So stick around, we will be back here in just a couple of minutes. And of course you're listening to Craig Peterson. [00:53:59] And again, the website, Craig peterson.com stick around because we'll be right back. [00:54:05] One of the best ways to preserve your security on line is by using what we're calling burner identities, something that I've been doing for more than 30 years. We're going to talk more about how to do that right. [00:54:20] We've talked about email and how important that is. I want to talk now about fake identities. Now, a lot of people get worried about it. It sounds like it's something that might be kind of sketchy, but it is not to use fake identities in order to confuse the hackers in order to make it. So they really can't do the things that they. [00:54:46] To do they can't send you fishing ear emails, particularly spear phishing emails. That'll catch you off guard because you're using a fake. How do you do that? Well, I mentioned to you before that I have a thousands of fake identities that I created using census data. And I'm going to tell you how you can do it as well. [00:55:13] Right? There's a website out there called fake name a generator. You'll find it online@fakenamegenerator.com. I'm on that page right now. And I'm looking at a randomly generated identity. It has the option right on this page to specify the sex. And it says random by default, the name set, I chose American the country United States. [00:55:44] So it is applying both American and Hispanic names to this creative. And now remember it's doing the creation based on census data and some other public data, but it is not giving you one identity of any real. I think that's important to remember, and you're not going to use these identities for illegal purposes. [00:56:11] And that includes, obviously when you set up a bank account, you have to use your real name. However, you don't have to use your. If you will real email address, you can use things like simple login that will forward the email to you, but we'll let you know who was sent to. And if you only use that one email address for the bank, then you know that it came from the bank or the email address was stolen from the bank. [00:56:40] Right. All of that stuff. We've talked about that already. So in this case, The name has come up with for me is Maurice D St. George in Jacksonville, Florida even gives an address, uh, in this case it's 36 54 Willis avenue in Jacksonville, Florida. So if I go right now, Uh, two, I'm going to do use Google maps and I am going to put in that address. [00:57:11] Here we go. Jacksonville willows avenue, all the guests. What there is a Willis avenue in Jacksonville, and it's showing hoes from Google street view. Let me pull that up even bigger. And there it is. So ta-da, it looks like it gave me. Fairly real address. Now the address it gave me was 36 54, which does not exist. [00:57:40] There is a 365, but anyways, so it is a fake street address. So that's good to know some, if I were to use this, then I'm going to get my. Uh, my mail saying why about I pass? So, uh, Maurissa tells you what Maurice means, which is kind of neat. It'll give you a mother's maiden name. Gremillion is what a gave me here, a social security number. [00:58:06] So it creates one that passes what's called a check sum test. So that if you put it into a computer system, it's going to do a real quick check and say, yeah, it looks. To me. So it's was not just the right number of digits. It also passes the check, some tasks. Well-known how to do a check sum on their social security numbers. [00:58:27] So again, it's no big deal. And remember, you're not going to use this to defraud anyone. You're going to use this for websites that don't really need to know, kind of give me a break. Why do you need all this information? It gives me a phone number with the right area code. Uh, and so I'm going to go ahead and look up this phone number right now. [00:58:50] Remember, use duck, duck go. Some people will use Google search and it says the phone number gave me is a robo call. As I slide down, there's some complaints on that. Uh, so there you go. So they giving us a phone number that is not a real person's phone number, country code, of course one, cause I said United state birth date. [00:59:13] Oh, I was born October 7th, year, 2000. I'm 20 years old. And that means I'm a Libra. Hey, look at all this stuff. So it's giving me an email address, which is a real email address that you can click to activate or right there. Again, I mentioned the simple login.io earlier, but you can do a right here and it's got a username and created for me a password, which is actually a pretty deep. [00:59:41] The password. It's a random one, a website for me, my browser user agent, a MasterCard, a fake MasterCard number with an expiration and a CVC to code all of this stuff. My height is five six on kind of short for. Uh, my weight is 186 pounds own negative blood type ups tracking number Western union number MoneyGram number. [01:00:11] My favorite color is blue and I drive a 2004 Kia Sorento and it also has a unique ID. And, uh, you can use that wherever you want. So the reason I brought this up again, it's called fake name generator.com is when you are going to a website where there is no legal responsibility for you to tell them the true. [01:00:39] You can use this. And so I've, I've used it all over the place. For instance, get hub where you have, uh, it's a site that allows you to have software projects as you're developing software. So you can put stuff in, get hub. Well, they don't know to know, need to know who I really am. Now they have a credit card number for me. [01:01:01] Because I'm on a paid plan. I pay every month, but guess what? It isn't my real credit card number. It isn't the number that I got from fake name generator. My credit card company allows me to generate either a single use credit card numbers, or in this case, a credit card. Number four, get hub doc. So just as an example, that's how I use it. [01:01:24] So if get hub gets hacked, the hackers have an email address and a name that tipped me off right away, where this is coming from. And if the email didn't come from GitHub by no, they either sold my information to a marketing company, or this is a hacker. Trying to manipulate me through some form of his fishing scheme. [01:01:47] So I know you guys are the breasts and best and brightest. A lot of you understand what I'm talking about and I'm talking about how you can create a burner identity. And let me tell you, it is more important today to create a burner identity. Then it has ever been at any point in the past because frankly burner identities are one of the ways that you can really mess up some of the marketing firms out there that are trying to put the information together, these data aggregator companies, and also the hackers. [01:02:24] And it's really the hackers that were off up against here. And we're trying to prevent them from. Getting all of this information. So when we come back, I want to talk about the next step, which is which credit cards can you get? These single use card numbers from? Should you consider using PayPal when my Google voice be a really good alternative for you? [01:02:52] So we're going to get into all of that stuff. Stick around in the meantime, make sure you go to Craig peterson.com/subscribe. Get my newsletter. All of this. Is in there. It makes it simple. It's a simple thing to do. Craig peterson.com. And if you have any questions, just email me M e@craigpeterson.com. [01:03:20] Having your credit card stolen can be a real problem for any one of us. It gives the bad guys, a lot of options to spend a lot of money very quickly. We're going to talk right now about virtual credit cards. What are they, what does it mean? [01:03:37] Virtual credit cards come in two basic forms. [01:03:41] One is a single use credit card, which was quite popular back when these things first came out and another one is a virtual credit card that has either a specific life. In other words, it's only good for 30 days or that can be used until you cancel it. If you have a credit card, a visa, MasterCard, American express discover all of the major card issuers will give you the ability to reverse any charges that might come onto your cards. [01:04:19] If your card is stolen or missing. Now that makes it quite easy. Doesn't it? I want to point out that if you're using a debit card, as opposed to a credit card, there's not much challenging you can do with the credit card. You can say, I am not going to make my pain. And, uh, because of this, that, and the other thing, this was stolen, et cetera, they can file it as a disputed charge. [01:04:46] They can do an investigation find out. Yeah. I'm you probably were not at a bus terminal down in Mexico city, which happened to me. 'cause I was up here in New Hampshire, quite a ways down to Mexico city. And so they just reversed it out. That money never came out of my bank account because it was on a credit card. [01:05:08] If I were using a debit card. That money would have come right out of my account. Now, mind you, a bus ticket in Mexico city is not very expensive, but many people have had charges of many thousands of dollars. And if you need that money in your checking account, and you're using a debit card, you got a problem because your check for, well, if you ever have to pay rent again, red check is going. [01:05:38] Bound because they just empty it out to your bank account. So now you have to fight with the bank, get the money back. They will, they will eventually refund it, but it could make some of you. Transactions that you might've written a check or something, it'll make them bounce. And that could be a real problem. [01:05:57] These, it could make them bounce. So using a credit card is typically less of a hassle online. So why would you want to use a virtual card or also known as a master credit card? Masked and may S K E D? Well, the main reason behind this is to allow you. Control payment. I've used them. In fact, I use them exclusively on every website online. [01:06:29] And I'm going to tell you the names of some of them here in just a couple of minutes, but I use them all of the time. And part of the reason is let's say, I want to camp. Uh, service. Have you ever tried to cancel a service before and you have to call them many times, right. And so you're, you're arguing with somebody overseas somewhere who doesn't want you to close the account. [01:06:53] And of course the. Bump you up to the next level person who also doesn't want you to close the account. And so you have to fuss fuss, fuss, fuss. Have you ever had that experience and I'm sure you have. It just happens all the time. So with using the virtual credit card, Well, the advantage to me is, Hey, if you are going to try and fight with me, I don't care because I'm just going to cancel that credit card number. [01:07:24] So I don't have to cancel my credit card. I don't have to have the company reissue credit card for me. I don't have to do any of this sort of thing that makes my life pretty easy. Doesn't it? And so, because of that, I am now I think in a much better. Place, because it just, I don't have to fight with people anymore. [01:07:43] So that's one of the reasons I used it. The other big reason is if it gets stolen, they can cause less harm. Some of these credit card it's virtual credit cards are set up in such a way that you can limit the amount that's charged on them. Do you like that? So if you are using it on a site that maybe is charging you $50 a month, no problem. [01:08:09] $50 a month comes off of the credit card. And if someone tries to charge more bounces and then hopefully you find out, wait a minute, it just bounced on me right now. Then next step up is okay. It bounced and. Uh, I am just going to cancel the card and then you issue a new credit card number for that website. [01:08:32] So an example. In my case has get hub.com. We keep software up there and they charge me every month if get hub were to get hacked and that credit card number stolen I'm I really don't care because there's almost nothing that can happen. And if good hub doesn't properly cancel. My account, I can just cancel the credit card and, you know, let them come after me. [01:08:57] Right. This isn't going to happen. So then it's also called a master credit card number because it's a little safer than using your real credit card details. I also want to point out something about debit card. I went for years with no credit cards at all. Nowadays, many of my vendors will take a credit card for payment. [01:09:20] And in fact, give me a bit of a better deal. And then with the credit card, I can get 2% cash back, which I use to pay down the credit card. Right. It couldn't get any better than that, but when you're using a debit card, what I always. Is I had two accounts that I could transfer money between at the bank. [01:09:42] So I had one checking account. That was my main operating, if you will account. And then I had another checking account where I would be. Just moving money out of it. Or you could even do it with a savings account, but some banks, they only let you do so many transactions a month on a savings account. So the idea is I know that I have this much in credit card obligate while debit card obligations for this month, that money is going to be coming out. [01:10:11] So I make sure that. In the debit card account to cover the legitimate transactions I know are coming up and then I keep everything else in the other account. And then I manually transferred over every month. So that's how I dealt with the whole debit card thing. And it worked really well for me. Bottom line. [01:10:30] I think it's a really great. So there you go, who are the companies that you can use to do this? I've used some of these before all of them have worked really well. If you have a capital one credit card, they have something called Eno, E N O, and it's available to all capital one card. You know, even has an extension for your web browsers. [01:10:59] So if it notices you're on a webpage, it's asking for credit card number, it'll pop up and say, do you want me to create a credit card number or a virtual one for this websites you can make your payment. Does it get much easier than that? Citibank has something they call a virtual credit cards available to all Citibank card holders, master pass by MasterCard. [01:11:23] That's available to any MasterCard visa, American express discover Diner's club card holders, credit, debit, and prepaid cards by their way. So you might want to check that one out. Uh, yeah, so that's the only one I see on my list here. That will do it for debit cards, Masterpass by MasterCard American express checkouts, available to all American express card holders. [01:11:51] Chase pay available to all chase card holders, Wells Fargo, wallet, uh, visa checkouts, available to all visa, MasterCard, and American express and discover color card holders, credit and debit cards. Plus. Prepaid cards. Okay. So it does do the debit cards as well. Final that's all owned by Goldman Sachs and is not accepting any new applicants and entro pay. [01:12:19] Also not accepting new applicants. There's a couple online. You might also want to check out our Pyne. Premium Al buying. I'm buying a, B I N E blur premium. You might want to check that out as well. All right, everybody make sure you check me out. Craig peterson.com/subscribe. [01:12:43] We're going to wrap up how you should be using these burner identities of few more tips and tricks that are going to help keep you safe from the hackers that are out there. So here we go. [01:12:58] There are a lot of hackers out there. [01:13:01] The numbers are just astounding. The cost of these hackers coming in and stealing our information is just unbelievable. And it goes all the way from big corporations, from things like the colonial pipeline, the U S government all the way on down through you and me. I want to tell you a little story about a friend of mine. [01:13:28] He is about 75 years old and he supplements his income by driving for Uber eats and one other company. And so what he'll do is someone puts in an order for food somewhere. He'll go pick it up and then he'll drive it to where whoever wanted wanted, whoever ordered it. Now, there are. Pricing number of scams with this. [01:13:55] So he's very careful about some of that orders, a cookie, for instance, because it's usually a bit of a scam anyways, we won't get into those, but I'll tell you what happened to him. His information was stolen online as it was probably yours. Mine I know was as well. So it's all stolen. What do you do? While in his case, what ended up happening is they managed to get into his email account. [01:14:27] Once they're in his email account, they now had access to the emails he was getting from one of these companies. Now it wasn't the Uber eats guy. He was, there was another company. So let's just explain this a little bit. Uber eats sends him a request for him to go ahead and do a double. So, you know, go to the restaurant, pick it up and take it to this client's house. [01:14:54] And in order for him to register, he had to register an email address. Now, of course, he uses the same email address for everything, all of the. Now, personally, that drives me a little bit insane, but that's what he does. And he has just a few passwords. Now. He writes them down a little book and heaven forbid he ever lose the book so that he can remember them. [01:15:24] He just wants to keep his life simple. Right. He's 75. He's not technophobic, but you know, he's not up on all of this stuff. What he found was a paycheck didn't show. And it was an $800 paycheck. We're talking about real money that he should have had in his. It didn't show up. So he calls up the company and says what happened to my paycheck and their record show? [01:15:53] Yes, indeed. It had been paid. We paid you, we deposited right into your account. Just like you asked. Yeah. You know, ACH into the account. Great. Wonderful. What had happened is bad guys had gone, gained control of his email address and use that now. Because they figured, well, I see some emails in his account from this food delivery service, so, well, let's try and see if this email address that we're looking at right now. [01:16:26] All of his emails let's look and see. Okay. Yeah. Same. Email address and same password as a used ad at this email address. Yeah, it worked. Okay. Great. So now we have access to this guys food delivery account. So they changed. The bank account number now, easy enough to confirm, right. They change it and send you an email. [01:16:54] Hey, I want to make sure that it was you until the bad guys, the hackers click out, yada yada. Yeah, it was me and then delete the email. So he doesn't see it. And now his $800 paycheck. In fact, I think there were a couple of different checks is deposited directly into the bad guy's bank account and. The money of course is transferred out pretty quickly. [01:17:18] Now the, that guys, these hackers are using what are called mules. You might be familiar with that in the drug trade. They'll have a third party deliver the drugs just to mule. They don't know what all is going on. They probably know the delivering drugs in this case, most of the meals are useful idiots of which there are many in this country. [01:17:43] Unfortunate. Uh, political and otherwise. And these people are convinced that all they need to do is transfer the money into this account so that the hackers can then pull it out. And you know, now they're going to take care of their grandmother who is stuck in the hospital and they have no way to pay for it. [01:18:07] And they can't transfer the money out of the country during. That's one of the stories they use for people. And in many cases, these meals know what they're doing. The FBI earlier this year arrested a whole group of mules out in California that were purposefully transferring the money. They knew what they were doing. [01:18:28] So his money was now out of the country. No way to get it. And this food delivery company was not about to pay him. So it, isn't just the big guys it's you and me as well. So what I want to talk about right now is multi-factor authentication. Now. You guys are the best and brightest. I hope you understand this. [01:18:54] If you have questions, please reach out to me. I am more than

Action and Ambition
Dan Eberhart is a Petroleum Energy Expert and Operates at the Intersection of Energy, Politics, and Economics

Action and Ambition

Play Episode Listen Later Oct 27, 2021 26:46


Welcome to another episode of The Action and Ambition Podcast. We have our Guest, Dan Eberhart, Chief Executive Officer at Canary, LLC. Canary, LLC is one of the largest and most experienced national oilfield service providers. Frontier Energy Group, LLC and Canary's recent expansion provide consumers with more outstanding capabilities from a trustworthy source. We are prepared to provide excellent service and expertise for the benefit of you, our customers, and the industry as a whole. Canary, headquartered in Denver, CO, offers complete oilfield drilling and production services to oil and gas businesses across the United States. Canary began in 1984 with the opening of Canary Wellhead in Oklahoma City. The company has developed to provide a variety of services to businesses of all kinds. It now has a robust API manufacturing arm to meet clients' specific service demands in a timely and inventive manner. Drilling services offered: Conventional Wellheads, Thru-Bore Wellheads, Frac Tree Rental, and Pressure Testing. Production Services Includes Hot Oil Slickline/Wireline/E-line, Digital Dynamoniter, Gate Valve repair, Downhole Rental. They have expanded since then, having headquarters in Denver, CO (Corporate), Watford City, ND (Operations), Oklahoma City, OK (Manufacturing). Tune in to find out more!

That Was Genius
Tom‘s Ping-Pong Canary Show (Traditions week) - That Was Genius Episode 127

That Was Genius

Play Episode Listen Later Oct 21, 2021 58:06


Like carving a pumpkin at Halloween, sprouts at Christmas, and burning policemen in giant wicker cages, this week it's all about traditions! Sam kicks us off this week with a look at the not-as-nice-as-it-sounds Aztec tradition of the Flower War - a sporting contest with very real and deadly consequences, and an even worse runner-up prize. Nest, Tom's been looking at 'Line Crossing' ceremonies: The filthy, raucous, and often unwilling initiation ceremonies for sailors on their first crossing of the equator. Next week's episode is a patron exclusive all about Honours and Awards! Find it at patreon.com/thatwasgenius Subscribe and listen to us! Apple Music // Podbean // Overcast // Stitcher // TuneIn // Spotify Welcome to That Was Genius: Two blokes. An immature sense of humour. And 10,000 years of human civilisation. A weekly podcast looking at the weirder side of history. Join Sam Datta-Paulin (he likes history and lives in Britain) and Tom Berry (he also likes history and used to live in New Zealand but is now in the UK as well), for a weekly reflection on the bold, the brilliant... And the downright strange. From bizarre events and stories to equally odd inventions, barely a day goes by without something incredible (or incredibly stupid) happening around the world. We upload new episodes every Wednesday night/Thursday morning (UK time). Check us out on Facebook (and our Facebook group for memes and fun), Instagram, Twitter and via our website, and please do subscribe to us and leave us a review if you like what you hear!

Apple News Today
The problem of cops who won't get vaccinated

Apple News Today

Play Episode Listen Later Oct 20, 2021 6:50


Police officers are dying of COVID at alarming rates, but some are pushing back hard against getting vaccinated. USA Today looks at how communities around the country are dealing with the problem. The kidnapping of 16 Americans and a Canadian in Haiti highlights the country’s armed-gang problem. The Miami Herald reports. A breakthrough surgery that successfully attached a pig’s organ to a human offers live-saving hope to people on transplant waiting lists. USA Today takes us inside an operation that was years in the making. Authorities have been struggling to save dogs trapped near a volcano in Spain’s Canary |slands. CNN explains how rescuers are preparing to try a new idea: using a drone to scoop the dogs up and fly them out.

Bret Baier's All-Star Panel
From Virginia To Midterms: A Canary In A Coal Mine

Bret Baier's All-Star Panel

Play Episode Listen Later Oct 18, 2021 15:10


This week, Bret sits down with former Department Spokesperson and Senior Advisor to the Scowcroft Center at the Atlantic Council Morgan Ortagus, National Political Correspondent for NPR Mara Liasson, and Founding Editor at Washington Free Beacon & AEI Resident Fellow Matt Continetti to discuss the latest on the 2021 Virginia Governor's Race. The panel also honors the late General Colin Powell and reflects on his time as former U.S. Secretary of State and Chairman of the Joint Chiefs of Staff. Follow Bret on Twitter: @BretBaier

60-Second Science
A Canary in an Ice-Rich, Slumping Rock Glacier in Alaska

60-Second Science

Play Episode Listen Later Oct 13, 2021 7:54


Here’s what we can learn about climate change and infrastructure from Denali National Park’s only road.

CleanTech Talk
DroneSeed CEO Grant Canary Flies Macrodrones To Turbocharge Tree Planting, Part 2

CleanTech Talk

Play Episode Listen Later Oct 12, 2021 30:59


Grant Canary is the CEO of DroneSeed, a drone-based integrated tree-planting company. It's the only company the US FAA has certified to fly 120 lb loaded, 8' diameter, hexacopter in swarms out of line of sight of the operator. We talk about his lifelong obsession with things with wings, from insects to wind turbines to drones, and his time in Italy, Colombia and China that led him to his current successful venture.

Cleantech Talk
DroneSeed CEO Grant Canary Flies Macrodrones To Turbocharge Tree Planting, Part 2

Cleantech Talk

Play Episode Listen Later Oct 12, 2021 30:59


Grant Canary is the CEO of DroneSeed, a drone-based integrated tree-planting company. It's the only company the US FAA has certified to fly 120 lb loaded, 8' diameter, hexacopter in swarms out of line of sight of the operator. We talk about his lifelong obsession with things with wings, from insects to wind turbines to drones, and his time in Italy, Colombia and China that led him to his current successful venture.

Payments on Fire
Episode 157 - Experts Deep Dive on Financial Health and Inclusion

Payments on Fire

Play Episode Listen Later Oct 7, 2021 38:57


Financial health and inclusion in the US remain as major concerns  and challenges for the nation, the millions who struggle with access to affordable financial services, and payments experts focused in this arena. Join Glenbrook's Erin McCune and Justin Pituch as they speak with a recent panel of expert practitioners in the financial health space: Kimberley Gartner, Arjan Schutte, and Ryan Falvey.  Kimberley is Chief Growth Officer at Canary, a company that helps businesses establish emergency relief funds for their employees. Arjan and Ryan both work in the venture capital space; Arjan leads Core Innovation Capital and Ryan heads up Financial Venture Studio. Come to the Payments on Fire® website for: Expanded show notes Podcast transcript The complete Payments on Fire® episode catalog The Glenbrook Education schedule

The Gravel Ride.  A cycling podcast
Trek Travel - Girona Gravel Tour with Ewan Shepherd

The Gravel Ride. A cycling podcast

Play Episode Listen Later Sep 21, 2021 40:11


This week we sit down with Ewan Shepherd from Trek Travel to discuss their upcoming Girona Gravel Tour trips. We learn about the city, the cycling community and the abundance of gravel that surrounds the city. Trek Travel Gravel Tour Girona  Join The Ridership Support the Podcast Automated Transcription (please excuse the typos): Trek Travel   [00:00:00] Craig Dalton: Hello and welcome to the gravel ride podcast. I'm your host Craig Dalton.  [00:00:06] This week on the podcast, we're joined by UN shepherd European logistics manager for track travel. Based out of Girona Spain.  [00:00:14] As the longtime listener knows I've been super keen on the idea of gravel travel and super excited to see this industry grow up.  [00:00:22] We had an earlier discussion with Juan De La Roca about Southern Colorado and building that up as a gravel destination. And now we're seeing events like LIfeTime's Rad Dirt Fest crop up over there. We've also talked to event organizers over in Europe, around the gravel epic series that was conceived. During the COVID time and didn't actually get to get its races off the ground.  [00:00:46] But one of the locations we talked about in Europe was Girona. Now for road cyclist, Girona has long been part of the discussion about where professional athletes live. And there's a reason why they live there. Amazing road, riding all over the place. So I was really excited to learn originally from the gravel epic team about Girona as a travel destination for gravel cyclists.  [00:01:11] But even more excited to learn about this trip that Trek travel is putting together their Girona, gravel bike tour.  [00:01:18] They've got a couple more departures this year in November that you can still sign up for as well as a whole host of dates for 2022, starting in the spring.  [00:01:28] After talking to you. And all I can say is sign me up. It sounds amazing. I'll let him explain it in his own words, but it sounds like Jerome has a very special place for cyclists of all kinds.  [00:01:39] And the opportunities for gravel cycling are abundant outside the city center.  [00:01:44] I'm excited for you to learn more about Girona and gravel. With that said let's dive right in to my conversation with you and shepherd  [00:01:52] Ewan welcome to the show.  [00:01:53] Ewan Shepherd: Hey Craig, thank you very much for having me and thank you everybody for listening.  [00:01:58] Craig Dalton: I appreciate you joining us on a Friday evening over there in Spain, I'm super excited about the topic we're going to discuss today as the listener or the longterm listener has known. [00:02:08] I've talked about gravel travel as something I'm super excited about because as we all know, it's such a great way to explore the world and the idea of packing my bike and going somewhere exotic, like Girona Spain is super exciting to me. So when I got the opportunity to connect with Trek travel, Dig into this trip and dig into Jarana grab gravel jumped at it. [00:02:31] So you, and thank you for joining me. And let's just get started by a little bit about your background.  [00:02:37] Ewan Shepherd: Yeah, no worries. Thank you again for having me. And I guess we share something in common that we both enjoy eating well by bike. So gravel travel is definitely evident between us all. Huh. So Bob, my background it's been varied. [00:02:50] I started off as a kid, not really enjoying the power of two wheels on my own preferring Moda, power of motocross, bikes, and motor sport, and pursue the a career in motor sport. I am, I'm only 29, so it's not, it wasn't a long career. And then I decided to jump into the cycle career really because my brother threw me on an old racing bike of hairs and said, we're going trick racing of what is this. [00:03:14] And yeah. That's how I got into cycling and kind of started to learn about it. Then love cycling, all things cycling really threw me on the amount of bikes for the first time. He threw me on a cyclocross bike for the first time, took me to attract for the first time. And just more and more, I ate it up and started falling in love with with cycling and And then I thought, why not help out in my local bike shop? [00:03:37] Because I was in between jobs and bugging the owner and the mechanic calling in on the bike and asking for them to help me with this, or could they get pots or for that? And then they were like, Hey, we need an extra hand here. And you're pretty mechanically minded. Can you want to come and help us out? [00:03:53] And that's how I, it. Wrenching in a bike shop. And from there, it took me to I was actually living in Australia at the time and working in a shop debt. And then I started working for the initial prompt and dealer in Australia, which was pretty fun and interesting. Little folding bikes, which were going all over kind of the Australasia and New Zealand even send a bite that prompted the Fiji. [00:04:17] And then I moved back to the UK and was starting working for old mountain bike brands that maybe some of your listeners have heard of head of pay cycles. They're one of the first UK monocyte grants set up by, by a young family at the time who did same as me. They love motocross and enjoy bike riding. [00:04:38] And they wanted a bike to, to train on during the time that they weren't racing on the road. And so they imported mountain bikes yet to important Gary fishers at the time, because there was nothing else in Europe and or in the UK. So he, Adrian is the main designer of the car. And he designed his own on mountain bikes. [00:04:57] Did y'all say 100, was that famous plus bikes, square tube. aluminum that they rooted out pots of the frame to make it lighter. So I started working for them after they did the whole amount of bike brand and we They had two shops at the time that they just started and started in rental centers. [00:05:14] So I joined them a running one at that shops. And then they got back into the frames. And that's when started to learn more about frame design, different bikes, and the whole Enduro scene was mounted bike and jurors scene was growing. And that was something that we were really interested in the time. [00:05:34] And. I was starting to cyclocross race at a time. I would go off a weekend, so cyclocross race and come back to work. And we were designing 29 S slack long, low amount of bikes. And we also had a total. Version cause Adrian and his wife happy love to go off to all sorts of places. [00:05:53] The, they did Chile, they went and wrote the Santiago combo skeleton and Northern Spain, all of these cycle touring. And he adapted one of the hardtail Enduro steel mountain bikes and put lugs on it. So he could take. And I was like, I liked the look of that bite, but I don't really I don't want to put drop bars on it. [00:06:14] Can I put drop bars on it? Let's try it. And so here I had a 29 mountain bike slack long, whoa, with with a draw bar on it. And I was like this pretty cool. And they were looking to, they already had an exi carbon bikes. I was like, can we do this a bit lighter? Because. Yorkshire is, I know you're you have family that Craig and it's up down. [00:06:35] Dale is Dale is a small valley and it's really steep at each side. And I live in between the two national products of the north York Moors and the Yorkshire Dales. And they have so many of these little Dales. So riding across that, you'd go down and it's like down 25% down to a flat valley, then literally back up the other side, 25 to 30%. [00:06:57] So I wanted something nice and light, but to go all day across the Dales and the malls And so we were making this and thinking, oh, this could be a cool and gravel was coming on the scene at the time. And I was interested in bike packing with it and just testing out something that was a good touring bike. [00:07:18] But at the same time, I just saw touring at the time as being something that my parents did or all the people did when they retired. So I wanted something fun cause I still enjoyed enjoy mountain biking. So I wanted to take it down some trails at the same time as doing a hundred K on it, which I certainly wouldn't do on my one 60 mil. [00:07:36] Enjoy a bike, do a hundred K, but so that's where I discovered this cyclocross gravel mix. That we all call gravel today. Which Adrian at the time was like, we used to race on my, on a bikes would drop handlebars XC and downhill back in the 1980s. Cause inventing anything new it's all coming round in circles, the wheels going round, as they say. [00:08:00] So that was really my early years in the cycling industry playing with that. And then. Being honest, Googled cool bike mechanic jobs in one places which took me back to Australia. And then I wanted to go back to Europe and it took me to the warmest place at the time, which was the Canary islands which was great for gaining some exposure of just massive cyclists all at once. [00:08:24] Thousands of people on the road, just riding the bikes, having fun on holiday guided, worked in rental shops. Love the Canary island lifestyle. And then I just stumbled across Trek travel. I told the global logistics manager at one day, I was like, I want to come work for you because I want to help out on some of your big trips. [00:08:41] They were doing tour de France and big Pyrenees trips and out trips. And I just really liked the idea of offering support to. To other people, not the I'd been guy, a guy that I wanted to support the guides. I knew all the tricks of all the problems of being a guide. So I wanted to help them most of all, help back help their guests. [00:09:04] And that kind of leads me to here where I'm the European logistics coordinator for Trek travel and in our home base of drones.  [00:09:11] Craig Dalton: Amazing. It's such a, it's so interesting. As people who have been around the sport of cycling for a long time to trace back when you first started doing the thing that later became gravel cycling. [00:09:25] Because obviously as you've indicated, as we've discussed before, People have been riding drop bar bikes off-road for a long time, but it was this kind of gradual progression of componentry, frame, design, methodology, tires, brakes, all these things combined to making what was once somewhat a hacky type experience where you were maybe bringing a bike that wasn't exactly suited for the job to where we are now. [00:09:53] That depending on where you are and how you want to set up your bike. There's such a wide variety of ways in which you can configure these bikes to ride on the roads and trails wherever you live in the world.  [00:10:05] Ewan Shepherd: Yeah. It's always fascinated me coming from like a motor sport design element. [00:10:10] Always into aerodynamics working with formula two, formula three. And then I had to, I always had a love for kind of classic cause I raised something in the UK or Europe rally cross, which I don't think you have in us, but it's it's exactly that it's a cross between this second is gravel road and dirt, and you drive a little bit of each and we always used to race the classic mini Coupa's. [00:10:35] That was my classic love of cause. But yeah, that was a tangent. Sorry.  [00:10:40] Craig Dalton: No, it's an interesting perspective. I hadn't, no, one's brought that up before, but it's totally true. There's parallels in that experience because you had to have a car that drove well on the road. Capable off-road and presumably every driver, just like every rider had to make those difficult choices of, okay. [00:10:57] Do I want it to be higher performing on-road or off-road and what's that happy medium for me as a, as an athlete.  [00:11:04] Ewan Shepherd: Yeah. And I think that changes with your with you personally, you may be a road cyclist, but you have that instinct to what's down there and it's a gravel road to go off road and explore it. [00:11:18] And you want to feel safe and comfortable. You don't want to necessarily take your 23 mil tires, cotton road bike down a. The track you want a bike that's comfortable and safe to do it all.  [00:11:31] Craig Dalton: Yeah, exactly. Talking about Trek travel specifically, obviously with the track name associated with it, people associated directly with the brand, but the company itself as Trek travel. [00:11:43] Can you tell us a little bit about its origins and how long it's been operating?  [00:11:47] Ewan Shepherd: Yeah it's actually a 20th year of fun. 2020 years since charter travel was thought up in the, in Trek itself where it started with just three people brought into to en enhance the experience that people were getting when they were not just buying a bite or buying into the Trek brand, which. [00:12:09] Is ride bikes, have fun, feel good. And Chuck just wants to get more people on bikes to have fun. And one of the ways was to offer them a trip of a lifetime of vacation, of a lifetime to somewhat. And that idea grew over the last 20 years studying in the U S and then Trek bought into the protein of yeah. [00:12:30] Trek. And they started running a VIP trips to the total France and bringing clients across. But that specifically to see the tour and see the classics that the ring in Europe have the outs to, to climb out west, to do Mon Von to go to the pyramids and do the tour of my life. The real bread and butter of your. [00:12:51] And that's grown just more destinations, more places to ride more great experiences by bike. And yeah, that's brought us to now at 20 years  [00:13:01] Craig Dalton: old. Yeah. And for those of you who have not done a bike tourism trip, it really is amazing. And a luxury. It's obviously a luxury to be able to afford it, but to be able to go over and do this and to have someone plan out the best of the best to plan out the best roads, the best routes when you're coming off the Tourmalet or a mom volunteer to knowing the right cafe to stop in having extra gear for you, having a guide that, speaks the language, but more importantly can help you get integrated into the culture in my personal experience, having done several trips over and yeah. [00:13:37] It was just such a great time. If you can afford to spend that time on your bikes, spend a week on one of these trips. It's just so amazing, which is why I remained super jazzed and excited to talk about the gravel tours that track is introducing. When did you first start to see gravel cycling as something that you could package a trip around? [00:14:01] Ewan Shepherd: Yeah. I don't know who or when the first kind of the idea here's what talks about it. Cause I'm sure it's been something we're always looking at new trends, new you, new ways to travel that that people want to do. And new experiences and to we're primarily on the road, we started with mountain bike trips. [00:14:20] Think I wouldn't say five, six years ago. And dos were in small pockets in Iceland, Norway, and that's a great way to get completely off the road. But then we found a a lot of people. They still want it to, they still want it to do a bit of everything. They want it to go on the road still. [00:14:38] They wanted to do the classic climbs as well as being off the road. So it was like that mix of, we took you to this beautiful forest, but actually you want it to be on the road as well in the same week. And, but you didn't want to do it on the amount of bike. And at the time there was no real bike that we had. [00:14:56] Do it and then as the Demani that tried to money evolve, it's got this name as being the, do it all bike. Whether it's ISO speed and its ability to take why the tires it's really comfortable Fabienne Cancellara famously designed the bike to to win Piru bay and and Flanders of all the couple and mixed terrain. [00:15:14] Yeah, this this is a bite that we can use for multipurpose. And three years ago we started using it as just guides and company. People would come to drone and all they say is, Hey, can we go right gravel with, we don't want to ride the road round here. We heard the gravel is amazing. So we'd stick some hybrid tires on the demand and off we'd go, just exploring off the beaten track. [00:15:36] And that's. Where it came from and grew from that with into a week long trip here in Barona. And yeah that's why I came. That's  [00:15:46] Craig Dalton: great to hear it. It's interesting to hear that it came from the riders up and great to hear that you, as a company, listened and started to build more experiences around that, as we've talked about a little bit offline, Girona for anybody who's follows. [00:16:01] Professional road. Cycling has always had this huge allure as a destination for a lot of pros live there. So we presume there's a lot of great road riding out there. Do you feel that in the city, is, are there a ton of road cyclists around every week?  [00:16:20] Ewan Shepherd: Yeah, I would say there's, I wouldn't say there's a ton of road cyclist. [00:16:23] I'd say there's thousands of cyclists in general. On any given weekend, you can see mountain bikers road bike as gravel bike is like trick bikers nowadays. But. All the time. You can see people on bikes. It's a city which has a big network of city bikes and like docs every way. When you can pick up the city bikes for three years, you can rent the bike for the day to ride around town. [00:16:47] It's not a no that we call it a town. Although it's a city, it's very, it's a small, condensed old town. So it's great to explore by bike with all this small streets and things. And yeah, as you said it's known it's gotten more well-known because of all the professionals that live here modern, the bike roads you name it, there's many triathletes Yan for Dino to name one of the big biggest triathletes pulls this, his house. [00:17:11] And it's yeah, in Europe, it's known as one of the places where particularly I'm going to say foreign writers come from Australia and New Zealand, Canada, us they use this, is that is that personal? And I'd probably say right now in Jarana you have upwards of 8,200 pro cyclists living here which is really high for any city in the world. [00:17:34] Given the amount of pros in general, living in Jonah, and you have three of the biggest teams here locally, you have EDS Israel cycling academy have a small base here. You have a couple of continental teams, a couple of the U S continental teams have their European basis here. So you not only have teams, you have sorry. [00:17:56] You not only have writers, you have the support here as well. And they say, if you just want a massage, it's the best place in the, in Europe. Go from mass massage because of the level is so high, they used the pros. You never get a bad massage here at all because the misuse could have been rubbing right. [00:18:14] Chris from the day before he attends to you, so you get pro service, whatever you're doing, and that's not just in cycling related. I'm sure we're going to talk about this, but the coffee scene, the food scene everything has that little twist towards catering. Which is amazing. Yeah. I think that's  [00:18:32] Craig Dalton: super interesting, obviously the writing I want to be doing is off-road, but as someone who's a fan of professional cycling in general, just having that be infused as part of the city, in addition to the culture, which maybe we'll talk about a little bit more. [00:18:46] It's just going to be a fun addition to that trip for us geographic challenged Americans, where Israel.  [00:18:53] Ewan Shepherd: Yeah, so Girona is it's in Spain. It's in the region of Catalonia which is to the Northeast. We border on Spain. We bought it with Spain and Dora and France. And. Yeah. [00:19:09] And the Northeast, and  [00:19:10] Craig Dalton: It's not specifically on the coast, but how far of a ride is it to the coast from Jarana city center?  [00:19:16] Ewan Shepherd: Yeah, so Girona is it's probably for any cycling destination is really well situated. It's just a 40 minutes drive to them. And 40 minutes drive from the Pyrenees. [00:19:28] So yeah, slap bang in the middle of mountains and see and give you perspective in writing terms. I'm sorry, I'm going to talk in kilometers. But we're looking at about a nice 50 mile loop to the coast and back.  [00:19:43] Craig Dalton: Okay. And look at just having Google maps open as we speak, it looks like there is a lot of, kind of national parks base in green space, just outside the city. [00:19:53] Ewan Shepherd: literally the back of the town has a very famous climate song of UVS might be of huddle of L's angels. It's just over seven, 10 K climate just over 6% is always say to the first and last day, you're hearing Jerone. You're going to write this. If you don't write it every day. [00:20:10] And that leads into a beautiful national pocket, the bat at the back, which has miles of more, more challenging gravel all the way to the coast. And then on the inland side of Jerome, just straight into two massive valleys, which just keep going up and up and before, it you're in the parodies. [00:20:29] Craig Dalton: For those clients immediate,  [00:20:31] Ewan Shepherd: very little flat writing.  [00:20:33] Craig Dalton: Yeah. It's going to ask for those climbs immediately outside of Dharana. How much elevation do you gain to get to a local peak? Is that a thousand feet or 200 meters?  [00:20:43] Ewan Shepherd: L's angels is about 600. Elevation was very, to the very peak the closest high point around here, you're looking at about a thousand meters up to the highest peak in Catalonia itself is just shy of 2000 meters. [00:21:00] So the elevation is not super high but you are going from sea level. Most of the time But it's all the little undulations. It's a rolling terrain. I would say, yeah.  [00:21:09] Craig Dalton: Gotcha. Yeah, it certainly sounds like those, they jet up pretty quickly as a lot of coastal ranges do so for the writing, when we talk about the gravel riding in Jarana, we've talked about how great the road riding is. [00:21:21] But what does it look like to get on these gravel roads and what are they like? Are they super chopped up or are they smooth or did you get a little bit of both? I'd love to just get a sense for what you're out there. Riding.  [00:21:33] Ewan Shepherd: Yeah. I think you have a bit of everything we say, Girona is the Disneyland of cycling. [00:21:40] And I first experienced kind of the gravel, as I said, we just. Through some hybrid Taya, some 32 mil hybrid tires on a demise and went straight on lucky living out slightly outside of Toronto. So just 10 K from drone essentially itself. And it's mainly farm lands and going back to my kind of love for cycling in in the UK. [00:22:02] With the Dales and we have things called bridleways and I was in search of these things to start with because it's not well publicized gravel anyway. So you just go out the door and go, okay, take the first, left off the road. That doesn't seem like a road and see where it heads. [00:22:17] And sometimes you end up with a beautiful, smooth gravel track with that. Evidently to S at a, an extra road to people's houses all you get unlucky and you end up and it tends into single track and actually becomes quite flowing. This is actually it's maybe a mountain bike route, and you guys through a single track, really nice employee through the woods can be quiet Rocky in places. [00:22:40] This part of Spain is very Rocky with granite. I'm limestone. Costa brother, the literal translation is like a rugged coastline. So that is evident all the way through. But you have also what they call via Verde green routes, which are smooth, hard-packed almost manmade smooth gravel, Sandy tracks which becoming more and more common. [00:23:05] From Girona itself to the little towns, to get people off the roads from all levels of cyclists, from kids to families, you can see them just packed on these green ones. Which a fantastic to start a new route on, and then you head either to the mountains, or maybe you want to go to the coast and you can just hop off on to onto something. [00:23:24] As long as it doesn't say, don't go this way. Is such a friendly kind of feeling towards cyclists. The even if you I've ended up some days, just going along a little, same little track down a shoot and I'm in the back of someone's garden and raking up leaves. Oh, sorry. That's the end. To direct you back onto the track and you were meant to be down that I take you're meant to go that way, but yeah. [00:23:48] So it's a bit of everything. That's amazing.  [00:23:52] Craig Dalton: It's so cool that, to be able to leave the city and choose your own adventure and just have that ability to explore and find all kinds of different terrain that, that sounds like such a special area and not surprising why you guys decided to introduce the Girona gravel bike tour trip, which looks amazing. [00:24:13] Can we talk about that trip and what it entails?  [00:24:16] Ewan Shepherd: Yeah. So to give you an an idea of the overall of the trip, it's it's a one hotel trip based here in Jarana. Chose to base it right out of the center. We work with a really great hotel, Nord in the center. It's really cycling focused. And we do that. [00:24:33] It's based kind of off our right camp, which not to diversify what I'm talking about. It's all about eat, sleep, ride, repeat. So we make it nice and simple to focus on the writing and it's for four days of writing and it's designed to. The slightly taken on the more intermediate to advanced side of kind of people's levels. [00:24:55] So we say the most people should be have some experience. It shouldn't be their first time writing a gravel bike to get the most out of it. And we have easy days which are, like I say, just using these Greenways, getting out of the city, heading to see some of the beautiful, rugged coastline. [00:25:13] And then we have some more avid days which heads. What's the mountains. And we actually found some of our routes through used to calm. Are you still does? Comes here every year in the spring to do some training before he started his road season. And we'd always wait till he hummed, we see him here. [00:25:30] And then when we're looking on struggling, why did he go? Where did he go? Because he always seems to find some stupidly hard climbs, some great gravel climates. We didn't know that. And we actually introduced some of these to the trip and it's like a, like an outdoor as of gravel, just snaking switchbacks one after the other, up to this beautiful peak point with a big cross on the top. [00:25:53] Yeah. And then you're trying to work out where he went and then you look down the other side and oh, he went down there and you you try it. But then for. For many people, it's probably too much of a Rocky rock garden. So you end up heading back down like a beautiful the switching snaking all the way back down is the safest way sometimes. [00:26:14] But yeah, that's a, an overview of a gravel trip.  [00:26:18] Craig Dalton: Nice. I've done trips of my two trips. One. We were moving basically every year. And the second we had a home base and I have to say my preference is for that home base, because I think it allows you to just absorb the culture a little bit more and be a tourist in the city that you're staying in. [00:26:35] You don't have to pack your gear up every night. So there's something nice about having that hub and ride mom.  [00:26:41] Ewan Shepherd: Yup. Yup. It definitely just opening your suitcase, getting it, your kid out, put it in the wardrobes and you don't have to pack it again. The following day to move on. I like that it's focused on eat, sleep, right? [00:26:53] Repeat, enjoy your writing. The guy. Take care of everything else. And you're in the center of the city and you're a Stone's throw from the old town. You can go for a walk on the evenings, your afternoons and evenings. yours your own to either relax, take a massage or wander the town, go sit and sip coffee. [00:27:12] Do all the locals. Do any afternoon, go have a beer and get ready for your evening meal. And and that's what people want.  [00:27:18] Craig Dalton: Now our writers on these trips typically bring in their own bikes or are you providing a bike for them?  [00:27:23] Ewan Shepherd: Just really most people take a bike from us, the Trek demonic. [00:27:28] You can bring your own bike. It doesn't does it affect price? It doesn't affect the price, but we do it because it saves you having to pack your by like in a box and all the hassle of bringing it to the building it. Yeah. All of that. You just turn up and on the first day, your bikes there, it's already set up with your measurements, to your bike from home and ready to go. [00:27:46] You don't need to worry about it. And our guides full train mechanics and take care of your bike throughout the whole week. And particularly as gravel can be hot on your bikes. And you don't want any problems with your own bikes, cause it's only going to compromise your riding,  [00:27:58] Craig Dalton: as someone who can be hard on the bike. I appreciate that. So at the end of the day, I can hand my bike off to someone and it's going to come back to me better than I left it.  [00:28:05] Ewan Shepherd: Yep. Every day, I'm sure the guides gonna look after that bike and and give you it in the morning. Like it's brand new, no issues,  [00:28:14] Craig Dalton: particular trip. [00:28:15] Are you providing the routes like GPX files? How does it work from a kind of a day-to-day practice perspective?  [00:28:22] Ewan Shepherd: Yeah. So normally day to day, you'd wake up do your morning routine get dressed, go for breakfast. Get a hot tea, Catalan breakfast. Then head down to, to pick up your bikes from the bike room. [00:28:35] Your guides would meet you dad. Give you a kind of a morning briefing. The route has to go. We provide every guest with a Garmin, with preloaded GPS routes. And your guide is going to typically you have one guide on the bike, possibly two, and then a guide in a support vehicle following behind not only any issues that you have, but also by signature snack tables along the route. [00:28:59] So you could be riding through a wood and then suddenly. The van is just there and your guide has gone out a table and put some beautiful snacks out. So right in the moment when you're like, I wish I had put more water in my bottle, I wish that I brought an extra bar. That's when you're going to get to find your guides. [00:29:18] We know those spots well,  [00:29:20] Craig Dalton: nice. And, as athletes are going to be coming over with different ability, levels and fitness levels and sort of interest in flogging themselves levels. Is there an ability for, if we look at it a daily route and say I'd fancy doing a little bit more. [00:29:35] I want to come home with my legs broken every day. Are there those types of options and flexibility built into these things?  [00:29:41] Ewan Shepherd: Yup. Yup. It sounds like most of our guides they always want to go do more. So yeah, we yeah. Have a standard route for the day and then w what we call that the avid group for the day. [00:29:51] So I guess, Craig, this is for you the extra little add on which could be anything from an extra climb or an extra loop that you just hit the route on your GPS and adult. It'll take you. And we have a, an ethos of ride at your own pace. Yeah. I don't really ride. It's nice, right. [00:30:11] As a group, but also it's nice experience at your own pace. So we definitely encourage that. Guides will move around you rather than you having to stick to your guide. And they'll accommodate if if you've got slow riders or if you want to go up and do the route quite often you're going to have the guide wanting to go with you and show you that extra little climb or. [00:30:30] Take you on a, an extra level route or redo a route from two days ago because you, it was such an amazing experience. Definitely it does something for me.  [00:30:40] Craig Dalton: That's good to know. Yeah. For me, when I'm able to carve out this time in my life and I may be unique, but maybe not, when I go on one of these trips, since I don't have the responsibilities that I have at home, I don't have to care for my son. [00:30:54] I don't have to do, I need the things I need to do around the house. All I want to do is ride my bike and really, as long as I can prop myself up at the dinner table that night, that's about all I need to achieve in the rest of the.  [00:31:06] Ewan Shepherd: Yup. Yup. Did that have. A full vacation of a lifetime that's that's catered for you. [00:31:13] And that's definitely why I think people do a group trip or an organized talk because you mentioned that if you can afford to do it, but can you afford not to do it? If you've only got 20 days holiday a year, To spend spend your time planning for your holiday, and then once you get that to spend time working out, okay, what should I ride today? [00:31:34] Or where should we stop for lunch? Or where's the best place to have dinner tonight? It's all done for you. You can just make the most of what you want to do, which if you want to go on a cycling holiday and you want to ride your bike as much as.  [00:31:47] Craig Dalton: Yeah. And I think it's, it's further complicated when you're trying to ride gravel. [00:31:50] So I did a self guided tour in the Alps and there were it was pretty easy to understand the road routes that were famous to the famous climbs and figure that out on my own. But when it comes to gravel and this is something I've spoken about a lot on the podcast, there's just so much to be gained from having a little bit of local knowledge. [00:32:09] Because you cannot look at a path necessarily. And know, is that a super Rocky path that I'm going to be going four miles an hour on? Or is it actually, a smooth, single track that I'm going 16 miles an hour. And we can't know that from the outside, without talking to cyclists in that local area, while we still want to have that sense of adventure and allowing the ride to unfold. [00:32:34] It's just really nice in my opinion, particularly if you're going to spend the money to go travel to a destination, to just have a little bit of this served up to you and be able to get out there, worry for you.  [00:32:44] Ewan Shepherd: Yeah. Yeah, no, I definitely agree in something that you spend all the time working out, attract to go down and then suddenly it leads to nothing and you've wasted an hour of your ride to, and then you have to backtrack. [00:32:59] And that's yeah. With a small amount of time in Europe or wherever you're traveling, you want to make money. My  [00:33:06] Craig Dalton: Spanish is bad enough that if I end up in your garden, there's probably going to be an international incident. [00:33:11] Ewan Shepherd: Yeah. Yeah. But everybody's friendly hand signals are just, yes. It's I like, I think I've written in a lot of places in the world and definitely definitely Spain is a really good for.  [00:33:26] Craig Dalton: Yeah. When you have that many cyclists moving through a community, obviously the locals are experienced seeing these people and they realize, they're good for the community. [00:33:36] Hopefully we're good. Environmental stewards and polite cyclists. So it's just a symbiotic relationship for the committee.  [00:33:43] Ewan Shepherd: Yeah. Yeah. And as we are in a. Company we're based in Madison, Wisconsin. And we've also been in Jerone now for nearly six, seven years. So we have a good hold in the community. We employ, we have lots of people that work for attract travel, who live here locally. [00:34:00] Who are deep rooted in the community. So we often we work a lot with our subcontractors. We work really hard to find the best people who not only have the best winery or the best restaurant, but they have the best ethos to, to work with us and help our guests have the best experience. [00:34:19] It's not just about the product that serving, but how they're making our guests and us as a company feel. So it's really important that local aspect, but everything that's involved,  [00:34:29] Craig Dalton: such an amazing opportunity that travel affords the traveler, just the ability to see how things that are important in the culture. [00:34:37] Are manufactured and meet people who are doing them and, meet you, meet the restaurant tours. Like all of that is just what has kept me traveling my entire life and hopefully will have me continue traveling. So a couple of final questions for you. UN what is your favorite local cuisine? What can't we miss when we go there? [00:34:57] And what is your favorite part of Sharona from a tourist perspective?  [00:35:01] Ewan Shepherd: Yeah, that's a definitely a hard question. I don't even have a closer prepared, good answer. Where do I want to start? Definitely Girona has a lot of local cuisine Catalan cutline cuisine. It's a very simple way of cooking in one aspect. [00:35:18] And why. One thing that people often. Think of it all. I'll Paya, no, throw that away. It's it's not Paya that you'd come to get here. They have something called pinch Hills, which is very similar to tapas and it's one of my favorite local it's not a particular dish. [00:35:37] It's a way of eating and. In the restaurant, you have lots of little plates on the counter with little chunks of bread with on top of them, either fresh fish with with all sorts of toppings or. Saw or booty FADA, there's the sausage which they do in many different kinds of blood sausages. [00:35:56] And lots of little dishes. And often you don't sit down at a table. This is going to freak people out in COVID at times, but it's a great social way of eating because you're taking small plate and you're taking it and you're just standing in a bar basically. With everybody else who's enjoying it, but it's that great atmosphere of eating together in the center of town, which often spills out into the streets on a Friday and Saturday of just people standing out on the streets with small plates and a little what they called Canada, a little glass of the local beer, which they have a lot of really good local breweries here. [00:36:30] Which I know a lot of people love to test out all the local. And Catalonia to the complete other scale of things has some of Europe's best Michelin star restaurants like per area, just in, in Rona, this small area, up to 45 Ks from the center, you have 35 Michelin star restaurants. [00:36:50] For gastronomy it's an amazing place because of all the local ingredients of the winery. You have a lot of cider production with apple and pear farms, which you ride through. One of my favorite rides to the coast air takes you through just miles and miles of apple orchards and tail orchards which is just going to be picked in about a half a month's time. [00:37:13] It's main picking season here. Delicious. Yeah, it's a, and I haven't even talked about coffee coffee, the culture of coffee, drinking. Was brought to your owner with cyclist, cyclists, need coffee, and they need good coffee. And the Canadian Chrystia and Maya was one of the more well-known people who brought the coffee culture and his own roastery of the service costs. [00:37:34] And Lamatsia his his coffee shop. And from dad nearly 10 years ago, it sprung into. That each corner was developing its own taste for coffee. And as the locals really have a passion for it now at brewing really good speciality coffee, which, like I said, we can't live without it. [00:37:51] They definitely have a captured audience. Indeed.  [00:37:54] Craig Dalton: This is amazing. Girona has always been tops on my list of places to go and it certainly remains. In that post COVID top slot for me, I can't wait to join you on one of these trips. At some point, I know there's a couple trips left this year. [00:38:09] It looks like November 7th and November 14th are available for departure dates. And obviously once again, in the spring in 2022. So for all the listeners out there, you can just visit Trek, travel.com and just write search for Jeronica dry gravel. And you'll see the trip we've been talking about. It looks like a heck of a lot of fun and you can almost guarantee you that I'll be there one of these days. [00:38:32] Ewan Shepherd: Yeah, I will look forward to it. Look forward to meeting in person and hopefully you'll get to experience your own home and it won't be your last visit to drone, or I can assure you for that much.  [00:38:44] Craig Dalton: Thanks for all the great information you and I appreciate you joining us.  [00:38:48] That's going to do it for this week's edition of the gravel ride podcast. Big thanks to you and for joining us and telling us all about that great trip that Trek travel has organized. Again, those dates are November this year. As well as throughout the Springs to go, please visit truck travel.com. To figure out what itinerary might work for you. I hope you're stoked. Like I am.  [00:39:10] I'm desperate to get my tires overseas. And sample some of that great gravel in Spain and elsewhere in the world. We'll leave it at that for this week. If you have any questions, feel free to join us over at the ridership. Just visit www.theridership.com to join that free community. [00:39:29] If you're interested in supporting the podcast, ratings and reviews are hugely helpful. It's something easy you can do to support what I'm doing. And if you have a little bit more energy or means feel free to visit, buymeacoffee.com/thegravelride  [00:39:44] To help underwrite some of the financial costs associated with this broadcast. Until next time. Here's to finding. some dirt onto your wheels

Trumpcast
The Waves: Can We Love True Crime When We're the Victims?

Trumpcast

Play Episode Listen Later Aug 21, 2021 42:04


On this week's episode of The Waves, show producer and true crime author Cheyna Roth sits down with Rebecca Lavoie, co-host of the Crime Writers On podcast and fellow true crime author. The pair start by talking about the current state of true crime and beg Hollywood to stop making sexy serial killer movies. After the break, Rebecca and Cheyna dissect how the genre treats victims and whether criticisms of true crime are sexist. Recommendations: Cheyna: The pyramid scheme podcast series The Dream and the 2018 episode of Decoder Ring, Clown Panic. Rebecca: True crime documentary Murder on Middle Beach on HBO; Season 1 of The Staircase on Netflix; and the podcast Canary from the Washington Post.   Podcast production by Cheyna Roth with editorial oversight by Susan Matthews and June Thomas.  Send your comments and recommendations on what to cover to thewaves@slate.com Learn more about your ad choices. Visit megaphone.fm/adchoices